今天有幸看到了朋友公司的一道面试题目,感觉很经典拿来分享一下。
题目如下:
R1 config:
interface f0/0
  ip add 172.168.1.1 255.255.255.252
  ip nat inside
interface loopback 0
  ip add 10.10.10.1 255.255.255.0
  ip nat outside
 
ip nat inside source static tcp 20.20.20.1 23 10.10.10.254 23
ip route 20.20.20.0 255.255.255.0 172.168.1.2
 
R2 config:
interface f0/0
  ip add 172.168.1.2 255.255.255.252
interface loopback 0
  ip add 20.20.20.1 255.255.255.0
 
ip route 10.10.10.0 255.255.255.0 172.168.1.1
 
line vty 0 4
  password cisco
  login
 
问题:如果在R1上telnet 10.10.10.254 会通吗?
如果通,请说明原因
如不通,请给出solution(只能修改R1配置)

看上去,并非很难,想了一会感觉有点晕了。于是自己动手搭了个实验环境:
配置是一样的,以下是show出的结果:我用两种颜色表示这样层次清晰。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     20.0.0.0/24 is subnetted, 1 subnets
S       20.20.20.0 [1/0] via 172.168.1.2
     172.168.0.0/30 is subnetted, 1 subnets
C       172.168.1.0 is directly connected, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Loopback0
 
R1#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 10.10.10.254:23    20.20.20.1:23     ---                          ---
 
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     20.0.0.0/24 is subnetted, 1 subnets
C       20.20.20.0 is directly connected, Loopback0
     172.168.0.0/24 is subnetted, 1 subnets
C       172.168.1.0 is directly connected, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
S       10.10.10.0 [1/0] via 172.168.1.1

下面开始telnet:
首先绕过NAT telnet 以证明配置无误,的确可以看出R2是可以被telnet的。
R1#telnet 20.20.20.1
Trying 20.20.20.1 ... Open

User Access Verification
Password:
R2>exit
[Connection to 20.20.20.1 closed by foreign host]
接着尝试题目的问题:
R1#telnet 10.10.10.254
Trying 10.10.10.254 ...
% Connection timed out; remote host not responding
果然不通。于是开始troubleshooting

我们在R1上打开debug ip nat 和debug ip packet
R1#telnet 10.10.10.254
Trying 10.10.10.254 ...
*Mar  1 00:05:11.319: NAT: s=10.10.10.1, d=10.10.10.254->20.20.20.1 [47954]
*Mar  1 00:05:13.323: NAT: s=10.10.10.1, d=10.10.10.254->20.20.20.1 [47954]
*Mar  1 00:05:17.323: NAT: s=10.10.10.1, d=10.10.10.254->20.20.20.1 [47954]
*Mar  1 00:05:25.323: NAT: s=10.10.10.1, d=10.10.10.254->20.20.20.1 [47954]
% Connection timed out; remote host not responding
 
*Mar  1 00:07:34.503: IP: tableid=0, s=10.10.10.1 (local), d=20.20.20.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:07:34.507: IP: s=10.10.10.1 (local), d=20.20.20.1 (FastEthernet0/0), len 44, sending
*Mar  1 00:07:34.811: IP: tableid=0, s=20.20.20.1 (FastEthernet0/0), d=10.10.10.1 (Loopback0), routed via RIB
*Mar  1 00:07:34.815: IP: s=20.20.20.1 (FastEthernet0/0), d=10.10.10.1, len 44, rcvd 4
(重复信息略)

可以看出NAT是成功的,而且R1通过F0/0发包并接到了回复。
 
我们再来看看R2的结果:
打开debug ip packet
R2#
*Mar  1 00:07:34.799: IP: tableid=0, s=10.10.10.1 (FastEthernet0/0), d=20.20.20.1 (Loopback0), routed via RIB
*Mar  1 00:07:34.803: IP: s=10.10.10.1 (FastEthernet0/0), d=20.20.20.1, len 44, rcvd 4
*Mar  1 00:07:34.811: IP: tableid=0, s=20.20.20.1 (local), d=10.10.10.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:07:34.815: IP: s=20.20.20.1 (local), d=10.10.10.1 (FastEthernet0/0), len 44, sending
可以看到R2能对R1的请求作出回应,收发过吻合。
尽管如此,R1上显示的是% Connection timed out; remote host not responding
连接超时说明telnet失败。为什么会这样呢?