It is a simple I create, but I did not confirm yet, as I have no time in office. you can try by this way, if it doesn't work, please let me know and I can try after hours. -ccie18614(加拿大枫叶) @卡尔加里华人论坛:卡尔加里枫下论坛 The Rolia Forum of Calgary

工作学习 / 学科技术讨论 / 请教一下几个简单的关于Cisco路由器设置的问题 -sesk(sesk); 2008-8-9 {409} (#4608010@0)
我是新手。我设置了这些东西
int ethernet1/0
ip addr 70.x.x.171 255.255.255.248
no shutdown
ip default-gateway 70.x.x.169
!
int ethernet1/1
ip addr 192.168.1.2 255,255,255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 ethernet1/0
ip routing

我内网的computer： ip: 192.168.1.5
可以ping到70.x.x.171
但ping不到70.x.x.169 (169是连接到171的，因为我从外部可以ping到171)

请问我设置上漏了些什么东西？谢谢

You need setup NAT -swimmingfish2000(); 2008-8-10 {153} (#4608881@0)
http://articles.techrepublic.com.com/5100-10878_11-1039094.html
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Thank you! I will try tomorrow. -sesk(sesk); 2008-8-10 (#4609548@0)
非常感谢！成功啦。再问一个问题。。。 -sesk(sesk); 2008-8-11 {43} (#4612143@0)
怎样可以设置为只可以通过console配置路由器？

if u don't set up anything...default can't telnet access. -wince(MerryGoRound); 2008-8-11 (#4612171@0)
use Putty with ssh -redspider(红蜘蛛); 2008-8-12 (#4614400@0)
security reason -001isbetter(不唧歪不婆妈妈的肉联); 2008-8-12 (#4614454@0)
如果没有line vtp 0 15, TELNET就不ENABLE了 -dashi2k(Da Shi); 2008-8-17 (#4623900@0)

ip route 0.0.0.0 0.0.0.0 ethernet1/0最好不要这么设, 对资源消耗很大, ip route 0.0.0.0 0.0.0.0 70.*.*.169比较好. 把ip default-gateway 70.x.x.169也删掉 -dashi2k(Da Shi); 2008-8-17 (#4623897@0)

正确 -ccie18614(加拿大枫叶); 2008-8-17 (#4624397@0)
改了，谢谢 -sesk(sesk); 2008-8-18 (#4626193@0)

有没有大侠可以提供一点关于双出口设置的资料？就是一个出口是bell，另一个出口是rogers,其中任意一个断了，还是可以上Internet. -sesk(sesk); 2008-8-18 (#4626200@0)

it is easy, but I do not think your current cisco device can do it. -ccie18614(加拿大枫叶); 2008-8-19 (#4627555@0)

sorry, I assumed it is a simple dsl modem/router. maybe you can, if you can give me the detail of your current device, maybe I can help you. -ccie18614(加拿大枫叶); 2008-8-19 (#4627564@0)

cisco 3600 -sesk(sesk); 2008-8-19 (#4628068@0)

that is good. please find my simple, it should work. I tried these command in cisco3640. -ccie18614(加拿大枫叶); 2008-8-19 {879} (#4628206@0)
interface FastEthernet2/0
description connect to internal network
no switchport
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet2/1
description export to Internet via Bell
no switchport
ip address 192.168.21.1 255.255.255.252
ip nat outside
ip virtual-reassembly
!
interface FastEthernet2/2
description export to Internet via Rogers
no switchport
ip address 192.168.22.1 255.255.255.252
ip nat outside
ip virtual-reassembly
!

ip route 0.0.0.0 0.0.0.0 192.168.21.2
ip route 0.0.0.0 0.0.0.0 192.168.22.2
!
!
ip nat inside source route-map VIA_BELL interface FastEthernet2/1 overload
ip nat inside source route-map VIA_ROGERS interface FastEthernet2/2 overload
!
!
route-map VIA_BELL permit 10
match interface FastEthernet2/1
!
route-map VIA_ROGERS permit 10
match interface FastEthernet2/2
!
should be my "sample", no t"simple". my english is so bad!!!! -ccie18614(加拿大枫叶); 2008-8-19 (#4628209@0)

Thanks! I will try. -sesk(sesk); 2008-8-20 (#4630703@0)

我用模拟器测试了一下,没有什么问题,你的如果不工作,请告诉我. -ccie18614(加拿大枫叶); 2008-8-20 (#4631014@0)

好，但我要周末才可以试，我试过后告诉你。我有个问题想问一下，用这配置的路由器会实现流量动态平衡吗？假如Rogers是10M，Bell是2M，路由器会按大概的比例分配数据吗？还是会某个先用尽了带宽或者是断掉了，另一个才开始用？ -sesk(sesk); 2008-8-21 (#4632683@0)

我的思路 -ccie18614(加拿大枫叶); 2008-8-21 {652} (#4632722@0)
这样配置,应该是可以实现load balance的，但是你要在路由器里面disable ip cef，否则会一条路走到黑：）。
如果你真的是一个10M,一个2M,我倒不赞同load balance,因为这种简单的静态路由的load balance是基本上各自50%的，不会根据你的带宽和流量按比例分配的。像你这种情况，最佳放案就是10M作主用，2M作backup.实现的方式就是修改那两条静态路由，配置成：
ip route 0.0.0.0 0.0.0.0 X.X.X.X 10 (X.X.X.X是10M线路的下一跳，后面的数字 10 是metric值）
ip route 0.0.0.0 0.0.0.0 Y.Y.Y.Y 20 (Y.Y.Y.Y是2M线路的下一跳，后面的数字 20 是metric值）

这样，正常情况下， metric=10的路由会被注入到路由表里，只有这条线路断掉，造成下一跳不可到达，metric=20的路由才会被注入到路由表里。

非常感谢 -sesk(sesk); 2008-8-21 (#4633144@0)

I got some misunderstanding for CEF, please find:http://www.cisco.com/warp/public/cc/pd/ifaa/pa/much/prodlit/loadb_an.pdf anyway, if one link is 10M while another one is 2M, load balance is not good idea. -ccie18614(加拿大枫叶); 2008-8-22 (#4633738@0)

It is a simple I create, but I did not confirm yet, as I have no time in office. you can try by this way, if it doesn't work, please let me know and I can try after hours. -ccie18614(加拿大枫叶); 2008-8-19 {896} (#4627772@0)
interface FastEthernet2/0
description connect to internal network
no switchport
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet2/1
description export to Internet via Bell
no switchport
ip address 192.168.21.1 255.255.255.252
ip nat outside
ip virtual-reassembly
!
interface FastEthernet2/2
description export to Internet via Rogers
no switchport
ip address 192.168.22.1 255.255.255.252
ip nat outside
ip virtual-reassembly
!

ip route 0.0.0.0 0.0.0.0 192.168.21.2
ip route 0.0.0.0 0.0.0.0 192.168.22.2
!
!
ip nat inside source route-map VIA_BELL interface FastEthernet2/1 overload
ip nat inside source route-map VIA_ROGERS interface FastEthernet2/2 overload
!
!
route-map VIA_BELL permit 10
match interface FastEthernet2/1
!
route-map VIA_ROGERS permit 10
match interface FastEthernet2/2
!

2年多没碰cisco了，不过好像得启用静态路由监控功能才行，否则要interface down，此interface路由才会消失，一般没有用的。所以得用类似于其他产品的ping server功能 -ccie_sec(ciscoguy); 2008-8-24 (#4637471@0)

please look inside -ccie18614(加拿大枫叶); 2008-8-26 {9043} (#4641763@0)
本文发表在 rolia.net 枫下论坛If the router connects to the ISP’s layer 3 interface directly, no need to monitor; if they connect to each other via switch, I have revised the configuration as below and tested. It works as we expect!
******************************
R1 simulates the customer’s router, loopback 0 is the internal interface while F0/0 and F0/1
are connecting two ISPs. I deleted some configuration not related to this case.
Both interfaces connect to the ISPs via a switch, not directly.
*******************************
R1#show run
ip subnet-zero
ip cef
!
ip sla monitor 1
type echo protocol ipIcmpEcho 192.168.0.2 source-ipaddr 192.168.0.1
timeout 1000
threshold 2
frequency 3
ip sla monitor schedule 1 life forever start-time now
!
track 100 rtr 1 reachability
!
interface Loopback0
ip address 192.168.100.1 255.255.255.255
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
description TO INTERNET VIA BELL AS PRIMARY
ip address 192.168.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
description TO INTERNET VIA ROGERS AS SECONDARY
ip address 192.168.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.2 track 100
ip route 0.0.0.0 0.0.0.0 192.168.1.2 254
!
ip http server
no ip http secure-server
ip nat inside source route-map BELL interface FastEthernet0/0 overload
ip nat inside source route-map ROGERS interface FastEthernet0/1 overload
!
route-map BELL permit 10
match interface FastEthernet0/0
!
route-map ROGERS permit 10
match interface FastEthernet0/1
!
End
******************************
R2 simulates the ISPs’ routers, loopback 0 is the Internet address, interface while F0/0 and F0/1
are different ISPs and connecting to the same customer. I deleted some configuration not related to this case.
*******************************
R2#show run
ip subnet-zero
ip cef
!
interface Loopback0
ip address 192.168.200.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.252
speed 100
full-duplex
!
End

***************************
Check the R1’s IP route (to 0.0.0.0/0), IP route track, and if IP NAT works well/translations
when the primary next-hop is reachable.
***************************
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.2 to network 0.0.0.0

192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
192.168.100.0/32 is subnetted, 1 subnets
C 192.168.100.1 is directly connected, Loopback0
S* 0.0.0.0/0 [1/0] via 192.168.0.2
R1#ping
Protocol [ip]:
Target IP address: 192.168.200.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.100.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/97/120 ms
R1#show ip nat tran
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.1:3 192.168.0.1:3 192.168.0.2:3 192.168.0.2:3
icmp 192.168.0.1:8 192.168.100.1:8 192.168.200.1:8 192.168.200.1:8

R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.0.2 track 100 state is [up]

*******************************
Shut the primary next-hop in R2. As R1 connects to a switch, the interface will still be up. The IP Route Track should work for it.
*******************************
R2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int f0/0
R2(config-if)#shut
R2(config-if)#
*Mar 1 00:37:01.511: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state
to administratively down
*Mar 1 00:37:02.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to down
R2(config-if)#

R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.0.2 track 100 state is [down]
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.2 to network 0.0.0.0

192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
192.168.100.0/32 is subnetted, 1 subnets
C 192.168.100.1 is directly connected, Loopback0
S* 0.0.0.0/0 [254/0] via 192.168.1.2
R1#ping
Protocol [ip]:
Target IP address: 192.168.200.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.100.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/118/168 ms
R1#show ip nat tran
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.1:3 192.168.0.1:3 192.168.0.2:3 192.168.0.2:3
icmp 192.168.1.1:9 192.168.100.1:9 192.168.200.1:9 192.168.200.1:9

***********************************
No shut the primary next-hop in R2, the R1’s primary IP route comes back and works.
***********************************
R2(config-if)#no shut
R2(config-if)#
*Mar 1 00:38:57.711: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
*Mar 1 00:38:58.711: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to up

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.2 to network 0.0.0.0

192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
192.168.100.0/32 is subnetted, 1 subnets
C 192.168.100.1 is directly connected, Loopback0
S* 0.0.0.0/0 [1/0] via 192.168.0.2
R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.0.2 track 100 state is [up]
R1#ping
Protocol [ip]:
Target IP address: 192.168.200.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.100.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/88/132 ms
R1#show ip nat tran
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.1:3 192.168.0.1:3 192.168.0.2:3 192.168.0.2:3
icmp 192.168.0.1:10 192.168.100.1:10 192.168.200.1:10 192.168.200.1:10
R1#更多精彩文章及讨论，请光临枫下论坛 rolia.net

我的router不能设置 no switchport 和 ip virtual-reassembly 好像没有这两个命令 -sesk(sesk); 2008-9-4 (#4663083@0)

这两个命令在你这个问题里没有什么用。我的设备端口是二层端口，所以需要第一个命令；第二个命令是我的设备缺省的。我全部都把配置拷在了这里。 -ccie18614(加拿大枫叶); 2008-9-4 (#4663260@0)

@Calgary

It is a simple I create, but I did not confirm yet, as I have no time in office. you can try by this way, if it doesn't work, please let me know and I can try after hours.

Replies, comments and Discussions:

More Topics