实际网络工程中配置公网多出口

时间:2024-06-10 20:08:00
刚开始企业在运营商只申请了一条链路,随着业务的发展,一条链路不能满足企业的网络带宽,需要在原有链路的基础上再申请一条链路,由原来的单出口改为双出口,对内网不同的网段进行控制让其走指定的链路上网。配置GigabitEthernet0/0/10通过PPPoE拨号上网。配置策略路由实现不同网段通过不同运营商上网。
1.配置需要进行NAT的ACL。
[Router] acl 2015
[Router-acl-basic-2015] rule permit source 192.168.10.0 0.0.0.255
[Router-acl-basic-2015] rule permit source 192.168.20.0 0.0.0.255
[Router-acl-basic-2015] quit
2.配置拨号访问控制列表。
[Router] dialer-rule
[Router-dialer-rule] dialer-rule 1 ip permit
[Router-dialer-rule] quit
3.配置拨号接口。
[Router] interface Dialer 0
[Router-Dialer0] ip address ppp-negotiate
[Router-Dialer0] ppp chap user Router
[Router-Dialer0] ppp chap password cipher Router@123
[Router-Dialer0] dialer user user
[Router-Dialer0] dialer bundle 1
[Router-Dialer0] dialer-group 1
[Router-Dialer0] ppp ipcp dns request
[Router-Dialer0] ppp ipcp dns admit-any
[Router-Dialer0] quit
4.配置使用接口IP地址进行NAT转换。
[Router] interface Dialer 0
[Router-Dialer0] nat outbound 2015
[Router-Dialer0] quit
5.配置TCP最大报文段长度为1200,如果使用默认的1460可能会出现访问网站慢的情况。
[Router] interface Dialer 0
[Router-Dialer0] tcp adjust-mss 1200
[Router-Dialer0] quit
6.在连接运营商线路的物理接口启用PPPoE功能。
[Router] interface GigabitEthernet 0/0/10
[Router-GigabitEthernet0/0/10] pppoe-client dial-bundle-number 1
[Router-GigabitEthernet0/0/10] quit
7.配置到公网的缺省静态路由,指定出接口为Dialer 0。
[Router] ip route-static 0.0.0.0 0 Dialer 0
8.配置ACL匹配数据流,需要把内网互访的数据流不要做重定向。
[Router] acl 3000
[Router-acl-adv-3000] rule permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
[Router-acl-adv-3000] rule permit ip source 192.168.20.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
[Router-acl-adv-3000] quit
[Router] acl 3001
[Router-acl-adv-3001] rule permit ip source 192.168.10.0 0.0.0.255
[Router-acl-adv-3001] quit
[Router] acl 3002
[Router-acl-adv-3002] rule permit ip source 192.168.20.0 0.0.0.255
[Router-acl-adv-3002] quit
9.配置流分类c0、c1和c2,分别匹配ACL3000、ACL3001和ACL3002。
[Router] traffic classifier c0
[Router-classifier-c0] if-match acl 3000
[Router-classifier-c0] quit
[Router] traffic classifier c1
[Router-classifier-c1] if-match acl 3001
[Router-classifier-c1] quit
[Router] traffic classifier c2
[Router-classifier-c2] if-match acl 3002
[Router-classifier-c2] quit
10.配置流行为,对内网互访的数据流不做重定向操作,对内网192.168.10.0网段的数据重定向到下一跳1.1.1.1,对内网192.168.20.0网段的数据重定向到出接口Dialer0。
[Router] traffic behavior b0
[Router-behavior-b0] permit
[Router-behavior-b0] quit
[Router] traffic behavior b1
[Router-behavior-b1] redirect ip-nexthop 1.1.1.1
[Router-behavior-b1] quit
[Router] traffic behavior b2
[Router-behavior-b2] redirect interface Dialer 0
[Router-behavior-b2] quit
11.配置流策略,分别将流分类和流行为组合起来。
[Router] traffic policy test
[Router-trafficpolicy-test] classifier c0 behavior b0
[Router-trafficpolicy-test] classifier c1 behavior b1
[Router-trafficpolicy-test] classifier c2 behavior b2
[Router-trafficpolicy-test] quit
12.将流策略应用到出口路由器互联内网交换机的接口。
[Router] interface GigabitEthernet 0/0/1
[Router-GigabitEthernet0/0/1] traffic-policy test inbound
[Router-GigabitEthernet0/0/1] quit
[Router] interface GigabitEthernet 0/0/2
[Router-GigabitEthernet0/0/2] traffic-policy test inbound
[Router-GigabitEthernet0/0/2] quit