果果说

Guoguo's Blog

0%

计算机网络原理实验五──地址转换NAT

发表于 更新于 分类于

准备

1941 Router,2PC,使用 Copper Cross-over 连接,要求左接口ip为192.168.1.1,右接口ip为200.8.7.1,网络拓扑如下

Network-Topology.png

配置接口g0/0

1
2
3
4
5
6
7
8
9
10
11
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int g0/0
Router(config-if)#ip addr 192.168.1.1 255.255.255.0
Router(config-if)#no sh

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

配置接口g0/1

1
2
3
4
5
6
7
8
9
Router(config-if)#int g0/1
Router(config-if)#
Router(config-if)#ip addr 200.8.7.1 255.255.255.0
Router(config-if)#no sh

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

配置两台pc的ip地址

直接双击配置,pc1设置192.168.1.5,PC2设置200.8.7.100

定义NAT内网口和外网口

1
2
3
4
5
Router(config)#int g0/1
Router(config-if)#ip nat outside
Router(config-if)#int g0/0
Router(config-if)#ip nat inside
Router(config-if)#

静态NAT

配置静态NAT

1
2
Router(config-if)#ip nat inside source static 192.168.1.5 200.8.7.3
Router(config)#

目前的配置信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Router(config-if)#do show run
Building configuration...

Current configuration : 716 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX15248DH1-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 200.8.7.1 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip nat inside source static 192.168.1.5 200.8.7.3 
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end

Router(config-if)#

产生NAT记录

使用PC1 ping PC2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
C:\>ping 200.8.7.100

Pinging 200.8.7.100 with 32 bytes of data:

Request timed out.
Reply from 200.8.7.100: bytes=32 time<1ms TTL=127
Reply from 200.8.7.100: bytes=32 time<1ms TTL=127
Reply from 200.8.7.100: bytes=32 time<1ms TTL=127

Ping statistics for 200.8.7.100:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

再回到Router,输入show ip nat translations

1
2
3
4
5
6
7
8
Router#show ip nat translations 
Pro  Inside global     Inside local       Outside local      Outside global
icmp 200.8.7.3:5       192.168.1.5:5      200.8.7.100:5      200.8.7.100:5
icmp 200.8.7.3:6       192.168.1.5:6      200.8.7.100:6      200.8.7.100:6
icmp 200.8.7.3:7       192.168.1.5:7      200.8.7.100:7      200.8.7.100:7
---  200.8.7.3         192.168.1.5        ---                ---

Router#

动态NAT

使用 access-list 配置动态NAT,相关功能与配置信息如下

定义默认路由内部本地地址范围

这里的10我猜测是可通过10个不同的192.168.1.0/24地址访问?

1
2
3
4
5
6
7
8
9
10
11
12
13
Router(config)#access-list ?
  <1-99>     IP standard access list
  <100-199>  IP extended access list
Router(config)#access-list 10 ?
  deny    Specify packets to reject
  permit  Specify packets to forward
  remark  Access list entry comment
Router(config)#access-list 10 permit ?
  A.B.C.D  Address to match
  any      Any source host
  host     A single host address
Router(config)#access-list 10 permit 192.168.1.0 0.0.0.255
Router(config)#

定义转换全局地址池

这里的200.8.7.10与200.8.7.20我猜测(确实)是使用地址范围,至于这个abc应该是个地址池名称?如有错误欢迎大家之处0w0

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Router(config)#ip nat ?
  inside   Inside address translation
  outside  Outside address translation
  pool     Define pool of addresses
Router(config)#ip nat pool ?
  WORD  Pool name
Router(config)#ip nat pool abc ?
  A.B.C.D  Start IP address
Router(config)#ip nat pool abc 200.8.7.10 ?
  A.B.C.D  End IP address
Router(config)#ip nat pool abc 200.8.7.10 200.8.7.20 ?
  netmask  Specify the network mask
Router(config)#ip nat pool abc 200.8.7.10 200.8.7.20 netmask ?
  A.B.C.D  Network mask
Router(config)#ip nat pool abc 200.8.7.10 200.8.7.20 netmask 255.255.255.0

建立映射关系

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Router(config)#ip nat ?
  inside   Inside address translation
  outside  Outside address translation
  pool     Define pool of addresses
Router(config)#ip nat inside ?
  source  Source address translation
Router(config)#ip nat inside source ?
  list    Specify access list describing local addresses
  static  Specify static local->global mapping
Router(config)#ip nat inside source list ?
  <1-199>  Access list number for local addresses
  WORD     Access list name for local addresses
Router(config)#ip nat inside source list 10 ?
  interface  Specify interface for global address
  pool       Name pool of global addresses
Router(config)#ip nat inside source list 10 pool ?
  WORD  Name pool of global addresses
Router(config)#ip nat inside source list 10 pool

检查地址转换表

使用PC1 ping PC2,检查

地址转换表

1
2
3
4
5
6
7
8
9
10
11
12
Router(config)#show ip nat translations
                ^
% Invalid input detected at '^' marker.
	
Router(config)#do show ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
icmp 200.8.7.10:10     192.168.1.5:10     200.8.7.100:10     200.8.7.100:10
icmp 200.8.7.10:11     192.168.1.5:11     200.8.7.100:11     200.8.7.100:11
icmp 200.8.7.10:12     192.168.1.5:12     200.8.7.100:12     200.8.7.100:12
icmp 200.8.7.10:13     192.168.1.5:13     200.8.7.100:13     200.8.7.100:13

Router(config)#