拓扑
下图本系列NAT部分的实验环境拓扑
首先,打通路由部分
这部分比较简单,直接截图上来了,博客里格式调的费劲。
路由打通后的状态
先放一放后面处理红线部分。
然后,配置交换部分
##SW1设置端口及vlan
SW1#vlan database
SW1(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
SW1(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#inter f0/0
SW1(config-if)#no switchport
SW1(config-if)#ip addr 192.168.1.1 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#exit
SW1(config)#
SW1(config)#ip routing
SW1(config)#
SW1(config)#inter vlan 10
SW1(config-if)#ip addr 192.168.10.254 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#exit
SW1(config)#inter vlan 20
SW1(config-if)#ip addr 192.168.20.254 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#exit
SW1(config)#
SW1(config)#
SW1(config)#inter f0/1
SW1(config-if)#switch mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shut
SW1(config-if)#exit
SW1(config)#inter f0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20
SW1(config-if)#no shut
SW1(config-if)#end
SW1#
SW1#write
Building configuration...
[OK]
SW1###SW2设置端口及vlan
SW2#vlan database
SW2(vlan)#vlan 30
VLAN 30 added:
Name: VLAN0030
SW3(vlan)#exit
APPLY completed.
Exiting....
SW2#
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#inter f0/0
SW2(config-if)#no switchport
SW2(config-if)#ip addr 192.168.2.1 255.255.255.0
SW2(config-if)#no shut
SW2(config-if)#exit
SW2(config)#
SW2(config)#ip routing
SW2(config)#
SW2(config)#inter vlan 30
SW2(config-if)#ip addr 192.168.30.254 255.255.255.0
SW2(config-if)#no shut
SW2(config-if)#exit
SW2(config)#
SW2(config)#inter f0/1
SW2(config-if)# switchport mode access
SW2(config-if)#switchport access vlan 30
SW2(config-if)#no shut
SW2(config-if)#end
SW2#
SW2#write
Building configuration...
[OK]
SW2#在交换机上测试连通性
##设置端口IP地址
SW1#ping 192.168.1.2 source f0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 44/61/68 ms
SW1#ping 1.1.1.1 source f0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
.....
Success rate is 0 percent (0/5)
SW1#这里想通,只需要在SW上no ip routing或者写默认路由下一跳是f/0即可
##设置端口IP地址
SW2#ping 192.168.2.2 source f0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/72 ms
SW2#ping 2.1.1.2 source f0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
.....
Success rate is 0 percent (0/5)
SW2#这里想通,只需要在SW上no ip routing或者写默认路由下一跳是f/0即可
解决上述不通问题
##SW1设置默认路由
SW1#conf t
SW1(config)#ip route 0.0.0.0 0.0.0.0 f0/0
SW1(config)#end
SW1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan20
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, FastEthernet0/0
SW1#ping 1.1.1.1 source f0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 52/62/68 ms
SW1#write
Building configuration...
[OK]
SW1###SW2设置默认路由
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#ip route 0.0.0.0 0.0.0.0 f0/0
SW2(config)#end
SW2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 192.168.30.0/24 is directly connected, Vlan30
C 192.168.2.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, FastEthernet0/0
SW2#ping 2.1.1.2 source f0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 60/63/64 ms
SW2#write
Building configuration...
[OK]
SW2#在PC端验证连通性
##设置PC-1
PC-1> ip 192.168.10.10 255.255.255.0 192.168.10.254
Checking for duplicate address...
PC1 : 192.168.10.10 255.255.255.0 gateway 192.168.10.254
PC-1> save
Saving startup configuration to startup.vpc
. done
PC-1> ping 1.1.1.1
1.1.1.1 icmp_seq=1 timeout
1.1.1.1 icmp_seq=2 timeout
1.1.1.1 icmp_seq=3 timeout
1.1.1.1 icmp_seq=4 timeout
1.1.1.1 icmp_seq=5 timeout
PC-1> ping 192.168.1.2
192.168.1.2 icmp_seq=1 timeout
192.168.1.2 icmp_seq=2 timeout
192.168.1.2 icmp_seq=3 timeout
192.168.1.2 icmp_seq=4 timeout
192.168.1.2 icmp_seq=5 timeout
PC-1> ping 192.168.1.1
84 bytes from 192.168.1.1 icmp_seq=1 ttl=255 time=15.025 ms
84 bytes from 192.168.1.1 icmp_seq=2 ttl=255 time=15.614 ms
84 bytes from 192.168.1.1 icmp_seq=3 ttl=255 time=16.040 ms
84 bytes from 192.168.1.1 icmp_seq=4 ttl=255 time=14.835 ms
84 bytes from 192.168.1.1 icmp_seq=5 ttl=255 time=14.963 ms
PC-1>##设置PC-2
PC-2> ip 192.168.20.10 255.255.255.0 192.168.20.254
Checking for duplicate address...
PC1 : 192.168.20.10 255.255.255.0 gateway 192.168.20.254
PC-2> save
Saving startup configuration to startup.vpc
. done
PC-2> ping 1.1.1.1
1.1.1.1 icmp_seq=1 timeout
1.1.1.1 icmp_seq=2 timeout
1.1.1.1 icmp_seq=3 timeout
1.1.1.1 icmp_seq=4 timeout
1.1.1.1 icmp_seq=5 timeout
PC-2> ping 192.168.1.2
192.168.1.2 icmp_seq=1 timeout
192.168.1.2 icmp_seq=2 timeout
192.168.1.2 icmp_seq=3 timeout
192.168.1.2 icmp_seq=4 timeout
192.168.1.2 icmp_seq=5 timeout
PC-2> ping 192.168.1.1
84 bytes from 192.168.1.1 icmp_seq=1 ttl=255 time=30.955 ms
84 bytes from 192.168.1.1 icmp_seq=2 ttl=255 time=14.830 ms
84 bytes from 192.168.1.1 icmp_seq=3 ttl=255 time=15.116 ms
84 bytes from 192.168.1.1 icmp_seq=4 ttl=255 time=14.848 ms
84 bytes from 192.168.1.1 icmp_seq=5 ttl=255 time=14.985 ms
PC-2>##设置PC-3
PC-3> ip 192.168.30.10 255.255.255.0 192.168.30.254
Checking for duplicate address...
PC1 : 192.168.30.10 255.255.255.0 gateway 192.168.30.254
PC-3> save
Saving startup configuration to startup.vpc
. done
PC-3> ping 2.1.1.2
2.1.1.2 icmp_seq=1 timeout
2.1.1.2 icmp_seq=2 timeout
2.1.1.2 icmp_seq=3 timeout
2.1.1.2 icmp_seq=4 timeout
2.1.1.2 icmp_seq=5 timeout
pi
PC-3> ping 192.168.2.2
192.168.2.2 icmp_seq=1 timeout
192.168.2.2 icmp_seq=2 timeout
192.168.2.2 icmp_seq=3 timeout
192.168.2.2 icmp_seq=4 timeout
192.168.2.2 icmp_seq=5 timeout
PC-3> ping 192.168.2.1
84 bytes from 192.168.2.1 icmp_seq=1 ttl=255 time=28.843 ms
84 bytes from 192.168.2.1 icmp_seq=2 ttl=255 time=14.926 ms
84 bytes from 192.168.2.1 icmp_seq=3 ttl=255 time=15.479 ms
84 bytes from 192.168.2.1 icmp_seq=4 ttl=255 time=15.649 ms
84 bytes from 192.168.2.1 icmp_seq=5 ttl=255 time=15.198 ms
PC-3>此时的状况
使用静态路由解决PC连通性问题
##在R1中添加到192.168.10.0/24网段的静态路由
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 192.168.10.0 255.255.255.0 192.168.1.1
R1(config)#end
R1#write
Building configuration...
[OK]
R1###在R3中添加到192.168.30.0/24网段的静态路由
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#ip route 192.168.30.0 255.255.255.0 f0/0
R3(config)#end
R3#write
Building configuration...
[OK]
R3#在PC端检验连通性
##在PC-1上再次测试ping
PC-1> ping 1.1.1.1
84 bytes from 1.1.1.1 icmp_seq=1 ttl=254 time=61.869 ms
84 bytes from 1.1.1.1 icmp_seq=2 ttl=254 time=45.009 ms
84 bytes from 1.1.1.1 icmp_seq=3 ttl=254 time=46.130 ms
84 bytes from 1.1.1.1 icmp_seq=4 ttl=254 time=45.985 ms
84 bytes from 1.1.1.1 icmp_seq=5 ttl=254 time=45.649 ms
PC-1> ping 1.1.1.2
1.1.1.2 icmp_seq=1 timeout
1.1.1.2 icmp_seq=2 timeout
1.1.1.2 icmp_seq=3 timeout
1.1.1.2 icmp_seq=4 timeout
1.1.1.2 icmp_seq=5 timeout
PC-1>因为R2上没有到192.168.10.0/24网段的路由;所以此时PC-1上ping 1.1.1.2回包找不到回来的路将会被丢弃,在PC-1上就表现为timeout。
此时;大家应该可以看到静态路由的局限性了;每个路由节点都要手动指定;路由节点多的时候根本无法完成。
这里的R2相当于Internet内部,pc-1 ping不通暂时先不管。
##在PC-3上再次测试ping
PC-3> ping 2.1.1.2
2.1.1.2 icmp_seq=1 timeout
84 bytes from 2.1.1.2 icmp_seq=2 ttl=254 time=45.420 ms
84 bytes from 2.1.1.2 icmp_seq=3 ttl=254 time=46.377 ms
84 bytes from 2.1.1.2 icmp_seq=4 ttl=254 time=45.314 ms
84 bytes from 2.1.1.2 icmp_seq=5 ttl=254 time=45.091 ms
PC-3> ping 2.1.1.1
2.1.1.1 icmp_seq=1 timeout
2.1.1.1 icmp_seq=2 timeout
2.1.1.1 icmp_seq=3 timeout
2.1.1.1 icmp_seq=4 timeout
2.1.1.1 icmp_seq=5 timeout
PC-3>因为R2上没有到192.168.30.0/24网段的路由;所以此时PC-3上ping 2.1.1.1回包找不到回来的路将会被丢弃,在PC-3上就表现为timeout。
此时;大家应该可以看到静态路由的局限性了;每个路由节点都要手动指定;路由节点多的时候根本无法完成。
这里的R2相当于Internet内部,pc-3 ping不通暂时先不管。
解决R1内网端口访问公网地址不通的问题
接下来我们解决这个问题
配置:
R1#ping 1.1.1.1 source 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1#ping 1.1.1.2 source 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
.....
Success rate is 0 percent (0/5)
R1#ping 1.1.1.2 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/62/68 ms
R1#R2/R3同理
在没配置静态或者默认路由的情况下只能ping通直连路由
并且此时左边内网的PC-1无法完成与R2及其右边所有网络的通讯;但是这些我们先不处理;
首先我们R1——R2——R3之间的通讯(因为R2模拟internet;一般的企业无法修改该路由器设置有关自己内网的任何设置,所以尽量避免修改R2)
1、R1打通到2.1.1.0/24+192.168.2.0/24的通讯(显示情况下R1应该是ISP运营的,会启用动态路由协议,不需要我们手动设定internet内部的路由;但是本次实验环境我们使用手动写静态路由的方式实现)
2、R3类同R1设定打通到1.1.1.0/24+192.168.1.0/24的通讯
3、R2打通到192.168.1.0/24+192.168.2.0/24的通讯
##R1打通到2.1.1.0/24+192.168.2.0/24的通讯
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 2.1.1.0 255.255.255.0 f0/1
R1(config)#ip route 192.168.2.0 255.255.255.0 1.1.1.2
R1(config)#end
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, FastEthernet0/1
2.0.0.0/24 is subnetted, 1 subnets
S 2.1.1.0 is directly connected, FastEthernet0/1
S 192.168.10.0/24 [1/0] via 192.168.1.1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S 192.168.2.0/24 [1/0] via 1.1.1.2
R1#write
Building configuration...
[OK]
R1###R2打通到192.168.1.0/24+192.168.2.0/24的通讯
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 192.168.1.0 255.255.255.0 f0/0
R2(config)#ip route 192.168.2.0 255.255.255.0 2.1.1.2
R2(config)#end
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.1.1.0 is directly connected, FastEthernet0/1
S 192.168.1.0/24 is directly connected, FastEthernet0/0
S 192.168.2.0/24 [1/0] via 2.1.1.2
R2#write
Building configuration...
[OK]
R2###R3打通到1.1.1.0/24+192.168.1.0/24的通讯
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#ip route 1.1.1.0 255.255.255.0 2.1.1.1
R1(config)#ip route 192.168.1.0 255.255.255.0 f0/1
R3(config)#end
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S 1.1.1.0 [1/0] via 2.1.1.1
2.0.0.0/24 is subnetted, 1 subnets
C 2.1.1.0 is directly connected, FastEthernet0/1
S 192.168.30.0/24 is directly connected, FastEthernet0/0
S 192.168.1.0/24 is directly connected, FastEthernet0/1
C 192.168.2.0/24 is directly connected, FastEthernet0/0
R3#write
Building configuration...
[OK]
R3#在各路由器上验证修复结果
R1#ping 1.1.1.2 source 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/68/72 ms
R1#ping 2.1.1.1 source 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/67/72 ms
R1#ping 2.1.1.2 source 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/122/128 ms
R1#ping 192.168.2.2 source 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/122/124 ms
R1#R2#ping 192.168.1.2 source 2.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
Packet sent with a source address of 2.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/78/96 ms
R2#ping 192.168.2.2 source 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms
R2#R3#ping 2.1.1.1 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/68 ms
R3#ping 1.1.1.2 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/72 ms
R3#ping 1.1.1.1 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/120/124 ms
R3#ping 192.168.1.2 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/88/96 ms
R3#在各PC上验证修复结果
PC-1> ping 1.1.1.1
84 bytes from 1.1.1.1 icmp_seq=1 ttl=254 time=59.870 ms
84 bytes from 1.1.1.1 icmp_seq=2 ttl=254 time=44.879 ms
84 bytes from 1.1.1.1 icmp_seq=3 ttl=254 time=46.119 ms
84 bytes from 1.1.1.1 icmp_seq=4 ttl=254 time=46.265 ms
84 bytes from 1.1.1.1 icmp_seq=5 ttl=254 time=45.609 ms
PC-1> ping 1.1.1.2
1.1.1.2 icmp_seq=1 timeout
1.1.1.2 icmp_seq=2 timeout
1.1.1.2 icmp_seq=3 timeout
1.1.1.2 icmp_seq=4 timeout
1.1.1.2 icmp_seq=5 timeout
PC-1> ping 2.1.1.1
2.1.1.1 icmp_seq=1 timeout
2.1.1.1 icmp_seq=2 timeout
2.1.1.1 icmp_seq=3 timeout
2.1.1.1 icmp_seq=4 timeout
2.1.1.1 icmp_seq=5 timeout
PC-1> ping 2.1.1.2
2.1.1.2 icmp_seq=1 timeout
2.1.1.2 icmp_seq=2 timeout
2.1.1.2 icmp_seq=3 timeout
2.1.1.2 icmp_seq=4 timeout
2.1.1.2 icmp_seq=5 timeout
PC-1> ping 192.168.2.2
192.168.2.2 icmp_seq=1 timeout
192.168.2.2 icmp_seq=2 timeout
192.168.2.2 icmp_seq=3 timeout
192.168.2.2 icmp_seq=4 timeout
192.168.2.2 icmp_seq=5 timeout
PC-1>PC-3> ping 2.1.1.2
84 bytes from 2.1.1.2 icmp_seq=1 ttl=254 time=44.851 ms
84 bytes from 2.1.1.2 icmp_seq=2 ttl=254 time=46.279 ms
84 bytes from 2.1.1.2 icmp_seq=3 ttl=254 time=45.293 ms
84 bytes from 2.1.1.2 icmp_seq=4 ttl=254 time=44.882 ms
84 bytes from 2.1.1.2 icmp_seq=5 ttl=254 time=44.993 ms
PC-3> ping 2.1.1.1
2.1.1.1 icmp_seq=1 timeout
2.1.1.1 icmp_seq=2 timeout
2.1.1.1 icmp_seq=3 timeout
2.1.1.1 icmp_seq=4 timeout
2.1.1.1 icmp_seq=5 timeout
PC-3> ping 1.1.1.2
1.1.1.2 icmp_seq=1 timeout
1.1.1.2 icmp_seq=2 timeout
1.1.1.2 icmp_seq=3 timeout
1.1.1.2 icmp_seq=4 timeout
1.1.1.2 icmp_seq=5 timeout
PC-3> ping 1.1.1.1
1.1.1.1 icmp_seq=1 timeout
1.1.1.1 icmp_seq=2 timeout
1.1.1.1 icmp_seq=3 timeout
1.1.1.1 icmp_seq=4 timeout
1.1.1.1 icmp_seq=5 timeout
PC-3> ping 192.168.1.2
192.168.1.2 icmp_seq=1 timeout
192.168.1.2 icmp_seq=2 timeout
192.168.1.2 icmp_seq=3 timeout
192.168.1.2 icmp_seq=4 timeout
192.168.1.2 icmp_seq=5 timeout
PC-3>当前的状态图示
至此,NAT的前提条件均已完成:
1.公网完成互联互通(模拟的)
2.内网完成互联互通(模拟的)
下一篇我们正式进入NAT的配置阶段解决红线部分的问题。
