网通电信双线路上网,网通的走网通线路,电信的走电信线路,内网通过NAT上网,双线路故障自动切换

最近客户有一需求,新购买CISCO1841路由器,申请网通和电信双线路,都各申请到一个公网IP.想实现以下功能.

1.内部用户通过NAT上网
2.如果访问网通的服务器则智能选择走网通线路,电信同理
3.如果网通或电信任一线路有问题,则自动切换.保障线路实时畅通

解决方法:
1.内部通过NAT上网.配置电信和网通两个地址池,且都进行动态聚合地址转换
2.配置通往网通IP段的路由走网通的线路
3.配置一条默认静态路由到电信的网关

几点思考:
1.如果用户访问网通的服务器，则走网通的静态路由出去.
2,如果用户访问网通的服务器,但网通的线路down掉,则自动切换到"默认静态路由"通过电信的线路进行访问
3.如果用户访问电信的服务器,则走"默认静态路由"通过电信的线路出去
4.如果用户访问电信的服务器,但电信的线路down掉,怎么办? 这个问题没有找到解决方法

对于第4个问题,我的考虑是用浮动路由实现,即再增加一条默认静态路由,此路由到网通的网关,但优先级低.但用此中方法配置后测试一直不成功,不知道是什么原因.


路由器配置后,状态如下.经过测试基本达到客户要求.

  注释: 申请的网通IP: a.b.c.d        申请的电信IP: e.f.g.h

!This is the running config of the router: 10.10.10.1

!----------------------------------------------------------------------------

!version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname YongTaiRouter

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret 5 $1$Q561$BBCciXC9irt9374vc0gBN/

!

no aaa new-model

!

resource policy

!

clock timezone PCTime 8

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

ip cef

!

!

ip tcp synwait-time 10

no ip dhcp use vrf connected

!

!

no ip bootp server

ip domain name yongtaigroup.com

!

username yongtai privilege 15 secret 5 $1$qImA$HKoq7g00wzaUI/9XJOUMQ1

!

!

!

interface FastEthernet0/0

 description IN$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$

 ip address 10.10.10.1 255.255.255.0                             /* 内网IP

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat inside                                                                  /*内网NAT inside

 ip route-cache flow

 duplex auto

 speed auto

 no mop enabled

!

interface FastEthernet0/1

 description ChinaNet$FW_OUTSIDE$$ES_WAN$$ETH-WAN$

 ip address e.f.g.h 255.255.255.248                         /*电信提供的ip

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat outside                                                           /*外网NAT outside

 ip route-cache flow

 duplex auto

 speed auto

 no mop enabled

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1                                                                                                            

 ip address a.b.c.d 255.255.255.248                                                                /*网通IP

 ip nat outside                                                                                                   /*网通NAT outside

!

ip classless

ip route 0.0.0.0 0.0.0.0 e.f.g.1                                                             /*默认静态路由到电信的网关

ip route 58.16.0.0 255.248.0.0 221.2.234.193                                     /*-〉以下为到网通的静态路由

ip route 58.240.0.0 255.240.0.0 221.2.234.193

ip route 60.0.0.0 255.224.0.0 221.2.234.193

ip route 60.208.0.0 255.240.0.0 221.2.234.193

ip route 60.255.0.0 255.255.0.0 221.2.234.193

ip route 61.52.0.0 255.252.0.0 221.2.234.193

ip route 61.133.0.0 255.255.128.0 221.2.234.193

ip route 61.134.96.0 255.255.224.0 221.2.234.193

ip route 61.134.128.0 255.255.128.0 221.2.234.193

ip route 61.135.0.0 255.255.0.0 221.2.234.193

ip route 61.136.0.0 255.255.128.0 221.2.234.193

ip route 61.137.128.0 255.255.128.0 221.2.234.193

ip route 61.138.0.0 255.255.128.0 221.2.234.193

ip route 61.138.128.0 255.255.192.0 221.2.234.193

ip route 61.139.128.0 255.255.192.0 221.2.234.193

ip route 61.148.0.0 255.254.0.0 221.2.234.193

ip route 61.156.0.0 255.255.0.0 221.2.234.193

ip route 61.158.0.0 255.255.0.0 221.2.234.193

ip route 61.159.0.0 255.255.192.0 221.2.234.193

ip route 61.161.0.0 255.255.192.0 221.2.234.193

ip route 61.161.128.0 255.255.128.0 221.2.234.193

ip route 61.162.0.0 255.254.0.0 221.2.234.193

ip route 61.167.0.0 255.255.0.0 221.2.234.193

ip route 61.168.0.0 255.255.0.0 221.2.234.193

ip route 61.176.0.0 255.255.0.0 221.2.234.193

ip route 61.179.0.0 255.255.0.0 221.2.234.193

ip route 61.180.128.0 255.255.128.0 221.2.234.193

ip route 61.181.0.0 255.255.0.0 221.2.234.193

ip route 61.182.0.0 255.255.0.0 221.2.234.193

ip route 61.189.0.0 255.255.128.0 221.2.234.193

ip route 121.16.0.0 255.240.0.0 221.2.234.193

ip route 122.198.192.0 255.255.192.0 221.2.234.193

ip route 124.21.0.0 255.255.0.0 221.2.234.193

ip route 124.64.0.0 255.254.0.0 221.2.234.193

ip route 124.66.0.0 255.255.128.0 221.2.234.193

ip route 124.67.0.0 255.255.0.0 221.2.234.193

ip route 124.88.0.0 255.248.0.0 221.2.234.193

ip route 124.128.0.0 255.248.0.0 221.2.234.193

ip route 124.160.0.0 255.248.0.0 221.2.234.193

ip route 124.248.64.0 255.255.192.0 221.2.234.193

ip route 124.254.0.0 255.255.192.0 221.2.234.193

ip route 125.32.0.0 255.240.0.0 221.2.234.193

ip route 202.74.8.0 255.255.248.0 221.2.234.193

ip route 202.75.208.0 255.255.248.0 221.2.234.193

ip route 202.96.0.0 255.255.192.0 221.2.234.193

ip route 202.96.64.0 255.255.224.0 221.2.234.193

ip route 202.97.128.0 255.255.128.0 221.2.234.193

ip route 202.98.0.0 255.255.224.0 221.2.234.193

ip route 202.99.0.0 255.255.0.0 221.2.234.193

ip route 202.102.128.0 255.255.192.0 221.2.234.193

ip route 202.102.224.0 255.255.224.0 221.2.234.193

ip route 202.106.0.0 255.255.0.0 221.2.234.193

ip route 202.107.0.0 255.255.128.0 221.2.234.193

ip route 202.108.0.0 255.255.0.0 221.2.234.193

ip route 202.110.0.0 255.255.128.0 221.2.234.193

ip route 202.110.192.0 255.255.192.0 221.2.234.193

ip route 202.111.128.0 255.255.192.0 221.2.234.193

ip route 202.127.112.0 255.255.240.0 221.2.234.193

ip route 202.142.16.0 255.255.240.0 221.2.234.193

ip route 203.93.0.0 255.255.0.0 221.2.234.193

ip route 203.166.160.0 255.255.224.0 221.2.234.193

ip route 210.12.0.0 255.254.0.0 221.2.234.193

ip route 210.14.160.0 255.255.224.0 221.2.234.193

ip route 210.14.192.0 255.255.192.0 221.2.234.193

ip route 210.15.0.0 255.255.128.0 221.2.234.193

ip route 210.15.128.0 255.255.192.0 221.2.234.193

ip route 210.21.0.0 255.255.0.0 221.2.234.193

ip route 210.22.0.0 255.255.0.0 221.2.234.193

ip route 210.51.0.0 255.255.0.0 221.2.234.193

ip route 210.52.0.0 255.254.0.0 221.2.234.193

ip route 210.74.96.0 255.255.224.0 221.2.234.193

ip route 210.74.128.0 255.255.224.0 221.2.234.193

ip route 210.75.144.0 255.255.240.0 221.2.234.193

ip route 210.76.160.0 255.255.224.0 221.2.234.193

ip route 210.78.0.0 255.255.224.0 221.2.234.193

ip route 210.82.0.0 255.254.0.0 221.2.234.193

ip route 211.152.32.0 255.255.224.0 221.2.234.193

ip route 218.7.0.0 255.255.0.0 221.2.234.193

ip route 218.8.0.0 255.252.0.0 221.2.234.193

ip route 218.12.0.0 255.255.0.0 221.2.234.193

ip route 218.21.128.0 255.255.128.0 221.2.234.193

ip route 218.24.0.0 255.252.0.0 221.2.234.193

ip route 218.28.0.0 255.254.0.0 221.2.234.193

ip route 218.56.0.0 255.252.0.0 221.2.234.193

ip route 218.60.0.0 255.254.0.0 221.2.234.193

ip route 218.62.0.0 255.255.128.0 221.2.234.193

ip route 218.67.128.0 255.255.128.0 221.2.234.193

ip route 218.68.0.0 255.254.0.0 221.2.234.193

ip route 218.104.0.0 255.252.0.0 221.2.234.193

ip route 219.154.0.0 255.254.0.0 221.2.234.193

ip route 219.156.0.0 255.254.0.0 221.2.234.193

ip route 219.158.0.0 255.255.0.0 221.2.234.193

ip route 219.159.0.0 255.255.192.0 221.2.234.193

ip route 220.114.204.0 255.255.252.0 221.2.234.193

ip route 220.114.208.0 255.255.248.0 221.2.234.193

ip route 220.114.216.0 255.255.252.0 221.2.234.193

ip route 220.114.220.0 255.255.254.0 221.2.234.193

ip route 220.248.0.0 255.252.0.0 221.2.234.193

ip route 220.252.0.0 255.255.0.0 221.2.234.193

ip route 221.0.0.0 255.248.0.0 221.2.234.193

ip route 221.8.0.0 255.252.0.0 221.2.234.193

ip route 221.12.0.0 255.255.128.0 221.2.234.193

ip route 221.12.128.0 255.255.192.0 221.2.234.193

ip route 221.13.0.0 255.255.0.0 221.2.234.193

ip route 221.14.0.0 255.254.0.0 221.2.234.193

ip route 221.192.0.0 255.252.0.0 221.2.234.193

ip route 221.196.0.0 255.254.0.0 221.2.234.193

ip route 221.198.0.0 255.255.0.0 221.2.234.193

ip route 221.199.0.0 255.255.128.0 221.2.234.193

ip route 221.199.128.0 255.255.192.0 221.2.234.193

ip route 221.199.192.0 255.255.240.0 221.2.234.193

ip route 221.199.224.0 255.255.224.0 221.2.234.193

ip route 221.200.0.0 255.248.0.0 221.2.234.193

ip route 221.208.0.0 255.240.0.0 221.2.234.193

ip route 222.128.0.0 255.240.0.0 221.2.234.193

ip route 222.160.0.0 255.252.0.0 221.2.234.193                                     /*以上为到网通的静态路由

!

ip http server

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat pool ChinaNetPool e.f.g.h e.f.g.h netmask 255.255.255.248                /*电信地址池

ip nat pool CNCPool a.b.c.d a.b.c.d netmask 255.255.255.248                   /*网通地址池

ip nat inside source list 1 pool ChinaNetPool overload               /*动态聚合地址转换（NAT）--到电信

ip nat inside source list 2 pool CNCPool overload                     /*动态聚合地址转换（NAT）--到网通

!

logging trap debugging

access-list 1 remark SDM_ACL Category=2                           /*可NAT到电信的ACL

access-list 1 permit any

access-list 2 remark SDM_ACL Category=2                            /*可NAT到网通的ACL

access-list 2 permit any

no cdp run

!

control-plane

!

banner login ^CAuthorized access only!

 Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

 login local

 transport output telnet

line aux 0

 login local

 transport output telnet

line vty 0 4

 privilege level 15

 login local

 transport input telnet

line vty 5 15

 privilege level 15

 login local

 transport input telnet

!

scheduler allocate 4000 1000

end