DEMO1:スタティックNATアドレス変換
ENSPトポロジ:
SW1:
<Huawei>sys
[Huawei]sysname SW1
[SW1]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int vlanif10
[SW1-Vlanif10]ip add 192.168.10.1 24
[SW1-Vlanif10]int vlanif20
[SW1-Vlanif20]ip add 192.168.20.1 24
[SW1-Vlanif20]int vlanif30
[SW1-Vlanif30]ip add 192.168.30.1 24
[SW1-Vlanif30]int vlanif40
[SW1-Vlanif40]ip add 11.0.0.2 24
[SW1-Vlanif40]q
[SW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 5
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 6
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.10.1/24 down down
Vlanif20 192.168.20.1/24 down down
Vlanif30 192.168.30.1/24 down down
Vlanif40 11.0.0.2/24 down down
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 30
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 20
[SW1-GigabitEthernet0/0/4]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5]port default vlan 40
[SW1-GigabitEthernet0/0/5]dis vlan
The total number of vlans is : 5
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D)
GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D)
GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D)
GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D)
GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common UT:GE0/0/1(U)
20 common UT:GE0/0/2(U) GE0/0/4(U)
30 common UT:GE0/0/3(U)
40 common UT:GE0/0/5(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
40 enable default enable disable VLAN 0040
[SW1-GigabitEthernet0/0/5]q
[SW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned down down
Vlanif10 192.168.10.1/24 up up
Vlanif20 192.168.20.1/24 up up
Vlanif30 192.168.30.1/24 up up
Vlanif40 11.0.0.2/24 up up
//此时端口全部配置结束并开启
[SW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1R1:
<Huawei>sys
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
[R1-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/0]q
[R1]ping 11.0.0.2
PING 11.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 11.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 11.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 11.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 11.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 11.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 11.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/50 ms
[R1]int g0/0/01
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[R1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R1-GigabitEthernet0/0/1]nat static enable
[R1-GigabitEthernet0/0/1]q
[R1]nat static global 8.8.8.8 inside 192.168.10.10
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
[R1]ip route-static 192.168.10.0 24 11.0.0.2
[R1]ip route-static 192.168.20.0 24 11.0.0.2
[R1]ip route-static 192.168.30.0 24 11.0.0.2R2:
<Huawei>sys
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[R2-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R2-GigabitEthernet0/0/0]ping 12.0.0.1
PING 12.0.0.1: 56 data bytes, press CTRL_C to break
Reply from 12.0.0.1: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 12.0.0.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 12.0.0.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 12.0.0.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 12.0.0.1: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 12.0.0.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/38/110 ms
[R2-GigabitEthernet0/0/0]q
[R2]int loopBack0
[R2-LoopBack0]ip add 114.114.114.114 32
[R2-LoopBack0]q
[R2]ip route-static 8.8.8.8 32 12.0.0.1確認してください:114.114.114.114:ピングPC4をしています
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=47 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/40/47 msEtherealのアドレス変換ソフトウェアテスト:
DEMO2:ダイナミックNAT:
R1:
[R1]nat address-group 1 212.0.0.100 212.0.0.200
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[R1-acl-basic-2000]rule permit source 11.0.0.0 0.0.0.255
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 12.0.0.1 255.255.255.0
nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255
#
return
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
[R1-GigabitEthernet0/0/1]qR2:
[R2]ip route-static 212.0.0.0 24 12.0.0.1
//配静态PC2ピングで:114.114.114.114:
PC>ping 114.114.114.11
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=62 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/46/62 msこのときのR2は、捕捉のためのG0 / 0/0ポートは、動的アドレス変換を見つけることができるです。
Demo3:外部パブリックIPアドレスに対応するネットワークポートのEasyip複数のプライベートIPアドレス(12.0.0.1)
R1:
[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 12.0.0.1 255.255.255.0
nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255
nat outbound 2000 address-group 1 no-pat
#
return
[R1-GigabitEthernet0/0/1]nat outbound 3000PC3ピングで:114.114.114.114:
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=78 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=16 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=31 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/37/78 msこの時点でR2は、キャプチャのためのG0 / 0/0ポートでアドレス変換するかどうかを照会します。
