nat综合实验

 路漫漫其修远兮,吾将上下而求索。

 实验目的如图

实验思路：配置内网，再配置外网，再做nat

 clien1配置

clien2配置

pc3配置

lsw1配置

sysname lsw1
#
vlan batch 10 20 30
#
interface MEth0/0/1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 30
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#

AR1配置

 sysname AR1
#
acl number 2001  
 rule 5 permit source 192.168.1.0 0.0.0.255 
acl number 2002  
 rule 5 permit source 192.168.2.0 0.0.0.255 
acl number 2003  
 rule 5 permit source 192.168.3.0 0.0.0.255 
#
 nat alg ftp enable
 #
 nat address-group 1 1.1.1.1 1.1.1.1
 nat address-group 2 2.2.2.2 2.2.2.2
 nat address-group 3 3.3.3.3 3.3.3.3
#
interface Eth-Trunk1
 undo portswitch
#
interface Eth-Trunk1.1
 dot1q termination vid 10
 ip address 192.168.1.1 255.255.255.0 
 arp broadcast enable
#
interface Eth-Trunk1.2
 dot1q termination vid 20
 ip address 192.168.2.1 255.255.255.0 
 arp broadcast enable
#
interface Eth-Trunk1.3
 dot1q termination vid 30
 ip address 192.168.3.1 255.255.255.0 
 arp broadcast enable
#
interface GigabitEthernet0/0/0
 ip address 192.168.4.2 255.255.255.0 
 nat outbound 2001 address-group 1 
 nat outbound 2002 address-group 2 
 nat outbound 2003 address-group 3 
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface LoopBack1
 ip address 1.1.1.10 255.255.255.0 
#
interface LoopBack2
 ip address 2.2.2.20 255.255.255.0 
#
interface LoopBack3
 ip address 3.3.3.30 255.255.255.0 
#
rip 1
 version 1
 network 1.0.0.0
 network 2.0.0.0
 network 3.0.0.0
 network 192.168.4.0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.4.1

AR2配置

sysname AR2
#
interface GigabitEthernet0/0/0
 ip address 192.168.4.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 192.168.5.1 255.255.255.0 
#
rip 1
 version 1
 network 192.168.4.0
 network 192.168.5.0

AR3配置

sysname AR3
#
 nat alg ftp enable
#
interface GigabitEthernet0/0/1
 ip address 192.168.5.2 255.255.255.0 
 nat server protocol tcp global 4.4.4.4 2121 inside 172.16.1.10 ftp
 nat server protocol tcp global 5.5.5.5 8080 inside 172.16.1.20 www
#
interface GigabitEthernet0/0/2
 ip address 172.16.1.1 255.255.255.0 
#
interface LoopBack1
 ip address 4.4.4.40 255.255.255.0 
#
interface LoopBack2
 ip address 5.5.5.50 255.255.255.0 
#
rip 1
 network 4.0.0.0
 network 5.0.0.0
 network 192.168.5.0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.5.1
#

FTP配置

 

WWW配置

 验证

两端nat是否映射成功

 

 看是否能正常访问www和ftp服务

 

 注意ospf 不能配置此实验，因为它会使环回口子网掩码变成32，单独成为只有一个IP地址的网段，使其它网段不能ping通此段，造成丢包，会导致nat映射失败。