三路電信企業(yè)寬帶固定IP、一路聯(lián)通企業(yè)寬帶固定IP。

需求：每個(gè)二層下組成一個(gè)內(nèi)網(wǎng)、每個(gè)內(nèi)網(wǎng)分配一路外線（暫時(shí)不做故障轉(zhuǎn)移）

?設(shè)備（1臺(tái)cisco3560三層交換機(jī)、一臺(tái)cisco2911路由器且只有兩個(gè)端口、4臺(tái)二層交換機(jī)）

?

數(shù)據(jù)走向圖：

劃分5個(gè)vlan，其中4個(gè)vlan各對(duì)應(yīng)下面4臺(tái)二層交換機(jī)，也就是對(duì)應(yīng)每個(gè)內(nèi)網(wǎng)，第5個(gè)vlan用于擴(kuò)展路由器外線接口（路由器外線接口采用多IP方案，沒有用子接口）

路由器內(nèi)線與三層交換機(jī)采用三層互聯(lián)（內(nèi)線對(duì)應(yīng)的三層交換機(jī)端口是三層端口）

4個(gè)二層交換機(jī)所對(duì)應(yīng)三層端口采用vlan上配置IP，沒有轉(zhuǎn)換三層端口

路由器上做NAT+PBR實(shí)現(xiàn)每個(gè)內(nèi)網(wǎng)對(duì)應(yīng)到一個(gè)外網(wǎng)上

R3/R4/R5/R6是公網(wǎng)路由器

C1/C2/C3/C4為每個(gè)內(nèi)網(wǎng)的主機(jī)

R2為三層交換機(jī)、R1為路由器

SW1/SW2/SW3/SW4 是4臺(tái)二層交換機(jī)

下面我貼出三層交換機(jī)和路由器的配置

R2（三層交換機(jī)）#show running-config

Building configuration...

Current configuration : 1525 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

!

!

ip cef

no ip domain lookup

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip tcp synwait-time 5

!

!

!

!

!

interface FastEthernet0/0

!

interface FastEthernet0/1

!

interface FastEthernet0/2

??!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
no switchport
ip address 100.1.1.2255.255.255.0
!
interface FastEthernet0/6
switchport access vlan 10
!
interface FastEthernet0/7
switchport access vlan 20
!
interface FastEthernet0/8
switchport access vlan 30
!
interface FastEthernet0/9
switchport access vlan 40
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.1.1.1255.255.255.0
!
interface Vlan20
ip address 10.2.2.1255.255.255.0
!
interface Vlan30
ip address 10.3.3.1255.255.255.0
!
interface Vlan40
ip address 10.4.4.1255.255.255.0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 100.1.1.1
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End





R1# show running-config
Building configuration...

Current configuration : 2300 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
ip address 210.25.96.10255.255.255.0 secondary
ip address 156.253.16.20255.255.255.0 secondary
ip address 114.115.25.30255.255.255.0 secondary
ip address 202.103.96.20255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map access
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 100.1.1.1255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 10.1.1.0 255.255.255.0 10.1.1.1
ip route 10.1.1.0 255.255.255.0 100.1.1.2
ip route 10.2.2.0 255.255.255.0 10.2.2.1
ip route 10.2.2.0 255.255.255.0 100.1.1.2
ip route 10.3.3.0 255.255.255.0 10.3.3.1
ip route 10.3.3.0 255.255.255.0 100.1.1.2
ip route 10.4.4.0 255.255.255.0 10.4.4.1
ip route 10.4.4.0 255.255.255.0 100.1.1.2
!
ip nat pool 1 202.103.96.20 202.103.96.20 netmask 255.255.255.0
ip nat pool 2 210.25.96.10 210.25.96.10 netmask 255.255.255.0
ip nat pool 3 156.253.16.20 156.253.16.20 netmask 255.255.255.0
ip nat pool 4 114.115.25.30 114.115.25.30 netmask 255.255.255.0
ip nat inside source list 1 pool 1 overload
ip nat inside source list 2 pool 2 overload
ip nat inside source list 3 pool 3 overload
ip nat inside source list 4 pool 4 overload
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 2 permit 10.2.2.0 0.0.0.255
access-list 3 permit 10.3.3.0 0.0.0.255
access-list 4 permit 10.4.4.0 0.0.0.255
!
route-map access permit 7
match ip address 4
set ip next-hop 114.115.25.3
!
route-map access permit 8
match ip address 3
set ip next-hop 156.253.16.10
!
route-map access permit 9
match ip address 2
set ip next-hop 210.25.96.3
!
route-map access permit 10
match ip address 1
set ip next-hop 202.103.96.68
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

轉(zhuǎn)載于:https://blog.51cto.com/bozong/1681416

總結(jié)

以上是生活随笔為你收集整理的4路外线（NAT+PBR真实案例）的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。