天天看點
傳回

思科華為NAT實驗

NAT的主要功能

1.延緩IPv4位址枯竭.

2.保護内網主機(端口映射).

3.對于TCP流量可動态負載均衡.

此文章主要以靜态NAT和動态NAT來分别示範思科華為的主要配置。(PC終端可自行配置ip位址)

1.靜态NAT

将一個私有IP位址轉換為一個公有IP位址.

2.動态NAT

多個私有IP位址轉換為多個公有IP位址,源端口号辨別每個會話.

思科實驗

靜态NAT

思科華為NAT實驗

R1:(邊界路由器)

ip nat inside source static 192.168.1.1 100.0.12.100

ip route 0.0.0.0 0.0.0.0 Ethernet0/1 100.0.12.2

interface Ethernet0/0

ip address 192.168.1.254 255.255.255.0

ip nat inside

interface Ethernet0/1

ip address 100.0.12.1 255.255.255.0

ip nat outside

R2:(ISP)

interface Loopback0

ip address 2.2.2.2 255.255.255.0

interface Ethernet0/1

ip address 100.0.12.2 255.255.255.0

動态NAT

思科華為NAT實驗

R5:(邊界路由器)

access-list 1 permit 192.168.5.0 0.0.0.255

ip nat pool NAT 100.0.56.10 100.0.56.20 netmask 255.255.255.0

ip nat inside source list 1 pool NAT

ip route 0.0.0.0 0.0.0.0 Ethernet0/0 100.0.56.6

interface Ethernet0/0

ip address 100.0.56.5 255.255.255.0

ip nat outside

interface Ethernet0/1

ip address 192.168.5.254 255.255.255.0

ip nat inside

R6:(ISP)

interface Loopback0

ip address 5.5.5.5 255.255.255.0

interface Ethernet0/0

ip address 100.0.56.6 255.255.255.0

interface Ethernet0/1

ip address 6.6.6.1 255.255.255.0

VPC10 6.6.6.6 GAW : 6.6.6.1

注意:去往外網網段的終端 一定要配置網關

R5#show ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

--- 100.0.56.10        192.168.5.1        ---                ---

--- 100.0.56.11        192.168.5.2        ---                ---

show 指令:

show ip nat statistics

show ip nat translations 

華為實驗

靜态NAT

思科華為NAT實驗

AR1:(邊界路由器)

#

nat static global 100.0.12.100 inside 192.168.1.253 netmask 255.255.255.255

interface GigabitEthernet0/0/0

ip address 100.0.12.1 255.255.255.0

[r1-GigabitEthernet0/0/0] nat static global 100.0.12.100 inside 192.168.1.253(第二種方式,建議在全局模式下配置)

nat static enable

interface GigabitEthernet0/0/1

ip address 192.168.1.254 255.255.255.0

nat static enable

ip route-static 0.0.0.0 0.0.0.0 100.0.12.2

AR2:(ISP)

interface GigabitEthernet0/0/0

ip address 100.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1

ip address 2.2.2.1 255.255.255.0 

[r1]dis nat static

  Static Nat Information:

  Interface  : GigabitEthernet0/0/0

    Global IP/Port     : 100.0.12.100/----

    Inside IP/Port     : 192.168.1.253/----

    Protocol : ----    

    VPN instance-name  : ----                           

    Acl number         : ----

    Netmask  : 255.255.255.255

    Description : ----

  Total :    1

動态NAT

思科華為NAT實驗

AR1:(邊界路由器)

#

acl number 2000 

rule 20 permit source 192.168.1.0 0.0.0.255

nat address-group 2 100.0.12.10 100.0.12.30

interface GigabitEthernet0/0/0

ip address 100.0.12.1 255.255.255.0

nat outbound 2000 address-group 2

interface GigabitEthernet0/0/1

ip address 192.168.1.254 255.255.255.0

dhcp select global

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 100.0.12.2

AR2:(ISP)

interface GigabitEthernet0/0/0

ip address 100.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1

ip address 2.2.2.1 255.255.255.0 

網絡實驗室 網絡 路由器 思科 visio 華為 網絡 模具
上一篇: Win10 無線網卡無法自動擷取IP位址的檢查方法
下一篇: win10連接配接無線網,開啟移動熱點,手機連接配接它手機一直顯示擷取ip位址中。 - 十九畫橙汁

繼續閱讀