CISCO NAT配置命令
21.1.在路由器上启用基本的 NAT功能
Router#con figure termi nal
En ter con figurati on comma nds, one per line. End with CNTL/Z.
Router(co nfig)#access-list 15 permit 192.168.0.0 0.0.255.255
Router(c on fig)#ip nat in side source list 15 in terface FastEther netO/O overload
Router(c on fig)# in terface FastEther netO/2
Router(co nfig-if)#ip address 192.168.1.1 255.255.255.0
Router(c on fig-if)#ip nat in side
Router(c on fig-if)#exit
Router(c on fig)# in terface FastEther netO/1
Router(co nfig-if)#ip address 192.168.2.1 255.255.255.0
Router(c on fig-if)#ip nat in side
Router(c on fig-if)#exit
Router(c on fig)# in terface Ether netO/O
Router(c on fig-if)#ip address 172.16.1.5 255.255.255.252
Router(c on fig-if)#ip nat outside
Router(c on fig-if)#exit
Router(c on fig)#e nd
Router#
地址翻译功能
21.2.动态分配外部地址
Router#c on figure termi nal
En ter con figurati on comma nds, one per line. End with CNTL/Z.
Router(co nfig)#access-list 15 permit 192.168.0.0 0.0.255.255
Router(c on fig)#ip n at pool NATPOOL 172.16.1.100 172.16.1.150 netmask 255.255.255.0
Router(co nfig)#ip nat in side source list 15 pool NATPOOL
Router(c on fig)# in terface FastEther net 0/0
Router(co nfig-if)#ip address 192.168.1.1 255.255.255.0
Router(c on fig-if)#ip nat in side
Router(c on fig-if)#exit
Router(c on fig)#i nterface FastEther net 0/1
Router(co nfig-if)#ip address 192.16821 255.255.255.0
Router(c on fig-if)#ip nat in side
Router(c on fig-if)#exit热带雨林探险记作文
Router(c on fig)#i nterface Ethernet1/0
Router(co nfig-if)#ip address 172.16.1.2 255.255.255.0
Router(c on fig-if)#ip nat outside
Router(c on fig-if)#exit
Router(c on fig)#e nd
费玉清老婆Router#
注释ip nat inside source list 15 pool NATPOOL 定义了翻译出去的地址池,如果地址池可以地址用
完新的翻译将不成功,如果加上了 overload 参数将会从第一个地址开始翻译进行复用。另外这里的地址 池并不一定要和outside端口的地址在同一网段,只要有相应的路由就可以。
21.3.静态分配外部地址
Router#c on figure termi nal
En ter con figurati on comma nds, one per line. End with CNTL/Z.
Router(co nfig)#ip nat in side source static 192.168.1.15 172.16.1.10
Router(co nfig)#ip nat in side source static 192.168.1.16 172.16.1.11
Router(c on fig)# in terface FastEther net 0/0
Router(co nfig-if)#ip address 192.168.1.1 255.255.255.0
Router(c on fig-if)#ip nat in side
Router(c on fig-if)#exit
Router(c on fig)#i nterface FastEther net 0/1
Router(co nfig-if)#ip address 192.168.2.1 255.255.255.0
Router(c on fig-if)#ip nat in side
Router(c on fig-if)#exit
Router(c on fig)#i nterface Ethernet1/0
Router(co nfig-if)#ip address 172.16.1.2 255.255.255.0
Router(c on fig-if)#ip nat outside
Router(c on fig-if)#exit
Router(c on fig)#e nd
Router#
21.4.地址静态和动态翻译结合
Router#c on figure termi nal
En ter con figurati on comma nds, one per line. End with CNTL/Z.
Router(co nfig)#access-list 15 deny 192.168.1.15 0.0.0.0
Router(co nfig)#access-list 15 deny 192.168.1.16 0.0.0.0
Router(co nfig)#access-list 15 permit 192.168.0.0 0.0.255.255
Router(co nfig)#ip nat in side source static 192.168.1.15 172.16.1.10
Router(co nfig)#ip nat in side source static 192.168.1.16 172.16.1.11
Router(c on fig)#ip n at pool NATPOOL 172.16.1.100 172.16.1.150 netmask 255.255.255.0
迈克尔杰克逊整容失败Router(c on fig)#ip nat in side source list 15 pool NATPOOL overload
Router(c on fig)# in terface FastEther net0/0
Router(co nfig-if)#ip address 192.168.1.1 255.255.255.0
Router(c on fig-if)#ip nat in side
Router(c on fig-if)#exit
Router(c on fig)# in terface FastEther net0/1
Router(co nfig-if)#ip address 192.168.2.1 255.255.255.0
Router(c on fig-if)#ip nat in side
Router(c on fig-if)#exit
Router(c on fig)# in terface Ether net0/0
Router(co nfig-if)#ip address 172.16.1.2 255.255.255.0
Router(c on fig-if)#ip nat outside
Router(c on fig-if)#exit
Router(c on fig)#e nd
Router#
注释 这里的控制列表把所要静态内部地址排除了, 青椒炒鱿鱼当然这一步也不是必须的, 因为静态翻译的优先级要高
于动态翻译的,不过静态翻译的外部地址必须要从动态翻译的地址池中排除。
21.5.使用Route Maps 来进行翻译规则控制
Router1#c on figure termi nal
En ter con figurati on comma nds, one per line. End with CNTL/Z.
Router(c on fig)# in terface FastEther net0/0
Router(c on fig-if)#ip address 172.16.1.5 255.255.255.252
dnf狂战90刷图加点Router(c on fig-if)#ip nat outside
Router(c on fig-if)#exit
Router(c on fig)# in terface FastEther net0/1
Router(c on fig-if)#ip address 172.16.2.5 255.255.255.252
Router(c on fig-if)#ip nat outside
>霍汶希老公
发布评论