如何实现两条DDN专线相互切换、备份？-网络通信专区

如何实现两条DDN专线相互切换、备份？

作者：麦子编辑：唐川 2008-09-11 10:01 来源：IT168�

配置文件：相互切换、备份
***** 3640 配置：
hostname 3640
!
interface Ethernet0/0
ip address 202.1.1.1 255.255.255.0
ip nat outside
!
interface FastEthernet1/0.1
encapsulation isl 1
ip address 172.16.1.254 255.255.255.0
ip policy route-map to_fw
!
interface FastEthernet1/0.2
encapsulation isl 2
ip address 172.16.2.254 255.255.255.0
!
interface FastEthernet1/0.10
encapsulation isl 10
ip address 192.168.1.254 255.255.255.0
ip nat inside
!
interface Serial3/1
ip address 10.1.1.1 255.255.255.0
ip nat outside
!
ip nat pool cnc 202.1.1.2 202.1.1.2 prefix-length 24
ip nat pool cn 10.1.1.2 10.1.1.2 prefix-length 24
ip nat inside source route-map nat_cn pool cn overload
ip nat inside source route-map nat_cnc pool cnc overload
ip route 0.0.0.0 0.0.0.0 202.1.1.254
ip route 0.0.0.0 0.0.0.0 10.1.1.254 100
!
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 2 permit 202.1.1.254
access-list 3 permit 10.1.1.254
access-list 100 deny ip any 172.16.0.0 0.0.255.255
access-list 100 permit ip any any
route-map nat_cn permit 10
match ip address 1
match ip next-hop 3
!
route-map nat_cnc permit 10
match ip address 1
match ip next-hop 2
!
route-map to_fw permit 10
match ip address 100
set ip next-hop 172.16.2.1
!

***** FW 配置：
hostname "FW"
!
interface Ethernet0/0
ip address 172.16.2.1 255.255.255.0
ip access-group 100 in
!
interface Ethernet0/1
ip address 192.168.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 172.16.0.0 255.255.0.0 172.16.2.254
!
access-list 100 deny icmp any any
access-list 100 permit ip any any

***** CNC-R6 配置：
ostname CNC_R6
!
interface Loopback0
ip address 200.200.200.200 255.255.255.0
!
interface Ethernet0
ip address 202.1.1.254 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 202.1.1.1
line vty 0 4
password cisco
login
!

***** CN-R4 配置：
hostname CN_R4
interface Loopback0
ip address 200.200.200.200 255.255.255.0
!
interface Serial0
ip address 10.1.1.254 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
line vty 0 4
password cisco
login
!

***** PC1 配置：
hostname PC1
no ip routing
interface Ethernet0
ip address 172.16.1.1 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.1.254

测试：
1.当所有线路都正常时，从PC1可以telnet到200.200.200.200,使用的线路为CNC的。
PC1#telnet 200.200.200.200
Trying 200.200.200.200 ... Open

User Access Verification

Password:
CNC_R6>show user
Line User Host(s) Idle Location
* 2 vty 0 idle 00:00:00 202.1.1.2

Interface User Mode Idle Peer Address

2.在3640上将e0/0 端口shutdown, 从PC1可以telnet到200.200.200.200,使用的线路为CN的。
PC1#telnet 200.200.200.200
Trying 200.200.200.200 ... Open

User Access Verification

Password:
CN_R4>show user
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:19:56
* 2 vty 0                idle                 00:00:00 10.1.1.2

Interface User Mode Idle Peer Address
3.从PC1上Ping 200.200.200.200败，该数据包被FW禁止。
PC1#ping 200.200.200.200

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

第1页：实现原理：相互切换、备份第2页：配置文件：相互切换、备份

关注我们