4路外线(NAT+PBR真实案例)
三路電信企業寬帶固定IP、一路聯通企業寬帶固定IP。
需求:每個二層下組成一個內網、每個內網分配一路外線(暫時不做故障轉移)
?設備(1臺cisco3560三層交換機、一臺cisco2911路由器且只有兩個端口、4臺二層交換機)
?
數據走向圖:
劃分5個vlan,其中4個vlan各對應下面4臺二層交換機,也就是對應每個內網,第5個vlan用于擴展路由器外線接口(路由器外線接口采用多IP方案,沒有用子接口)
路由器內線與三層交換機采用三層互聯(內線對應的三層交換機端口是三層端口)
4個二層交換機所對應三層端口采用vlan上配置IP,沒有轉換三層端口
路由器上做NAT+PBR實現每個內網對應到一個外網上
R3/R4/R5/R6是公網路由器
C1/C2/C3/C4為每個內網的主機
R2為三層交換機、R1為路由器
SW1/SW2/SW3/SW4 是4臺二層交換機
下面我貼出三層交換機和路由器的配置
R2(三層交換機)#show running-config
Building configuration...
Current configuration : 1525 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
??!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
no switchport
ip address 100.1.1.2255.255.255.0
!
interface FastEthernet0/6
switchport access vlan 10
!
interface FastEthernet0/7
switchport access vlan 20
!
interface FastEthernet0/8
switchport access vlan 30
!
interface FastEthernet0/9
switchport access vlan 40
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.1.1.1255.255.255.0
!
interface Vlan20
ip address 10.2.2.1255.255.255.0
!
interface Vlan30
ip address 10.3.3.1255.255.255.0
!
interface Vlan40
ip address 10.4.4.1255.255.255.0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 100.1.1.1
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End
R1# show running-config
Building configuration...
Current configuration : 2300 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
ip address 210.25.96.10255.255.255.0 secondary
ip address 156.253.16.20255.255.255.0 secondary
ip address 114.115.25.30255.255.255.0 secondary
ip address 202.103.96.20255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map access
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 100.1.1.1255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 10.1.1.0 255.255.255.0 10.1.1.1
ip route 10.1.1.0 255.255.255.0 100.1.1.2
ip route 10.2.2.0 255.255.255.0 10.2.2.1
ip route 10.2.2.0 255.255.255.0 100.1.1.2
ip route 10.3.3.0 255.255.255.0 10.3.3.1
ip route 10.3.3.0 255.255.255.0 100.1.1.2
ip route 10.4.4.0 255.255.255.0 10.4.4.1
ip route 10.4.4.0 255.255.255.0 100.1.1.2
!
ip nat pool 1 202.103.96.20 202.103.96.20 netmask 255.255.255.0
ip nat pool 2 210.25.96.10 210.25.96.10 netmask 255.255.255.0
ip nat pool 3 156.253.16.20 156.253.16.20 netmask 255.255.255.0
ip nat pool 4 114.115.25.30 114.115.25.30 netmask 255.255.255.0
ip nat inside source list 1 pool 1 overload
ip nat inside source list 2 pool 2 overload
ip nat inside source list 3 pool 3 overload
ip nat inside source list 4 pool 4 overload
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 2 permit 10.2.2.0 0.0.0.255
access-list 3 permit 10.3.3.0 0.0.0.255
access-list 4 permit 10.4.4.0 0.0.0.255
!
route-map access permit 7
match ip address 4
set ip next-hop 114.115.25.3
!
route-map access permit 8
match ip address 3
set ip next-hop 156.253.16.10
!
route-map access permit 9
match ip address 2
set ip next-hop 210.25.96.3
!
route-map access permit 10
match ip address 1
set ip next-hop 202.103.96.68
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
轉載于:https://blog.51cto.com/bozong/1681416
總結
以上是生活随笔為你收集整理的4路外线(NAT+PBR真实案例)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Java系列笔记(1) - Java 类
- 下一篇: jquery实现99乘法表的动态显示