思科单臂路由+动态NAT实验学习笔记
实验拓扑如下:
IP配置信息
PC1:ip-192.168.1.100/24 gw-192.168.1.254
PC2:ip-192.168.2.100/24 gw-192.168.2.254
SW1:VLAN 100、200
R3:F0/0.1 ip-192.168.1.254/24
F0/0.2 ip-192.168.2.254/24
S1/0 ip-200.200.200.1/30
R4:S0/1 ip-200.200.200.2/30
S0/2 ip-200.200.200.5/30
R5:S0/2 ip-200.200.200.6/30
F1/0 ip-8.8.8.254/24
PC3:ip-8.8.8.100/24 gw-8.8.8.254
因为使用路由器充当PC机来使用所以要关闭路由功能、设置网关即可。配置如下:
PC1:
PC1>en
PC1#config t
PC1(config)#no ip routing
PC1(config)#ip default-gateway 192.168.1.254
PC1(config)#int f0/0
PC1(config-if)#no shutdown
PC1(config-if)#description "PC1-Switch-F0/1"
PC1(config-if)#ip add 192.168.1.100 255.255.255.0
PC2、PC3与上述配置相同只需要把IP信息更换即可,这样配置完后就可以当PC机进行ping测试了。
单臂路由配置
SW配置
Switch是使用3640路由器加载16口的交换模块,所以也要执行No ip routing命令关闭路由功能。
SW1#en
SW1#config t
SW1(config)#no ip routing
SW1(config)#exit
SW1#vlan database
SW1(vlan)#vlan 100
SW1(vlan)#vlan 200
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int f0/1
SW1(config-if)#sw mode access
SW1(config-if)#sw access vlan 100
SW1(config-if)#int f0/2
SW1(config-if)#sw mode access
SW1(config-if)#sw access vlan 200
SW1(config-if)#int f0/0
SW1(config-if)#sw mo trunk
SW1(config-if)#sw trunk allowed vlan all
配置后毕后使用show vlan或者是show vlan-switch查看VLAN信息
R3配置
R3#config t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int f0/0
R3(config-if)#no shutdown
R3(config-if)#int f0/0.1
R3(config-subif)#description "1.0-Gateway"
R3(config-subif)#encapsulation dot1Q 100
R3(config-subif)#ip add 192.168.1.254 255.255.255.0
R3(config-subif)#int f0/0.2
R3(config-subif)#description "2.0-Gateway"
R3(config-subif)#encapsulation dot1Q 200
R3(config-subif)#ip add 192.168.2.254 255.255.255.0
配置完毕后检查是否成功
PC1#ping 192.168.2.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/22/40 ms
NAT配置
路由条目配置
R3:0.0.0.0 0.0.0.0 200.200.200.2
R4:8.8.8.0 255.255.255.0 200.200.200.6
R5:200.200.200.0 255.255.255.252 200.200.200.5
R3配置
R3>en
R3#config t
R3(config)#int s1/0
R3(config-if)#ip add 200.200.200.1 255.255.255.252
R3(config-if)#description "Internet Interface"
R3(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.2
R4、R5接口IP配置与需要配置的路由与R3命令相同参数不同;
R3(config)#access-list 1 permit 192.168.1.0 0.0.0.255
R3(config)#access-list 2 permit 192.168.2.0 0.0.0.255
R3(config)#ip nat pool nat100 200.200.200.1 200.200.200.1 netmask 255.255.255.252
R3(config)#ip nat pool nat200 200.200.200.1 200.200.200.1 netmask 255.255.255.252
R3(config)#ip nat inside source list 1 pool nat100
R3(config)#ip nat inside source list 2 pool nat200
R3(config)#int f0/0.1
R3(config-subif)#ip nat inside
R3(config-subif)#int f0/0.2
R3(config-subif)#ip nat inside
R3(config-subif)#int s1/0
R3(config-if)#ip nat outside
动态NAT配置完毕,检查配置是否成功
PC1#PING 8.8.8.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/69/92 ms
若出现从PC1无法Ping通,仔细检查R5路由是否存在,