天天看点
返回

思科华为NAT实验

NAT的主要功能

1.延缓IPv4地址枯竭.

2.保护内网主机(端口映射).

3.对于TCP流量可动态负载均衡.

此文章主要以静态NAT和动态NAT来分别演示思科华为的主要配置。(PC终端可自行配置ip地址)

1.静态NAT

将一个私有IP地址转换为一个公有IP地址.

2.动态NAT

多个私有IP地址转换为多个公有IP地址,源端口号标识每个会话.

思科实验

静态NAT

思科华为NAT实验

R1:(边界路由器)

ip nat inside source static 192.168.1.1 100.0.12.100

ip route 0.0.0.0 0.0.0.0 Ethernet0/1 100.0.12.2

interface Ethernet0/0

ip address 192.168.1.254 255.255.255.0

ip nat inside

interface Ethernet0/1

ip address 100.0.12.1 255.255.255.0

ip nat outside

R2:(ISP)

interface Loopback0

ip address 2.2.2.2 255.255.255.0

interface Ethernet0/1

ip address 100.0.12.2 255.255.255.0

动态NAT

思科华为NAT实验

R5:(边界路由器)

access-list 1 permit 192.168.5.0 0.0.0.255

ip nat pool NAT 100.0.56.10 100.0.56.20 netmask 255.255.255.0

ip nat inside source list 1 pool NAT

ip route 0.0.0.0 0.0.0.0 Ethernet0/0 100.0.56.6

interface Ethernet0/0

ip address 100.0.56.5 255.255.255.0

ip nat outside

interface Ethernet0/1

ip address 192.168.5.254 255.255.255.0

ip nat inside

R6:(ISP)

interface Loopback0

ip address 5.5.5.5 255.255.255.0

interface Ethernet0/0

ip address 100.0.56.6 255.255.255.0

interface Ethernet0/1

ip address 6.6.6.1 255.255.255.0

VPC10 6.6.6.6 GAW : 6.6.6.1

注意:去往外网网段的终端 一定要配置网关

R5#show ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

--- 100.0.56.10        192.168.5.1        ---                ---

--- 100.0.56.11        192.168.5.2        ---                ---

show 命令:

show ip nat statistics

show ip nat translations 

华为实验

静态NAT

思科华为NAT实验

AR1:(边界路由器)

#

nat static global 100.0.12.100 inside 192.168.1.253 netmask 255.255.255.255

interface GigabitEthernet0/0/0

ip address 100.0.12.1 255.255.255.0

[r1-GigabitEthernet0/0/0] nat static global 100.0.12.100 inside 192.168.1.253(第二种方式,建议在全局模式下配置)

nat static enable

interface GigabitEthernet0/0/1

ip address 192.168.1.254 255.255.255.0

nat static enable

ip route-static 0.0.0.0 0.0.0.0 100.0.12.2

AR2:(ISP)

interface GigabitEthernet0/0/0

ip address 100.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1

ip address 2.2.2.1 255.255.255.0 

[r1]dis nat static

  Static Nat Information:

  Interface  : GigabitEthernet0/0/0

    Global IP/Port     : 100.0.12.100/----

    Inside IP/Port     : 192.168.1.253/----

    Protocol : ----    

    VPN instance-name  : ----                           

    Acl number         : ----

    Netmask  : 255.255.255.255

    Description : ----

  Total :    1

动态NAT

思科华为NAT实验

AR1:(边界路由器)

#

acl number 2000 

rule 20 permit source 192.168.1.0 0.0.0.255

nat address-group 2 100.0.12.10 100.0.12.30

interface GigabitEthernet0/0/0

ip address 100.0.12.1 255.255.255.0

nat outbound 2000 address-group 2

interface GigabitEthernet0/0/1

ip address 192.168.1.254 255.255.255.0

dhcp select global

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 100.0.12.2

AR2:(ISP)

interface GigabitEthernet0/0/0

ip address 100.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1

ip address 2.2.2.1 255.255.255.0 

网络实验室 网络 路由器 思科 visio 华为 网络 模具
上一篇: Win10 无线网卡无法自动获取IP地址的检查方法
下一篇: win10连接无线网,开启移动热点,手机连接它手机一直显示获取ip地址中。 - 十九画橙汁

继续阅读