环境:
内部
网络:192.168.1.0/24
出口:铁通2M(ADSL)×2
要求:
192.168.1.0/25为临时地址段
192.168.1.128/26为固定地址段1
192.168.1.192/26为固定地址段2
固定地址段1使用出口1(Dialer 1)接入互联网
固定地址段2使用出口2(Dialer 2)接入互联网
临时地址段使用出口2(Dialer 2)接入互联网
备注:
由于路由器不需要和外部通信,因此没有加缺省路由,经过NAT的
数据包通过策略路由选路,故不受影响。
Current configuration : 4227 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip domain lookup
ip domain name yourdomain.com
vpdn enablevpdn ip udp ignore checksum
!
vpdn-group pppoe
request-dialin
protocol pppoe!
!
username cisco privilege 15 secret 5 $1$FP5m$UcDfr996RzQ/xmupbW/qJ.
!
!
!
interface FastEthernet0/0 /*出口1的物理接口description For 60360001
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1 /*出口2的物理接口description For 60360002
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 2
!
interface FastEthernet0/0/0
duplex full
speed 100
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1 /*内部网络的三层接口ip address 192.168.1.1 255.255.255.0
ip nat inside
ip policy route-map default
/*对此接口的数据包应用名为"default"的策略(路由映射)!
interface Dialer1 /*出口1的虚拟接口ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname 60360001
ppp chap password 0 60360001
!
interface Dialer2 /*出口2的虚拟接口ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 2
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname 60360002
ppp chap password 0 60360002
!
ip classless
!
no ip http
serverip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface Dialer1 overload
ip nat inside source list 4 interface Dialer2 overload
ip nat inside source list temp interface Dialer2 overload!
ip access-list standard temp
permit 192.168.1.0 0.0.0.127!
access-list 3 permit 192.168.1.128 0.0.0.63
access-list 4 permit 192.168.1.192 0.0.0.63
dialer-list 1 protocol ip permit!
route-map default permit 10 /*策略路由match ip address 3
/*匹配符合访问列表3的数据包set interface Dialer1
/*设置被上述条件匹配的数据包出口为Dialer1!
route-map default permit 20 /*策略路由match ip address 4
/*匹配符合访问列表4的数据包set interface Dialer2
/*设置被上述条件匹配的数据包出口为Dialer2!
route-map default permit 30 /*策略路由match ip address temp
/*匹配符合访问列表temp的数据包set interface Dialer2
/*设置被上述条件匹配的数据包出口为Dialer2!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username privilege 15 secret 0
no username cisco
Replace and with the username and password you want to use
.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password cisco
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
!
end
Router#
阅读(1092) | 评论(0) | 转发(0) |