basic configuration:
PC1:
PC2:
server2:
client1:
server1:
R1 located:
Static NAT
Converting one static NAT, used in a single network address to a public address
R1: Static routing configuration:
principle:
When PC1 access the external network packet arrives R1 is converted to a public IP address, and when the data is acquired successfully returned to the PC1
Packet is transmitted to the internal address converted PC1, nat session at this time will generate a cache entry to see through the dis nat session all
The NAT packet capture screenshots:
Static NAT shortcomings
Static NAT obvious shortcomings, it belongs to one of the conversion, the number of network addresses on the number of public addresses required to achieve Internet access
Static NAT Benefits: direct access to external network through a public address to obtain information within the network PC. The server uses the public network IP, if there is service on the server can be directly accessed through the IP.
2. Easy ip NAT (many-to-nat outbound)
Or the original topology map, just change the NAT mode is easy nat:
3. NAT address pool
On the same chart. FIG configuration, reconfiguration removed nat address pool configuration
R1 defined public address pool [public address pool can not include the interface IP address of the exit, otherwise an error conflict]
[Huawei] nat address-group 1 12.1.1.2 12.1.1.3
12.1.1.1 is applied in the outbound interface can not be configured into this group. Otherwise applied to the interface error.
View:
4. NAT server (port mapping, commonly Company)
Before the cancellation of NAT configuration
[Huawei]undo acl 2000
Map port 80 to the public network to:
After starting the server accessed by external:
Client1 access server
80 representatives access to the right to see this. The case had nothing wrong.
View map:
You can see the mapped address is 12.1.1.5 visitor is 8.8.8.8
Configured correctly
nat server usage scenarios
The rear end of the weapon placed firewall or router, port mapping by mapping the way to the public network to achieve business normal access
这样会让服务器更加安全有保障
5. 点到点 拨号上网配置(二层链路封装形式)
ppp 二层封装【目前仅用于医保财务专线】ppp认证
实验请使用 AR2220路由器进行
打开AR2220路由器配置界面 添加 2SA模块:
拖上去 点 开关按钮
启动后在添加一条线缆用于做认证:
注意,启动后配置了地址 线缆才会变成绿色
AR3配置:
抓包查看 :
ppp认证:
广域网中经常会使用串行链路来提供远距离的数据传输,高级数据链路控制 HDLC9(High-Level Data Link Control) 和点对点协议 PPP (Point to Point Protocol) 是两种典型的串口封装协议
不过这两种专线都用的比较少了,但是都需要懂
PAP认证 (两次握手,明文认证) ppoe目前用的就是pap认证方式
拓扑:
R1:服务端
CHAP认证
CHAP认证最大的优点不同于PAP认证,CHAP密码会被加密,并且使用三次握手。
CHAP配置
接口下 shutdown 然后再 undo shudown 来抓包查看重新认证是否正确
抓包:
