鸿鹄论坛

 找回密码
 论坛注册

QQ登录

QQ不能直接注册帐号

查看: 52|回复: 1

[RS] pbr+ip sla+track+vrf+nat双链路问题

[复制链接]
发表于 4 天前 | 显示全部楼层 |阅读模式
问题命令:
route-map global_to_vrf permit 10
match ip address 1
match track  1
set vrf isp1
!         
route-map global_to_vrf permit 20
match ip address 1
set vrf isp2
!         
route-map global_to_vrf permit 30
match ip address 2
match track  2
set vrf isp2
!         
route-map global_to_vrf permit 40
match ip address 2
set vrf isp1
其中sequence 10和sequence30,只要match ip address命中,不管track 是up还是down,结果都为真,从而导致pc1的数据流,R1->电信故障后切换不到R1->联通;pc2的数据流同理,R1->联通故障后切换不到R1->电信。

各位兄弟帮忙看看。

R1全部配置如下:
Internet_access_rout#show run
Building configuration...

Current configuration : 6902 bytes
!
! Last configuration change at 19:56:31 GMT Wed Sep 11 2019 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Internet_access_rout
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone GMT 8 0
!
!
!
!         
!      
ip vrf isp1
!         
ip vrf isp2
!         
!         
!         
!         
no ip domain lookup
ip domain name yourdomain.com
ip cef   
no ipv6 cef
multilink bundle-name authenticated
!         
!         
!         
cts logging verbose
!         
crypto pki trustpoint TP-self-signed-3979959379
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3979959379
revocation-check none
rsakeypair TP-self-signed-3979959379
!         
!         
crypto pki certificate chain TP-self-signed-3979959379
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33393739 39353933 3739301E 170D3136 30393031 32303134
  30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39373939
  35393337 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C2FC 44ABF39C 97C7BE1B 7A69478E B140A212 4D71F17C EA32E367 E64BE3D1
  B3AD4DC7 03E751C1 353F8E7E 461019A4 A13DF038 493C1C02 6F7E0D21 564120DE
  B91C8C8B 03E17F55 07B0571E 792F2ABD A787010E CE4FB322 F88C05C0 ED567E7E
  DBF1B007 008C0313 8935CD9D 2C5C6F7D 007CD797 31ECF8CB 0419D2F7 038AE667
  E91F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 140E0808 2D5BC742 B7C7E1C7 51658E1C FB568397 8C301D06
  03551D0E 04160414 0E08082D 5BC742B7 C7E1C751 658E1CFB 5683978C 300D0609
  2A864886 F70D0101 05050003 8181008D CFCE4C33 9B182FB9 10291960 9B7953D4
  581C5C8F D22E01C6 CD45C266 B32E04B7 5D5DDAFD BECB6D74 E122544F 2F8A3E04
  2C463886 C7FA829A 075DE508 E3B5DCB0 8660B93A 82EB5D7E F96D30CC 763FB4C4
  1A1E46CB 21FF357E 74658851 F92F2D9A 2520E50A 57B1750A 7445453D D1079008
  068705A9 86F06111 FB20C7E7 738820
        quit
license udi pid CISCO2911/K9 sn FGL203611LB
license boot module c2900 technology-package datak9
!         
!         
username admin privilege 15 password 7 09554613001C
!         
redundancy
!         
!         
track 1 ip sla 1 reachability
delay down 5 up 1
!         
track 2 ip sla 2 reachability
delay down 5 up 1
!         
!         
!         
!         
!         
interface Embedded-Service-Engine0/0
no ip address
shutdown
!         
interface GigabitEthernet0/0
ip address 192.168.16.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map global_to_vrf
duplex auto
speed auto
!         
interface GigabitEthernet0/1
ip vrf forwarding isp1
ip address 100.1.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip policy route-map vrf_to_global
duplex auto
speed auto
!         
interface GigabitEthernet0/2
ip vrf forwarding isp2
ip address 200.1.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip policy route-map vrf_to_global
duplex auto
speed auto
!         
interface GigabitEthernet0/0/0
no ip address
!         
interface GigabitEthernet0/0/1
no ip address
!         
interface GigabitEthernet0/0/2
no ip address
!         
interface GigabitEthernet0/0/3
no ip address
!         
interface Vlan1
ip address 192.168.60.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map global_to_vrf
!         
!         
ip forward-protocol nd
!         
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!         
ip nat inside source list 1 interface GigabitEthernet0/1 vrf isp1 overload
ip nat inside source list 2 interface GigabitEthernet0/1 vrf isp1 overload
ip nat inside source list 1 interface GigabitEthernet0/2 vrf isp2 overload
ip nat inside source list 2 interface GigabitEthernet0/2 vrf isp2 overload
ip route vrf isp1 0.0.0.0 0.0.0.0 100.1.1.1
ip route vrf isp2 0.0.0.0 0.0.0.0 200.1.1.1
!         
ip sla 1  
icmp-echo 172.16.66.3 source-ip 100.1.1.2
vrf isp1
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2  
icmp-echo 172.16.66.3 source-ip 200.1.1.2
vrf isp2
frequency 10
ip sla schedule 2 life forever start-time now
!         
route-map global_to_vrf permit 10
match ip address 1
match track  1
set vrf isp1
!         
route-map global_to_vrf permit 20
match ip address 1
set vrf isp2
!         
route-map global_to_vrf permit 30
match ip address 2
match track  2
set vrf isp2
!         
route-map global_to_vrf permit 40
match ip address 2
set vrf isp1
!         
route-map vrf_to_global permit 10
match ip address 3
set global
!         
!         
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 2 permit 192.168.60.0 0.0.0.255
access-list 3 permit any
!         
control-plane
!         
!         
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.      

-----------------------------------------------------------------------
^C        
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN
CREDENTIALS


Here are the Cisco IOS commands.


username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco


Replace <myuser> and <mypassword> with the username and password you want
to use.   


IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C        
!         
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

test.png

如果觉得帖子内容对你有帮助,请点击【评分】给我增加好评度,加分不会扣除自己的积分。

您所在的用户组无法发言?请去这里做下邮箱验证

发考试战报,来这里申请勋章,菜鸟变高手从此走上人生巅峰
 楼主| 发表于 4 天前 | 显示全部楼层
R2是电信,R3是联通

如果觉得帖子内容对你有帮助,请点击【评分】给我增加好评度,加分不会扣除自己的积分。

您所在的用户组无法发言?请去这里做下邮箱验证

发考试战报,来这里申请勋章,菜鸟变高手从此走上人生巅峰
您需要登录后才可以回帖 登录 | 论坛注册

本版积分规则

QQ|Archiver|手机版|小黑屋|sitemap|鸿鹄论坛 ( 京ICP备14027439号 )

GMT+8, 2019-9-15 14:44 , Processed in 0.075524 second(s), 7 queries , Gzip On, MemCache On.

Powered by Discuz!

© 2001-2019 HH010.COM

快速回复 返回顶部 返回列表