zoukankan      html  css  js  c++  java
  • 思科双出口+策略路由+NAT

    1. 使用策略路由,从教育网出去的,在教育网接口进行nat转换
    2. 访问教育网资源平时走教育网,故障走电信
    3. 访问internat走电信线路,故障走教育网
    4. 服务器静态绑定教育网ip,不管电信、联通、教育网都走教育网访问,所以服务器数据只能走教育网线路
    5. 如果学校内公网不进行nat转换,则route-map的acl只允许其它

     

    R5:
    interface Loopback1
     ip address 192.168.100.1 255.255.255.0//虚拟服务器地址
    !
    interface Loopback2
     ip address 192.168.10.1 255.255.255.0//虚拟宿舍地址
    !
    interface Ethernet0/0
     ip address 10.1.1.1 255.255.255.0//通往出口路由
     half-duplex
    !
    ip route 0.0.0.0 0.0.0.0 10.1.1.2// 默认路由
    
    
    R1:
    interface Ethernet0/0
     ip address 10.1.1.2 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     ip policy route-map test// 调用策略服务器网段走教育网
     half-duplex
    !
    interface Ethernet0/1
     ip address 12.1.1.1 255.255.255.0//电信出口ip
     ip nat outside
     ip virtual-reassembly
     half-duplex
    !
    interface Ethernet0/2
     ip address 13.1.1.1 255.255.255.0//教育网出口ip
     ip nat outside
     ip virtual-reassembly
     half-duplex
    !
    !
    ip route 0.0.0.0 0.0.0.0 12.1.1.2//默认走电信
    ip route 0.0.0.0 0.0.0.0 13.1.1.2 100/冗余备份走教育网
    ip route 192.168.10.0 255.255.255.0 10.1.1.1//回指路由
    ip route 192.168.100.0 255.255.255.0 10.1.1.1//回指路由
    ip route 200.1.1.0 255.255.255.0 13.1.1.2//明细教育网路由
    !
    ip nat inside source route-map dianxing interface Ethernet0/1 overload//转换关联,电信走0/1
    ip nat inside source route-map jiaoyuwang interface Ethernet0/2 overload//转换关联,教育网走0/2
    !
    access-list 1 permit 192.168.100.0 0.0.0.255//允许网段ACL
    no cdp log mismatch duplex
    !
    route-map test permit 10//策略路由ACL-1下一跳
     match ip address 1
     set ip next-hop 13.1.1.2
    !
    route-map dianxing permit 10//策略路由
     match interface Ethernet0/1  //定义匹配规则
     set interface Ethernet0/1  //定义发出的数据包的出口
    !
    route-map jiaoyuwang permit 10
     match interface Ethernet0/2
     set interface Ethernet0/2
    !
    
    R2:
    interface Ethernet0/1
     ip address 12.1.1.2 255.255.255.0
     half-duplex
    !
    interface Ethernet0/2
     ip address 23.1.1.1 255.255.255.0
     half-duplex
    !
    ip route 0.0.0.0 0.0.0.0 23.1.1.2
    
    R3:
    interface Ethernet0/1
     ip address 34.1.1.1 255.255.255.0
     half-duplex
    !
    interface Ethernet0/2
     ip address 13.1.1.2 255.255.255.0
     half-duplex
    !
    ip route 0.0.0.0 0.0.0.0 34.1.1.2
    
    R4:
    interface Loopback1
     ip address 100.1.1.1 255.255.255.0
    !
    interface Loopback2
     ip address 200.1.1.1 255.255.255.0
    !
    interface Ethernet0/1
     ip address 34.1.1.2 255.255.255.0
     half-duplex
    !
    interface Ethernet0/2
     ip address 23.1.1.2 255.255.255.0
     half-duplex
    !
    ip route 12.1.1.0 255.255.255.0 23.1.1.1
    ip route 13.1.1.0 255.255.255.0 34.1.1.1
    
    
    ACL实现
    
    ip nat inside source list 100 interface GigabitEthernet0/2 overload
    ip nat inside source list 101 interface GigabitEthernet0/1 overload
    ip classless
    ip route 200.1.1.0 255.255.255.0 13.1.1.2 
    ip route 0.0.0.0 0.0.0.0 12.1.1.2 
    !
    !
    access-list 100 permit ip any 200.1.1.0 0.0.0.255// 允许访问教育网200.1.1.0网段
    access-list 100 deny ip any any
    access-list 101 deny ip any 200.1.1.0 0.0.0.255
    access-list 101 permit ip any any
  • 相关阅读:
    元数据的优势
    老婆从今天开始出差
    清单元数据表中的导出类型定义
    Singleton模式
    拖管代码的优势
    元数据
    "软件随想录"阅读笔记
    《敏捷软件开发》学习笔记:敏捷设计原则
    项目管理中的三个"凡是"
    Python基础(1):数据类型
  • 原文地址:https://www.cnblogs.com/qaszxc/p/8093310.html
Copyright © 2011-2022 走看看