文章目錄
一、實驗環境
eNSP V100R003C00SPC100版本
二、實驗拓撲
三、實驗需求
1,PC1通過NAT靜態轉換爲8.8.8.8地址訪問外網114.114.114.114
2,PC2和PC4通過NAT動態轉換爲212.0.0.0網段的地址訪問外網地址114.114.114.114
3,PC3通過NAT端口多路複用訪問外網地址114.114.114.114
4,外網13.0.0.2能夠通過R1的端口映射訪問企業網內部的httpd網頁
四、實驗步驟
配置PC1,PC2,PC3,PC4,Server
PC1配置
PC2配置
PC3配置
PC4配置
Server配置
1,設置地址
2,配置Httpd服務
新建一個html後綴的文本,在服務器信息中選擇HttpServer的80端口,文件根目錄中加入html後綴的文本。
LSW1三層交換機配置
<LSW1>sys
Enter system view, return user view with Ctrl+Z.
[LSW1]undo info-center enable #關閉華爲信息提示
Info: Information center is disabled.
[LSW1]vlan 10
[LSW1-vlan10]vlan 20
[LSW1-vlan20]vlan 30
[LSW1-vlan30]vlan 40
[LSW1-vlan40]vlan 50 #添加vlan
[LSW1-vlan50]int g0/0/1
[LSW1-GigabitEthernet0/0/1]p l a
[LSW1-GigabitEthernet0/0/1]p d v 10
[LSW1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[LSW1-GigabitEthernet0/0/1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]p l a
[LSW1-GigabitEthernet0/0/2]p d v 20
[LSW1-GigabitEthernet0/0/2]un sh
Info: Interface GigabitEthernet0/0/2 is not shutdown.
[LSW1-GigabitEthernet0/0/2]int g0/0/3
[LSW1-GigabitEthernet0/0/3]p l a
[LSW1-GigabitEthernet0/0/3]p d v 30
[LSW1-GigabitEthernet0/0/3]un sh
Info: Interface GigabitEthernet0/0/3 is not shutdown.
[LSW1-GigabitEthernet0/0/3]int g0/0/4
[LSW1-GigabitEthernet0/0/4]p l a
[LSW1-GigabitEthernet0/0/4]p d v 20
[LSW1-GigabitEthernet0/0/4]un sh
Info: Interface GigabitEthernet0/0/4 is not shutdown.
[LSW1-GigabitEthernet0/0/4]int g0/0/6
[LSW1-GigabitEthernet0/0/6]p l a
[LSW1-GigabitEthernet0/0/6]p d v 50
[LSW1-GigabitEthernet0/0/6]un sh
Info: Interface GigabitEthernet0/0/6 is not shutdown.
[LSW1-GigabitEthernet0/0/6]int g0/0/5
[LSW1-GigabitEthernet0/0/5]p l a
[LSW1-GigabitEthernet0/0/5]p d v 40
[LSW1-GigabitEthernet0/0/5]un sh
Info: Interface GigabitEthernet0/0/5 is not shutdown.
[LSW1-GigabitEthernet0/0/5] #把接口加入vlan
[LSW1-GigabitEthernet0/0/5]int vlanif 10
[LSW1-Vlanif10]ip add 192.168.10.1 24
[LSW1-Vlanif10]int vlanif 20
[LSW1-Vlanif20]ip add 192.168.20.1 24
[LSW1-Vlanif20]int vlanif 30
[LSW1-Vlanif30]ip add 192.168.30.1 24
[LSW1-Vlanif30]int vlanif 40
[LSW1-Vlanif40]ip add 11.0.0.2 24
[LSW1-Vlanif40]int vlanif 50
[LSW1-Vlanif50]ip add 192.168.50.1 24 #進入虛擬接口配置IP
[LSW1-Vlanif50]q
[LSW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1 #向上配置默認路由出去
R1配置
靜態NAT
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
Dec 13 2019 10:11:23-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown. #配置接口IP
[R1-GigabitEthernet0/0/0]q
[R1]nat static global 8.8.8.8 inside 192.168.10.10
[R1-GigabitEthernet0/0/1]nat static enable #在全局配置靜態NAT,在接口聲明
動態NAT
[R1]nat address-group 1 212.0.0.100 212.0.0.200
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255 #在全局配置靜態NAT,在接口聲明
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
端口多路複用NAT
[R1-GigabitEthernet0/0/1]q
[R1]acl 3000
R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 3000
端口映射
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat server protocol tcp global 9.9.9.9 www inside 192.1
68.50.100 www #進入接口配置端口映射
路由表
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2 #向上配置默認到外網
[R1]ip route-static 192.168.10.0 24 11.0.0.2
[R1]ip route-static 192.168.20.0 24 11.0.0.2 #向下配置靜態
[R1]ip route-static 192.168.30.0 24 11.0.0.2
[R1]ip route-static 192.168.50.0 24 11.0.0.2
R2配置
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 13.0.0.1 24
[R2-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 12.0.0.2 24
[R2-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R2-GigabitEthernet0/0/1]int loo 0 #配置環回地址測試
[R2-LoopBack0]ip add 114.114.114.114 32
[R2]ip route-static 8.8.8.8 32 12.0.0.1 #配置靜態路由到NAT服務器R1
[R2]ip route-static 212.0.0.0 24 12.0.0.1
[R2]ip route-static 9.9.9.9 32 12.0.0.1
Cloud1配置
在vmware虛擬機中開一臺w10虛擬機,綁定vmware的2號網卡;
設置w10虛擬機IP
五、抓包測試NAT轉換
測試需求1
PC1通過8.8.8.8地址訪問外網,抓包R2的g0/0/1接口
測試需求2
PC2通過212.0.0.0段落池的地址訪問外網,抓包R2的g0/0/1接口
測試需求3
PC3通過12.0.0.1訪問外網,抓包R2的g0/0/1接口
六、測試NAT端口映射
測試需求4
在Cloud中訪問9.9.9.9網頁能進入內部網頁
