Article Directory
- First, the experimental environment
- Second, the experimental topology
- Third, the experiment needs
- Fourth, the experimental procedures
- PC1 Configuration
- PC2 configuration
- PC3 Configuration
- PC4 Configuration
- Server Configuration
- LSW1 three switches configuration
- R1 arrangement
- R2 Configuration
- Cloud1 Configuration
- V. capture the NAT test
- Sixth, NAT port mapping test
First, the experimental environment
eNSP V100R003C00SPC100 version
Second, the experimental topology
Third, the experiment needs
1, PC1 static translation by NAT to access external network address 8.8.8.8 114.114.114.114
2, PC2 and PC4 translated address by NAT 212.0.0.0 dynamic access network segment address is 114.114.114.114
3, PC3 access the Internet through NAT address 114.114.114.114 Port Multiplexing
4, external network 13.0.0.2 through R1 inside the port mapping to access the corporate network httpd web page
Fourth, the experimental procedures
Arrangement PC1, PC2, PC3, PC4, Server
PC1 Configuration
PC2 configuration
PC3 Configuration
PC4 Configuration
Server Configuration
1, set the address
2, configure the service Httpd
Create a new html suffix text, select HttpServer in the server information 80 port, html files in the root directory of adding the suffix text.
LSW1 three switches configuration
<LSW1>sys
Enter system view, return user view with Ctrl+Z.
[LSW1]undo info-center enable #关闭华为信息提示
Info: Information center is disabled.
[LSW1]vlan 10
[LSW1-vlan10]vlan 20
[LSW1-vlan20]vlan 30
[LSW1-vlan30]vlan 40
[LSW1-vlan40]vlan 50 #添加vlan
[LSW1-vlan50]int g0/0/1
[LSW1-GigabitEthernet0/0/1]p l a
[LSW1-GigabitEthernet0/0/1]p d v 10
[LSW1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[LSW1-GigabitEthernet0/0/1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]p l a
[LSW1-GigabitEthernet0/0/2]p d v 20
[LSW1-GigabitEthernet0/0/2]un sh
Info: Interface GigabitEthernet0/0/2 is not shutdown.
[LSW1-GigabitEthernet0/0/2]int g0/0/3
[LSW1-GigabitEthernet0/0/3]p l a
[LSW1-GigabitEthernet0/0/3]p d v 30
[LSW1-GigabitEthernet0/0/3]un sh
Info: Interface GigabitEthernet0/0/3 is not shutdown.
[LSW1-GigabitEthernet0/0/3]int g0/0/4
[LSW1-GigabitEthernet0/0/4]p l a
[LSW1-GigabitEthernet0/0/4]p d v 20
[LSW1-GigabitEthernet0/0/4]un sh
Info: Interface GigabitEthernet0/0/4 is not shutdown.
[LSW1-GigabitEthernet0/0/4]int g0/0/6
[LSW1-GigabitEthernet0/0/6]p l a
[LSW1-GigabitEthernet0/0/6]p d v 50
[LSW1-GigabitEthernet0/0/6]un sh
Info: Interface GigabitEthernet0/0/6 is not shutdown.
[LSW1-GigabitEthernet0/0/6]int g0/0/5
[LSW1-GigabitEthernet0/0/5]p l a
[LSW1-GigabitEthernet0/0/5]p d v 40
[LSW1-GigabitEthernet0/0/5]un sh
Info: Interface GigabitEthernet0/0/5 is not shutdown.
[LSW1-GigabitEthernet0/0/5] #把接口加入vlan
[LSW1-GigabitEthernet0/0/5]int vlanif 10
[LSW1-Vlanif10]ip add 192.168.10.1 24
[LSW1-Vlanif10]int vlanif 20
[LSW1-Vlanif20]ip add 192.168.20.1 24
[LSW1-Vlanif20]int vlanif 30
[LSW1-Vlanif30]ip add 192.168.30.1 24
[LSW1-Vlanif30]int vlanif 40
[LSW1-Vlanif40]ip add 11.0.0.2 24
[LSW1-Vlanif40]int vlanif 50
[LSW1-Vlanif50]ip add 192.168.50.1 24 #进入虚拟接口配置IP
[LSW1-Vlanif50]q
[LSW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1 #向上配置默认路由出去
R1 arrangement
Static NAT
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
Dec 13 2019 10:11:23-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown. #配置接口IP
[R1-GigabitEthernet0/0/0]q
[R1]nat static global 8.8.8.8 inside 192.168.10.10
[R1-GigabitEthernet0/0/1]nat static enable #在全局配置静态NAT,在接口声明
Dynamic NAT
[R1]nat address-group 1 212.0.0.100 212.0.0.200
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255 #在全局配置静态NAT,在接口声明
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
NAT port multiplexer
[R1-GigabitEthernet0/0/1]q
[R1]acl 3000
R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 3000
Port Mapping
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat server protocol tcp global 9.9.9.9 www inside 192.1
68.50.100 www #进入接口配置端口映射
Routing Table
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2 #向上配置默认到外网
[R1]ip route-static 192.168.10.0 24 11.0.0.2
[R1]ip route-static 192.168.20.0 24 11.0.0.2 #向下配置静态
[R1]ip route-static 192.168.30.0 24 11.0.0.2
[R1]ip route-static 192.168.50.0 24 11.0.0.2
R2 Configuration
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 13.0.0.1 24
[R2-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 12.0.0.2 24
[R2-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R2-GigabitEthernet0/0/1]int loo 0 #配置环回地址测试
[R2-LoopBack0]ip add 114.114.114.114 32
[R2]ip route-static 8.8.8.8 32 12.0.0.1 #配置静态路由到NAT服务器R1
[R2]ip route-static 212.0.0.0 24 12.0.0.1
[R2]ip route-static 9.9.9.9 32 12.0.0.1
Cloud1 Configuration
W10 open a virtual machine in vmware virtual machine, the binding of No. 2 card vmware;
set up a virtual machine IP w10
V. capture the NAT test
Test requirements 1
PC1 access the Internet via the address 8.8.8.8, the packet capture R2 g0 / 0/1 Interface
2 test requirements
PC2 access the Internet via the address 212.0.0.0 paragraphs pool, the capture R2 g0 / 0/1 Interface
3 testing requirements
PC3 by 12.0.0.1 access network, the packet capture R2 g0 / 0/1 Interface
Sixth, NAT port mapping test
Testing requirements 4
Access 9.9.9.9 page Cloud can enter the internal pages
