美文网首页Ubnt
EdgeRouter 双 WAN 中国移动策略路由配置案例

EdgeRouter 双 WAN 中国移动策略路由配置案例

作者: 方圆百里找对手 | 来源:发表于2018-01-08 09:54 被阅读437次

    需求描述:1) 1 LAN + 2 WAN;LAN 口 eth0,WAN1 中国电信 eth1 (pppoe1),WAN2 中国移动 eth2 (pppoe2)。

    1. 默认 WAN1 承载全部负载,WAN2 只负责中国移动目标地址。3) WAN1 线路故障,WAN2 承载全部流量。WAN2 故障,WAN1 负载全部流量 (包括中国移动目标地址)。线路正常后自动恢复缺省策略。

    如何使用 CLI 模式参考 EdgeOS 用户指南中文版 (第 91 页):http://dl-cdn.ubnt.com.cn/qsg/EdgeOS_V19_UG_V02_CN.pdf

    首先进入配置模式

    ubnt@ubnt:~$ configure
    [edit]
    ubnt@ubnt#
    

    如果不够熟悉,建议每个段落输入命令后都执行一次 commit 命令。

    设置路由器的时区和 DNS 服务器。

    set system time-zone Asia/Shanghai
    set system name-server 223.5.5.5
    set system name-server 223.6.6.6
    

    配置 LAN 口 (eth0) IP 地址为 192.168.1.1/24,出厂默认配置已经包含,不需要执行这个命令。

    set interfaces ethernet eth0 address 192.168.1.1/24
    

    LAN 口启用 DHCP 服务器。

    1. 地址池包括 192.168.1.31 到 192.168.1.250 共 220 个地址。
    2. 192.168.1.2 到 192.168.1.30 和 192.168.1.251 到 192.168.1.254 保留静态分配。
    3. 建议使用 223.5.5.5 和 223.6.6.6 阿里 DNS 服务器,不要使用运营商提供的 DNS 服务器 (非常重要)。
    4. 动态地址租约改成 10 分钟。
    set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.31 stop 192.168.1.250
    set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1
    set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 223.5.5.5
    set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 223.6.6.6
    set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 600
    

    创建 PPPoE 拨号接口。

    1. eth1 口接电信光猫 (对应 pppoe1)
    2. eth2 口接移动光猫 (对应 pppoe2)。
    3. 缺省路由和 DNS 服务器获取关闭 (非常重要) 。
    set interfaces ethernet eth1 pppoe 1 user-id user1
    set interfaces ethernet eth1 pppoe 1 password pass1
    set interfaces ethernet eth1 pppoe 1 default-route none
    set interfaces ethernet eth1 pppoe 1 name-server none
    set interfaces ethernet eth2 pppoe 2 user-id user2
    set interfaces ethernet eth2 pppoe 2 password pass2
    set interfaces ethernet eth2 pppoe 2 default-route none
    set interfaces ethernet eth2 pppoe 2 name-server none
    

    针对 pppoe1 和 pppoe2 启用地址伪装 (源地址 NAT)。

    set service nat rule 5001 outbound-interface pppoe1
    set service nat rule 5001 type masquerade
    set service nat rule 5002 outbound-interface pppoe2
    set service nat rule 5002 type masquerade
    

    创建主路由表 main 的默认接口路由。pppoe1 的管理距离是 1,pppoe2 是 2,pppoe2 是备份路由。

    set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe1 distance 1
    set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe2 distance 2
    

    创建路由表 2 和默认接口路由,路由表 2 是从 pppoe2 接口出。

    set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface pppoe2
    

    创建中国移动地址列表 CMNET 共 62 条,数据来自 APNIC (亚太互联网络信息中心)。

    set firewall group network-group CMNET network 211.103.0.0/17
    set firewall group network-group CMNET network 211.140.0.0/15
    set firewall group network-group CMNET network 211.136.0.0/14
    set firewall group network-group CMNET network 61.236.0.0/15
    set firewall group network-group CMNET network 211.142.0.0/17
    set firewall group network-group CMNET network 218.204.0.0/15
    set firewall group network-group CMNET network 218.200.0.0/14
    set firewall group network-group CMNET network 211.143.0.0/16
    set firewall group network-group CMNET network 211.142.128.0/17
    set firewall group network-group CMNET network 221.172.0.0/14
    set firewall group network-group CMNET network 222.32.0.0/11
    set firewall group network-group CMNET network 221.130.0.0/15
    set firewall group network-group CMNET network 218.206.0.0/15
    set firewall group network-group CMNET network 221.176.0.0/13
    set firewall group network-group CMNET network 123.64.0.0/11
    set firewall group network-group CMNET network 122.64.0.0/11
    set firewall group network-group CMNET network 117.128.0.0/10
    set firewall group network-group CMNET network 118.204.0.0/14
    set firewall group network-group CMNET network 120.90.0.0/15
    set firewall group network-group CMNET network 120.192.0.0/10
    set firewall group network-group CMNET network 114.208.0.0/14
    set firewall group network-group CMNET network 115.104.0.0/14
    set firewall group network-group CMNET network 115.180.0.0/14
    set firewall group network-group CMNET network 112.0.0.0/10
    set firewall group network-group CMNET network 110.96.0.0/11
    set firewall group network-group CMNET network 110.192.0.0/11
    set firewall group network-group CMNET network 111.0.0.0/10
    set firewall group network-group CMNET network 183.192.0.0/10
    set firewall group network-group CMNET network 223.112.0.0/14
    set firewall group network-group CMNET network 223.116.0.0/15
    set firewall group network-group CMNET network 223.120.0.0/13
    set firewall group network-group CMNET network 223.64.0.0/11
    set firewall group network-group CMNET network 223.96.0.0/12
    set firewall group network-group CMNET network 101.144.0.0/12
    set firewall group network-group CMNET network 36.192.0.0/11
    set firewall group network-group CMNET network 36.128.0.0/10
    set firewall group network-group CMNET network 39.128.0.0/10
    set firewall group network-group CMNET network 103.3.128.0/22
    set firewall group network-group CMNET network 103.20.112.0/22
    set firewall group network-group CMNET network 103.21.176.0/22
    set firewall group network-group CMNET network 43.247.240.0/22
    set firewall group network-group CMNET network 43.251.244.0/22
    set firewall group network-group CMNET network 45.121.68.0/22
    set firewall group network-group CMNET network 103.61.156.0/22
    set firewall group network-group CMNET network 103.61.160.0/22
    set firewall group network-group CMNET network 45.121.72.0/22
    set firewall group network-group CMNET network 103.62.24.0/22
    set firewall group network-group CMNET network 45.121.172.0/22
    set firewall group network-group CMNET network 45.121.176.0/22
    set firewall group network-group CMNET network 45.122.100.0/22
    set firewall group network-group CMNET network 45.122.96.0/22
    set firewall group network-group CMNET network 45.122.96.0/21
    set firewall group network-group CMNET network 103.62.208.0/22
    set firewall group network-group CMNET network 103.62.204.0/22
    set firewall group network-group CMNET network 45.123.152.0/22
    set firewall group network-group CMNET network 103.192.0.0/22
    set firewall group network-group CMNET network 45.124.36.0/22
    set firewall group network-group CMNET network 103.192.144.0/22
    set firewall group network-group CMNET network 103.193.140.0/22
    set firewall group network-group CMNET network 45.125.24.0/22
    set firewall group network-group CMNET network 43.239.172.0/22
    set firewall group network-group CMNET network 103.35.104.0/22
    

    创建 modify 策略 M,目标地址在 CMNET 列表中强制到路由表 2 (pppoe2)。

    set firewall modify M rule 20 destination group network-group CMNET
    set firewall modify M rule 20 action modify
    set firewall modify M rule 20 modify table 2
    

    应用 M 到 LAN 口 (eth0) 生效。

    set interfaces ethernet eth0 firewall in modify M
    

    最后保存和退出配置模式。

    ubnt@ubnt# commit
    [edit]
    ubnt@ubnt# save
    Saving configuration to '/config/config.boot'...
    Done
    [edit]
    ubnt@ubnt# exit
    exit
    ubnt@ubnt:~$
    

    原文 http://bbs.ubnt.com.cn/forum.php?mod=viewthread&tid=19153&extra=page%3D1

    相关文章

      网友评论

        本文标题:EdgeRouter 双 WAN 中国移动策略路由配置案例

        本文链接:https://www.haomeiwen.com/subject/sxbvnxtx.html