1,打开60的cacti找到甘肃铁通电信2如下图所示:
2,打开220cacti找到NC3560如下列图示:
3,通过以上信息画出用户甘肃铁通电信2拓扑图如下:
4,登陆220服务器—>登陆nc3560这台交换机
[root@SERV89 www]# telnet nc3560
Pwd:ctcnc
Jiangxi_Gansu_B01>enable
Password:ctcnc
5,查看该交换机运行着的配置信息
Jiangxi_Gansu_B01#showrunning-config
interface GigabitEthernet0/5
//该口连接的是正在使用的NAT服务器:192.168.138.2的eth1口
description To GSCTT_SER eth1
switchport access vlan 101
switchport mode access
load-interval 30
!
interface GigabitEthernet0/6
//该口连接的是正在使用的NAT服务器:192.168.138.2的eth0口
description To GSCTT_SER eth0 ip:192.168.138.2
no switchport
ip address 192.168.138.1 255.255.255.0
//G0/6的IP地址
load-interval 30
!
interfaceGigabitEthernet0/7
//该口连接的是备用是NAT服务器:192.168.139.2的eth0口
description To backup-SER eth0 ip:192.168.139.2
switchport access vlan 140
switchport trunk encapsulation dot1q
switchport trunk native vlan 140
switchport trunk allowed vlan 138-140
switchport mode trunk
load-interval 30
duplex full
speed 1000
!
interface GigabitEthernet0/8
//该口连接的是备用是NAT服务器:192.168.139.2的eth1口
description To backup-SER eth1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 100,101
switchport mode trunk
load-interval 30
shutdown
duplex full
speed 1000
!
interface GigabitEthernet0/25
//该口连接的是叫江西电信的资源,资源连接因特网
//电信和联通是资源,铁通移动属于用户
no switchport
ip address 59.63.255.50 255.255.255.252 secondary
ip address 59.53.48.114 255.255.255.252
load-interval 30
!
interface GigabitEthernet0/26
//该口连接的是叫甘肃铁通的用户。属于vlan101
description To GSCTT
switchport access vlan 101
switchport mode access
load-interval 30
speed nonegotiate
!
ip classless
ip route 0.0.0.0 0.0.0.0 59.63.255.49
ip route 1.19.8.0 255.255.248.0 Null0
ip route 1.92.0.0 255.255.240.0 Null0
ip route 59.53.52.0 255.255.252.0 Null0
ip route 59.53.52.0 255.255.255.0 Null0
ip route 59.53.53.0 255.255.255.0 Null0
ip route 59.53.54.0 255.255.255.0192.168.139.2
ip route 59.53.54.128 255.255.255.128192.168.138.2
ip route 59.53.55.0 255.255.255.0192.168.138.2
ip route 59.63.160.0 255.255.224.0 Null0name JiangxiTele02
ip route 59.63.192.0 255.255.192.0 Null0name JiangxiTele03
ip route 59.63.224.0 255.255.224.0 Null0name NNGuangD_pool
ip route 219.234.80.220 255.255.255.25559.63.255.49
ip route 219.238.159.162 255.255.255.25559.63.255.49
ip route 219.238.159.180 255.255.255.25559.63.255.49
6,查看甘肃铁通用户连接的G0/26口的信息属于vlan101
Jiangxi_Gansu_B01#show running-configinterface g0/26
Building configuration...
Current configuration : 148 bytes
!
interface GigabitEthernet0/26
description To GSCTT
switchport access vlan 101
switchport mode access
load-interval 30
speed nonegotiate
end
7,登陆图示有流量的服务器01:192.168.138.2
Jiangxi_Gansu_B01#telnet 192.168.138.2
login: admin
Password:admin
[admin@GansuBnat01 ~]$ su - root
Password: admin
7,查看192.168.138.2网卡信息
[root@GansuBnat01 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr00:30:48:33:DD:52
inet addr:192.168.138.2 Bcast:192.168.138.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3845735717 errors:0 dropped:39173111 overruns:0 frame:0
TX packets:4252478377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:701526308 (669.0 MiB) TXbytes:3804799767 (3.5 GiB)
Memory:d8000000-d8020000
eth1 Link encap:Ethernet HWaddr00:30:48:33:DD:53
inet addr:59.53.52.1 Bcast:59.53.52.3 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4136813440 errors:0 dropped:21164896 overruns:0 frame:0
TX packets:2281977231 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3272692444 (3.0 GiB) TXbytes:665651294 (634.8 MiB)
Memory:d8020000-d8040000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1842 errors:0 dropped:0 overruns:0 frame:0
TX packets:1842 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:266151 (259.9 KiB) TXbytes:266151 (259.9 KiB)
8,查看192.168.139.2NAT信息
[root@GansuBnat01 ~]# iptables -t nat-nvL
Chain PREROUTING (policy ACCEPT 9565Mpackets, 891G bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 101packets, 6116 bytes)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * eth0 116.245.254.0/24 0.0.0.0/0
4099M 306G SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:59.53.54.128-59.53.54.253(地址池)
0 0 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:59.53.55.6-59.53.55.254
Chain OUTPUT (policy ACCEPT 25118packets, 1620K bytes)
pkts bytes target prot opt in out source destination
9,查看192.168.139.2 网卡接口信息
[root@GansuBnat01 ~]# ip address ls
1: lo: <LOOPBACK,UP,LOWER_UP> mtu16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet 59.53.54.128/32 scope global lo
inet 59.53.54.129/32 scope global lo
2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:30:48:33:dd:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.138.2/24 brd 192.168.138.255 scope global eth0
3: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:30:48:33:dd:53 brd ff:ff:ff:ff:ff:ff
inet 59.53.52.1/30 brd 59.53.52.3 scope global eth1
10,通过服务器IP地址计算用户IP地址
用户甘肃铁通和交换机的0/26,0/5,以及NAT服务器的eth1同属于一个叫vlan101的VLAN
由于NAT服务器的接用户的属于vlan101的eth1的IP是59.53.52.1/30,所以用户甘肃铁通的IP地址一定是59.53.52.2/30
11,这个IP是怎么样计算的呢???
从59.53.52.1/30可以看出来该网段有4个地址可以用。因为30代表网络位占用了30位,主机位只剩下2位啦!!2位有4台主机。而在主机位0-3,4-7,8-11中,下列主机位是不能用的:0,3,4,7,8,11。可用的剩下:1,2,5,6,9,10。
12,查用户甘肃铁通的回程路由
[root@GansuBnat01 ~]#ip route ls | grep 59.53.52.2
123.81.1.96/30via 59.53.52.2 dev eth1 proto zebraequalize
123.81.160.0/19via 59.53.52.2 dev eth1 proto zebraequalize
123.81.0.0/16via 59.53.52.2 dev eth1 proto zebraequalize
13,潜规则
服务器的eth0接资源
eth1划分出不同的vlan接用户
