5.2.5 双出口做NAT实现负载分担
【需求】
内网用户通过路由器的两个公网出口作NAT转换来访问Internet
【组网图】
【配置脚本】
|
配置脚本 |
|
# sysname RouterA # radius scheme system # domain system # acl number 2000 /配置允许进行NAT转换的内网地址段/ rule 0 permit source 192.168.0.0 0.0.0.255 rule 1 deny # interface Ethernet0/0 ip address 192.168.0.1 255.255.255.0 /内网网关/ nat outbound 2000 # interface Serial0/0 ip address 202.1.1.2 255.255.255.252 /公网出口/ nat outbound 2000 /在出接口上进行NAT转换/ # interface Serial0/1 ip address 61.1.1.2 255.255.255.252 /公网出口/ nat outbound 2000 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 202.1.1.1 preference 60 /配置默认路由/ ip route-static 0.0.0.0 0.0.0.0 61.1.1.1 preference 60 /配置默认路由/ # user-interface con 0 user-interface vty 0 4 # return |
【验证】
disp ip rout
Routing Table: public net
Destination/Mask Protocol Pre Cost Nexthop Interface
0.0.0.0/0 STATIC 60 0 61.1.1.1 Serial0/1
202.1.1.1 Serial0/0
61.1.1.0/30 DIRECT 0 0 61.1.1.6 Serial0/1
61.1.1.2/32 DIRECT 0 0 61.1.1.5 Serial0/1
61.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
192.168.0.0/24 DIRECT 0 0 192.168.0.1 Ethernet0/0
192.168.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
202.1.1.0/30 DIRECT 0 0 202.1.1.6 Serial2/0/0
202.1.1.2/32 DIRECT 0 0 202.1.1.5 Serial2/0/0
202.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
disp nat session
There are currently 2 NAT sessions:
Protocol GlobalAddr Port InsideAddr Port DestAddr Port
6 202.1.1.2 12288 192.168.0.2 1036 200.1.1.1 23
VPN: 0, status: 11, TTL: 24:00:00, Left: 23:59:55
6 61.1.1.2 12289 192.168.0.3 1035 200.1.1.1 23
VPN: 0, status: 11, TTL: 00:01:00, Left: 00:00:21
【提示】
1、 通过在路由上配置两条等值路由来实现负载分担
2、 如果只想实现NAT的主备用,只需要修改两条默认路由为不同的优先级即可