案例:
外网远程登录内网SW:
需求
1.内网的PC都可以访问Server1
2.外网的R2可以远程登录SW1,
用户名和密码是:HCIE/hehe
需求
1.内网的PC都可以访问Server1
2.外网的R2可以远程登录SW1,
用户名和密码是:HCIE/hehe
PC1:
192.168.1.1
255.255.255.0
192.168.1.254PC2:
192.168.1.2
255.255.255.0
192.168.1.254
-----------------------------------------------------
SW1:
undo terminal monitor
system-view
sysname SW1
vlan 10
quit
port-group group-member gi0/0/1 to gi0/0/3
port link-type access
port default vlan 10
quitinterface vlanif 10
ip address 192.168.1.10 24
quituser-interface vty 0 4
authentication-mode aaa
quitaaa
local-user HCIE password cipher hehe
local-user HCIE service-type telnet
local-user HCIE privilege level 15
quit
-----------------------------------------------------
R1:
undo terminal monitor
system-view
sysname R1
interface gi0/0/1
ip address 192.168.1.254 24
quit
interface gi0/0/0
ip address 100.1.1.1 24
quit
-----------------------------------------------------
R2:
undo terminal monitor
system-view
sysname R2
interface gi0/0/1
ip address 200.1.1.254 24
quit
interface gi0/0/0
ip address 100.1.1.3 24
quitServer1:
200.1.1.1
255.255.255.0
200.1.1.254
-------------------------------------------------@为了实现内网到外网的访问,在边界设备R1的外网接口上配置 EasyIP
ip route-static 0.0.0.0 0 100.1.1.3
acl 2000
rule 10 permit source 192.168.1.0 0.0.0.255
quitinterface gi0/0/0
nat outbound 2000
quit@为了实现外网到内网的访问,在边界设备R1的外网接口上配置 nat server
interface gi0/0/0
nat server protocol tcp global 100.1.1.2 2933 inside 192.168.1.10 23
//指的是:当该端口上收到从外网来的 TCP 协议的数据包,并且目标IP地址是 100.1.1.2
目标端口是 2933 的时候,将目标IP地址,转换为 192.168.1.10 ,端口号转换为23
然后接下来,R1继续查找路由表,然后将转换后的数据包,发送给了 SW1 .
此时,还需要在 SW1 上,添加一个可以返回到 R2 的 路由条目:
SW1:
ip route-static 0.0.0.0 0 192.168.1.254
--------------------------------------------------
测试:
PC1 ping 200.1.1.1 ,互通;
PC2 ping 200.1.1.1 ,互通;
R2上进行 telnet 测试:
<R2>telnet 100.1.1.2 2933 -> 修改telnet 使用的默认端口23为2933
Press CTRL_] to quit telnet mode
Trying 100.1.1.2 ...
Connected to 100.1.1.2 ...Login authentication
Username:HCIE
Password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2022-04-14 09:36:08.
<SW1>
