У меня есть маршрутизатор настроенный по статье Cisco маршрутизатор и 2 провайдера http://sysadminblog.ru/cisco/2010/03/31/cisco-marshrutizator...Мне необходимо чтобы маршрутизатор переключал каналы при падении одного из них.
И чтобы сервер 192.168.93.22 ходил в интернет только через 2 провайдера 22.22.22.2Building configuration...
Current configuration : 5099 bytes
!
! Last configuration change at 00:17:05 Muscat Sun Nov 25 2012 by admin
! NVRAM config last updated at 00:17:38 Muscat Sun Nov 25 2012 by admin
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot system flash0 c2900-universalk9-mz.SPA.151-3.T.bin
boot-end-marker
!
!
no logging buffered
enable secret 5 $1$MXz4$2dujVf6giI2kRqSGv6jL10
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
clock timezone Muscat 4 0
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
ip domain name domain.ru
ip name-server 88.80.32.2
ip name-server 92.61.16.1
ip name-server 87.249.224.1
ip name-server 217.14.192.173
ip name-server 217.14.192.170
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-566916185
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-566916185
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-566916185
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35363639 31363138 35301E17 0D313231 31323531 39343235
325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3536 36393136
31383530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C2587E65 8983CDFC EB2F1688 63F333B8 09E11AFE 489D542E E8170DCF 7C3AA3F8
4E40A849 7F9F723C 20438AD4 FF268D53 C559A842 53B66F66 60CCA11F 16B205A2
D2E32B37 EDE252E7 5998A08A 2D9FB254 CFD42BB1 03FB1345 1534F9F2 022CBD52
95EB3AB2 4B3C289D 0DD32237 EBE2FAA0 BACCBE14 1B84D3E4 2BF1CA47 C6104347
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801412 95F51640 7D3E24E4 95B5198A 63E8C007 BA99D330 1D060355
1D0E0416 04141295 F516407D 3E24E495 B5198A63 E8C007BA 99D3300D 06092A86
4886F70D 01010405 00038181 000C8A7E 003FF521 3F662825 23025B0F 0CB38609
BC398E71 5134FD1D 8170BF7A 1A77DCB6 12962550 6082167D 4F623E87 364405BD
B2CD230E 9DCA7C31 261E7C17 03CE04E0 FFDAF4E4 A80BEBF4 089DDC44 B6B71CE2
18C6A65C FBB80730 FFA23B54 4887D627 87AE10C8 C1B388B3 0222EFF1 7C89FB07
9B2A81A5 DE8DFD74 39986EA5 18
quit
voice-card 0
!
!
!
!
!
!
!
license udi pid CISCO2911/K9 sn
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package uck9
license boot module c2900 technology-package datak9
!
!
username admin privilege 15 secret 5 $1$WpBg$iwb6talTdrPxhlnM5IF8m0
username user privilege 15 secret 5 $1$LfmJ$htvSZY4pTwL39lgPbhuZr0
!
redundancy
!
!
!
!
!
track 123 ip sla 1 reachability
!
track 124 ip sla 2 reachability
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 192.168.38.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $ETH-WAN1$
ip address 11.11.11.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
description $ETH-WAN2$
ip address 22.22.22.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map 111 interface GigabitEthernet0/1 overload
ip nat inside source route-map 112 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 11.11.11.1 10 track 123
ip route 0.0.0.0 0.0.0.0 22.22.22.1 20 track 124
ip route 192.168.93.22 255.255.255.255 22.22.22.1
!
ip sla 1
icmp-echo 11.11.11.1 source-interface GigabitEthernet0/1
request-data-size 32
frequency 5
history hours-of-statistics-kept 24
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 22.22.22.1 source-interface GigabitEthernet0/2
request-data-size 32
frequency 5
history hours-of-statistics-kept 24
ip sla schedule 2 life forever start-time now
logging esm config
access-list 23 permit 192.168.0.0 0.0.255.255
!
!
!
!
route-map tracking permit 10
set ip next-hop verify-availability 11.11.11.1 10 track 123
set ip next-hop 11.11.11.1
!
route-map tracking permit 20
set ip next-hop verify-availability 22.22.22.1 20 track 124
set ip next-hop 22.22.22.1
!
route-map 111 deny 5
match ip address 117
!
route-map 111 permit 10
match ip address 115
match interface GigabitEthernet0/1
set ip next-hop 11.11.11.1
!
route-map 112 permit 10
match ip address 116
match interface GigabitEthernet0/2
set ip next-hop 22.22.22.1
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 60 0
privilege level 15
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 192.168.1.213 prefer source GigabitEthernet0/0
end
что показывает sh ip rout?
если стоит S* 0.0.0.0/0 [10/0] via 11.11.11.1 то все ок.
Далее, может просмотрел что, но не увидел, к чему привязан route-map tracking, а также access-list 23 ?
route-map 111, 112 - нет соотв. access-list 117 115 116. Они используются для ната, но зачем туда запихали иртерфейсы и некстхопы?
По серверу 192.168.93.22 можно сделать так:access-list 100 permit ip host 192.168.93.22 any
route-map 100 permit 10
match ip address 100
set ip next-hop 22.22.22.2 10interface GigabitEthernet0/0 <- предполагаю, что трафик от сервера приходит сюда
ip policy route-map 100Но учтите, если упадет 22.22.22.2, то у сервера будут проблемы.