一.测试拓扑:
二.基本思路和笔试题目:
A.基本思路:
通过使用NAT extendable参数,使得内部一个地址能在不同接口以不同地址NAT出去,否则内部一个地址只能配静态NAT一次。
B.笔试题目:
An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?
答案:NAT extendable
三.基本配置:
A.R1路由器:
interface Ethernet0/0
ip address 202.100.1.2 255.255.255.0
no shut
B.R2路由器:
interface Ethernet0/0
ip address 61.1.1.2 255.255.255.0
no shut
C.R3路由器:
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
no shut
interface Ethernet0/1
ip address 202.100.1.1 255.255.255.0
ip nat outside
no shut
interface Ethernet0/2
ip address 61.128.1.1 255.255.255.0
ip nat outside
no shut
D.R4路由器
interface Ethernet0/0
ip address 10.1.1.2 255.255.255.0
sno shut
ip route 0.0.0.0 0.0.0.0 10.1.1.1
line vty 0 5
password cisco
login
四.NAT extendable配置:
A.R3路由器:
ip nat inside source static 10.1.1.2 61.128.1.8 extendable
ip nat inside source static 10.1.1.2 202.100.1.8 extendable
B.测试:
R1#telnet 202.100.1.8
Trying 202.100.1.8 ... Open
User Access Verification
Password:
R4>show users
Line User Host(s) Idle Location
0 con 0 idle 06:08:16
*130 vty 0 idle 00:00:00 202.100.1.2
Interface User Mode Idle Peer Address
R2#telnet 61.128.1.8
Trying 61.128.1.8 ... Open
User Access Verification
Password:
R4>show users
Line User Host(s) Idle Location
0 con 0 idle 06:09:06
130 vty 0 idle 00:00:49 202.100.1.2
*131 vty 1 idle 00:00:00 61.128.1.2
Interface User Mode Idle Peer Address
本文转自 碧云天 51CTO博客,原文链接:http://blog.51cto.com/333234/1218471,如需转载请自行联系原作者
