NA-NP-IE系列实验41：动态NAT-阿里云开发者社区

实验41：动态NAT

1. 实验目的

通过本实验可以掌握:

（1）动态NAT 的特征

（2）动态NAT 配置和调试

2. 拓扑结构

实验拓扑如图所示。

3. 实验步骤

配置如下：

r0(config)#int f0/0

r0(config-if)#ip add 172.16.1.2 255.255.255.0

r0(config-if)#no sh

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

r0(config-if)#%IP-4-DUPADDR: Duplicate address 172.16.1.2 on FastEthernet0/0, sourced by 0007.ECE7.EDB0

r0(config-if)#exit

r0(config)#int s0/0

r0(config-if)#ip add 202.96.1.1 255.255.255.0

r0(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0, changed state to up

r0(config-if)#

r0(config-if)#clo r 64000

r0(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

r0(config-if)#exit

r0(config)#ip nat pool cisco 202.96.1.3 202.96.1.255 net 255.255.255.0//配置动态NAT 转换的地址池

r0(config)#ip nat inside source list 1 pool cisco//配置动态NAT 映射

r0(config)#access-list 1 permit 172.16.1.0 0.0.0.255 //允许动态NAT 转换的内部地址范围

r0(config)#int f0/0

r0(config-if)#ip nat inside

r0(config-if)#exit

r0(config)#int s0/0

r0(config-if)#ip nat outside

r0(config-if)#exit

r0(config)#router eigrp 1

r0(config-router)#no au

r0(config-router)#net 202.96.1.0

r0(config-router)#

%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 202.96.1.2 (Serial0/0) is up: new adjacency

r0(config-router)#do sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 202.96.1.3:17 172.16.1.1:17 1.1.1.1:17 1.1.1.1:17

icmp 202.96.1.3:18 172.16.1.1:18 1.1.1.1:18 1.1.1.1:18

icmp 202.96.1.3:19 172.16.1.1:19 1.1.1.1:19 1.1.1.1:19

icmp 202.96.1.3:20 172.16.1.1:20 1.1.1.1:20 1.1.1.1:20

icmp 202.96.1.3:21 172.16.1.1:21 202.96.1.2:21 202.96.1.2:21

icmp 202.96.1.3:22 172.16.1.1:22 202.96.1.2:22 202.96.1.2:22

icmp 202.96.1.3:23 172.16.1.1:23 202.96.1.2:23 202.96.1.2:23

icmp 202.96.1.3:24 172.16.1.1:24 202.96.1.2:24 202.96.1.2:24

以上信息表明当PC0第一次访问“1.1.1.1”地址的时候,NAT 路由器R0 为主机

PC0动态分配一个全局地址 “202.96.1.3”，在NAT 表表中生成一条动态映射的记录，同时会在NAT 表中生成和应用向对应的协议和端口号的记录（过期时间为60 秒）。在动态映射没有过期（过期时间为86400 秒）之前，再有应用从相同主机发起时，

NAT 路由器直接查NAT 表,然后为应用分配相应的端口号。

r0(config-router)#do debug ip nat

IP NAT debugging is on

r0(config-router)#do clear ip nat translation * // 清除动态NAT 表

r0(config-router)#

NAT: s=172.16.1.1->202.96.1.3, d=202.96.1.2 [29]

NAT*: s=202.96.1.2, d=202.96.1.3->172.16.1.1 [102]

r0(config-router)#

NAT: s=172.16.1.1->202.96.1.3, d=202.96.1.2 [30]

NAT*: s=202.96.1.2, d=202.96.1.3->172.16.1.1 [104]

r0(config-router)#

NAT: s=172.16.1.1->202.96.1.3, d=202.96.1.2 [31]

NAT*: s=202.96.1.2, d=202.96.1.3->172.16.1.1 [105]

r0(config-router)#

NAT: s=172.16.1.1->202.96.1.3, d=202.96.1.2 [32]

NAT*: s=202.96.1.2, d=202.96.1.3->172.16.1.1 [106]

r0(config-router)#

NAT: s=172.16.1.1->202.96.1.3, d=1.1.1.1 [33]

NAT*: s=1.1.1.1, d=202.96.1.3->172.16.1.1 [113]

r0(config-router)#

NAT: s=172.16.1.1->202.96.1.3, d=1.1.1.1 [34]

NAT*: s=1.1.1.1, d=202.96.1.3->172.16.1.1 [114]

r0(config-router)#

NAT: s=172.16.1.1->202.96.1.3, d=1.1.1.1 [35]

NAT*: s=1.1.1.1, d=202.96.1.3->172.16.1.1 [116]

r0(config-router)#

NAT: s=172.16.1.1->202.96.1.3, d=1.1.1.1 [36]

NAT*: s=1.1.1.1, d=202.96.1.3->172.16.1.1 [118]

r0(config-router)#

NAT: expiring 202.96.1.3 (172.16.1.1) icmp 25 (25)

r0(config-router)#

NAT: expiring 202.96.1.3 (172.16.1.1) icmp 26 (26)

r0(config-router)#

NAT: expiring 202.96.1.3 (172.16.1.1) icmp 27 (27)

r0(config-router)#

NAT: expiring 202.96.1.3 (172.16.1.1) icmp 28 (28)

r0(config-router)#

NAT: expiring 202.96.1.3 (172.16.1.1) icmp 29 (29)

r0(config-router)#

NAT: expiring 202.96.1.3 (172.16.1.1) icmp 30 (30)

r0(config-router)#

NAT: expiring 202.96.1.3 (172.16.1.1) icmp 31 (31)

r0(config-router)#

NAT: expiring 202.96.1.3 (172.16.1.1) icmp 32 (32)

r0(config-router)#

r0(config-router)#do sh ip nat statistics

Total translations: 0 (0 static, 0 dynamic, 0 extended) // 有0 个转换是动态转化，

Outside Interfaces: Serial0/0 //NAT 外部接口

Inside Interfaces: FastEthernet0/0 //NAT 内部接口

Hits: 16 Misses: 16

Expired translations: 16 //NAT 表中过期的转换

Dynamic mappings: // 动态映射

-- Inside Source

access-list 1 pool cisco refCount 0

pool cisco: netmask 255.255.255.0 // 地址池名字和掩码

start 202.96.1.3 end 202.96.1.255 // 地址池范围

type generic, total addresses 253 , allocated 0 (0%), misses 0 // 共253 个地址，分出去0 个

r0(config-router)#

r1(config)#int s0/0

r1(config-if)#ip add 202.96.1.2 255.255.255.0

r1(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0, changed state to down

r1(config-if)#exit

r1(config)#int loo 1

%LINK-5-CHANGED: Interface Loopback1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up

r1(config-if)#

r1(config-if)#ip add 1.1.1.1 255.255.255.0

r1(config-if)#no sh

r1(config-if)#

%LINK-5-CHANGED: Interface Serial0/0, changed state to up

r1(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

r1(config-if)#exit

r1(config)#router eigrp 1

r1(config-router)#no au

r1(config-router)#net 202.96.1.0

r1(config-router)#

%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 202.96.1.1 (Serial0/0) is up: new adjacency

r1(config-router)#net 1.1.1.0

r1(config-router)#

PC>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:

Reply from 1.1.1.1: bytes=32 time=94ms TTL=254

Reply from 1.1.1.1: bytes=32 time=63ms TTL=254

Reply from 1.1.1.1: bytes=32 time=46ms TTL=254

Reply from 1.1.1.1: bytes=32 time=63ms TTL=254

Ping statistics for 1.1.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 94ms, Average = 66ms

PC>ping 202.96.1.2

Pinging 202.96.1.2 with 32 bytes of data:

Reply from 202.96.1.2: bytes=32 time=62ms TTL=254

Ping statistics for 202.96.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 62ms, Average = 62ms

PC>ping 202.96.1.2

Pinging 202.96.1.2 with 32 bytes of data:

Reply from 202.96.1.2: bytes=32 time=63ms TTL=254

Reply from 202.96.1.2: bytes=32 time=62ms TTL=254

Ping statistics for 202.96.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 63ms, Average = 62ms

PC>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:

Reply from 1.1.1.1: bytes=32 time=62ms TTL=254

Reply from 1.1.1.1: bytes=32 time=63ms TTL=254

Reply from 1.1.1.1: bytes=32 time=47ms TTL=254

Ping statistics for 1.1.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 63ms, Average = 58ms

PC>

本文转自gauyanm 51CTO博客，原文链接：http://blog.51cto.com/gauyanm/241738，如需转载请自行联系原作者

NA-NP-IE系列实验41：动态NAT

热门文章

最新文章

相关电子书