一、实验拓扑
二、实验要求
1.按照图示配置ip地址,公网地址100.1.1.1/24
2.私网a通过napt,使得r1接入到互联网,私网b通过easy IP使得r3接入互联网
3.私网a配置nat server 把telnet的telnet服务发布到公网使得pc2可以访问
三、实验步骤
1.配置IP地址
[telnet]int g0/0/0
[telnet-GigabitEthernet0/0/0]ip add 192.168.1.2 24
[telnet-GigabitEthernet0/0/0]quit
[telnet]ip rpute-static 0.0.0.0 192.168.1.254
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 100.1.1.1 24.
[r1-GigabitEthernet0/0/1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 100.1.1.2 24
[r2-GigabitEthernet0/0/0]int g0/0/1
[r2-GigabitEthernet0/0/1]ip add 100.2.2.2 24
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 100.2.2.3 24
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]192.168.1.3 24
[pc2]int g0/0/0
[pc2-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[pc2-GigabitEthernet0/0/0]quit
[pc2]ip route-static 0.0.0.0 0 192.168.1.3
2.配置telnet服务
[telnet]aaa
[telnet-aaa]local-user wangdaye privilege level 15 password cipher wdy123
[telnet-aaa]local-user wangdaye service-type telnet
[telnet-aaa]quit
[telnet]user-interface vty 0 4
[telnet-ui-vty0-4]authentication-mode aaa
[telnet-ui-vty0-4]quit
3.配置公网胡同
[r1]ip route-static 0.0.0.0 0 100.1.1.2
[r3]ip route-static 0.0.0.0 0 100.2.2.2
4.
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]quit
[r1]nat address-group 1 100.1.1.3 100.1.1.254
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
[r1-GigabitEthernet0/0/1]quit
在pc1上测试
5.在r3上配置easy ip
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.225
[r3-acl-basic-2000]int g0/0/0
[r3-GigabitEthernet0/0/0]nat outbound 2000
[r3-GigabitEthernet0/0/0]quit
测试
6. 在私网a配置nat server将telnet的telnet服务使pc2可以访问
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.2 23
[r1-GigabitEthernet0/0/1]QUIT
7.检测