前言
网络地址转换(NAT)是一种用于访问Internet访问模式广域网(WAN)的技术,用于将私有(保留)地址转换为合法IP地址。NAT不仅能够有效地额抵抗外部网络攻击,还能够在IP地址分配不理想,不足的时候有效,合理化的分配IP地址,从而能够进行互联网访问。
一:实验环境
1.1:实验原理
#第一步 :交换机设置NAT可以自动把私网地址转化成公网地址
#第二步:可以有效抵挡部攻击
1.2实验目的
1:实现私网和公网pc全网互通
2:实现公网私网NAT转化
1.3华为NAT实验拓扑图
二:实验过程
2.1:交换机设置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW1
[SW1]V B 10 20
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]p l a
[SW1-GigabitEthernet0/0/1]p d v 10
[SW1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]p l a
[SW1-GigabitEthernet0/0/2]p d v 20
[SW1-GigabitEthernet0/0/2]un sh
Info: Interface GigabitEthernet0/0/2 is not shutdown.
[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]p l a
[SW1-GigabitEthernet0/0/3]p d v 30
[SW1-GigabitEthernet0/0/3]un sh
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]p l a
[SW1-GigabitEthernet0/0/4]p d v 20
[SW1-GigabitEthernet0/0/2]un sh
[SW1-GigabitEthernet0/0/4]int g0/0/6
[SW1-GigabitEthernet0/0/6]p l a
[SW1-GigabitEthernet0/0/6]p d v 10
[SW1-GigabitEthernet0/0/6]un sh
[SW1-GigabitEthernet0/0/6]int g0/0/5
[SW1-GigabitEthernet0/0/5]p l a
[SW1-GigabitEthernet0/0/5]p d v 40
[SW1-GigabitEthernet0/0/5]un sh
[SW1]int Vlanif 10
[SW1-Vlanif10]ip add 192.168.10.1 24
[SW1-Vlanif10]un sh
[SW1]int Vlanif 20
[SW1-Vlanif20]ip add 192.168.20.1 24
[SW1-Vlanif20]un sh
[SW1]int Vlanif 30
[SW1-Vlanif30]ip add 192.168.30.1 24
[SW1-Vlanif30]un sh
[SW1]int Vlanif 40
[SW1-Vlanif40]ip add 11.0.0.2 24
[SW1-Vlanif40]un sh
[SW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1
2.2:路由器AR1
<Huawei>sys
[Huawei]sysname AR1
[AR1]INT g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
[AR1-GigabitEthernet0/0/0]un sh
[AR1]int g0/01
[AR1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[AR1-GigabitEthernet0/0/1]un sh
[AR1-GigabitEthernet0/0/1]nat static global 8.8.8.8 inside 192.168.10.10 配置静态NAT
[AR1-GigabitEthernet0/0/1]nat static enable
[AR1]nat address-group 1 212.0.0.100 212.0.0.200 配置动态NAT地址池
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[AR1-acl-basic-2000]rule permit source 11.0.0.0 0.0.0.255允许通过的网段
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat 申明地址池和acl关系
[AR1]acl 3000
[AR1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[AR1-GigabitEthernet0/0/1]nat outbound 3000
[AR1-GigabitEthernet0/0/1]nat server protocol tcp global 9.9.9.9 www inside 192.
168.10.100 www 映射关系表10
[AR1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2 配置默认路由
[AR1]ip route-static 192.168.10.0 24 11.0.0.2 配置静态路由
[AR1]ip route-static 192.168.20.0 24 11.0.0.2
[AR1]ip route-static 192.168.30.0 24 11.0.0.2
2.3:路由器AR2
<Huawei>sys
[Huawei]sysname AR2
[AR2]INT G0/0/0
[AR2-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[AR2-GigabitEthernet0/0/0]un sh
[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 13.0.0.1 24
[AR2-GigabitEthernet0/0/1]un sh
[AR2]int loo0
[AR2-LoopBack0]ip add 114.114.114.114 32
实验结果
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3V1h2cZD-1590928296091)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20200531121529580.png)]
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fgOTokLF-1590928296102)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20200531121538381.png)]
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Orl5UYio-1590928296108)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20200531121543925.png)]
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-46uvSyzG-1590928296116)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20200531121550034.png)]
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-tEGltrMp-1590928296120)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20200531121621114.png)]
传输过程
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-2FPzLpd1-1590928296123)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20200531121712940.png)]
08)]
[外链图片转存中…(img-46uvSyzG-1590928296116)]
[外链图片转存中…(img-tEGltrMp-1590928296120)]
传输过程
[外链图片转存中…(img-2FPzLpd1-1590928296123)]
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-PHnXfmw1-1590928296125)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20200531121716147.png)]