|
1. Applied scenarios & Requirements: One Ruijie Switch is connected to 2 Ruijie gateway devices, R1 and R2. Normally, we want users on vlan 10 to go to gateway R1 when accessing the Internet, and users on vlan 20 to go to gateway R2 when accessing the Internet. When failure occurs on gateway R1, vlan 10 will go to gateway R2. 2. Topology:  3. Configurations: 3.1 Basic IP and VLAN Configuration SW1: SW1#config SW1(config)#vlan 10 SW1(config-vlan)#vlan 20 SW1(config-vlan)#int vlan 10 SW1(config-if-VLAN 10)#ip add 172.10.10.254 24 SW1(config-if-VLAN 10)#int vlan 20 SW1(config-if-VLAN 20)#ip add 172.20.20.254 24 SW1(config-if-VLAN 20)#int g0/0 SW1(config-if-GigabitEthernet 0/0)#no switchport SW1(config-if-GigabitEthernet 0/0)#ip add 192.168.100.10 24 SW1(config-if-GigabitEthernet 0/0)#int g0/1 SW1(config-if-GigabitEthernet 0/1)#no switchport SW1(config-if-GigabitEthernet 0/1)#ip add 192.168.200.20 24 SW1(config-if-GigabitEthernet 0/1)#int g0/2 SW1(config-if-GigabitEthernet 0/2)#switchport mode access SW1(config-if-GigabitEthernet 0/2)#switchport access vlan 10 SW1(config-if-GigabitEthernet 0/2)#int g0/3 SW1(config-if-GigabitEthernet 0/3)#switchport mode access SW1(config-if-GigabitEthernet 0/3)#switchport access vlan 20 R1: R1#conf R1(config)#int g0/0 R1(config-if-GigabitEthernet 0/0)#ip add 192.168.100.11 24 R1(config-if-GigabitEthernet 0/0)#int g0/1 R1(config-if-GigabitEthernet 0/1)#ip add 100.10.20.10 24 R2: R2#conf R2(config)#int g0/1 R2(config-if-GigabitEthernet 0/1)#ip add 192.168.200.21 24 R2(config-if-GigabitEthernet 0/1)#int g0/2 R2(config-if-GigabitEthernet 0/2)#ip add 200.10.20.20 24 3.2 Routing configuration SW1: SW1(config)#ip route 0.0.0.0 0.0.0.0 192.168.100.11 SW1(config)#ip route 0.0.0.0 0.0.0.0 192.168.200.21 R1: R1(config)#ip route 0.0.0.0 0.0.0.0 100.10.20.1 R1(config)#ip route 172.0.0.0 255.0.0.0 192.168.100.10 R2: R2(config)#ip route 0.0.0.0 0.0.0.0 200.10.20.1 R2(config)#ip route 172.0.0.0 255.0.0.0 192.168.200.20 3.3 NAT configuration on Ruijie gateway R1: R1(config)#ip access-list standard 23 R1(config-std-nacl)#permit any R1(config-std-nacl)#int g0/0 R1(config-if-GigabitEthernet 0/0)#ip nat inside R1(config-if-GigabitEthernet 0/0)#int g0/1 R1(config-if-GigabitEthernet 0/1)#ip nat outside R1(config-if-GigabitEthernet 0/1)#exit R1(config)#ip nat inside source list 23 interface g0/1 overload R2: R2(config)#ip access-list standard 23 R2(config-std-nacl)#permit any R2(config-std-nacl)#int g0/1 R2(config-if-GigabitEthernet 0/1)#ip nat inside R2(config-if-GigabitEthernet 0/1)#int g0/2 R2(config-if-GigabitEthernet 0/2)#ip nat outside R2(config-if-GigabitEthernet 0/2)#exi R2(config)#ip nat inside source list 23 interface g0/2 overload 3.4 PBR + RNS configuration on Ruijie Switch SW1(config)#ip rns 10 SW1(config-ip-rns)#icmp-echo 192.168.100.11 SW1(config-ip-rns-icmp-echo)#timeout 5000 SW1(config-ip-rns-icmp-echo)#frequency 45000 //Send an ICMP message every 45s, if no response is received in 5s, the query is considered failed SW1(config-ip-rns-icmp-echo)#exi SW1(config)#ip rns 20 SW1(config-ip-rns)#icmp-echo 192.168.200.21 SW1(config-ip-rns-icmp-echo)#timeout 5000 SW1(config-ip-rns-icmp-echo)#frequency 45000 SW1(config-ip-rns-icmp-echo)#exi SW1(config)#ip rns schedule 10 start-time now life forever //Enable RNS function SW1(config)#ip rns schedule 20 start-time now life forever SW1(config)#track 10 rns 10 //Configure track to follow up the RNS SW1(config-track)#exi SW1(config)#track 20 rns 20 SW1(config-track)#exi SW1(config)#ip access-list extended 110 SW1(config-ext-nacl)#10 deny ip 172.10.10.0 0.0.0.255 172.0.0.0 0.255.255.255 //Deny intranet traffic. Make sure the intranet connectivity is normal SW1(config-ext-nacl)#20 permit ip 172.10.10.0 0.0.0.255 any SW1(config-ext-nacl)#exi SW1(config)#ip access-list extended 120 SW1(config-ext-nacl)#10 deny ip 172.20.20.0 0.0.0.255 172.0.0.0 0.255.255.255 SW1(config-ext-nacl)#20 permit ip 172.20.20.0 0.0.0.255 any SW1(config-ext-nacl)#exi SW1(config)#route-map PatriTest permit 10 SW1(config-route-map)#match ip address 110 //Match the VLAN 10 traffic SW1(config-route-map)#set ip next-hop verify-availability 192.168.100.11 track 10 //Forced setting of the ip next-hop to R1, and call the track object SW1(config-route-map)#exi SW1(config)#route-map PatriTest permit 20 SW1(config-route-map)#match ip address 120 SW1(config-route-map)#set ip next-hop verify-availability 192.168.200.21 track 20 SW1(config-route-map)#exi SW1(config)#int vlan 10 SW1(config-if-VLAN 10)#ip policy route-map PatriTest //PBR is effective only in the inbound of traffic SW1(config-if-VLAN 10)#int vlan 20 SW1(config-if-VLAN 20)#ip policy route-map PatriTest SW1(config)#ip route 0.0.0.0 0.0.0.0 192.168.100.11 track 10 //Modify the default route on Ruijie Switch, call the track object SW1(config)#ip route 0.0.0.0 0.0.0.0 192.168.200.21 track 20 3.5 Save all the configurations SW1/R1/R2: Ruijie(config)#end Ruijie#wr 4. Verification: 4.1 Traceroute on the PC when gateway A and B are working normally   4.2 Traceroute on the PC when gateway A fails but B is working normally   |
This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.
More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.
©2000-2023 Ruijie Networks Co,Ltd
Level 1
