路漫漫其修远兮,吾将上下而求索。
实验目的如图
实验思路:配置内网,再配置外网,再做nat
clien1配置
clien2配置
pc3配置
lsw1配置
sysname lsw1
#
vlan batch 10 20 30
#
interface MEth0/0/1
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface Ethernet0/0/3
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
AR1配置
sysname AR1
#
acl number 2001
rule 5 permit source 192.168.1.0 0.0.0.255
acl number 2002
rule 5 permit source 192.168.2.0 0.0.0.255
acl number 2003
rule 5 permit source 192.168.3.0 0.0.0.255
#
nat alg ftp enable
#
nat address-group 1 1.1.1.1 1.1.1.1
nat address-group 2 2.2.2.2 2.2.2.2
nat address-group 3 3.3.3.3 3.3.3.3
#
interface Eth-Trunk1
undo portswitch
#
interface Eth-Trunk1.1
dot1q termination vid 10
ip address 192.168.1.1 255.255.255.0
arp broadcast enable
#
interface Eth-Trunk1.2
dot1q termination vid 20
ip address 192.168.2.1 255.255.255.0
arp broadcast enable
#
interface Eth-Trunk1.3
dot1q termination vid 30
ip address 192.168.3.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0
ip address 192.168.4.2 255.255.255.0
nat outbound 2001 address-group 1
nat outbound 2002 address-group 2
nat outbound 2003 address-group 3
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface LoopBack1
ip address 1.1.1.10 255.255.255.0
#
interface LoopBack2
ip address 2.2.2.20 255.255.255.0
#
interface LoopBack3
ip address 3.3.3.30 255.255.255.0
#
rip 1
version 1
network 1.0.0.0
network 2.0.0.0
network 3.0.0.0
network 192.168.4.0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.4.1
AR2配置
sysname AR2
#
interface GigabitEthernet0/0/0
ip address 192.168.4.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.5.1 255.255.255.0
#
rip 1
version 1
network 192.168.4.0
network 192.168.5.0
AR3配置
sysname AR3
#
nat alg ftp enable
#
interface GigabitEthernet0/0/1
ip address 192.168.5.2 255.255.255.0
nat server protocol tcp global 4.4.4.4 2121 inside 172.16.1.10 ftp
nat server protocol tcp global 5.5.5.5 8080 inside 172.16.1.20 www
#
interface GigabitEthernet0/0/2
ip address 172.16.1.1 255.255.255.0
#
interface LoopBack1
ip address 4.4.4.40 255.255.255.0
#
interface LoopBack2
ip address 5.5.5.50 255.255.255.0
#
rip 1
network 4.0.0.0
network 5.0.0.0
network 192.168.5.0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.5.1
#
FTP配置
WWW配置
验证
两端nat是否映射成功
看是否能正常访问www和ftp服务
注意ospf 不能配置此实验,因为它会使环回口子网掩码变成32,单独成为只有一个IP地址的网段,使其它网段不能ping通此段,造成丢包,会导致nat映射失败。
