思科路由器双WAN口负载分担并NAT及互为备份说明：客户接入ISP1及ISP2，部有4 个网段分别是：192.168.10.0/24192.168.20.0/2410.10.10.0/2420.20.20.20/24正常模式为192.168.10.0和10.10.10.0两个网段优先走ISP1，192.168.20.0和202.20.20.0两个网段优先走ISP2。

当IPS1线路中断时（即使R3接IPS1的接口是UP）192.168.10.0和10.10.10.0两个网段会自动转到ISP2，ISP2中断时同亦。

下面是拓扑图，及各台设备的配置文档，在GNS3上模拟测试成功。

（在网络上一直是伸手党，现在也分享下自己的经验，有不当之处还请指教，谢谢）分别在R1、R2均配置loopback 0 1.1.1.1/32为测试对象,R3为边界路由器，配置最多放在最后R1R1#sh runBuilding configuration...Current configuration : 761 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno password-encryption!hostname R1!boot-start-markerboot-end-marker!!no aaa new-model!!ip cefno ip domain lookup!!interface Loopback0ip address 1.1.1.1 255.255.255.255!interface FastEthernet0/0ip address 11.11.11.3 255.255.255.248 duplex autospeed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!ip route 11.11.11.0 255.255.255.248 11.11.11.1 !no ip http serverno ip http secure-server!control-plane!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4!endR2R2#sh runBuilding configuration...Current configuration : 761 bytes!version 12.4service timestamps debug datetime msec service timestamps log datetime msecno password-encryption!hostname R2!boot-start-markerboot-end-marker!!no aaa new-model!!ip cefno ip domain lookup!!interface Loopback0ip address 1.1.1.1 255.255.255.255!interface FastEthernet0/0ip address 22.22.22.3 255.255.255.248 duplex autospeed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!ip route 22.22.22.0 255.255.255.248 22.22.22.1 !no ip http serverno ip http secure-servercontrol-plane!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4!endR4R4#SH RUNBuilding configuration...Current configuration : 755 bytes!version 12.4service timestamps debug datetime msec service timestamps log datetime msec no password-encryption!hostname R4!boot-start-markerboot-end-marker!!no aaa new-model!!ip cefno ip domain lookup!!!!!!!!!!!!!!!!!!!!!!!interface Loopback0ip address 10.10.10.10 255.255.255.0 !interface FastEthernet0/0ip address 192.168.10.10 255.255.255.0 duplex autospeed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!ip route 0.0.0.0 0.0.0.0 192.168.10.1!no ip http serverno ip http secure-server!!!!!!control-plane!!!!!!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4!!endR5R5#SH RUNBuilding configuration...Current configuration : 757 bytes!version 12.4service timestamps debug datetime msec service timestamps log datetime msec no password-encryption!hostname R5!boot-start-markerboot-end-marker!!no aaa new-model!!ip cefno ip domain lookup!!!!!!!!!!!!!!!!!!!!!!!interface Loopback0ip address 20.20.20.20 255.255.255.0 !interface FastEthernet0/0ip address 192.168.20.20 255.255.255.0 duplex autospeed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!ip route 0.0.0.0 0.0.0.0 192.168.20.254 !no ip http serverno ip http secure-server!!!!!control-plane!!!!!!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4!!endR6R6#SH RUNBuilding configuration...Current configuration : 1548 bytes!version 12.4service timestamps debug datetime msec service timestamps log datetime msec no password-encryption!hostname R6!boot-start-markerboot-end-marker!no aaa new-model!resource policy!memory-size iomem 5ip cef!!!!no ip domain lookup!!!!!!!!!!!!!!!!!!!!!!!interface FastEthernet0/0 no ip address shutdownduplex autospeed auto!interface FastEthernet0/1 no ip address shutdownspeed auto!interface FastEthernet1/0switchport mode trunk!interface FastEthernet1/1!interface FastEthernet1/2!interface FastEthernet1/3!interface FastEthernet1/4switchport access vlan 10!interface FastEthernet1/5switchport access vlan 20!interface FastEthernet1/6!interface FastEthernet1/7!interface FastEthernet1/8!interface FastEthernet1/9!interface FastEthernet1/10!interface FastEthernet1/11!interface FastEthernet1/12!interface FastEthernet1/13!interface FastEthernet1/14!interface FastEthernet1/15!interface Vlan1no ip address!interface Vlan10ip address 192.168.10.254 255.255.255.0 !ip address 192.168.20.254 255.255.255.0!ip route 0.0.0.0 0.0.0.0 192.168.10.1ip route 10.10.10.0 255.255.255.0 192.168.10.10 ip route 20.20.20.0 255.255.255.0 192.168.20.20 !!no ip http serverno ip http secure-server!!!!!!!control-plane!!!!!!!!!!line con 0exec-timeout 0 0logging synchronousline aux 0line vty 0 4!!webvpn context Default_contextssl authenticate verify all!no inservice!!endR6#R3R3#SH RUNBuilding configuration...Current configuration : 2739 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno password-encryption!hostname R3!boot-start-markerboot-end-marker!!no aaa new-model!!ip cefno ip domain lookup!!ip sla monitor 1type echo protocol ipIcmpEcho 11.11.11.3 source-interface FastEthernet0/0 frequency 10ip sla monitor schedule 1 life forever start-time nowip sla monitor 2type echo protocol ipIcmpEcho 22.22.22.3 source-interface FastEthernet0/1 frequency 10ip sla monitor schedule 2 life forever start-time now!!!!!!!!!!!!!!!!track 1 rtr 1 reachability!track 2 rtr 2 reachability!!!!!interface FastEthernet0/0ip address 11.11.11.1 255.255.255.248 ip nat outsideip virtual-reassemblyduplex autospeed auto!interface FastEthernet0/1ip address 22.22.22.1 255.255.255.248 ip nat outsideip virtual-reassemblyduplex autospeed auto!interface FastEthernet1/0no ip addressshutdownduplex autospeed auto!interface FastEthernet1/1no ip addressshutdownduplex autospeed auto!interface FastEthernet2/0no ip addressduplex fullinterface FastEthernet2/0.10encapsulation dot1Q 10ip address 192.168.10.1 255.255.255.0ip nat insideip virtual-reassemblyip policy route-map test!ip route 0.0.0.0 0.0.0.0 11.11.11.3ip route 0.0.0.0 0.0.0.0 22.22.22.3ip route 10.10.10.0 255.255.255.0 192.168.10.254ip route 20.20.20.0 255.255.255.0 192.168.10.254ip route 192.168.20.0 255.255.255.0 192.168.10.254!no ip http serverno ip http secure-server!ip nat inside source route-map 1 interface FastEthernet0/0 overload ip nat inside source route-map 2 interface FastEthernet0/1 overload ip nat inside source route-map 3 interface FastEthernet0/1 overload ip nat inside source route-map 4 interface FastEthernet0/0 overload !access-list 10 permit 192.168.10.0 0.0.0.255access-list 10 permit 10.10.10.0 0.0.0.255access-list 20 permit 192.168.20.0 0.0.0.255access-list 20 permit 20.20.20.0 0.0.0.255!route-map test permit 10match ip address 10set ip next-hop verify-availability 11.11.11.3 1 track 1set ip next-hop verify-availability 22.22.22.3 2 track 2!route-map test permit 20match ip address 20set ip next-hop verify-availability 22.22.22.3 1 track 2set ip next-hop verify-availability 11.11.11.3 2 track 1!route-map 1 permit 10match ip address 10match interface FastEthernet0/0!route-map 2 permit 10match ip address 20match interface FastEthernet0/1route-map 3 permit 10 match ip address 10 !route-map 4 permit 10 match ip address 20 !!!!control-plane!!!!!!gatekeeper shutdown!!line con 0exec-timeout 0 0 logging synchronous stopbits 1line aux 0stopbits 1line vty 0 4!!endR3#。