实验说明:先配置 S1/0 能ping通 r2的 lookback0,然后 在配置NAT
r1
s1/0 192.168.1.1
linterface Loopback0
1.1.1.2 255.0.0.0 secondary
1.1.1.3 255.0.0.0 secondary
1.1.1.4 255.0.0.0 secondary
1.1.1.1 255.0.0.0
1.1.1.2 255.0.0.0 secondary
1.1.1.3 255.0.0.0 secondary
1.1.1.4 255.0.0.0 secondary
1.1.1.1 255.0.0.0
r1配置:
ip address 1.1.1.2 255.0.0.0 secondary
ip address 1.1.1.3 255.0.0.0 secondary
ip address 1.1.1.4 255.0.0.0 secondary
ip address 1.1.1.1 255.0.0.0
ip nat inside
interface Serial1/0
ip address 192.168.1.1 255.255.255.0
ip nat outside
clock rate 64000
ip address 192.168.1.1 255.255.255.0
ip nat outside
clock rate 64000
ip nat pool ccna 192.168.1.10 192.168.1.100 netmask 255.255.255.0
ip nat inside source list 1 pool ccna
ip route 2.0.0.0 255.0.0.0 192.168.1.2
ip nat inside source list 1 pool ccna
ip route 2.0.0.0 255.0.0.0 192.168.1.2
access-list 1 permit 1.0.0.0 0.255.255.255
验证:扩展ping
r1#ping
Protocol [ip]:
Target IP address: 2.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: yes
Source address or interface: 1.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/50/96 ms
Protocol [ip]:
Target IP address: 2.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: yes
Source address or interface: 1.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/50/96 ms
*Feb 27 22:50:02.967: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [40]
*Feb 27 22:50:03.059: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [40]
*Feb 27 22:50:03.059: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [41]
*Feb 27 22:50:03.123: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [41]
*Feb 27 22:50:03.123: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [42]
*Feb 27 22:50:03.135: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [42]
*Feb 27 22:50:03.135: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [43]
*Feb 27 22:50:03.183: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [43]
*Feb 27 22:50:03.183: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [44]
*Feb 27 22:50:03.215: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [44]
*Feb 27 22:50:03.059: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [40]
*Feb 27 22:50:03.059: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [41]
*Feb 27 22:50:03.123: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [41]
*Feb 27 22:50:03.123: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [42]
*Feb 27 22:50:03.135: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [42]
*Feb 27 22:50:03.135: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [43]
*Feb 27 22:50:03.183: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [43]
*Feb 27 22:50:03.183: NAT: s=1.1.1.1->192.168.1.10, d=2.2.2.2 [44]
*Feb 27 22:50:03.215: NAT*: s=2.2.2.2, d=192.168.1.10->1.1.1.1 [44]
r1#ping
Protocol [ip]:
Target IP address: 2.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: yes
Source address or interface: 1.1.1.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/52/108 ms
r1#
*Feb 27 22:50:38.391: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [45]
*Feb 27 22:50:38.495: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [45]
*Feb 27 22:50:38.495: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [46]
*Feb 27 22:50:38.527: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [46]
*Feb 27 22:50:38.527: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [47]
*Feb 27 22:50:38.575: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [47]
*Feb 27 22:50:38.575: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [48]
*Feb 27 22:50:38.591: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [48]
*Feb 27 22:50:38.591: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [49]
*Feb 27 22:50:38.651: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [49]
Protocol [ip]:
Target IP address: 2.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: yes
Source address or interface: 1.1.1.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/52/108 ms
r1#
*Feb 27 22:50:38.391: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [45]
*Feb 27 22:50:38.495: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [45]
*Feb 27 22:50:38.495: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [46]
*Feb 27 22:50:38.527: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [46]
*Feb 27 22:50:38.527: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [47]
*Feb 27 22:50:38.575: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [47]
*Feb 27 22:50:38.575: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [48]
*Feb 27 22:50:38.591: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [48]
*Feb 27 22:50:38.591: NAT: s=1.1.1.2->192.168.1.11, d=2.2.2.2 [49]
*Feb 27 22:50:38.651: NAT*: s=2.2.2.2, d=192.168.1.11->1.1.1.2 [49]
r1#ping
Protocol [ip]:
Target IP address: 2.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: yes
Source address or interface: 1.1.1.3
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/47/72 ms
r1#
*Feb 27 22:51:10.483: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [50]
*Feb 27 22:51:10.551: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [50]
*Feb 27 22:51:10.551: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [51]
*Feb 27 22:51:10.619: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [51]
*Feb 27 22:51:10.619: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [52]
*Feb 27 22:51:10.635: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [52]
*Feb 27 22:51:10.635: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [53]
*Feb 27 22:51:10.679: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [53]
*Feb 27 22:51:10.679: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [54]
*Feb 27 22:51:10.715: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [54]
Protocol [ip]:
Target IP address: 2.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: yes
Source address or interface: 1.1.1.3
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/47/72 ms
r1#
*Feb 27 22:51:10.483: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [50]
*Feb 27 22:51:10.551: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [50]
*Feb 27 22:51:10.551: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [51]
*Feb 27 22:51:10.619: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [51]
*Feb 27 22:51:10.619: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [52]
*Feb 27 22:51:10.635: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [52]
*Feb 27 22:51:10.635: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [53]
*Feb 27 22:51:10.679: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [53]
*Feb 27 22:51:10.679: NAT: s=1.1.1.3->192.168.1.13, d=2.2.2.2 [54]
*Feb 27 22:51:10.715: NAT*: s=2.2.2.2, d=192.168.1.13->1.1.1.3 [54]
每次使用的都是不同的公网IP
192.168.1.10
192.168.1.11
192.168.1.12
192.168.1.13
转载于:https://blog.51cto.com/waterice/133623
扫一扫
1153
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
