资源预览内容
第1页 / 共4页
第2页 / 共4页
第3页 / 共4页
第4页 / 共4页
亲,该文档总共4页全部预览完了,如果喜欢就下载吧!
资源描述
单接口 NAT 配置实例拓扑示意:说明:一台路由器只有一个接口时,如何实现 NAT/PAT 的操作。如图所示:R5 相关配置:方法一(较复杂,影响速度):r5:enconf thost r5no ip domain-lookupdefa int e0/0defa int s0/0defa int s0/1defa int s0/2defa int s0/3no int loop0line con 0exec-time 0 0 logg syexitint loop0ip add 172.16.1.1 255.255.255.255ip nat insideip policy route-map kxy-nat172.16.1.1/32 192.168.1.254/16 secondaryISP218.87.18.20/26218.87.18.1/26E0/0R5PCa PCn192.168.1.1/16 192.168.1.100/16Loopback0SW1int e0/0ip add 192.168.1.254 255.255.0.0 secondaryip add 218.87.18.20 255.255.255.192 ip nat outsideno shutdownip policy route-map no-routeexitip nat inside source list 10 int e0/0 overloadip route 0.0.0.0 0.0.0.0 218.87.18.1 access-list 10 permit 192.168.0.0 0.0.255.255access-list 110 permit ip 192.168.0.0 0.0.255.255 anyroute-map kxy-nat permit 10match ip add 110set ip next-hop 218.87.18.1route-map no-route permit 10match ip add 110set int loop0 end主要语句相关解释 (注意顺序 ):int loop0 ip add 172.16.1.1 255.255.255.255 ip nat inside -5、inside 接口收到包ip policy route-map kxy-nat -6、匹配策略路由int e0/0ip add 192.168.1.254 255.255.0.0 secondary -1、内网数据包到达该网关接口ip add 218.87.18.20 255.255.255.192 -9、包到达该接口ip nat outside -10、匹配 NAT 并转换ip policy route-map no-route -2、匹配策略路由exitip nat inside source list 10 pool pool1 overloadip nat pool pool1 218.87.18.20 218.87.18.20 netmask 255.255.255.192ip route 0.0.0.0 0.0.0.0 218.87.18.1 (ip route 0.0.0.0 0.0.0.0 loop0 ?)-12、查路由表access-list 10 permit 192.168.0.0 0.0.255.255 -11、匹配 NAT 流量access-list 110 permit ip 192.168.0.0 0.0.255.255 any -3、匹配流量route-map kxy-nat permit 10match ip add 110 -7、匹配流量set ip next-hop 218.87.18.1-8、基于策略,包送到 e0/0 口route-map no-route permit 10match ip add 110set int loop0 -4、基于策略,包转交到 loop0 口end注:如果此时 no 掉 ip route 0.0.0.0 0.0.0.0 loop0,则能够转换,可以拼通 ISP 地址 218.87.18.1,但拼不通外网其它地址,且此时不能进行地址转换。方法二(较简单,推荐):r5:enconf thost r5no ip domain-lookupdefa int e0/0defa int s0/0defa int s0/1defa int s0/2defa int s0/3no int loop0line con 0exec-time 0 0 logg syexitint loop0ip add 172.16.1.1 255.255.255.255ip nat insideip policy route-map kxy-natint e0/0ip add 192.168.1.254 255.255.0.0 secondaryip add 218.87.18.20 255.255.255.192 ip nat outsideno shexitip nat inside source list 10 int e0/0 overloadip route 0.0.0.0 0.0.0.0 loop0access-list 10 permit 192.168.0.0 0.0.255.255access-list 110 permit ip 192.168.0.0 0.0.255.255 anyroute-map kxy-nat permit 10match ip add 110set ip next-hop 218.87.18.1end主要语句相关解释 (注意顺序 ):int loop0ip add 172.16.1.1 255.255.255.255ip nat insideip policy route-map kxy-nat -3、匹配策略路由int e0/0ip add 192.168.1.254 255.255.0.0 secondary-1、内网数据包到达该网关接口ip add 218.87.18.20 255.255.255.192 -8、匹配策略路由,把包送出ip nat outside -7、NAT 转换no shexitip nat inside source list 10 int e0/0 overloadip route 0.0.0.0 0.0.0.0 loop0 -2、查路由表,包转到 loop0access-list 10 permit 192.168.0.0 0.0.255.255 -6、匹配 NAT 流量access-list 110 permit ip 192.168.0.0 0.0.255.255 any -4、流量匹配route-map kxy-nat permit 10match ip add 110set ip next-hop 218.87.18.1 -5、策略路由end注:该方法简便,内网能拼通外网,但内网拼不通 ISP 的 218.87.18.1 地址(因为内网的包到达 e0/0 时,查路由表,有路由,包直接发出,没有经过 NAT,但内网私有地址的包到达 ISP 后无法回包)测试:C:ping 202.101.224.68Pinging 202.101.224.68 with 32 bytes of data:Reply from 202.101.224.68: bytes=32 time=5ms TTL=58Reply from 202.101.224.68: bytes=32 time=4ms TTL=58Reply from 202.101.224.68: bytes=32 time=5ms TTL=58Reply from 202.101.224.68: bytes=32 time=5ms TTL=58Ping statistics for 202.101.224.68:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 4ms, Maximum = 5ms, Average = 4ms说明:该文经江西省计算机培训学院(http:/www.pctc.com.cn )付金如老师测试通过,同时也欢迎沟通交流。转载请注明出处,谢谢!
网站客服QQ:2055934822
金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号