zoukankan      html  css  js  c++  java

  • 实验14配置NAT

    实验任务一:basic nat配置
    1.搭建实验环境

    2.配置ip地址
    3.检查连通性
    4.配置basic nat
    [RTA]acl basic 2000
    [RTA-acl-ipv4-basic-2000]rule 0 permit source 10.0.0.0 0.0.0.255
    [RTA]nat address-group 1
    //配置nat地址池1,地址池中的用于转换的地址198.76.28.11-198.76.28.20
    [RTA-address-group-1]address 198.76.28.11 198.76.28.20
    [RTA]interface GigabitEthernet 0/1
    [RTA-GigabitEthernet0/1]nat outbound 2000 address-group 1 no-pat
    5.ClientA clientB ping server,ping通
    6.检查NAT表项
    [RTA]display nat session
    Slot 0:
    Initiator:
    Source IP/port: 10.0.0.1/170//私网的原地址和端口
    Destination IP/port: 198.76.29.4/2048//公网地址和端口
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/0

    Initiator:
    Source IP/port: 10.0.0.2/171
    Destination IP/port: 198.76.29.4/2048
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/0

    Total sessions found: 2

    [RTA]display nat no-pat
    Slot 0:
    Local IP: 10.0.0.1
    Global IP: 198.76.28.15//显示私网转换后的公网地址
    Reversible: N
    Type : Outbound

    Local IP: 10.0.0.2
    Global IP: 198.76.28.16
    Reversible: N
    Type : Outbound

    Total entries found: 2

    几分钟过后,发现表项全部消失了。
    NAT表项具有一定的老化时间,一旦超过老化时间,NAT会删除表项
    []Display session aging-time state//可以查看路由器会话的默认老化时间

    NAT调试信息
    []Terminal monitor
    []Terminal debugging
    []Debugging nat packet

    实验任务二:NAPT配置

    1. 搭建实验环境,和任务一一样,
    2. 检查连通性
    3. 配置NAPT
      [RTA]nat address-group 1
      [RTA-address-group-1]address 198.76.28.11 198.76.28.11
      [RTA-GigabitEthernet0/1]nat outbound 2000 address-group 1
    4. 查看NAT表项
      [H3C]display nat session verbose
      Slot 0:
      Initiator:
      Source IP/port: 10.0.0.2/182
      Destination IP/port: 198.76.29.4/2048
      DS-Lite tunnel peer: -
      VPN instance/VLAN ID/VLL ID: -/-/-
      Protocol: ICMP(1)
      Inbound interface: GigabitEthernet0/0
      Responder:
      Source IP/port: 198.76.29.4/6
      Destination IP/port: 198.76.28.11/0
      DS-Lite tunnel peer: -
      VPN instance/VLAN ID/VLL ID: -/-/-
      Protocol: ICMP(1)
      Inbound interface: GigabitEthernet0/1
      State: ICMP_REPLY
      Application: OTHER
      Start time: 2018-04-23 21:43:50 TTL: 27s
      Initiator->Responder: 0 packets 0 bytes
      Responder->Initiator: 0 packets 0 bytes

    Initiator:
    Source IP/port: 10.0.0.1/181
    Destination IP/port: 198.76.29.4/2048
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/0
    Responder:
    Source IP/port: 198.76.29.4/5
    Destination IP/port: 198.76.28.11/0
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/1
    State: ICMP_REPLY
    Application: OTHER
    Start time: 2018-04-23 21:43:47 TTL: 24s
    Initiator->Responder: 0 packets 0 bytes
    Responder->Initiator: 0 packets 0 bytes

    Total sessions found: 2
    实验任务三:easy ip配置
    //配置Easy ip
    [RTA]acl basic2000
    [RTA- acl basic-2000]Rule 0 permit source 10.0.0.0 0.0.0.255
    [RTA]interface GigabitEthernet 0/1
    [RTA- GigabitEthernet 0/1]nat outbound 2000

    [H3C]display nat session verbose
    Slot 0:
    Initiator:
    Source IP/port: 10.0.0.2/154
    Destination IP/port: 198.76.29.4/2048
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/0
    Responder:
    Source IP/port: 198.76.29.4/6
    Destination IP/port: 198.76.28.1/0
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/1
    State: ICMP_REPLY
    Application: OTHER
    Start time: 2018-04-25 22:00:39 TTL: 27s
    Initiator->Responder: 0 packets 0 bytes
    Responder->Initiator: 0 packets 0 bytes

    Initiator:
    Source IP/port: 10.0.0.1/154
    Destination IP/port: 198.76.29.4/2048
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/0
    Responder:
    Source IP/port: 198.76.29.4/5
    Destination IP/port: 198.76.28.1/0
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/1
    State: ICMP_REPLY
    Application: OTHER
    Start time: 2018-04-25 22:00:36 TTL: 24s
    Initiator->Responder: 0 packets 0 bytes
    Responder->Initiator: 0 packets 0 bytes

    Total sessions found: 2

    [H3C]display nat session
    Slot 0:
    Initiator:
    Source IP/port: 10.0.0.2/155
    Destination IP/port: 198.76.29.4/2048
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/0

    Initiator:
    Source IP/port: 10.0.0.1/155
    Destination IP/port: 198.76.29.4/2048
    DS-Lite tunnel peer: -
    VPN instance/VLAN ID/VLL ID: -/-/-
    Protocol: ICMP(1)
    Inbound interface: GigabitEthernet0/0

    Total sessions found: 2

    实验任务四:NAT SERVER配置
    配置NAT server:
    [RTA-GigabitEthernet0/1]nat server protocol icmp global 198.76.28.1 inside 10.0
    .0.1
    //每一个ip地址后面可以加端口号以实现具体的功能,比如说ftp
    例子:nat server protocol tcp global 198.76.28.1 ftp inside 10.0.0.1 ftp
  • 相关阅读:
    使用nodejs运行SAP Fiori应用
    JUnit 注解@Rule的工作原理
    JUnit 注解@SuiteClasses的工作原理
    JUnit 注解@Category的工作原理
    JUnit 注解@RunWith的工作原理
    Eclipse里如果看不到Attach Source按钮应该怎么办
    使用SAP CRM中间件从ERP下载BOM的一些常见问题
    GaussDB(DWS):非侵入式备份及其在NBU上的应用
    华为云原生数据仓库GaussDB(DWS)深度技术解读:融、快、大、稳、易
    华为云举办AI经典论文复现活动,打造领先AI开发者学习社区
  • 原文地址:https://www.cnblogs.com/akiz/p/11144535.html
Copyright © 2011-2022 走看看