实验要求:

VLAN10和VLAN20服务器采用静态NAT发布服务

VLAN30主机采用动态NAT地址池连接外网

VLAN40和VLAN50采用PAT模式连接外网


地址规划:

IOU1

e0/0:10.0.12.2/24

e0/1:100.0.0.1/24

IOU2

e0/0:100.0.0.2/25

e0/1:101.0.0.254/24

IOU3

e0/0:10.0.12.1/24


IOU4

vlan10:192.168.10.1/24


IOU5

vlan20:192.168.20.1/24


IOU6

vlan30:192.168.30.1/24


IOU7

vlan40:192.168.40.1/24


IOU8

vlan50:192.168.50.1/24


IOU9

101.0.0.1/24



实验拓扑:

NAT实验_外网


代码与注释:

(默认初始进入特权模式,部分代码与注释可参考本人其他博客)

配置全网互通:

IOU3:

config terminal

创建VLAN:

vlan 10,20,30,40,50

exit

配置接口:

interface e0/0

no switchport

ip address 10.0.12.1 255.255.255.0

no shutdown

interface e0/1

switchport mode access

switchport access vlan 10

interface e0/2

switchport mode access

switchport access vlan 20

interface e0/3

switchport mode access

switchport access vlan 30

interface e1/0

switchport mode access

switchport access vlan 40

interface e1/1

switchport mode access

switchport access vlan 50

interface vlan 10

ip address 192.168.10.254 255.255.255.0

no shutdown

interface vlan 20

ip address 192.168.20.254 255.255.255.0

no shutdown

interface vlan 30

ip address 192.168.30.254 255.255.255.0

no shutdown

interface vlan 40

ip address 192.168.40.254 255.255.255.0

no shutdown

interface vlan 50

ip address 192.168.50.254 255.255.255.0

no shutdown

exit

配置静态路由:

ip route 0.0.0.0 0.0.0.0 10.0.12.2

IOU1:

config terminal

配置接口:

interface e0/1

duplex full

ip address 10.0.12.2 255.255.255.0

no shutdown

interface e0/0

ip address 100.0.0.1 255.255.255.0

no shutdown

exit

配置静态路由:

ip route 192.168.10.0 255.255.255.0 10.0.12.1

ip route 192.168.20.0 255.255.255.0 10.0.12.1

ip route 192.168.30.0 255.255.255.0 10.0.12.1

ip route 192.168.40.0 255.255.255.0 10.0.12.1

ip route 192.168.50.0 255.255.255.0 10.0.12.1

ip route 0.0.0.0 0.0.0.0 100.0.0.2

IOU2:

config terminal

配置接口:

interface e0/0

ip address 100.0.0.2 255.255.255.0

no shutdown

interface e0/1

ip address 101.0.0.254 255.255.255.0

no shutdown

exit

配置静态路由:

ip route 0.0.0.0 0.0.0.0 100.0.0.1

IOU4:(PC设备配置相似,本文以IOU4举例)

config terminal

interface e0/0

duplex full

ip address 192.168.10.1 255.255.255.0

no shutdown

exit

ip route 0.0.0.0 0.0.0.0 192.168.10.254

配置NAT:

IOU1:

ip nat inside source static 192.168.10.1 100.0.0.10  //配置静态NAT

ip nat inside source static tcp 192.168.20.1 80 100.0.0.11 80  //配置静态NAT,支持IOU5web服务

ip nat pool vlan30 100.0.0.21 100.0.0.30 netmask 255.255.255.0  //配置动态NAT

access-list 1 permit 192.168.30.0 0.0.0.255 

ip nat inside source list 1 pool vlan30

ip nat pool pat 100.0.0.12 100.0.0.12 netmask 255.255.255.0 //配置PAT

access-list 2 permit 192.168.40.0 0.0.0.255

access-list 2 permit 192.168.50.0 0.0.0.255

ip nat inside source list 2 pool pat overload

interface e0/0

ip nat outside  //接口启用NAT

interface e0/1

ip nat inside

exit

查看配置:

exit

show ip nat translations

NAT实验_ide_02

实验符合预期,配置结束


(如有疏漏,还望读者指出)