目录
需求分析
题目
1.按照图示配置IP地址,公网地址100.1.1.1/24
2.内网A通过NATP,使R1接入到互联网,内网B通过ESAY IP,使R3接入到互联网
3.内网A配置NAT SERVER把Telnet的T二零net服务发布到公网,使PC2可以访问
拓扑图示
实验配置
设备配置
Telnet
[telnet]int g0/0/0
[telnet-GigabitEthernet0/0/0]ip address 192.168.1.2 24
配置telnet服务
[telnet]aaa
[telnet-aaa]local-user root privilege level 15 password cipher 123456
[telnet-aaa]local-user root service-type telnet
[telnet]user-interface vty 0 4
[telnet-ui-vty0-4]authentication-mode aaa
[telnet]ip route-static 0.0.0.0 0 192.168.1.254
R1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip address 100.1.1.1 24
[r1]ip route-static 100.2.2.0 24 100.1.1.2
R2
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 100.1.1.2 24
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip address 100.2.2.1 24
R3
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip address 100.2.2.2 24
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip address 192.168.1.254 24
[r3]ip route-static 100.1.1.0 24 100.2.2.1
PC2
[pc2]int g0/0/0
[pc2-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[pc2]ip route-static 0.0.0.0 0 192.168.1.254
PC1
NAT协议配置
内网A(NATP)
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1]nat address-group 1 100.1.1.3 100.1.1.10
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
内网B(ESAY IP)
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]nat outbound 2000
将Telnet服务发布至公网
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface telnet
inside 192.168.1.2 telnet
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
连通性测试
内网A访问公网
内网B访问公网
PC2访问Telnet