NAT实验
要求
拓补
IP的配置与路由配置
[r1]
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.1/24 up up
GigabitEthernet0/0/1 192.168.12.1/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
静态路由
34.0.0.0/24 Static 60 0 RD 192.168.12.2 GigabitEthernet
0/0/1
[r2]
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.12.2/24 up up
GigabitEthernet0/0/1 192.168.2.1/24 up up
GigabitEthernet0/0/2 23.0.0.1/24 up up
NULL0 unassigned up up(s)
静态路由
34.0.0.0/24 Static 60 0 RD 23.0.0.2 GigabitEthernet
0/0/2
192.168.1.0/24 Static 60 0 RD 192.168.12.1 GigabitEthernet
0/0/0[r3]
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 23.0.0.2/24 up up
GigabitEthernet0/0/1 34.0.0.1/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)[Telnet]
接口IP
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.2/24 up up
缺省路由
Destination/Mask Proto Pre Cost Flags NextHop Interface0.0.0.0/0 Static 60 0 RD 192.168.1.1 GigabitEthernet
0/0/0
[test 1]
缺省路由
0.0.0.0/0 Static 60 0 RD 34.0.0.1 GigabitEthernet
0/0/0
接口IP
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 34.0.0.2/24 up up[test 2]
缺省路由
0.0.0.0/0 Static 60 0 RD 34.0.0.1 GigabitEthernet
0/0/0
接口IP
GigabitEthernet0/0/0 34.0.0.3/24 up up
配置NAT与ACL
interface GigabitEthernet0/0/2
ip address 23.0.0.1 255.255.255.0
traffic-filter inbound acl 3000
traffic-filter outbound acl 3001
nat server protocol tcp global current-interface telnet inside 192.168.1.2 teln
et
nat outbound 2000 address-group 1 no-pat
acl配置
[r2-acl-adv-3000]rule deny tcp source 34.0.0.3 0 destination 23.0.0.1 0 destinat
ion-port eq 23 --- test2的Telnet访问控制[r2-acl-adv-3001]rule deny icmp source 192.168.2.2 0 destination 34.0.0.2 0--- PC2的访问控制