R1、R2、R3模拟企业内网跑RIPv2路由协议,R3是企业网关,实现全网互通,内网通过NAT转换访问Internet,目标为4.4.4.4/24
 
R1
en
conf t
line con 0
no exec-t
exit
host R1
int f0/0
no sh
ip add 192.168.12.1 255.255.255.0
exit
router rip
ver 2
no au
net 192.168.12.0
===================R2============================
en
conf t
line con 0
no exec-t
exit
host R2
int f0/0
no sh
ip add 192.168.12.2 255.255.255.0
int f1/0
no sh
ip add 192.168.23.2 255.255.255.0
exit
router rip
ver 2
no au
net 192.168.12.0
net 192.168.23.0
end
================R3=========================
en
conf t
line con 0
no exec-t
exit
host R3
int f0/0
no sh
ip add 192.168.23.3 255.255.255.0
int f1/0
no sh
ip add 34.34.34.3 255.255.255.0
int lo 0
ip add 3.3.3.3 255.0.0.0 
exit
router rip
ver 2
no au
net 192.168.23.0
end
R3(config)#ip default-network 3.0.0.0 向内网下发默认路由
R3(config)#ip route 0.0.0.0 0.0.0.0 34.34.34.4
NAT配置
R3(config)#access-list 1 permit 192.168.0.0 0.0.255.255
R3(config)#ip nat inside source list 1 interface FastEthernet1/0 overload      
R3(config)#interface FastEthernet0/0
R3(config-if)#ip nat inside
R3(config)#interface FastEthernet1/0
R3(config-if)#ip nat outside
===================R4===============================
en
conf t
line con 0
no exec-t
exit
host R4
int f0/0
no sh
ip add 34.34.34.4 255.255.255.0
int lo0
no sh
ip add 4.4.4.4 255.255.255.0
 
实验调试
向内网下发默认路由后,会产生一条指向下一跳的默认路由
R1#sh ip route
Gateway of last resort is 192.168.12.2 to network 0.0.0.0
C    192.168.12.0/24 is directly connected, FastEthernet0/0
R    192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:01, FastEthernet0/0
R*   0.0.0.0/0 [120/2] via 192.168.12.2, 00:00:01, FastEthernet0/0
 
R2#sh ip route
Gateway of last resort is 192.168.23.3 to network 0.0.0.0
C    192.168.12.0/24 is directly connected, FastEthernet0/0
C    192.168.23.0/24 is directly connected, FastEthernet1/0
R*   0.0.0.0/0 [120/1] via 192.168.23.3, 00:00:23, FastEthernet1/0
R3#sh ip route
Gateway of last resort is 34.34.34.4 to network 0.0.0.0
     34.0.0.0/24 is subnetted, 1 subnets
C       34.34.34.0 is directly connected, FastEthernet1/0
R    192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:17, FastEthernet0/0
C*   3.0.0.0/8 is directly connected, Loopback0
C    192.168.23.0/24 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 34.34.34.4
NAT调试
R3#debug ip nat
IP NAT debugging is on
R3#
*Mar  1 00:35:16.295: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [25]
*Mar  1 00:35:16.391: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [25]
*Mar  1 00:35:16.515: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [26]
*Mar  1 00:35:16.563: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [26]
*Mar  1 00:35:16.631: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [27]
*Mar  1 00:35:16.671: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [27]
*Mar  1 00:35:16.763: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [28]
*Mar  1 00:35:16.795: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [28]
*Mar  1 00:35:16.907: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [29]
R3#
*Mar  1 00:35:16.999: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [29]
 
测试ping
R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
R1#traceroute 4.4.4.4
Type escape sequence to abort.
Tracing the route to 4.4.4.4
  1 192.168.12.2 128 msec 96 msec 60 msec
  2 192.168.23.3 128 msec 76 msec 140 msec
  3 34.34.34.4 252 msec *  232 msec
 
注意事项:
  • 向rip网络中注入默认路由先ip default-network,后写指向外网的默认路由,宣告ip default-network 必须是有类
  • 一般企业分配的公有IP是无类的,所以必须在环回口上宣告一个有类ip地址,例如本文的R3上3.3.3.3/8