控制列表加NAT转换使用配置(cisco)
实验环境:小凡模拟器
实验器材:三台路由器 一台桥接pc机(本地虚拟机windows2003)
实验要求:1 pc机能ping通1.0 ,2.0。但是1.0,2.0,ping不通pc机
2 1.0,2.0,路由表上都有3.0网段
R1配置:
r1(config)#line console 0
r1(config-line)#logging synchronous
r1(config-line)#no exec-timeout
R1(config)#inter f0/0
R1(config-if)#ip address 192.168.3.254 255.255.255.0
R1(config-if)#shut
R1(config-if)#no shut
R1(config)#inter s1/0
R1(config-if)#ip address 192.168.4.2 255.255.255.0
R1 (config-if)#shut
R1 (config-if)#no shut
R1 (config)#inter s1/1
R1(config-if)#ip address 192.168.5.2 255.255.255.0
R1 (config-if)#shut
R1 (config-if)#no shut
R2配置:
r2(config)#line console 0
r2(config-line)#logging synchronous
r2(config-line)#no exec-timeout
r2(config)#inter f0/0
r2(config-if)#ip address 192.168.1.254 255.255.255.0
r2(config-if)#shut
r2(config-if)#no shut
r2(config-if)#inter s1/0
r2(config-if)#ip address 192.168.4.1 255.255.255.0
r2(config-if)#shut
r2(config-if)#no shut
R3配置:
r3(config)#line console 0
r3(config-line)#logging synchronous
r3(config-line)#no exec-timeout
r3(config)#inter f0/0
r3(config-if)#ip address 192.168.2.254 255.255.255.0
r3(config-if)#shut
r3(config-if)#no shut
r3(config-if)#inter s1/1
r3(config-if)#ip address 192.168.5.1 255.255.255.0
r3(config-if)#shut
r3(config-if)#no shut
R1上做静态路由:
r1(config)#ip route 192.168.1.0 255.255.255.0 192.168.4.1
r1(config)#ip route 192.168.2.0 255.255.255.0 192.168.5.1
查看r1路由表:
r1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.4.0/24 is directly connected, Serial1/0
C 192.168.5.0/24 is directly connected, Serial1/1
S 192.168.1.0/24 [1/0] via 192.168.4.1
S 192.168.2.0/24 [1/0] via 192.168.5.1
C 192.168.3.0/24 is directly connected, FastEthernet0/0
R1是做nat转换:
r1(config)#inter f0/0
r1(config-if)#ip nat inside
r1(config-if)#inter s1/0
r1(config-if)#ip nat outside
r1(config-if)#inter s1/1
r1(config-if)#ip nat outside
制作控制列表:
r1(config)#access-list 100 permit ip 192.168.3.0 ?
A.B.C.D Source wildcard bits
r1(config)#access-list 100 permit ip 192.168.3.0
A.B.C.D Destination address
any Any destination host
host A single destination host
r1(config)#$ 100 permit ip 192.168.3.0
r1(config)#$ 101 permit ip 192.168.3.0
r1#show access
% Ambiguous command: "show access"
r1#show access-list
Extended IP access list 100
permit ip 192.168.3.0
Extended IP access list 101
permit ip 192.168.3.0
r1(config)#ip nat inside source list 100 inter s1/0 overload
r1(config)#ip nat inside source list 101 inter s1/1 overload
测试:
r1(config)#exit
r1#sho
01:01:11: %SYS-5-CONFIG_I: Configured from console by console
r1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.4.0/24 is directly connected, Serial1/0
C 192.168.5.0/24 is directly connected, Serial1/1
S 192.168.1.0/24 [1/0] via 192.168.4.1
S 192.168.2.0/24 [1/0] via 192.168.5.1
C 192.168.3.0/24 is directly connected, FastEthernet0/0
虚拟机测试:
虚拟机ping3.254
Ping1.254
Ping2.254:
r1#ping 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/169/188 ms
r1#ping 192.168.2.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 156/175/188 ms
r1#
r2测试:
r2#ping 192.168.3.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.120, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.4.0/24 is directly connected, Serial1/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
R3测试:
r3#ping 192.168.3.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.5.0/24 is directly connected, Serial1/1
C 192.168.2.0/24 is directly connected, FastEthernet0/0
