ImageVerifierCode 换一换
格式:DOCX , 页数:17 ,大小:22.31KB ,
资源ID:9402897      下载积分:3 金币
快捷下载
登录下载
邮箱/手机:
温馨提示:
快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。 如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝    微信支付   
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【https://www.bingdoc.com/d-9402897.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录   QQ登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(NAT实验.docx)为本站会员(b****8)主动上传,冰点文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知冰点文库(发送邮件至service@bingdoc.com或直接QQ联系客服),我们立即给予删除!

NAT实验.docx

1、NAT实验NAT 转换实验实验拓扑:实验目的:理解 NAT 地址转换的原理,熟悉NAT 转换的配置过程。进一步理解NAT 在扩展IP地址方面的巨大功效。理解NAT 如何将内部地址转换成外部地址的过程。1 静态NAT首先在R1 上起2 个环回接口loop0 和loop1,为每一个loop 口分配一个IP地址,模拟2 台内部PC 机,R1 的S1 看成到外网的接口。而R3 这里看成外部一台服务器。PC 机想要与R3 通信,不许利用NAT 来将内部PC 地址转换成R1 上S0 的地址实现。路由器的基本配置R1#show ip int bInterface IP-Address OK? Method

2、Status Proocol Ethernet0 unassigned YES unset administratively down downLoopback0 192.168.2.1 YES manual up upLoopback1 192.168.3.1 YES manual up upSerial0 61.32.34.6 YES manual up upSerial1 unassigned YES unset administratively down downR2#show ip int bInterface IP-Address OK? Method Status Protoco

3、lEthernet0 unassigned YES unset administratively down downSerial0 unassigned YES TFTP up upSerial1 61.32.34.5 YES manual up up此时用扩展PING 以192.168.2.1 和192.168.3.1 为源以61.32.34.5 为目的PINGR1#pingProtocol ip:Target IP address:% Bad IP addressR1#pingProtocol ip:Target IP address: 61.32.34.5Repeat count 5:D

4、atagram size 100:Timeout in seconds 2:Extended commands n: ySource address or interface: 192.168.2.1Type of service 0:Set DF bit in IP header? no:Validate reply data? no:Data pattern 0xABCD:Loose, Strict, Record, Timestamp, Verbosenone:Sweep range of sizes n:Type escape sequence to abort.Sending 5,

5、100-byte ICMP Echos to 61.32.34.5, timeout is 2 seconds:.Success rate is 0 percent (0/5)R1#pingProtocol ip:Target IP address:% Bad IP addressR1#pingProtocol ip:Target IP address: 61.32.34.5Repeat count 5:Datagram size 100:Timeout in seconds 2:Extended commands n: ySource address or interface: 192.16

6、8.3.1Type of service 0:Set DF bit in IP header? no:Validate reply data? no:Data pattern 0xABCD:Loose, Strict, Record, Timestamp, Verbosenone:Sweep range of sizes n:Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 61.32.34.5, timeout is 2 seconds:.Success rate is 0 percent (0/5)显然无法pin

7、g 通,即内部地址无法直接与外部地址通信,于是我们启用NAT转换。启动NAT 静态转换。R1(config)#int loop0R1(config-if)#ip nat inside 定义内部接口R1(config-if)#int loop1R1(config-if)#ip nat inside 定义内部接口R1(config-if)#int s0R1(config-if)#ip nat outside 定义外部接口R1(config)#ip nat inside source static 192.168.2.1 61.32.34.6定义将内部的接口地址静态的的一对一的转换为61.32.34

8、.6R1(config)#ip nat inside source static 192.168.3.1 61.32.34.7定义将内部的接口地址静态的的一对一的转换为61.32.34.7此时用扩展Ping 以192.168.2.1 和192.168.3.1 为源以61.32.34.5 为目的PINGR1#debug ip nat 开放debug 进行ping 包时候的抓包转换测试。R1#pingProtocol ip:Target IP address: 61.32.34.5Repeat count 5:Datagram size 100:Timeout in seconds 2:Exten

9、ded commands n: ySource address or interface: 192.168.2.1Type of service 0:Set DF bit in IP header? no:Validate reply data? no:Data pattern 0xABCD:Loose, Strict, Record, Timestamp, Verbosenone:Sweep range of sizes n:Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 61.32.34.5, timeout

10、is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36ms00:36:36: NAT: s=192.168.2.1-61.32.34.6, d=61.32.34.5 20看到我们的源已经进行了转换,转换后的地址才可以与目的地址进行通信00:36:36: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.1 2000:36:36: NAT: s=192.168.2.1-61.32.34.6, d=61.32.34.5 2100:36:36: NAT*:

11、 s=61.32.34.5, d=61.32.34.6-192.168.2.1 2100:36:36: NAT: s=192.168.2.1-61.32.34.6, d=61.32.34.5 2200:36:36: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.1 2200:36:36: NAT: s=192.168.2.1-61.32.34.6, d=61.32.34.5 2300:36:36: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.1 2300:36:36: NAT: s=192.168.2.1-61.

12、32.34.6, d=61.32.34.5 2400:36:36: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.1 24R1#pingProtocol ip:Target IP address: 61.32.34.5Repeat count 5:Datagram size 100:Timeout in seconds 2:Extended commands n: ySource address or interface: 192.168.3.1Type of service 0:Set DF bit in IP header? no:Validate

13、reply data? no:Data pattern 0xABCD:Loose, Strict, Record, Timestamp, Verbosenone:Sweep range of sizes n:Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 61.32.34.5, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36ms00:37:40: NAT: s=192.168.3.1

14、-61.32.34.7, d=61.32.34.5 2500:37:40: NAT*: s=61.32.34.5, d=61.32.34.7-192.168.3.1 2500:37:40: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 2600:37:40: NAT*: s=61.32.34.5, d=61.32.34.7-192.168.3.1 2600:37:40: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 2700:37:40: NAT*: s=61.32.34.5, d=61.32.34.7-192

15、.168.3.1 2700:37:40: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 2800:37:40: NAT*: s=61.32.34.5, d=61.32.34.7-192.168.3.1 2800:37:40: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 2900:37:40: NAT*: s=61.32.34.5, d=61.32.34.7-192.168.3.1 29有PING 的结果可以看出,现在内部PC 已经可以和外部通信了,并且通过debug 信息可以看到NAT 转换已经开始运行。但这

16、种转换是NAT 里最简单的转换,下面我们学习其他几种NAT 转换方式。2.动态NAT1启动动态NAT为loop0 接口定义多个地址R1(config-if)#ip add 192.168.2.1 255.255.255.0R1(config-if)#ip add 192.168.2.2 255.255.255.0 secR1(config-if)#ip add 192.168.2.3 255.255.255.0 secR1(config-if)#ip add 192.168.2.4 255.255.255.0 secR1(config-if)#ip add 192.168.2.5 255.25

17、5.255.0 secR1(config-if)#ip add 192.168.2.6 255.255.255.0 secR1(config-if)#ip add 192.168.2.7 255.255.255.0 secR1(config-if)#ip add 192.168.2.8 255.255.255.0 secR1(config-if)#ip add 192.168.2.9 255.255.255.0 sec定义外部地址池R1(config)#ip nat pool outpool 61.32.34.6 61.32.34.7 netmask 255.255.255.0定义了一个转换池

18、的名字叫做outpool,也就是说,你转换后的地址是从这个池子里面出的。定义允许的转换的内部地址R1(config)#access-list 10 permit host 192.168.2.1R1(config)#access-list 10 permit host 192.168.3.1定义转换R1(config)#ip nat inside source list 10 pool outpool 定义了内部需要转换的是有accesslist 来控制的10,而转后后的地址是从outpool 里面来提取的。此时用扩展PING 以192.168.2.2 和192.168.2.3 为源以61.3

19、2.34.5 为目的PING观察转换效果R1#debug ip natR1#pingProtocol ip:Target IP address: 61.32.34.5Repeat count 5:Datagram size 100:Timeout in seconds 2:Extended commands n: ySource address or interface: 192.168.2.3Type of service 0:Set DF bit in IP header? no:Validate reply data? no:Data pattern 0xABCD:Loose, Stri

20、ct, Record, Timestamp, Verbosenone:Sweep range of sizes n:Sending 5, 100-byte ICMP Echos to 61.32.34.5, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 40/41/44 ms01:06:35: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 6501:06:35: NAT*: s=61.32.34.5, d=61.32.34.7-192.

21、168.3.1 6501:06:35: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 6601:06:35: NAT*: s=61.32.34.5, d=61.32.34.7-192.168.3.1 6601:06:35: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 6701:06:35: NAT*: s=61.32.34.5, d=61.32.34.7-192.168.3.1 6701:06:35: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 6801:06:35

22、: NAT*: s=61.32.34.5, d=61.32.34.7-192.168.3.1 6801:06:35: NAT: s=192.168.3.1-61.32.34.7, d=61.32.34.5 6901:06:35: NAT*: s=61.32.34.5, d=61.32.34.7-192.168.3.1 69R1#pingProtocol ip:Target IP address: 61.32.34.5Repeat count 5:Datagram size 100:Timeout in seconds 2:Extended commands n: ySource address

23、 or interface: 192.168.2.2Type of service 0:Set DF bit in IP header? no:Validate reply data? no:Data pattern 0xABCD:Loose, Strict, Record, Timestamp, Verbosenone:Sweep range of sizes n:Sending 5, 100-byte ICMP Echos to 61.32.34.5, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip m

24、in/avg/max = 40/41/44 ms01:13:28: NAT: s=192.168.2.2-61.32.34.6, d=61.32.34.5 8501:13:28: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.2 8501:13:28: NAT: s=192.168.2.2-61.32.34.6, d=61.32.34.5 8601:13:28: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.2 8601:13:29: NAT: s=192.168.2.2-61.32.34.6, d=61.32.3

25、4.5 8701:13:29: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.2 8701:13:29: NAT: s=192.168.2.2-61.32.34.6, d=61.32.34.5 8801:13:29: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.2 8801:13:29: NAT: s=192.168.2.2-61.32.34.6, d=61.32.34.5 8901:13:29: NAT*: s=61.32.34.5, d=61.32.34.6-192.168.2.2 89当我们清楚所有的NAT

26、 会话以后,再次PING 的时候的转换则有R1#pingProtocol ip:Target IP address: 61.32.34.5Repeat count 5:Datagram size 100:Timeout in seconds 2:Extended commands n: ySource address or interface: 192.168.2.3Type of service 0:Set DF bit in IP header? no:Validate reply data? no:Data pattern 0xABCD:Loose, Strict, Record, Ti

27、mestamp, Verbosenone:Sweep range of sizes n:Sending 5, 100-byte ICMP Echos to 61.32.34.5, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 40/41/44 ms01:06:35: NAT: s=192.168.2.3-61.32.34.6, d=61.32.34.5 6501:06:35: NAT*: s=61.32.34.5, d=61.32.34.6-192.168. 2.3 6501:

28、06:35: NAT: s=192.168.2.3-61.32.34.6, d=61.32.34.5 6601:06:35: NAT*: s=61.32.34.5, d=61.32.34.6-192.168. 2.3 6601:06:35: NAT: s=192.168. 2.3-61.32.34.6, d=61.32.34.5 6701:06:35: NAT*: s=61.32.34.5, d=61.32.34.6-192.168. 2.3 6701:06:35: NAT: s=192.168. 2.3-61.32.34.6, d=61.32.34.5 6801:06:35: NAT*: s

29、=61.32.34.5, d=61.32.34.6-192.1682.3 6801:06:35: NAT: s=192.168. 2.3-61.32.34.6, d=61.32.34.5 6901:06:35: NAT*: s=61.32.34.5, d=61.32.34.6-192.168. 2.3 69R1#pingProtocol ip:Target IP address: 61.32.34.5Repeat count 5:Datagram size 100:Timeout in seconds 2:Extended commands n: ySource address or inte

30、rface: 192.168.2.2Type of service 0:Set DF bit in IP header? no:Validate reply data? no:Data pattern 0xABCD:Loose, Strict, Record, Timestamp, Verbosenone:Sweep range of sizes n:Sending 5, 100-byte ICMP Echos to 61.32.34.5, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 40/41/44 ms01:13:28: NAT: s=192.168.2.2-61.32.34.7, d=61.32.34.5 8501:13:28: NAT*

copyright@ 2008-2023 冰点文库 网站版权所有

经营许可证编号:鄂ICP备19020893号-2