静态 nat 与标准 acl 的混合使用  

 

<1> 、将 pc0 pc1 ip 转换为环回地址。

<2> 、阻止 1.1.1 .2 的通信

 

Router 1 配置:

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int f 0/0
Router(config-if)#ip add 1.1.1.1 255.0.0.0
Router(config-if)#no shut

 

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#int f0/1
Router(config-if)#ip add 2.2.2.1 255.0.0.0
Router(config-if)#no shutdown

 

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
Router(config-if)#exit
Router(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Router(config)#int loopback 0

 

%LINK-5-CHANGED: Interface Loopback0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Router(config-if)#ip add 4.4.4.1 255.0.0.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#router rip

Router(config-router)#network 1.0.0.0

Router(config-router)#network 2.0.0.0

Router(config-router)#network 4.0.0.0

Router(config-router)#end
%SYS-5-CONFIG_I: Configured from console by console
Router#show ip rou
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

 

Gateway of last resort is not set

 

C    1.0.0.0/8 is directly connected, FastEthernet0/0

C    2.0.0.0/8 is directly connected, FastEthernet0/1

R    3.0.0.0/8 [120/1] via 2.2.2.2, 00:00:11, FastEthernet0/1

C    4.0.0.0/8 is directly connected, Loopback0

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ip nat inside source s
Router(config)#ip nat inside source static 1.1.1.2 4.4.4.2

Router(config)#ip nat inside source static 1.1.1.3 4.4.4.3

Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat in
Router(config-if)#ip nat inside
Router(config-if)#no shut
Router(config-if)#no shutdown
Router(config-if)#int f0/1
Router(config-if)#ip nat outside
Router(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
Router#show ip nat ?
  statistics    Translation statistics
  translations  Translation entries
Router#show ip nat tr
Router#show ip nat translations

Pro  Inside global     Inside local       Outside local      Outside global

---  4.4.4.2           1.1.1.2            ---                ---

---  4.4.4.3           1.1.1.3            ---                ---

 

Router#ping 3.3.3.2

 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 ms

 

Router#conf
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#acc
Router(config)#access-list ?
  <1-99>     IP standard access list
  <100-199>  IP extended access list
Router(config)#access-list 1 ?
  deny    Specify packets to reject
  permit  Specify packets to forward
  remark  Access list entry comment
Router(config)#access-list 1 deny ho
Router(config)#access-list 1 deny host 1.1.1.2
Router(config)#access-list 1 per
Router(config)#access-list 1 permit any
Router(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
Router#show acc
Router#show access-lists

Standard IP access list 1

    deny host 1.1.1.2

    permit any

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 1 in
Router(config-if)#no shut
Router(config-if)#
Router(config-if)#

 

 

 

 

 

 

 

Rourer 1 的配置:

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip add 3.3.3.1 255.0.0.0
Router(config-if)#no shutdown

 

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#
Router(config-if)#int f0/1
Router(config-if)#ip add 2.2.2.2 255.0.0.0
Router(config-if)#no shut

 

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Router(config-if)#
Router(config-if)#exit
Router(config)#router rip

Router(config-router)#net

Router(config-router)#network 2.0.0.0

Router(config-router)#network 3.0.0.0

Router(config-router)#end

%SYS-5-CONFIG_I: Configured from console by console
Router#show ip rou
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

 

Gateway of last resort is not set

 

R    1.0.0.0/8 [120/1] via 2.2.2.1, 00:00:24, FastEthernet0/1

C    2.0.0.0/8 is directly connected, FastEthernet0/1

C    3.0.0.0/8 is directly connected, FastEthernet0/0

R    4.0.0.0/8 [120/1] via 2.2.2.1, 00:00:24, FastEthernet0/1

Router#ping 4.4.4.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 81/91/94 ms

 

Router#ping 4.4.4.3

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 63/84/94 ms

 

 

Router#

 

 

 

 

 

 

 

pc1 上的测试:

Packet Tracer PC Command Line 1.0
PC>ping 3.3.3.2

 

Pinging 3.3.3.2 with 32 bytes of data:

 

Request timed out.
Request timed out.
Request timed out.
Request timed out.

 

Ping statistics for 3.3.3.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

PC>ping 1.1.1.1

 

Pinging 1.1.1.1 with 32 bytes of data:

 

Request timed out.
Request timed out.
Request timed out.
Request timed out.

 

Ping statistics for 1.1.1.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

PC>