====== Использование двух ISP ====== * [[http://www.anticisco.ru/blogs/2011/05/введение-в-cisco-oerpfr/|Введение в Cisco OER/PfR]] * [[https://habrahabr.ru/post/81424/|Немного об ip sla / rtr в Cisco…]] ===== Настройка роутера на использование двух провайдеров ===== interface FastEthernet0/0 description connect to ISP2 duplex full ip address 172.16.2.X 255.255.255.0 ip nat outside no shutdown ip name-server 172.16.2.254 ip access-list standard ACL_REDIRECT_ISP1 permit 192.168.X.0 0.0.0.255 ip access-list standard ACL_REDIRECT_ISP2 permit 192.168.100+X.0 0.0.0.255 no ip nat inside source list ACL_NAT interface FastEthernet1/1 overload ip nat inside source list ACL_REDIRECT_ISP1 interface FastEthernet1/1 overload ip nat inside source list ACL_REDIRECT_ISP2 interface FastEthernet0/0 overload route-map RM_REDIRECT_ISP permit 10 match ip address ACL_REDIRECT_ISP1 set ip next-hop 172.16.1.254 ! route-map RM_REDIRECT_ISP permit 20 match ip address ACL_REDIRECT_ISP2 set ip next-hop 172.16.2.254 interface FastEthernet1/0 ip policy route-map RM_REDIRECT_ISP ===== Переключение каналов ===== ==== Фрагменты конфигураций роутера ==== === Доступны оба ISP === server# cat isp1_isp2.cfg no ip access-list standard ACL_REDIRECT_ISP1 no ip access-list standard ACL_REDIRECT_ISP2 ip access-list standard ACL_REDIRECT_ISP1 permit 192.168.X.0 0.0.0.255 deny any ip access-list standard ACL_REDIRECT_ISP2 permit 192.168.100+X.0 0.0.0.255 deny any end === Доступен ISP1 === server# cat isp1.cfg no ip access-list standard ACL_REDIRECT_ISP1 no ip access-list standard ACL_REDIRECT_ISP2 ip access-list standard ACL_REDIRECT_ISP1 permit 192.168.X.0 0.0.0.255 permit 192.168.100+X.0 0.0.0.255 ip access-list standard ACL_REDIRECT_ISP2 deny any end === Доступен ISP2 === server# cat isp2.cfg no ip access-list standard ACL_REDIRECT_ISP1 no ip access-list standard ACL_REDIRECT_ISP2 ip access-list standard ACL_REDIRECT_ISP1 deny any ip access-list standard ACL_REDIRECT_ISP2 permit 192.168.X.0 0.0.0.255 permit 192.168.100+X.0 0.0.0.255 end ==== Переключение в ручном режиме ==== cat /etc/resolv.conf ... nameserver 172.16.1.254 nameserver 172.16.2.254 cat /etc/hosts ... 192.168.X.1 router server# rcp isp1.cfg router:running-config server# rcp isp2.cfg router:running-config server# rcp isp1_isp2.cfg router:running-config server# rsh router "clear ip nat tr *" ==== Тестирование провайдеров с роутера ==== server# cat route_isp1.cfg no ip route 0.0.0.0 0.0.0.0 172.16.2.254 ip route 0.0.0.0 0.0.0.0 172.16.1.254 end server# cat route_isp2.cfg no ip route 0.0.0.0 0.0.0.0 172.16.1.254 ip route 0.0.0.0 0.0.0.0 172.16.2.254 end server# rcp route_isp1.cfg router:running-config server# rsh router ping ya.ru server# rcp route_isp2.cfg router:running-config server# rsh router ping ya.ru ==== Автоматизация переключения на резервный канал ==== server# cat select_isp.sh #!/bin/sh touch /tmp/conf_name rcp /root/route_isp1.cfg router:running-config rsh router ping ya.ru | grep -q '!' ALIVE1=$? rcp /root/route_isp2.cfg router:running-config rsh router ping ya.ru | grep -q '!' ALIVE2=$? test $ALIVE1 -eq 0 && conf_name="isp1.cfg" test $ALIVE2 -eq 0 && conf_name="isp2.cfg" test $ALIVE1 -eq 0 && test $ALIVE2 -eq 0 && conf_name="isp1_isp2.cfg" # echo /root/$conf_name # exit 0 test $conf_name = "`cat /tmp/conf_name`" && exit 0 echo $conf_name > /tmp/conf_name rcp /root/$conf_name router:running-config rsh router "clear ip nat tr *" exit 0 server# chmod +x select_isp.sh server# echo isp1_isp2.cfg > /tmp/conf_name server# crontab -e */5 * * * * /root/select_isp.sh