1812JでのISP冗長化を試してみます。等コストロードバランシングの設定です。
isp1 :192.168.1.180/24 gw:192.168.1.1
isp2 :192.168.100.180/24 gw:192.168.1001
Router#sh run Building configuration... Current configuration : 1979 bytes ! ! Last configuration change at 02:20:44 UTC Thu Dec 17 2015 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! no aaa new-model ! crypto pki token default removal timeout 0 ! dot11 syslog ip source-route ! no ip dhcp conflict logging ! ip dhcp pool wifive import all network 172.31.0.0 255.255.0.0 default-router 172.31.0.1 domain-name wi-five dns-server 8.8.8.8 ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! license udi pid CISCO1812-J/K9 sn FHK094730JH ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet0 ip address 192.168.1.180 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface FastEthernet1 ip address 192.168.100.180 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 no ip address ! interface FastEthernet5 no ip address ! interface FastEthernet6 no ip address ! interface FastEthernet7 no ip address ! interface FastEthernet8 no ip address ! interface FastEthernet9 no ip address ! interface Vlan1 ip address 172.31.0.1 255.255.0.0 ip nat inside ip virtual-reassembly in ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source route-map isp1 interface FastEthernet0 overload ip nat inside source route-map isp2 interface FastEthernet1 overload ip route 0.0.0.0 0.0.0.0 192.168.100.1 ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! access-list 1 permit 172.31.0.0 0.0.255.255 ! route-map isp2 permit 10 match ip address 1 match interface FastEthernet1 ! route-map isp1 permit 10 match ip address 1 match interface FastEthernet0 ! control-plane ! line con 0 line aux 0 line vty 0 4 login transport input all ! end
上記設定で試してみると何故かDNSリクエストトのタイムアウトが多発するので下記のように変更。なぜかここから機器が892に変更。
Current configuration : 2913 bytes ! ! Last configuration change at 02:39:21 UTC Tue Dec 22 2015 ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! no aaa new-model ! ip source-route ! no ip dhcp conflict logging ! ip dhcp pool wifive import all network 172.31.0.0 255.255.0.0 default-router 172.31.0.1 dns-server 8.8.8.8 8.8.4.4 ! ip cef ip name-server 8.8.8.8 ip name-server 8.8.4.4 no ipv6 cef ! multilink bundle-name authenticated license udi pid CISCO892-K9 sn FGL161321SG ! track 123 ip sla 1 reachability :監視するオブジェクトの指定と定義されたIP SLA番号(sla 1)を割り当てトラッキング開始。Reachabilityでルートが到達可能か判定。 delay down 15 up 10 ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ip address 1.2.3.4 255.255.255.248 ip access-group inbound in ip access-group outbound out ip nat outside ip virtual-reassembly duplex auto speed auto ! interface GigabitEthernet0 no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Vlan1 ip address 172.31.0.1 255.255.0.0 ip nat inside ip virtual-reassembly ip policy route-map PBR :vlan1 I/F上での着信パケットにDNSを片よせのPBRを実行。 ! interface Dialer1 mtu 1454 ip address negotiated ip access-group inbound in ip access-group outbound out ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1414 dialer pool 1 dialer idle-timeout 0 dialer-group 1 ppp authentication chap callin ppp chap hostname (ID) ppp chap password 0 (PASSWORD) ! ip forward-protocol nd no ip http server no ip http secure-server ! ip nat inside source route-map isp1 interface FastEthernet8 overload ip nat inside source route-map isp2 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 1.2.3.5 track 123 :track対象のスタティックルートを定義。条件を満たす間はStatic Routeに設定される。 ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip access-list extended dnsacl permit udp any any eq domain ip access-list extended inbound :再帰ACLの定義 evaluate evaluateacl permit icmp any any ip access-list extended outbound :再帰ACLの定義 permit ip any any reflect evaluateacl timeout 300 permit icmp any any ! ip sla 1 icmp-echo 1.2.3.5 source-interface FastEthernet8 timeout 1000 threshold 40 ip sla schedule 1 life forever start-time now access-list 1 permit 172.31.0.0 0.0.255.255 dialer-list 1 protocol ip permit ! route-map PBR permit 10 match ip address dnsacl set interface FastEthernet8 ! route-map isp2 permit 10 match ip address 1 match interface Dialer1 ! route-map isp1 permit 10 match ip address 1 match interface FastEthernet8 ! control-plane ! line con 0 line aux 0 line vty 0 4 no login transport input all ! scheduler max-task-time 5000 end