静态NAT、动态NAT以及EasyIP
静态NAT实验拓扑图
实验步骤
sw1
<Huawei>sys
[Huawei]sysname SW1
[SW1]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int vlanif10
[SW1-Vlanif10]ip add 192.168.10.1 24
[SW1-Vlanif10]int vlanif20
[SW1-Vlanif20]ip add 192.168.20.1 24
[SW1-Vlanif20]int vlanif30
[SW1-Vlanif30]ip add 192.168.30.1 24
[SW1-Vlanif30]int vlanif40
[SW1-Vlanif40]ip add 11.0.0.2 24
[SW1-Vlanif40]q
[SW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 5
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 6
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.10.1/24 down down
Vlanif20 192.168.20.1/24 down down
Vlanif30 192.168.30.1/24 down down
Vlanif40 11.0.0.2/24 down down
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 30
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 20
[SW1-GigabitEthernet0/0/4]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5]port default vlan 40
[SW1-GigabitEthernet0/0/5]dis vlan
The total number of vlans is : 5
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D)
GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D)
GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D)
GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D)
GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common UT:GE0/0/1(U)
20 common UT:GE0/0/2(U) GE0/0/4(U)
30 common UT:GE0/0/3(U)
40 common UT:GE0/0/5(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
40 enable default enable disable VLAN 0040
[SW1-GigabitEthernet0/0/5]q
[SW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned down down
Vlanif10 192.168.10.1/24 up up
Vlanif20 192.168.20.1/24 up up
Vlanif30 192.168.30.1/24 up up
Vlanif40 11.0.0.2/24 up up
//此时端口全部配置结束并开启
[SW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1
R1
<Huawei>sys
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
[R1-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/0]q
[R1]ping 11.0.0.2
PING 11.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 11.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 11.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 11.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 11.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 11.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 11.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/50 ms
[R1]int g0/0/01
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[R1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R1-GigabitEthernet0/0/1]nat static enable
[R1-GigabitEthernet0/0/1]q
[R1]nat static global 8.8.8.8 inside 192.168.10.10
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
[R1]ip route-static 192.168.10.0 24 11.0.0.2
[R1]ip route-static 192.168.20.0 24 11.0.0.2
[R1]ip route-static 192.168.30.0 24 11.0.0.2
R2
<Huawei>sys
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[R2-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R2-GigabitEthernet0/0/0]ping 12.0.0.1
PING 12.0.0.1: 56 data bytes, press CTRL_C to break
Reply from 12.0.0.1: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 12.0.0.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 12.0.0.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 12.0.0.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 12.0.0.1: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 12.0.0.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/38/110 ms
[R2-GigabitEthernet0/0/0]q
[R2]int loopBack0
[R2-LoopBack0]ip add 114.114.114.114 32
[R2-LoopBack0]q
[R2]ip route-static 8.8.8.8 32 12.0.0.1
结果验证
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=47 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/40/47 ms
动态NAT实验拓扑图
同静态NAT
实验步骤
R1
[R1]nat address-group 1 212.0.0.100 212.0.0.200
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[R1-acl-basic-2000]rule permit source 11.0.0.0 0.0.0.255
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 12.0.0.1 255.255.255.0
nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255
#
return
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
[R1-GigabitEthernet0/0/1]q
R2
[R2]ip route-static 212.0.0.0 24 12.0.0.1
//配置静态路由
结果验证
PC>ping 114.114.114.11
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=62 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/46/62 ms
EasyIP实验拓扑图
同静态NAT
实验步骤
R1
[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 12.0.0.1 255.255.255.0
nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255
nat outbound 2000 address-group 1 no-pat
#
return
[R1-GigabitEthernet0/0/1]nat outbound 3000
结果验证
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=78 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=16 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=31 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/37/78 ms
5444
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
