接着上一篇吧~
PAT是咱们公司局域网上网的最普通的方式,也就是我们从ISP买了一个公网的IP地址,但是通过端口分配呢,我们局域网内的主机都可以上网了,激动人心吧,接着我们就来做实验吧。还是使用CISCO出品的模拟器PacketTracert4,这个模拟器就是让你有想法马上验证一下,一步一个脚印,从简单的开始,将简单的积累起来就可以做梦中的大事了,哈哈,开始吧。
还是上一次那张拓扑图:
企业网内部的主机是网络中的一台DNS服务器,我们还是给它映射一个固定的公网IP--200.1.0.1/24。网内其他主机通过端口F0/1的地址实现PAT。
主要命令:
ip nat inside
ip nat outside
access-list 10 permit host 192.168.1.2
access-list 10 permit host 192.168.1.3
access-list 10 permit host 192.168.1.4
... ...(将允许接入公网那个的计算机加紧ACL中,当然也可以选择先DENY后PERMIT
)
)
ip nat inside source list 10 interface f0/1 overload
开始设置吧:
Router_0#sh run
Building configuration...
Building configuration...
Current configuration : 808 bytes
!
version 12.3
no service password-encryption
!
hostname Router_0
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.0.2 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source static 192.168.1.1 200.1.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.0.3
!
access-list 10 permit host 192.168.1.2
access-list 10 permit host 192.168.1.3
access-list 10 permit host 192.168.1.4
!
!
ip dhcp pool tiger
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.1
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
!
!
end
!
version 12.3
no service password-encryption
!
hostname Router_0
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.0.2 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source static 192.168.1.1 200.1.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.0.3
!
access-list 10 permit host 192.168.1.2
access-list 10 permit host 192.168.1.3
access-list 10 permit host 192.168.1.4
!
!
ip dhcp pool tiger
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.1
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
!
!
end
Router_1#sh run
Building configuration...
Building configuration...
Current configuration : 461 bytes
!
version 12.3
no service password-encryption
!
hostname Router_1
!
!
!
!
interface FastEthernet0/0
ip address 200.1.0.3 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.1.254 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
ip dhcp pool zwin
network 200.1.1.0 255.255.255.0
default-router 200.1.1.254
dns-server 200.1.0.1
!
line con 0
line vty 0 4
login
!
!
end
!
version 12.3
no service password-encryption
!
hostname Router_1
!
!
!
!
interface FastEthernet0/0
ip address 200.1.0.3 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.1.254 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
ip dhcp pool zwin
network 200.1.1.0 255.255.255.0
default-router 200.1.1.254
dns-server 200.1.0.1
!
line con 0
line vty 0 4
login
!
!
end
看看结果如何
PC0访问
[url]www.51cto.com[/url](在DNS设置中将200.1.1.251映射为
[url]www.51cto.com[/url])
接着用公网PC3访问
[url]www.51cto.com[/url]
实验成功哦~
NAT的实验就做完了,我复习了一遍,也希望大家有收获哦,开心最重要!
Have fun!
本文转自 tiger506 51CTO博客,原文链接:http://blog.51cto.com/tiger506/84458,如需转载请自行联系原作者
