PBR+NAT+單臂路由+多出口應用例子:
拓撲圖:
說明:
PC1:192.168.1.1/24 gw 192.168.1.254
PC2:192.168.2.1/24 gw 192.168.2.254
R3上做爲網關,並且也作爲出口路由器
電信ISP,聯通ISP都模擬環回口1.1.1.1用來做測試
主要配置:
R3:
R3#sh run
Building configuration...
Current configuration:2141bytes
!
version12.4
service timestamps debugdate timemsec
service timestamps logdate timemsec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem5
!
!
ip cef
no ip domainlookup
ipdomainname lab.local
!
interface Serial0/0
ip address 100.100.100.3 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial0/1
ip address 200.200.200.3 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay0
!
interfac eFastEthernet 1/0.1
encapsulation dot1Q 10
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map PBR
!
interface FastEthernet 1/0.2
encapsulation dot1Q 20
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map PBR
!
ip nat inside source route-map nat1 interfaceSerial 0/0 overload
ip nat inside source route-map nat2 interfaceSerial 0/1 overload
ip nat inside source route-map nat3 interfaceSerial 0/1 overload
ip nat inside source route-map nat4 interfaceSerial 0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
!
route-map PBR permit 10
match ip address 1
set ip next-hop 100.100.100.1 200.200.200.2
!
route-map PBR permit 20
match ip address 2
set ip next-hop 200.200.200.2 100.100.100.1
!
route-map nat3 permit 10
match ip address 2
match interface Serial0/1
!
route-map nat2 permit 10
match ip address 1
!
route-map nat1 permit 10
match ip address 1
match interface Serial0/0
!
route-map nat4 permit 10
match ip address 2
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end