分类:
2012-07-26 14:04:35
环境:
内部网络:192.168.1.0/24
出口:铁通2M(ADSL)×2
要求:
192.168.1.0/25为临时地址段
192.168.1.128/26为固定地址段1
192.168.1.192/26为固定地址段2
固定地址段1使用出口1(Dialer 1)接入互联网
固定地址段2使用出口2(Dialer 2)接入互联网
临时地址段使用出口2(Dialer 2)接入互联网
备注:
由于路由器不需要和外部通信,因此没有加缺省路由,经过NAT的数据包路由选路,故不受影响。
Current configuration : 4227 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip domain lookup
ip domain name yourdomain.com
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
username cisco privilege 15 secret 5 $1$FP5m$UcDfr996RzQ/xmupbW/qJ.
!
!
!
interface FastEthernet0/0 /*出口1的物理接口
description For 60360001
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1 /*出口2的物理接口
description For 60360002
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 2
!
interface FastEthernet0/0/0
duplex full
speed 100
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1 /*内部网络的三层接口
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip policy route-map default /*对此接口的数据包应用名为"default"的策略(路由映射)
!
interface Dialer1 /*出口1的虚拟接口
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname 60360001
ppp chap password 0 60360001
!
interface Dialer2 /*出口2的虚拟接口
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 2
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname 60360002
ppp chap password 0 60360002
!
ip classless
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface Dialer1 overload
ip nat inside source list 4 interface Dialer2 overload
ip nat inside source list temp interface Dialer2 overload
!
ip access-list standard temp
permit 192.168.1.0 0.0.0.127
!
access-list 3 permit 192.168.1.128 0.0.0.63
access-list 4 permit 192.168.1.192 0.0.0.63
dialer-list 1 protocol ip permit
!
route-map default permit 10 /*策略路由
match ip address 3 /*匹配符合访问列表3的数据包
set interface Dialer1 /*设置被上述条件匹配的数据包出口为Dialer1
!
route-map default permit 20 /*策略路由
match ip address 4 /*匹配符合访问列表4的数据包
set interface Dialer2 /*设置被上述条件匹配的数据包出口为Dialer2
!
route-map default permit 30 /*策略路由
match ip address temp /*匹配符合访问列表temp的数据包
set interface Dialer2 /*设置被上述条件匹配的数据包出口为Dialer2