好的,我的设置是,我有 2 个 VLAN,目前通过有线互联网上的 fa0 进行路由,使用 DHCP。我希望能够将 dsl 和 dhcp 插入 fa1,并在 fa0 发生故障时将其用作自动故障转移。我只是不确定如何继续。我在网上看到的所有示例都可以在没有 NAT 的情况下工作,所以如果有人能给我指明正确的方向,我将不胜感激。
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$I9I.$nqNqNaH..3CJ6xtB7FSVR0
enable password 7 106D5E4853441F1C1445
!
no aaa new-model
!
!
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.10
ip dhcp excluded-address 10.10.0.1 10.10.0.2
!
ip dhcp pool Lan1DHCP
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 8.8.8.8
!
ip dhcp pool FamDHCP
network 10.10.0.0 255.255.0.0
default-router 10.10.0.1
dns-server 8.8.8.8
!
!
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
switchport access vlan 10
!
interface FastEthernet3
switchport access vlan 10
!
interface FastEthernet4
switchport access vlan 10
!
interface FastEthernet5
switchport access vlan 10
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
switchport access vlan 20
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan20
ip address 10.10.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet0 overload
ip nat inside source list 102 interface FastEthernet0 overload
ip nat inside source static tcp 10.0.0.200 80 interface FastEthernet0 80
ip nat inside source static tcp 10.0.0.200 443 interface FastEthernet0 443
!
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 101 permit tcp any host 0.0.0.0 eq www
access-list 101 permit tcp any host 0.0.0.0 eq 443
access-list 102 permit ip 10.10.0.0 0.0.255.255 any
!
!
end
答案1
这里有两个很好的例子。我过去曾参考过这两篇文档来配置这种故障转移场景。
示例配置:
interface GigabitEthernet0/0/1
description PRIMARY LINK TO ISP 1
ip address 10.0.12.1 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/0
description BACKUP LINK TO ISP 2
ip address 10.0.13.1 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/2
description TOWARDS CUSTOMER LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!
!
ip access-list extended 101
permit ip 192.168.1.0 0.0.0.255 any
!
track 8 ip sla 1 reachability
!
ip sla 1
icmp-echo 10.0.12.2 source-ip 10.0.12.1
ip sla schedule 1 life forever start-time now
!
ip route 0.0.0.0 0.0.0.0 10.0.12.2 track 8
ip route 0.0.0.0 0.0.0.0 10.0.13.2 10
!
route-map NAT_ISP2 permit 10
match ip address 101
match interface GigabitEthernet0/0/0
!
route-map NAT_ISP1 permit 10
match ip address 101
match interface GigabitEthernet0/0/1
!
ip nat inside source route-map NAT_ISP1 interface GigabitEthernet0/0/1 overload
ip nat inside source route-map NAT_ISP2 interface GigabitEthernet0/0/0 overload