应对WAN线路故障的情况(自动备份功能)

网络示意图:应对WAN线路故障的情况(自动备份功能)
网络示意图:应对WAN线路故障的情况(自动备份功能)
网络示意图:应对WAN线路故障的情况(自动备份功能)

本结构能够在主线路发生故障时自动切换至备用线路。并在主线路恢复时自动切换回主线路
例如,主线路使用FTTH(光纤),在FTTH(光纤)发生故障时,能够切换到备份线路(如:3G移动互联网)。
如果您希望一直使用互联网,则向您推荐此结构。

RTX系列的设置范例

能够只导出下述的设置部分。

ConfigDownload

LAN的接口的设置
(使用LAN1端口)
ip lan1 address 192.168.0.1/24
WAN(ISP1)的接口的设置
(使用LAN2端口)
ip lan2 address(ISP1提供的IP地址)
ip lan2 nat descriptor 1
ip route default gateway(ISP1提供的网关地址) keepalive 1 gateway pp 1 weight 0 #注释1
ip keepalive 1 icmp-echo 5 3(ISP1提供的网关地址) #注释2
WAN(ISP2)的接口的设置
(使用电信3G)
mobile use usb1 on
pp select 1
pp bind usb1
pp auth accept pap chap
pp auth myname ctnet@mycdma.cn vnet.mobi
ppp lcp mru off 1792
ppp lcp accm on
ppp lcp acfc on
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ipv6cp use off
ip pp nat descriptor 2
mobile auto connect on
mobile disconnect time 10 #注释3
mobile access-point name ctnet cid=1
mobile dial number "#777"
mobile access limit length off
mobile access limit time off
pp enable 1
NAT的设置 nat descriptor type 1 masquerade
nat descriptor address outer 1(ISP1提供的IP地址)
nat descriptor type 2 masquerade
nat descriptor address outer 2 ipcp
nat descriptor address inner 2 auto
DHCP的设置 dhcp service server
dhcp scope 1 192.168.0.2-192.168.0.100/24
dhcp server rfc2131 compliant except remain-silent
DNS的设置 dns server select 1(ISP1所指定的DNS服务器的IP地址) any .
dns server select 2(ISP2所指定的DNS服务器的IP地址) any . restrict pp 1
dns private address spoof on
Inbound过滤的设置 ip filter source-route on
ip filter directed-broadcast on
ip inbound filter 1001 reject-nolog * * tcp,udp * 135
ip inbound filter 1002 reject-nolog * * tcp,udp 135 *
ip inbound filter 1003 reject-nolog * * tcp,udp * netbios_ns-netbios_ssn
ip inbound filter 1004 reject-nolog * * tcp,udp netbios_ns-netbios_ssn *
ip inbound filter 1005 reject-nolog * * tcp,udp * 445
ip inbound filter 1006 reject-nolog * * tcp,udp 445 *
ip inbound filter 1007 reject-nolog 192.168.0.0/24 * * * *
ip inbound filter 1008 pass-nolog * * * * *
ip lan2 inbound filter list 1001 1002 1003 1004 1005 1006 1007 1008
pp select 1
ip pp inbound filter list 1001 1002 1003 1004 1005 1006 1007 1008
pp enable 1
策略过滤的设置 ip policy interface group 101 name=Private local lan1
ip policy address group 101 name=Private 192.168.0.0/24
ip policy address group 102 name=Any *
ip policy service group 101 name="Open Services"
ip policy service group 102 name=General dns
ip policy service group 103 name=Mail pop3 smtp
ip policy service group 104 name=IPsec ike esp
ip policy filter 1100 reject-nolog lan1 * * * *
ip policy filter 1110 pass-nolog * * * * 102
ip policy filter 1122 static-pass-nolog * lan1 * * *
ip policy filter 1123 static-pass-nolog * local * * *
ip policy filter 1124 static-pass-log * * 192.168.0.0/24 * http
ip policy filter 1130 pass-nolog * tunnel* * * *
ip policy filter 1140 pass-nolog * pp1 * * *
ip policy filter 2200 reject-nolog pp* * * * *
ip policy filter 2220 pass-log * lan1 * * 101
ip policy filter 2230 static-pass-nolog * local * * 104
ip policy filter 2300 reject-nolog tunnel* * * * *
ip policy filter 2330 pass-nolog * tunnel* * * *
ip policy filter 2340 pass-nolog * local * * *
ip policy filter 2350 pass-nolog * lan1 * * *
ip policy filter 2360 reject-nolog * lan2 * * *
ip policy filter 2380 reject-nolog * pp* * * *
ip policy filter 2400 pass-nolog local * * * *
ip policy filter 2410 static-pass-nolog * lan1 * * *
ip policy filter 2430 static-pass-nolog * lan2 * * 104
ip policy filter 2450 static-pass-nolog * pp* * * 104
ip policy filter 2600 pass-nolog * lan2 * * *
ip policy filter 2650 reject-nolog lan2 * * * *
ip policy filter 2660 static-pass-nolog * local * * 104
ip policy filter 2670 pass-log * lan1 * * 101
ip policy filter 3000 reject-nolog * * * * *
ip policy filter set 101 name="Internet Access" 1100 [1110 1123 [1124] 1122 2600 1140 1130] 2200 [2220 2230] 2650 [2670 2660] 2300 [2340 2350 2380 2360 2330] 2400 [2410 2450 2430] 3000
ip policy filter set enable 101

[注释的说明]

注释1:设置默认路由为ISP1提供的网关,ISP2为待机状态,并使用keepalive 1的设置来判断ISP1是否故障。

注释2:设置keepalive 1的条件,此处设置为通过icmp来判断是否故障。

注释3:设置3G网络自动断开的时间。当主线路恢复时,断开3G网络。

返回顶部