动态NAT技术.docx
《动态NAT技术.docx》由会员分享,可在线阅读,更多相关《动态NAT技术.docx(18页珍藏版)》请在冰点文库上搜索。
动态NAT技术
动态NAT技术
一.网络拓扑图
二.实验要求
1.根据网络拓扑图正确划分VLAN和配置IP地址
2.VLAN10IP:
192.168.10.254/24
VLAN20IP:
192.168.20.254/24
3.R1为某公司的出口路由器,因此使用动态NAT技术,NAT地址池为202.1.100.2-202.1.100.5,地址池命名为james。
公司内部都可以通过NAT转换技术访问外网的WEBSERVER。
4.R1与R2互联采用静态路由技术
三.配置过程
1.SW1:
Switch>
Switch>ena
Switch#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Switch(config)#hosSW1
SW1(config)#vl10//创建VLAN10
SW1(config-vlan)#exi
SW1(config)#vl20//创建VLAN20
SW1(config-vlan)#exi
SW1(config)#intf0/1
SW1(config-if)#swmotr//开启TRUNK
SW1(config-if)#swtrallvlall//允许所有VLAN通过
SW1(config-if)#exi
SW1(config)#intrf0/2-12
SW1(config-if-range)#swmoacc
SW1(config-if-range)#swaccvl10//划分VLAN10
SW1(config-if-range)#exi
SW1(config)#intrf0/13-24
SW1(config-if-range)#swmoacc
SW1(config-if-range)#swaccvl20//划分VLAN20
SW1(config-if-range)#exi
SW1(config)#dowr//保存配置
Buildingconfiguration...
[OK]
2.R1:
Router>ena
Router#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#hosR1
R1(config)#intf0/0
R1(config-if)#ipnatinside//配置内网口
R1(config-if)#noshutdown
R1(config-if)#exi
R1(config)#intf0/0.1//创建F0/0.1子接口
R1(config-subif)#encdo10//封装802.1Q协议,制动VLAN10
R1(config-subif)#ipaddress192.168.10.254255.255.255.0//配置IP地址和子网掩码
R1(config-subif)#ipnatinside//配置内网口
R1(config-subif)#noshutdown
R1(config-subif)#exi
R1(config)#intf0/0.2//创建F0/0.2子接口
R1(config-subif)#encdo20//封装802.1Q协议,指定VLAN20
R1(config-subif)#ipaddress192.168.20.254255.255.255.0//配置IP地址和子网掩码
R1(config-subif)#ipnatinside//配置内网口
R1(config-subif)#noshutdown
R1(config-subif)#exi
R1(config)#intf0/1
R1(config-if)#ipaddress202.1.100.2255.255.255.240//配置IP地址和子网掩码
R1(config-if)#ipnatoutside//配置外网口
R1(config-if)#noshutdown
R1(config-if)#exi
R1(config)#ipnatpooljames202.1.100.2202.1.100.5netmask255.255.255.240//创建NAT地址池,指定地址池转换IP的范围和子网掩码
R1(config)#access-list1permitany//配置访问控制列表,允许所有数据通过
R1(config)#ipnatinsidesourcelist1pooljamesoverload//允许1对多转换
R1(config)#iproute0.0.0.00.0.0.0202.1.100.1//配置默认路由
R1(config)#iproute202.103.224.0255.255.255.0202.1.100.1//配置静态路由,指定目的地址,子网,下一跳路由
R1(config)#dowr
Buildingconfiguration...
[OK]
3.R3:
Router>ena
Router#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#hosR2
R2(config)#intf0/1
R2(config-if)#ipaddress202.103.224.254255.255.255.0
R2(config-if)#noshutdown
R2(config-if)#exi
R2(config)#intf0/0
R2(config-if)#ipaddress202.1.100.1255.255.255.240//配置IP地址和子网掩码
R2(config-if)#noshutdown
R2(config-if)#exi
R2(config)#iproute0.0.0.00.0.0.0202.1.100.2//配置默认路由
R2(config)#iproute202.1.100.0255.255.255.240202.1.100.2//配置静态路由,指定目的地址,子网,下一跳路由
R2(config)#dowr
Buildingconfiguration...
[OK]
四.配置文档
1.SW1:
SW1#shrun
Buildingconfiguration...
Currentconfiguration:
2226bytes
!
version12.2
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepassword-encryption
!
hostnameSW1
!
!
spanning-treemodepvst
!
interfaceFastEthernet0/1
switchportmodetrunk
!
interfaceFastEthernet0/2
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/3
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/4
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/5
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/6
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/7
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/8
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/9
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/10
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/11
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/12
switchportaccessvlan10
switchportmodeaccess
!
interfaceFastEthernet0/13
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/14
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/15
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/16
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/17
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/18
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/19
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/20
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/21
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/22
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/23
switchportaccessvlan20
switchportmodeaccess
!
interfaceFastEthernet0/24
switchportaccessvlan20
switchportmodeaccess
!
interfaceGigabitEthernet1/1
!
interfaceGigabitEthernet1/2
!
interfaceVlan1
noipaddress
shutdown
!
!
linecon0
!
linevty04
login
linevty515
login
!
!
End
2.R1:
R1#shrun
Buildingconfiguration...
Currentconfiguration:
887bytes
!
version12.4
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepassword-encryption
!
hostnameR1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-treemodepvst
!
!
!
!
interfaceFastEthernet0/0
noipaddress
ipnatinside
duplexauto
speedauto
!
interfaceFastEthernet0/0.1
encapsulationdot1Q10
ipaddress192.168.10.254255.255.255.0
ipnatinside
!
interfaceFastEthernet0/0.2
encapsulationdot1Q20
ipaddress192.168.20.254255.255.255.0
ipnatinside
!
interfaceFastEthernet0/1
ipaddress202.1.100.2255.255.255.240
ipnatoutside
duplexauto
speedauto
!
interfaceVlan1
noipaddress
shutdown
!
ipnatpooljames202.1.100.2202.1.100.5netmask255.255.255.240
ipnatinsidesourcelist1pooljamesoverload
ipclassless
iproute0.0.0.00.0.0.0202.1.100.1
iproute202.103.224.0255.255.255.0202.1.100.1
!
!
access-list1permitany
!
!
!
!
!
linecon0
linevty04
login
!
!
!
End
3.R2:
R2(config)#doshrun
Buildingconfiguration...
Currentconfiguration:
590bytes
!
version12.4
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepassword-encryption
!
hostnameR2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-treemodepvst
!
!
!
!
interfaceFastEthernet0/0
ipaddress202.1.100.1255.255.255.240
duplexauto
speedauto
!
interfaceFastEthernet0/1
ipaddress202.103.224.254255.255.255.0
duplexauto
speedauto
!
interfaceVlan1
noipaddress
shutdown
!
ipclassless
iproute0.0.0.00.0.0.0202.1.100.2
iproute202.1.100.0255.255.255.240202.1.100.2
!
!
!
!
!
!
!
linecon0
linevty04
login
!
!
!
end
五.测试结果
1.PC0和PC1PING通WEBSERVER
2.PC0PC1能访问WEBSERVER
3.查看地址转换情况:
1.R1:
升级会员 