路漫漫其修远兮,吾将上下而求索。
实验目的如图
实验思路:配置内网,再配置外网,再做nat
clien1配置
clien2配置
pc3配置
lsw1配置
sysname lsw1
#
vlan batch 10 20 30
#
interface MEth0/0/1
#
interface Eth-Trunk1port link-type trunkport trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1port link-type accessport default vlan 10
#
interface Ethernet0/0/2port link-type accessport default vlan 20
#
interface Ethernet0/0/3port link-type accessport default vlan 30
#
interface GigabitEthernet0/0/1eth-trunk 1
#
interface GigabitEthernet0/0/2eth-trunk 1
#AR1配置
sysname AR1
#
acl number 2001 rule 5 permit source 192.168.1.0 0.0.0.255
acl number 2002 rule 5 permit source 192.168.2.0 0.0.0.255
acl number 2003 rule 5 permit source 192.168.3.0 0.0.0.255
#nat alg ftp enable#nat address-group 1 1.1.1.1 1.1.1.1nat address-group 2 2.2.2.2 2.2.2.2nat address-group 3 3.3.3.3 3.3.3.3
#
interface Eth-Trunk1undo portswitch
#
interface Eth-Trunk1.1dot1q termination vid 10ip address 192.168.1.1 255.255.255.0 arp broadcast enable
#
interface Eth-Trunk1.2dot1q termination vid 20ip address 192.168.2.1 255.255.255.0 arp broadcast enable
#
interface Eth-Trunk1.3dot1q termination vid 30ip address 192.168.3.1 255.255.255.0 arp broadcast enable
#
interface GigabitEthernet0/0/0ip address 192.168.4.2 255.255.255.0 nat outbound 2001 address-group 1 nat outbound 2002 address-group 2 nat outbound 2003 address-group 3
#
interface GigabitEthernet0/0/1eth-trunk 1
#
interface GigabitEthernet0/0/2eth-trunk 1
#
interface LoopBack1ip address 1.1.1.10 255.255.255.0
#
interface LoopBack2ip address 2.2.2.20 255.255.255.0
#
interface LoopBack3ip address 3.3.3.30 255.255.255.0
#
rip 1version 1network 1.0.0.0network 2.0.0.0network 3.0.0.0network 192.168.4.0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.4.1
AR2配置
sysname AR2
#
interface GigabitEthernet0/0/0ip address 192.168.4.1 255.255.255.0
#
interface GigabitEthernet0/0/1ip address 192.168.5.1 255.255.255.0
#
rip 1version 1network 192.168.4.0network 192.168.5.0
AR3配置
sysname AR3
#nat alg ftp enable
#
interface GigabitEthernet0/0/1ip address 192.168.5.2 255.255.255.0 nat server protocol tcp global 4.4.4.4 2121 inside 172.16.1.10 ftpnat server protocol tcp global 5.5.5.5 8080 inside 172.16.1.20 www
#
interface GigabitEthernet0/0/2ip address 172.16.1.1 255.255.255.0
#
interface LoopBack1ip address 4.4.4.40 255.255.255.0
#
interface LoopBack2ip address 5.5.5.50 255.255.255.0
#
rip 1network 4.0.0.0network 5.0.0.0network 192.168.5.0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.5.1
#
FTP配置
WWW配置
验证
两端nat是否映射成功
看是否能正常访问www和ftp服务
注意ospf 不能配置此实验,因为它会使环回口子网掩码变成32,单独成为只有一个IP地址的网段,使其它网段不能ping通此段,造成丢包,会导致nat映射失败。
