berikut config yang digunakan untuk OER...
fa0/0 : connected to IM2
fa0/1: connected to Telkom
vlan1: local LAN
***pertama kita assign OER master***
oer master
policy-rules OER-MAP
traceroute probe-delay 10000
keepalive 1
logging
!
***Match interface external yang menuju ke WAN***
border *LAN-IP* key-chain key1
interface Vlan1 internal
interface FastEthernet0/1 external
interface FastEthernet0/0 external
!
learn
throughput
delay
periodic-interval 1
monitor-period 2
prefixes 10000
expire after time 1
aggregation-type prefix-length 32
max prefix total 10000
no max range receive
backoff 180 360
mode route control
mode select-exit best
resolve loss priority 1 variance 1
resolve delay priority 2 variance 5
resolve utilization priority 3 variance 5
resolve range priority 5
!
!
oer border
local Vlan1
master *LAN-IP* key-chain key1
!
!
!***tracking menggunakan IP SLA***
track 99 rtr 99
reachability
delay down 15 up 10
!
!
track 173 rtr 173
reachability
delay down 15 up 10
!
class-map type
inspect match-any priv-pub-traffic
match protocol http
match protocol https
match protocol ftp
match protocol ssh
match protocol appleqtc
match protocol bittorrent
match protocol dns
match protocol echo
match protocol h323
match protocol ymsgr
match protocol telnet
match protocol udp
match protocol icmp
match protocol tcp
!
!
policy-map type
inspect priv-pub-policy
class type inspect priv-pub-traffic
inspect
class class-default
!
zone security public
zone security private
zone-pair security
priv-pub source private destination public
service-policy type inspect priv-pub-policy
!
!
!
!
interface
FastEthernet0/0
ip address *IM2* 255.255.255.248
ip nat outside
ip virtual-reassembly
zone-member security public
duplex auto
speed auto
!
interface
FastEthernet0/1
ip address *TELKOM* 255.255.255.248
ip nat outside
ip virtual-reassembly
zone-member security public
duplex auto
speed auto
!
interface Vlan1
ip address *LAN-IP* 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security private
!
ip local policy
route-map LOCAL-TRAFFIC-EGRESS
no ip
forward-protocol nd
ip route 0.0.0.0
0.0.0.0 FastEthernet0/0 *IM2-GW* 20 tag 99 track 99
ip route 0.0.0.0
0.0.0.0 FastEthernet0/1 *TELKOM-GW* 10 tag 173 track 173
!
ip nat translation
dns-timeout 10
ip nat inside source
route-map NAT-ISP-TELKOM interface FastEthernet0/1 overload oer
ip nat inside source
route-map NAT-ISP-IM2 interface FastEthernet0/0 overload oer
!
ip access-list
standard IP-SOURCE-TELKOM
permit *TELKOM-IP*
ip access-list standard
IP-SOURCE-IM2
permit *IM2-IP*
ip access-list
standard LAN
permit *LAN-SUBNET* 0.0.0.255
!
***tracking menggunakan IP SLA***
ip sla 99
icmp-echo *IM2-TEST-IP* source-interface
FastEthernet0/0
timeout 1500
frequency 20
ip sla schedule 99
life forever start-time now
ip sla 173
icmp-echo *TELKOM-TEST-IP* source-interface
FastEthernet0/1
timeout 1500
frequency 20
ip sla schedule 173
life forever start-time now
!
!
!
route-map NAT-ISP-IM2
permit 10
match ip address LAN
match interface FastEthernet0/0
!
route-map
LOCAL-TRAFFIC-EGRESS permit 10
match ip address IP-SOURCE-TELKOM
set ip next-hop *TELKOM-GW*
set interface FastEthernet0/1
!
route-map
LOCAL-TRAFFIC-EGRESS permit 20
match ip address IP-SOURCE-IM2
set ip next-hop *IM2-GW*
set interface FastEthernet0/0
!
route-map
LOCAL-TRAFFIC-EGRESS permit 30
match ip address NAT-ACL LAN
set interface Vlan1
!
route-map NAT-ISP-TELKOM
permit 10
match ip address LAN
match interface FastEthernet0/1
!
!
!
!
oer-map OER-MAP 10
match oer learn delay
set traceroute reporting
!
oer-map OER-MAP 20
match oer learn throughput
set traceroute reporting
dengan ini, router dapat menggunakan 2 ISP untuk traffic ke outside...
sekian posting ini....
Tidak ada komentar:
Posting Komentar