配置思路:
- 基础拓扑搭建.
- 划分VLAN,配置access/trunk/SVI,IP 地址
- 配置内网路由(汇聚于核心跑OSPF)
- 规划外网路由与NAT
通过配置实现:
- 宿舍区访问互联网使用电信出口.教学区使用联通出口
- 任何一条链路故障,能够自动切换
- 宿舍区和教学区均使用路由器出口地址做PAT
如何实现,让宿舍区192. 168.10.0走电信
如何实现,让教学区192. 168.20.0走联通
access-list 10 permit 192.1 68.10.0 0.0.0.255 //匹配宿舍区 VLAN10流量
route-map fenliu permit 10
match ip address 10//宿舍区流量
set ip default next-hop 50.1.1.2 60.1.1.2 //宿舍区流量优先走电信出口,电信down走联通.
access-list 20 permit 192.168.20.0 0.0.0.255 //匹配教学区 VLAN20流量
route- map fenliu permit 20
match ip address 20
//教学区流量
set set ip next-hop 60.1.1.2 50.1.1.2 //教学区 流量优先走联通出口,联通down走电信
interface FastEthernet0/0
ip policy route-map fenliu
!
interface FastEthernet0/1
ip policy route-map fenliu
如何让走电信出口的,利用电信的NAT地址池/电信接口地址做PAT(为何要这样?因为如果你使用了电信的NAT地址从联通出去了,数据包可以回来吗?如果你访问的电信的地址,网通ISP没有这条目的地的路由就无法通信)
access-list 10 permit 192. 168.1.0 0.0.0.255 (上面已经配置过,无需再次配置)
ip nat inside source list 10 interface s 1/0 overload
access-list 20 permit 192. 168.2.0 0.0.0.255 (上面已经配置过,无需再次配置)
ip nat inside source list 20 interface s1/1 overload
步骤
R1
R1(config)#do sh run Building configuration... Current configuration : 2712 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! ip subnet-zero no ip icmp rate-limit unreachable ! ! ip tcp synwait-time 5 ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 30.1.1.2 255.255.255.0 ip nat inside ip virtual-reassembly ip policy route-map cisco duplex auto speed auto ! interface FastEthernet0/1 ip address 40.1.1.2 255.255.255.0 ip nat inside ip virtual-reassembly ip policy route-map cisco duplex auto speed auto ! interface Serial1/0 ip address 50.1.1.1 255.255.255.0 ip nat outside ip virtual-reassembly serial restart-delay 0 ! interface Serial1/1 ip address 60.1.1.1 255.255.255.0 ip nat outside ip virtual-reassembly serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! interface Serial2/0 no ip address shutdown serial restart-delay 0 ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! interface Serial3/0 no ip address shutdown serial restart-delay 0 ! interface Serial3/1 no ip address shutdown serial restart-delay 0 ! interface Serial3/2 no ip address shutdown serial restart-delay 0 ! interface Serial3/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 router-id 1.1.1.1 log-adjacency-changes network 30.1.1.0 0.0.0.255 area 0 network 40.1.1.0 0.0.0.255 area 0 default-information originate always ! router rip version 2 network 50.0.0.0 network 60.0.0.0 no auto-summary ! ip classless ! no ip http server no ip http secure-server ! ip nat inside source route-map dianxin interface Serial1/0 overload ip nat inside source route-map liantong interface Serial1/1 overload ! access-list 10 permit 192.168.10.0 0.0.0.255 access-list 20 permit 192.168.20.0 0.0.0.255 no cdp log mismatch duplex ! route-map liantong permit 20 match interface Serial1/1 ! route-map cisco permit 10 match ip address 10 set ip next-hop 50.1.1.2 60.1.1.2 ! route-map cisco permit 20 match ip address 20 set ip next-hop 60.1.1.2 50.1.1.2 ! route-map dianxin permit 10 match interface Serial1/0 ! ! ! ! control-plane ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! end R1(config)#
liantong
liantong#sh run Building configuration... Current configuration : 1136 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname liantong ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip tcp synwait-time 5 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 200.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 90.1.1.1 255.255.255.0 duplex auto speed auto ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 ip address 60.1.1.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router rip version 2 network 60.0.0.0 network 90.0.0.0 network 200.1.1.0 no auto-summary ! no ip http server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end liantong#
dianxin
dianxin(config-if)#do sh run Building configuration... Current configuration : 1172 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname dianxin ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip tcp synwait-time 5 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 100.1.1.1 255.255.255.0 ! interface Loopback1 no ip address ! interface FastEthernet0/0 ip address 90.1.1.2 255.255.255.0 duplex auto speed auto ! interface Serial1/0 ip address 50.1.1.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router rip version 2 network 50.0.0.0 network 90.0.0.0 network 100.0.0.0 no auto-summary ! no ip http server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end dianxin(config-if)#
sw1
SW1(config-if)#do sh run Building configuration... Current configuration : 2912 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname SW1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ip tcp synwait-time 5 ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! macro name add_vlan end vlan database vlan $v exit @ macro name del_vlan end vlan database no vlan $v exit @ ! vtp file nvram:vlan.dat ! ! ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** ip address 30.1.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 switchport access vlan 10 duplex full speed 100 ! interface FastEthernet1/1 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 192.168.10.254 255.255.255.0 ! router ospf 1 router-id 2.2.2.2 log-adjacency-changes network 30.1.1.0 0.0.0.255 area 0 network 192.168.10.0 0.0.0.255 area 0 ! ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! control-plane ! ! banner exec ^C *************************************************************** This is a normal Router with a Switch module inside (NM-16ESW) It has been pre-configured with hard-coded speed and duplex To create vlans use the command "vlan database" in exec mode After creating all desired vlans use "exit" to apply the config To view existing vlans use the command "show vlan-switch brief" Alias(exec) : vl - "show vlan-switch brief" command Alias(configure): va X - macro to add vlan X Alias(configure): vd X - macro to delete vlan X *************************************************************** ^C alias configure va macro global trace add_vlan $v alias configure vd macro global trace del_vlan $v alias exec vl show vlan-switch brief ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end SW1(config-if)#
sw2
SW2(config-router)#do sh run Building configuration... Current configuration : 2912 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname SW2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ip tcp synwait-time 5 ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! macro name add_vlan end vlan database vlan $v exit @ macro name del_vlan end vlan database no vlan $v exit @ ! vtp file nvram:vlan.dat ! ! ! ! ! ! interface FastEthernet0/0 description *** Unused for Layer2 EtherSwitch *** no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description *** Unused for Layer2 EtherSwitch *** ip address 40.1.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 switchport access vlan 20 duplex full speed 100 ! interface FastEthernet1/1 duplex full speed 100 ! interface FastEthernet1/2 duplex full speed 100 ! interface FastEthernet1/3 duplex full speed 100 ! interface FastEthernet1/4 duplex full speed 100 ! interface FastEthernet1/5 duplex full speed 100 ! interface FastEthernet1/6 duplex full speed 100 ! interface FastEthernet1/7 duplex full speed 100 ! interface FastEthernet1/8 duplex full speed 100 ! interface FastEthernet1/9 duplex full speed 100 ! interface FastEthernet1/10 duplex full speed 100 ! interface FastEthernet1/11 duplex full speed 100 ! interface FastEthernet1/12 duplex full speed 100 ! interface FastEthernet1/13 duplex full speed 100 ! interface FastEthernet1/14 duplex full speed 100 ! interface FastEthernet1/15 duplex full speed 100 ! interface Vlan1 no ip address shutdown ! interface Vlan20 ip address 192.168.20.254 255.255.255.0 ! router ospf 1 router-id 3.3.3.3 log-adjacency-changes network 40.1.1.0 0.0.0.255 area 0 network 192.168.20.0 0.0.0.255 area 0 ! ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! ! ! control-plane ! ! banner exec ^C *************************************************************** This is a normal Router with a Switch module inside (NM-16ESW) It has been pre-configured with hard-coded speed and duplex To create vlans use the command "vlan database" in exec mode After creating all desired vlans use "exit" to apply the config To view existing vlans use the command "show vlan-switch brief" Alias(exec) : vl - "show vlan-switch brief" command Alias(configure): va X - macro to add vlan X Alias(configure): vd X - macro to delete vlan X *************************************************************** ^C alias configure va macro global trace add_vlan $v alias configure vd macro global trace del_vlan $v alias exec vl show vlan-switch brief ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end SW2(config-router)#
pc1
pc1#sh run Building configuration... Current configuration : 1587 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname pc1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable ip tcp synwait-time 5 ! ! no ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 no ip route-cache duplex auto speed auto ! interface Ethernet1/0 no ip address no ip route-cache shutdown half-duplex ! interface Ethernet1/1 no ip address no ip route-cache shutdown half-duplex ! interface Ethernet1/2 no ip address no ip route-cache shutdown half-duplex ! interface Ethernet1/3 no ip address no ip route-cache shutdown half-duplex ! interface FastEthernet2/0 ! interface FastEthernet2/1 ! interface FastEthernet2/2 ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface FastEthernet2/5 ! interface FastEthernet2/6 ! interface FastEthernet2/7 ! interface FastEthernet2/8 ! interface FastEthernet2/9 ! interface FastEthernet2/10 ! interface FastEthernet2/11 ! interface FastEthernet2/12 ! interface FastEthernet2/13 ! interface FastEthernet2/14 ! interface FastEthernet2/15 ! interface Vlan1 no ip address no ip route-cache ! ip default-gateway 192.168.10.254 no ip http server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! pc1#
pc2
pc2#sh run Building configuration... Current configuration : 1587 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname pc2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip routing no ip icmp rate-limit unreachable ip tcp synwait-time 5 ! ! no ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.20.1 255.255.255.0 no ip route-cache duplex auto speed auto ! interface Ethernet1/0 no ip address no ip route-cache shutdown half-duplex ! interface Ethernet1/1 no ip address no ip route-cache shutdown half-duplex ! interface Ethernet1/2 no ip address no ip route-cache shutdown half-duplex ! interface Ethernet1/3 no ip address no ip route-cache shutdown half-duplex ! interface FastEthernet2/0 ! interface FastEthernet2/1 ! interface FastEthernet2/2 ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface FastEthernet2/5 ! interface FastEthernet2/6 ! interface FastEthernet2/7 ! interface FastEthernet2/8 ! interface FastEthernet2/9 ! interface FastEthernet2/10 ! interface FastEthernet2/11 ! interface FastEthernet2/12 ! interface FastEthernet2/13 ! interface FastEthernet2/14 ! interface FastEthernet2/15 ! interface Vlan1 no ip address no ip route-cache ! ip default-gateway 192.168.20.254 no ip http server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end pc2#
