0%

计算机网络原理实验五──地址转换NAT

准备

1941 Router,2PC,使用 Copper Cross-over 连接,要求左接口ip为192.168.1.1,右接口ip为200.8.7.1,网络拓扑如下

Network-Topology.png

配置接口g0/0

1
2
3
4
5
6
7
8
9
10
11
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int g0/0
Router(config-if)#ip addr 192.168.1.1 255.255.255.0
Router(config-if)#no sh

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

配置接口g0/1

1
2
3
4
5
6
7
8
9
Router(config-if)#int g0/1
Router(config-if)#
Router(config-if)#ip addr 200.8.7.1 255.255.255.0
Router(config-if)#no sh

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

配置两台pc的ip地址

直接双击配置,pc1设置192.168.1.5,PC2设置200.8.7.100

定义NAT内网口和外网口

1
2
3
4
5
Router(config)#int g0/1
Router(config-if)#ip nat outside
Router(config-if)#int g0/0
Router(config-if)#ip nat inside
Router(config-if)#

静态NAT

配置静态NAT

1
2
Router(config-if)#ip nat inside source static 192.168.1.5 200.8.7.3
Router(config)#

目前的配置信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Router(config-if)#do show run
Building configuration...

Current configuration : 716 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX15248DH1-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 200.8.7.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source static 192.168.1.5 200.8.7.3
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

Router(config-if)#

产生NAT记录

使用PC1 ping PC2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
C:\>ping 200.8.7.100

Pinging 200.8.7.100 with 32 bytes of data:

Request timed out.
Reply from 200.8.7.100: bytes=32 time<1ms TTL=127
Reply from 200.8.7.100: bytes=32 time<1ms TTL=127
Reply from 200.8.7.100: bytes=32 time<1ms TTL=127

Ping statistics for 200.8.7.100:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>

再回到Router,输入show ip nat translations

1
2
3
4
5
6
7
8
Router#show ip nat translations 
Pro Inside global Inside local Outside local Outside global
icmp 200.8.7.3:5 192.168.1.5:5 200.8.7.100:5 200.8.7.100:5
icmp 200.8.7.3:6 192.168.1.5:6 200.8.7.100:6 200.8.7.100:6
icmp 200.8.7.3:7 192.168.1.5:7 200.8.7.100:7 200.8.7.100:7
--- 200.8.7.3 192.168.1.5 --- ---

Router#

动态NAT

使用 access-list 配置动态NAT,相关功能与配置信息如下

定义默认路由内部本地地址范围

这里的10我猜测是可通过10个不同的192.168.1.0/24地址访问?

1
2
3
4
5
6
7
8
9
10
11
12
13
Router(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
Router(config)#access-list 10 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
Router(config)#access-list 10 permit ?
A.B.C.D Address to match
any Any source host
host A single host address
Router(config)#access-list 10 permit 192.168.1.0 0.0.0.255
Router(config)#

定义转换全局地址池

这里的200.8.7.10与200.8.7.20我猜测(确实)是使用地址范围,至于这个abc应该是个地址池名称?如有错误欢迎大家之处0w0

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Router(config)#ip nat ?
inside Inside address translation
outside Outside address translation
pool Define pool of addresses
Router(config)#ip nat pool ?
WORD Pool name
Router(config)#ip nat pool abc ?
A.B.C.D Start IP address
Router(config)#ip nat pool abc 200.8.7.10 ?
A.B.C.D End IP address
Router(config)#ip nat pool abc 200.8.7.10 200.8.7.20 ?
netmask Specify the network mask
Router(config)#ip nat pool abc 200.8.7.10 200.8.7.20 netmask ?
A.B.C.D Network mask
Router(config)#ip nat pool abc 200.8.7.10 200.8.7.20 netmask 255.255.255.0

建立映射关系

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Router(config)#ip nat ?
inside Inside address translation
outside Outside address translation
pool Define pool of addresses
Router(config)#ip nat inside ?
source Source address translation
Router(config)#ip nat inside source ?
list Specify access list describing local addresses
static Specify static local->global mapping
Router(config)#ip nat inside source list ?
<1-199> Access list number for local addresses
WORD Access list name for local addresses
Router(config)#ip nat inside source list 10 ?
interface Specify interface for global address
pool Name pool of global addresses
Router(config)#ip nat inside source list 10 pool ?
WORD Name pool of global addresses
Router(config)#ip nat inside source list 10 pool

检查地址转换表

使用PC1 ping PC2,检查

地址转换表

1
2
3
4
5
6
7
8
9
10
11
12
Router(config)#show ip nat translations
^
% Invalid input detected at '^' marker.

Router(config)#do show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 200.8.7.10:10 192.168.1.5:10 200.8.7.100:10 200.8.7.100:10
icmp 200.8.7.10:11 192.168.1.5:11 200.8.7.100:11 200.8.7.100:11
icmp 200.8.7.10:12 192.168.1.5:12 200.8.7.100:12 200.8.7.100:12
icmp 200.8.7.10:13 192.168.1.5:13 200.8.7.100:13 200.8.7.100:13

Router(config)#