------------------
офис -----Eth0/1|Cisco 1841|Eth0/0--------provider MPLS------------>BASE <----
----------------- | |
|ADSL (IPSEC) ------- reserved Provider------------------------|
есть циска 1841 настроенная на канал "provider MPLS", всё бегает, всё работает.
IpSec я настраивал - всё тож замечательно, сейчас только из конфигурации убрал.
Хотим сделать резервный "reserved Provider", для обеспечения бесперебойной работы
Вот собственно что хотелось бы настроить
1.чтобы при падении основного канала provider MPLS,
циска сама могла бы автоматом переключиться на reserved Provider,
2. автоматом поднять IPSec и весь трафик направить в туннель автоматом,
без привлечения работников офиса
3. вот собственно конфиг
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname testadsl
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no aaa new-model
resource policy
no ip source-route
ip cef
ip domain name test.ru
ip name-server a.a.a.a
ip ssh authentication-retries 2
username test privilege 15 secret 5 $1$nMXk$juSFtADVjrLegzTYoJHpp0
class-map match-any Signaling-1
match access-group 140
match ip dscp af31
match ip dscp af33
match ip dscp af32
class-map match-any Voice-1
match dscp ef
policy-mapQoS-Policy-1
class Voice-1
priority 64
class Signaling-1
bandwidth 16
class class-default
fair-queue
random-detect
policy-map mih_shape
class class-default
shape average 256000
service-policy QoS-Policy-1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
description MPLS
ip address 192.168.9.10 255.255.255.252
ip tcp adjust-mss 1412
duplex auto
speed auto
service-policy output SDM-QoS-Policy-1
interface FastEthernet0/1
description OFFICE
ip address 10.9.0.1 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
ip policy route-map alpha
duplex auto
speed auto
no mop enabled
interface ATM0/0/0
no ip address
ip access-group 110 out
ip mask-reply
no ip redirects
no ip proxy-arp
ip nat outside
no ip virtual-reassembly
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0/0/0.2 point-to-point
ip access-group 110 out
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip access-group 110 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1490
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname test
ppp chap password 7 003C161156585F54
ppp pap sent-username test password 7 0737245B1C0A4D57
router rip
version 2
network 10.0.0.0
ip route 0.0.0.0 0.0.0.0 192.168.9.9
ip route 10.0.0.0 255.255.255.0 192.168.9.9
ip route 192.168.0.0 255.255.255.0 192.168.9.9
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
access-list 110 deny tcp any eq www any
access-list 140 permit tcp any range 3000 4000 any
access-list 140 permit tcp any eq 2427 any
access-list 140 permit udp any eq 2427 any
dialer-list 1 protocol ip permit
route-map alpha permit 10
control-plane
line con 0
password 7 055A575E701D
login local
line aux 0
line vty 0
access-class 23 in
exec-timeout 0 0
privilege level 15
password 7 12485446435A
login local
transport input telnet ssh
line vty 1 4
access-class 23 in
exec-timeout 0 0
privilege level 15
password 7 12485446435A
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 12485446435A
login
transport input telnet
scheduler allocate 20000 1000
end
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
4. заманиться на PBR ?
5. ну и заранее спасибо !!!!