zoukankan      html  css  js  c++  java

  • 思科双出口+策略路由+NAT

    1. 使用策略路由,从教育网出去的,在教育网接口进行nat转换
    2. 访问教育网资源平时走教育网,故障走电信
    3. 访问internat走电信线路,故障走教育网
    4. 服务器静态绑定教育网ip,不管电信、联通、教育网都走教育网访问,所以服务器数据只能走教育网线路
    5. 如果学校内公网不进行nat转换,则route-map的acl只允许其它

     

    R5:
interface Loopback1
 ip address 192.168.100.1 255.255.255.0//虚拟服务器地址
!
interface Loopback2
 ip address 192.168.10.1 255.255.255.0//虚拟宿舍地址
!
interface Ethernet0/0
 ip address 10.1.1.1 255.255.255.0//通往出口路由
 half-duplex
!
ip route 0.0.0.0 0.0.0.0 10.1.1.2// 默认路由


R1:
interface Ethernet0/0
 ip address 10.1.1.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map test// 调用策略服务器网段走教育网
 half-duplex
!
interface Ethernet0/1
 ip address 12.1.1.1 255.255.255.0//电信出口ip
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/2
 ip address 13.1.1.1 255.255.255.0//教育网出口ip
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
!
ip route 0.0.0.0 0.0.0.0 12.1.1.2//默认走电信
ip route 0.0.0.0 0.0.0.0 13.1.1.2 100/冗余备份走教育网
ip route 192.168.10.0 255.255.255.0 10.1.1.1//回指路由
ip route 192.168.100.0 255.255.255.0 10.1.1.1//回指路由
ip route 200.1.1.0 255.255.255.0 13.1.1.2//明细教育网路由
!
ip nat inside source route-map dianxing interface Ethernet0/1 overload//转换关联,电信走0/1
ip nat inside source route-map jiaoyuwang interface Ethernet0/2 overload//转换关联,教育网走0/2
!
access-list 1 permit 192.168.100.0 0.0.0.255//允许网段ACL
no cdp log mismatch duplex
!
route-map test permit 10//策略路由ACL-1下一跳
 match ip address 1
 set ip next-hop 13.1.1.2
!
route-map dianxing permit 10//策略路由
 match interface Ethernet0/1  //定义匹配规则
 set interface Ethernet0/1  //定义发出的数据包的出口
!
route-map jiaoyuwang permit 10
 match interface Ethernet0/2
 set interface Ethernet0/2
!

R2:
interface Ethernet0/1
 ip address 12.1.1.2 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 ip address 23.1.1.1 255.255.255.0
 half-duplex
!
ip route 0.0.0.0 0.0.0.0 23.1.1.2

R3:
interface Ethernet0/1
 ip address 34.1.1.1 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 ip address 13.1.1.2 255.255.255.0
 half-duplex
!
ip route 0.0.0.0 0.0.0.0 34.1.1.2

R4:
interface Loopback1
 ip address 100.1.1.1 255.255.255.0
!
interface Loopback2
 ip address 200.1.1.1 255.255.255.0
!
interface Ethernet0/1
 ip address 34.1.1.2 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 ip address 23.1.1.2 255.255.255.0
 half-duplex
!
ip route 12.1.1.0 255.255.255.0 23.1.1.1
ip route 13.1.1.0 255.255.255.0 34.1.1.1


ACL实现

ip nat inside source list 100 interface GigabitEthernet0/2 overload
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip classless
ip route 200.1.1.0 255.255.255.0 13.1.1.2 
ip route 0.0.0.0 0.0.0.0 12.1.1.2 
!
!
access-list 100 permit ip any 200.1.1.0 0.0.0.255// 允许访问教育网200.1.1.0网段
access-list 100 deny ip any any
access-list 101 deny ip any 200.1.1.0 0.0.0.255
access-list 101 permit ip any any
  • 相关阅读:
    UVa12093
    UVa1631
    vue路由跳转的三种方式
    vue中的钩子函数(判断是否跳转页面)beforeEach
    vue中子组件向父组件传值方法?
    vue中对数组,对象的操作如下
    vue-router的beforeEach的使用?
    vue拦截器使用?
    vue中父子组件以及兄弟组件的传值情况?
    前端模块化?
  • 原文地址:https://www.cnblogs.com/qaszxc/p/8093310.html
Copyright © 2011-2022 走看看