单臂路由与PAT

最新推荐文章于 2020-12-21 12:00:49 发布

weixin_34194359

最新推荐文章于 2020-12-21 12:00:49 发布

阅读量193

点赞数

文章标签：网络

原文链接：http://blog.51cto.com/zhangsir/364988

版权

实验环境：PT5.3

拓扑：

路由器R1的左边部分使用单臂路由（VLAN 10 , VLAN 20 ）和PAT 与默认路由

R1的配置

Router#show run
Building configuration...

Current configuration : 1355 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.2
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip access-group 110 in
ip nat inside
!
interface FastEthernet0/1
ip address 210.28.39.1 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0/0
no ip address
shutdown
!
interface Serial1/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 10 interface FastEthernet0/1 overload //VLAN 10 的PAT

ip nat inside source list 20 interface FastEthernet0/1 overload      //VLAN 20 的PAT
ip classless
ip route 0.0.0.0 0.0.0.0 210.28.39.2
!
!
access-list 10 permit 192.168.10.0 0.0.0.255     //提取VLAN10 的数据包
access-list 20 permit 192.168.20.0 0.0.0.255    //提取VLAN20 的数据包
access-list 110 deny tcp 192.168.20.0 0.0.0.255 range 0 65535 host 58.192.1.2 eq www    //禁止VLAN 20 的访问右边的WEB服务器
access-list 110 permit tcp any                                                                                                       any
access-list 110 permit ip any any
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
!
!
!
end

路由器R3也做了PAT和默认路由但没有做单臂路由

配置：

Router#show run
Building configuration...

Current configuration : 757 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 58.192.1.2 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 10 interface FastEthernet0/0 overload //PAT
ip nat inside source static tcp 192.168.1.80 80 58.192.1.2 80 //WEB服务器为外网提供服务
ip classless
ip route 0.0.0.0 0.0.0.0 58.192.1.1
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
!
!
!
end

总结：

在做这个实验的时候，先把单臂路由和PAT都配置完毕之后，在测试的时候发现，左边的PC p1等无法ping通外网的IP ，查看配置刚开始没有发现问题，于是怀疑是不是PAT没有起作用，在路由器R1上用show ip nat tran没有发现任何转换条目，这样就是PAT 配置错误。排除到最后发现原来自己把ip nat inside 指定在R1的fa0/0物理接口上，这里做了子接口，所以应该将ip nat inside 指定在子接口上。

转载于:https://blog.51cto.com/zhangsir/364988