FIVE DAY
總結筆記:
DOD:ARPA進階研究項目署
ARPAnet——》TCP/IP
一、 NAT(網絡位址轉換)
1、 作用:通過将内部網絡的私有IP位址翻譯成全球唯一的公網IP位址,使内部網絡可以連接配接到網際網路等外部網絡上。
2、 優點:
節省公有合法IP位址
處理位址重疊
增強靈活性
安全性
3、NAT的缺點
延遲增大
配置和維護的複雜性
不支援某些應用,可以通過靜态NAT映射來避免
4、NAT實作方式
1) 靜态轉換
IP位址的對應關系是一對一,而且是不變的,借助靜态轉換,能實作外部網絡對内部網絡中某些特設定伺服器的通路。
靜态NAT配置:
配置接口IP及路由
全局:
Ip nat inside source static 192.168.1.1 61.159.62.131
在内外接口上啟用NAT:
進入出口配置:ip nat outside
進入入口配置:ip nat inside
端口映射:
ip nat inside source static tcp 192.168.1.6 80 61.159.62.133 80
2) 動态轉換
IP位址的對應關系是不确定的,而是随機的,所有被授權通路網際網路的私有位址可随機轉換為任何指定的合法的外部IP位址。(内部網絡同時通路Internet的主機數少于配置的合法位址中的IP個數時适用)
動态NAT的配置:
全局:access-list 1 permit 192.168.1.0 0.0.0.255
全局:ip nat pool nsd 61.159.62.131 61.159.62.132 netmask 255.255.255.248(定義位址池名稱為nsd,位址池IP範圍61.159.62.131 到61.159.62.132)
全局:ip nat inside source list 1 pool nsd
3) 端口多路複用(PAT)
通過改變外出資料包的源IP位址和源端口并進行端口轉換,内部網絡的所有主機均可共享一個合法IP位址實作網際網路的通路,節約IP。
PAT的配置:
全局:ip nat inside source list 1 interface f0/1 overload
動态轉換NAT配置步驟:
1.配置ACL,用于限定可以做位址轉換的内網範圍
2.配置合法位址池
3.設定ACL和位址池的映射關系
4.指定内外部接口
5、NAT三種實作方式的差別:
靜态轉換的對應關系一對一且不變,并且沒有節約公用IP,隻隐藏了主機的真實位址。
動态轉換雖然在一定情況下節約了公用IP,但當内部網絡同時通路Internet的主機數大于合法位址池中的IP數量時就不适用了。
端口多路複用可以使所有内部網絡主機共享一個合法的外部IP位址,進而最大限度地節約IP位址資源。
二、 檢視NAT轉換條目
特權:show ip nat translations顯示目前存在的轉換
三、 清除NAT轉換條目
1、特權: clear ip nat translation *
注:靜态NAT條目不會被清除
四、 NAT常見問題
ACL阻止轉換後的流量
進行位址轉換的ACL不全
overload參數漏配
不對稱路由問題
動态位址池IP位址範圍配置錯誤
動态位址池與靜态轉換位址重疊
Inside和outside接口配置錯誤
五、 顯示每個轉換的資料包
特權:debug ip nat
Undebug all
S表示源位址
D表示目的位址
192.168.1.2->61.159.62.130表示将192.168.1.2轉換為61.159.62.130
Nslookup www.tedu.com
Clear ip nat translation *
動态NAT配置步驟
1、配置ACL,用于限定可以做位址轉換的内網範圍
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
2、配置合法位址池
R1(config)#ip nat pool mylan 201.1.1.2 201.1.1.8 netmask 255.255.255.0
3、設定ACL和位址池的映射關系
R1(config)#ip nat inside source list 1 pool mylan
4、指定内部接口和外部接口
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#int f0/1
R1(config-if)#ip nat outside
R1#sho ip nat translations 檢視NAT轉換表
R1#clear ip nat translation * 清除動态轉換的NAT表
将内網伺服器釋出到網際網路,可以采用靜态NAT
1、配置将哪個内網IP映射為哪個合法位址
R1(config)#ip nat inside source static 192.168.1.100 201.1.1.9
2、指定内部接口和外部接口
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#int f0/1
R1(config-if)#ip nat outside
R1#sho ip nat translations
NAT:将一個網絡的位址轉換成另一個網絡位址
端口映射
當網際網路使用者通路釋出的IP位址+端口号,才能找到相應的内網伺服器
1、清除上一步的靜态映射
R1(config)#no ip nat inside source static 192.168.1.100 201.1.1.9
2、映射192.168.1.100的80端口到201.1.1.9的80端口
R1(config)#ip nat inside source static tcp 192.168.1.100 80 201.1.1.9 80
3、将192.168.1.101的DNS服務釋出到網際網路
R1(config)#ip nat inside source static udp 192.168.1.101 53 201.1.1.9 53
4、指定内部接口和外部接口
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#int f0/1
R1(config-if)#ip nat outside
R1#sho ip nat translations
5、内網增加一台server3,ip位址是192.168.1.101,網關指向192.168.1.1。在services頁籤中選擇左側的DNS,右側name填www.tedu.cn,Address填201.1.1.1,點選add,設定DNS Service為On的狀态
6、在網際網路伺服器上添加它使用的DNS伺服器是201.1.1.9,然後運作指令行工具,輸入nslookup www.tedu.cn
PAT:如果外網位址隻有一個,配置在路由器的外端口上了,那麼可以讓内網所有的位址都轉換成外網端口的位址,進行網際網路通路
1、清除前面所做的動态轉換
R1#clear ip nat translation *
R1(config)#no ip nat inside source list 1
R1(config)#no ip nat pool mylan
2、定義ACL,限制可以進行PAT轉換的内網位址
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
3、配置ACL和路由器外端口的映射
R1(config)#ip nat inside source list 1 interface fastEthernet 0/1 overload
4、指定内部接口和外部接口
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#int f0/1
R1(config-if)#ip nat outside
R1#sho ip nat translations
調試(相當于是在路由器上進行抓包)
R1#debug ip nat
R1#undebug all 關閉所有存在的抓包操作
最後的綜合實驗
1、IP位址
server2: 192.168.1.10
pc2: 192.168.2.10
pc3: 192.168.3.10
pc4: 192.168.4.10
server1: 201.1.2.10
ms1:
f0/24: 172.16.0.1 255.255.0.0
vlan1: 192.168.1.1
vlan2: 192.168.2.1
vlan3: 192.168.3.1
vlan4: 192.168.4.1
router1:
f0/0: 172.16.0.2 255.255.0.0
f0/1: 201.1.1.1
router2:
f0/0 : 201.1.1.2
f0/1 : 201.1.2.1
2、配置vlan
sw1-sw4配置vlan,并将端口加入到指定VLAN
與三層交換機相邊的端口配置中繼
ms1配置vlan,開啟三層交換
3、配置路由
ms1配置預設路由
ip route 0.0.0.0 0.0.0.0 172.16.0.2
router1配置路由
ip route 0.0.0.0 0.0.0.0 201.1.1.2
ip route 192.168.0.0 255.255.0.0 172.16.0.1
正式筆記:
- 案例1:配置靜态NAT
- 案例2:配置端口映射
- 案例3:配置動态NAT
- 案例4:PAT配置
- 案例5:辦公區Internet的通路
1 案例1:配置靜态NAT
1.1 問題
随着接入Internet的計算機數量的不斷猛增,IP位址資源也就愈加顯得捉襟見肘。事實上,除了中國教育和科研計算機網(CERNET)外,一般使用者幾乎申請不到整段的C類IP位址。在其他ISP那裡,即使是擁有幾百台計算機的大型區域網路使用者,當他們申請IP位址時,所配置設定的位址也不過隻有幾個或十幾個IP位址。顯然,這樣少的IP位址根本無法滿足網絡使用者的需求。
- 在R1上配置靜态NAT使192.168.1.1轉換為61.159.62.131,192.168.1.2轉換為61.159.62.132,實作外部網絡通路。
1.2 方案
借助于NAT,私有(保留)位址的"内部"網絡通過路由器發送資料包時,私有位址被轉換成合法的IP位址,一個區域網路隻需使用少量IP位址(甚至是1個)即可實作私有位址網絡内所有計算機與Internet的通信需求。
這種通過使用少量的公有IP 位址代表較多的私有IP 位址的方式,将有助于減緩可用IP位址空間的枯竭。而且還能夠有效地避免來自網絡外部的攻擊,隐藏并保護網絡内部的計算機。
網絡拓撲如圖-1所示:
圖-1
1.3 步驟
實作此案例需要按照如下步驟進行。
步驟一:通用配置
1)配置R1端口IP位址,以及預設路由
tarena-R1(config)#interface f0/0tarena-R1(config-if)#ip address 192.168.1.254 255.255.255.0tarena-R1(config-if)#no shutdowntarena-R1(config-if)#interface f0/1tarena-R1(config-if)#ip address 61.159.62.129 255.255.255.248tarena-R1(config-if)#no shutdowntarena-R1(config-if)#exittarena-R1(config)#ip route 0.0.0.0 0.0.0.0 f0/1 2)配置R2端口IP位址
不需要在R2上配置到企業内網的靜态路由,因為NAT的存在,企業内部的位址都将被轉換、隐藏。
tarena-R2(config)#interface f0/0tarena-R2(config-if)#ip address 61.159.62.130 255.255.255.248tarena-R2(config-if)#no shutdowntarena-R2(config-if)#interface f0/1tarena-R2(config-if)#ip address 192.168.2.254 255.255.255.0tarena-R2(config-if)#no shutdown 步驟二:靜态NAT配置
1)在R1上将192.168.1.1映射到61.159.62.131,将192.168.1.2映射到61.159.62.132
靜态映射有唯一對應的關系。
通過靜态NAT,可以把内網伺服器釋出到外網。
tarena-R1(config)#ip nat inside source static 192.168.1.1 61.159.62.131tarena-R1(config)#ip nat inside source static 192.168.1.2 61.159.62.132 2)在R1上配置NAT内、外端口
tarena-R1(config)#interface f0/0tarena-R1(config-if)#ip nat inside tarena-R1(config-if)#interface f0/1tarena-R1(config-if)#ip nat outside 3)分别在兩台PC機上測試到外網主機的通信
PC1測試如下所示:
PC>ipconfig FastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::2D0:FFFF:FE45:CACCIP Address......................: 192.168.1.1Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=1ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =PC> PC2的測試如下所示:
PC>ipconfigFastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::200:CFF:FEEA:DE30IP Address......................: 192.168.1.2Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Request timed out.Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average =PC> 4)在R1上檢視NAT轉換表
tarena-R1#show ip nat translations Pro Inside global Inside local Outside local Outside globalicmp 61.159.62.131:10 192.168.1.1:10 192.168.2.1:10 192.168.2.1:10icmp 61.159.62.131:11 192.168.1.1:11 192.168.2.1:11 192.168.2.1:11icmp 61.159.62.131:12 192.168.1.1:12 192.168.2.1:12 192.168.2.1:12icmp 61.159.62.131:9 192.168.1.1:9 192.168.2.1:9 192.168.2.1:9icmp 61.159.62.132:27 192.168.1.2:27 192.168.2.1:27 192.168.2.1:27icmp 61.159.62.132:28 192.168.1.2:28 192.168.2.1:28 192.168.2.1:28icmp 61.159.62.132:29 192.168.1.2:29 192.168.2.1:29 192.168.2.1:29icmp 61.159.62.132:30 192.168.1.2:30 192.168.2.1:30 192.168.2.1:30 2 案例2:配置端口映射
2.1 問題
通過端口映射技術将内部伺服器釋出向Internet。
2.2 方案
在R1上配置端口映射将192.168.1.3的80端口映射為61.159.62.133的80端口,将web伺服器釋出到Internet。網絡拓撲如圖-2所示:
圖-2
2.3 步驟
實作此案例需要按照如下步驟進行。
步驟一:通用配置
1)在案例一基礎上取消靜态轉換條目,在192.168.1.0網絡新增一台web伺服器IP為192.168.1.3。将192.168.1.3的80端口映射為61.159.62.133的80端口
tarena-R1(config)#no ip nat inside source static 192.168.1.1 61.159.62.131tarena-R1(config)#no ip nat inside source static 192.168.1.2 61.159.62.132tarena-R1 (config)#ip nat inside source static tcp 192.168.1.3 80 61.159.62.133 80 步驟二:PC3上通路web伺服器進行驗證
1)外部主機PC4上通路61.159.62.133進行驗證,如圖-3所示
圖-3
3 案例3:配置動态NAT
3.1 問題
- 在R1通過動态NAT實作企業内網192.168.1.0/24轉換為公網位址61.159.62.131-61.159.62.134,通路192.168.2.1
3.2 方案
網絡拓撲如圖-4所示:
圖-4
3.3 步驟
實作此案例需要按照如下步驟進行。
步驟一:動态NAT配置
1)删除案例2中的端口映射
tarena-R1 (config)#no ip nat inside source static tcp 192.168.1.3 80 61.159.62.133 80 2)在R1上配置ACL
tarena-R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255 3)在R1上配置可轉換的公網IP位址池
位址池是向ISP(Internet服務提供商,如電信、聯通)申請得到的,内網主機(上一步ACL中所包含的IP位址)到外網的通路,内網位址将被動态的、随機的轉換為這些合法位址。
tarena-R1(config)#ip nat pool natpool 61.159.62.131 61.159.62.134 netmask 255.255.255.248 4)關聯ACL和公網的IP位址池
tarena-R1(config)#ip nat inside source list 1 5)在R1上配置NAT内、外端口
tarena-R1(config)#interface f0/0tarena-R1(config-if)#ip nat inside tarena-R1(config-if)#interface f0/1tarena-R1(config-if)#ip nat outside 6)分别在兩台PC機上測試到外網主機的通信
PC1測試如下所示:
PC>ipconfig FastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::2D0:FFFF:FE45:CACCIP Address......................: 192.168.1.1Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=1ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =PC> PC2測試如下所示:
PC>ipconfig FastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::2D0:FFFF:FE45:CACCIP Address......................: 192.168.1.2Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=1ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average = 7)在R1上檢視NAT轉換表
轉換表中的對應關系是動态的,如192.168.1.1被轉換為61.159.62.131,但是下一次對外網的通路很有可能被轉換為其他位址。
tarena-R1#show ip nat translations Pro Inside global Inside local Outside local Outside globalicmp 61.159.62.131:1362192.168.1.1:1362 192.168.2.1:1362 192.168.2.1:1362icmp 61.159.62.131:1392192.168.1.1:1392 192.168.2.1:1392 192.168.2.1:1392icmp 61.159.62.131:1393192.168.1.1:1393 192.168.2.1:1393 192.168.2.1:1393icmp 61.159.62.131:1394192.168.1.1:1394 192.168.2.1:1394 192.168.2.1:1394icmp 61.159.62.132:13 192.168.1.2:13 192.168.2.1:13 192.168.2.1:13icmp 61.159.62.132:14 192.168.1.2:14 192.168.2.1:14 192.168.2.1:14icmp 61.159.62.132:15 192.168.1.2:15 192.168.2.1:15 192.168.2.1:15icmp 61.159.62.132:16 192.168.1.2:16 192.168.2.1:16 192.168.2.1:16 4 案例4:PAT配置
4.1 問題
在R1配置PAT端口多路複用使企業内網192.168.1.0/24複用f0/1端口的IP,實作外部網絡的通路。
4.2 方案
網絡拓撲如圖-5所示:
圖-5
4.3 步驟
實作此案例需要按照如下步驟進行。
步驟一:基于端口的PAT配置限制
1)删除案例3中動态NAT配置
tarena-R1(config)#no ip nat inside source list 1tarena-R1(config)#no ip nat pool natpooltarena-R1(config)#no access-list 1 2)在R1上配置ACL
tarena-R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255 3)關聯ACL和路由器連接配接網際網路的端口
該指令最後加上的overload表示複用。
tarena-R1(config)#ip nat inside source list 1 interface f0/1 4)在R1上配置NAT内、外端口
tarena-R1(config)#interface f0/0tarena-R1(config-if)#ip nat inside tarena-R1(config-if)#interface f0/1tarena-R1(config-if)#ip nat outside 5)分别在兩台PC機上測試到外網主機的通信
PC1測試如下所示:
PC>ipconfig FastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::2D0:FFFF:FE45:CACCIP Address......................: 192.168.1.1Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=1ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =PC> PC2測試如下所示:
PC>ipconfig FastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::2D0:FFFF:FE45:CACCIP Address......................: 192.168.1.2Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=1ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =PC> 6)在R1上檢視NAT轉換表
tarena-R1#show ip nat translations Pro Inside global Inside local Outside local Outside globalicmp 61.159.62.129:2029192.168.1.1:2029 192.168.2.1:2029 192.168.2.1:2029icmp 61.159.62.129:2030192.168.1.1:2030 192.168.2.1:2030 192.168.2.1:2030icmp 61.159.62.129:2031192.168.1.1:2031 192.168.2.1:2031 192.168.2.1:2031icmp 61.159.62.129:2032192.168.1.1:2032 192.168.2.1:2032 192.168.2.1:2032icmp 61.159.62.129:2033192.168.1.1:2033 192.168.2.1:2033 192.168.2.1:2033icmp 61.159.62.129:2034192.168.1.1:2034 192.168.2.1:2034 192.168.2.1:2034icmp 61.159.62.129:2035192.168.1.1:2035 192.168.2.1:2035 192.168.2.1:2035 輸出結果顯示,所有的内網IP位址在通路外網前均被轉換成了路由器端口的IP位址。
5 案例5:辦公區Internet的通路
5.1 問題
在R1配置PAT端口多路複用使企業内網192.168.1.0/24複用f0/1端口的IP,實作外部網絡的通路。
5.2 方案
網絡拓撲如圖-6所示:
圖-6
5.3 步驟
實作此案例需要按照如下步驟進行。
步驟一:在SM1劃分vlan2、vlan3、vlan4 并給SM1配置虛端口IP并開啟路由功能,1-4接口開啟trunk
1)建立vlan并設定管理IP,開啟路由功能,并把相應的接口劃分到vlan下
SM1 (config)ip routingSM1 (config)#vlan 2SM1 (config-vlan)#vlan 3SM1 (config-vlan)#vlan 4SM1 (config-vlan)#SM1 (config-vlan)#exitSM1 (config)#interface vlan 1SM1 (config-if)#ip address 192.168.1.254 255.255.255.0SM1 (config-if)#eixtSM1 (config-if)#no shutdown SM1 (config-if)#exitSM1 (config)#interface vlan 2SM1 (config-if)#ip address 192.168.2.254 255.255.255.0SM1 (config-if)#no shutdown SM1 (config-if)#exitSM1 (config)#interface vlan 3SM1 (config-if)#ip address 192.168.3.254 255.255.255.0SM1 (config-if)#no shutdown SM1 (config-if)#exitSM1 (config)#interface vlan 4SM1 (config-if)#ip address 192.168.4.254 255.255.255.0SM1 (config-if)#no shutdown
sw2(config)#vlan 2sw2(config-vlan)#exitsw2(config)#interface fastEthernet 0/1sw2(config-if)#switchport access vlan 2
sw3(config)#vlan 3sw3(config-vlan)#exitsw3(config)#interface fastEthernet 0/1sw3(config-if)#switchport access vlan 3
sw4(config)#vlan 4sw4(config-vlan)#exitsw4(config)#interface fastEthernet 0/1sw4(config-if)#switchport access vlan 4 2)交換機之間所連接配接的接口開啟trunk
SM1(config)#interface range f0/1 - 4SM1 (config-if-range)#switchport trunk encapsulation dot1q SM1 (config-if-range)#switchport mode trunk
sw1(config)#interface fastEthernet 0/3sw1(config-if)#switchport mode trunk
sw2(config)#interface fastEthernet 0/3sw2(config-if)#switchport mode trunk
sw3(config)#interface fastEthernet 0/3sw3(config-if)#switchport mode trunk
sw4(config)#interface fastEthernet 0/3sw4(config-if)#switchport mode trunk 3)測試vlan之間的連通性
PC>ipconfigFastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::290:21FF:FEC2:1A50IP Address......................: 192.168.1.1Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254
PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=0ms TTL=127Reply from 192.168.2.1: bytes=32 time=0ms TTL=127Reply from 192.168.2.1: bytes=32 time=0ms TTL=127Reply from 192.168.2.1: bytes=32 time=1ms TTL=12Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =
PC>ping 192.168.3.1Pinging 192.168.3.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=0ms TTL=127Reply from 192.168.3.1: bytes=32 time=0ms TTL=127Reply from 192.168.3.1: bytes=32 time=0ms TTL=127Reply from 192.168.3.1: bytes=32 time=1ms TTL=127Ping statistics for 192.168.3.1:Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average =
PC>ping 192.168.4.1Pinging 192.168.4.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=0ms TTL=127Reply from 192.168.2.1: bytes=32 time=0ms TTL=127Reply from 192.168.2.1: bytes=32 time=0ms TTL=127Reply from 192.168.4.1: bytes=32 time=0ms TTL=127Ping statistics for 192.168.4.1:Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 4)為SM1與路由器連接配接的接口和路由器配置IP并啟用動态路由RIP協定.
SM1(config)#interface fastEthernet 0/5SM1(config-if)#no switchport SM1(config-if)#ip add 192.168.5.1 255.255.255.0SM1(config-if)#no shutdownSM1(config-if)#exitSM1(config)#router rip SM1(config-router)#version 2SM1(config-router)#no auto-summary SM1(config-router)#network 192.168.1.0SM1(config-router)#network 192.168.2.0SM1(config-router)#network 192.168.3.0SM1(config-router)#network 192.168.4.0SM1(config-router)#network 192.168.5.0
Router(config)#interface fastEthernet 0/0Router(config-if)#ip address 192.168.5.2 255.255.255.0Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#interface fastEthernet 0/1Router(config-if)#ip address 61.159.62.129 255.255.255.248Router(config-if)#exitRouter(config)#router rip Router(config-router)#version 2Router(config-router)#no auto-summary Router(config-router)#network 192.168.5.0 5)在路由器上配置預設路由并釋出到RIP協定裡并在三成交換機SM1上檢視路由表
Router(config)#ip route 0.0.0.0 0.0.0.0 f0/1Router(config)#router rip Router(config-router)#default-information originate SM路由表如下所示:
SM1# show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -D - EIGRP, EX - EIGRP external, O - OSPF, IA -N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E -i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o -P - periodic downloaded staticGateway of last resort is 192.168.5.2 to network 0.0.0.0C 192.168.1.0/24 is directly connected,C 192.168.2.0/24 is directly connected,C 192.168.3.0/24 is directly connected,C 192.168.4.0/24 is directly connected,C 192.168.5.0/24 is directly connected, FastEthernet0/5R* 0.0.0.0/0 [120/1] via 192.168.5.2, 00:00:18, FastEthernet0/5 6)在路由器上配置PAT
Router(config)#access-list 1 permit 192.168.4.0 0.0.0.255Router(config)#ip nat inside source list 1 interface f0/1Router(config)#interface fastEthernet 0/0Router(config-if)#ip nat inside Router(config-if)#exitRouter(config)#interface fastEthernet 0/1Router(config-if)#ip nat outside 7)用192.168.4.0和192.168.1.0測試網絡連通性
PC1
PC>ping 61.159.62.130Pinging 61.159.62.130 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 61.159.62.130:Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), PC4
PC>ping 61.159.62.130
Pinging 61.159.62.130 with 32 bytes of data:
Reply from 61.159.62.130: bytes=32 time=0ms TTL=126Reply from 61.159.62.130: bytes=32 time=0ms TTL=126Reply from 61.159.62.130: bytes=32 time=0ms TTL=126Reply from 61.159.62.130: bytes=32 time=0ms TTL=126
Ping statistics for 61.159.62.130:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = ![JAVA 系列——>開發工具IntelliJ IDEA的安裝以及配置、快捷鍵IDEA 簡介[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)