1. Your organization is implementing a dual ISP setup should be tightly controlled. They have requested the following parameters:
- Client1 surfs the internet all day doing nothing productive. All traffic from this client should route out ISP2,
which is a slower internet connection. IfISP2 is down, Client1 should not be able to access the Internet.
ip access-list extended Client_1
permit ip host 192.168.1.20 any
route-map POLICY permit 10
match ip address Client_1
set ip next-hop 201.1.1.2
(int f0/0
ip policy route-map POLICY)
- Client2 handles sophisticated transactions. Both Telnet and HTTPS traffic should route towards ISP1, which is the more reliable connection.
All other traffic from Client2 should route out ISP2.
ip access-list extended Client_2
permit tcp host 192.168.1.21 any eq telnet
permit tcp host 192.168.1.21 any eq 443
route-map POLICY permit 20
match ip address Client_2
set ip next-hop 200.1.1.2
(int f0/0
ip policy route-map POLICY)
- Traffic from other clients should route out ISP2.
route-map policy permit 30
set ip next-hop 201.1.1.2
(int f0/0
ip policy route-map POLICY)
- Traffic originating from the PolicyRouter should prefer ISP1 but should fail over to ISP2 should ISP1 be unavailable.
Verify ISP1 is available using proactive testing techniques.
To accomplish these objectives, you may create no more than two route-maps and three access-lists.
conf t
ip sla 1
icmp-echo 200.1.1.2
timeout 1000
frequency 3
ip sla schedule 1 life forever start-time now
track 1 rtr 1 reachability
exit
ip access-list extended ROUTER
permit ip any any
!
route-map ROUTER_TRAFFIC permit 10
match ip address ROUTER
set ip next-hop verify-availability 200.1.1.2 10 track 1
set ip next-hop 201.1.1.2
ip local policy route-map ROUTER_TRAFFIC
!
========================================================
Configurations
PolicyRouter>
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip policy route-map POLICY
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
ip address 200.1.1.1 255.255.255.0
clock rate 2000000
!
interface Serial0/3
ip address 201.1.1.1 255.255.255.0
clock rate 2000000
!
ip local policy route-map ROUTER_TRAFFIC
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip access-list extended Client_1
permit ip host 192.168.1.20 any
ip access-list extended Client_2
permit tcp host 192.168.1.21 any eq telnet
permit tcp host 192.168.1.21 any eq 443
ip access-list extended ROUTER
permit ip any any
!
ip sla 1
icmp-echo 200.1.1.2
timeout 1000
frequency 3
ip sla schedule 1 life forever start-time now
!
!
!
route-map POLICY permit 10
match ip address Client_1
set ip next-hop 201.1.1.2
!
route-map POLICY permit 20
match ip address Client_2
set ip next-hop 200.1.1.2
!
route-map policy permit 30
set ip next-hop 201.1.1.2
!
route-map ROUTER_TRAFFIC permit 10
match ip address ROUTER
set ip next-hop verify-availability 200.1.1.2 10 track 1
set ip next-hop 201.1.1.2
ISP1>
interface Serial0/1
ip address 200.1.1.2 255.255.255.0
clock rate 2000000
!
ip forward-protocol nd
ip route 192.168.1.0 255.255.255.0 Serial0/1
!
ip http server (test purpose)
ip http secure-server (test purpose)
ISP2>
interface Serial0/1
ip address 201.1.1.2 255.255.255.0
clock rate 2000000
!
ip forward-protocol nd
ip route 192.168.1.0 255.255.255.0 201.1.1.1
!
ip http server
ip http secure-server
No comments:
Post a Comment