一、实验目的
1、理解配置静态NAT的方法
2、理解配置静态端口映射的方法
3、理解配置动态NAT的方法
4、理解配置PAT的方法
需求:
1、服务器ser01使用静态nat发布服务----外部全局地址为100.0.0.10
2、服务器ser02是一台web服务,仅需要发布http服务器外网全局地址为100.0.0.11
3、vlan30使用动态NAT连接外网,外网IP(100.0.0.21~100.0.0.30)
4、vlan40与vlan50使用pat方式连接外网,外部全局地址为100.0.0.12
实验拓扑图:
IOU2的配置
Configure terminal
- vlan 10,20,30,40,50
exit
interface vlan 10
ip address 192.168.10.254 255.255.255.0
no shutdown
exit
interface vlan 20
ip address 192.168.20.254 255.255.255.0
no shutdown
exit
interface vlan 30
ip address 192.168.30.254 255.255.255.0
no shutdown
exit
interface vlan 40
ip address 192.168.40.254 255.255.255.0
no shutdown
exit
interface vlan 50
ip address 192.168.50.254 255.255.255.0
no shutdown
exit
interface ethernet 0/1
switchport mode access
switchport access vlan 10
exit
interface ethernet 0/2
switchport mode access
switchport access vlan 20
exit
interface ethernet 0/3
switchport mode access
switchport access vlan 30
exit
interface ethernet 1/0
switchport mode access
switchport access vlan 40
exit
interface ethernet 1/1
switchport mode access
switchport access vlan 50
exit
interface ethernet 0/0
no switchport
ip address 10.0.12.1 255.255.255.0
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 10.0.12.2 //配置默认路由连接外网
查看配置结果
Show ip interface bried
IOU1的配置
Configure terminal
interface ethernet 0/1
duplex full
ip address 10.0.12.2 255.255.255.0
no shutdown
exit
interface ethernet 0/0
ip address 100.0.0.1 255.255.255.0
duplex full
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 100.0.0.2
ip route 192.168.10.0 255.255.255.0 10.0.12.1
ip route 192.168.20.0 255.255.255.0 10.0.12.1
ip route 192.168.30.0 255.255.255.0 10.0.12.1
ip route 192.168.40.0 255.255.255.0 10.0.12.1
ip route 192.168.50.0 255.255.255.0 10.0.12.1
使用指令来查看配置
Show ip interface brief
Show ip route
连接外网路由IOU8的配置
Configure terminal
interface ethernet 0/0
duplex full
ip address 100.0.0.2 255.255.255.0
no shutdown
exit
interface ethernet 0/1
duplex full
ip address 20.0.0.254 255.255.255.0
no shutdown
exit
PC和服务器的配置相同
IOU3
Configure terminal
interface ethernet 0/0
duplex full
ip address 192.168.10.1
255.255.255.0
no shutdown
exit
ip route 0.0.0.0 0.0.0.0
192.168.10.254
IOU4
Configure terminal
interface ethernet 0/0
duplex full
ip address 192.168.20.1
255.255.255.0
no shutdown
exit
ip route 0.0.0.0 0.0.0.0
192.168.20.254
IOU5
Configure terminal
interface ethernet 0/0
duplex full
ip address 192.168.30.1
255.255.255.0
no shutdown
exit
ip route 0.0.0.0 0.0.0.0
192.168.30.254
IOU6
Configure terminal
interface ethernet 0/0
duplex full
ip address 192.168.40.1
255.255.255.0
no shutdown
exit
ip route 0.0.0.0 0.0.0.0
192.168.40.254
IOU7
Configure terminal
interface ethernet 0/0
duplex full
ip address 192.168.50.1
255.255.255.0
no shutdown
exit
ip route 0.0.0.0 0.0.0.0
192.168.50.254
IOU9
Configure terminal
interface ethernet 0/0
duplex full
ip address 20.0.0.1
255.255.255.0
no shutdown
exit
ip route 0.0.0.0 0.0.0.0
20.0.0.254
配置NAT实现需求
4.1、配置静态NAT发布Ser01
在连接外网上的路由器IOU1上配置
ip nat inside source
static 192.168.10.1 100.0.0.10
4.2、配置端口映射发布Ser02的web服务
ip nat inside source
static tcp 192.168.20.1 80 100.0.0.11 80
4.3、配置动态NAT实现vlan30上网需求
ip nat pool vlan30
100.0.0.32 100.0.0.63 netmask 255.255.255.224
access-list 1 permit 192.168.30.0
0.0.0.255
ip nat source list 1
pool vlan30
4.4、配置PAT实现vlan40与vlan50的上网需求
ip nat pool pat
100.0.0.12 100.0.0.12 netmask 255.255.255.252
access-list 2 permit 192.168.40.0
0.0.0.255
access-list 2 permit 192.168.50.0
0.0.0.255
ip nat inside source
list 2 pool pat overload
4.5、在内部和外部接口上启用NAT
interface ethernet 0/0
ip nat outside
exit
interface ethernet 0/1
ip nat inside
exit
完成后使用show ip nat translations查看NAT转换条目
