R1、R2、R3模拟企业内网跑EIGRP路由协议,R3是企业网关,实现全网互通,内网通过NAT转换访问Internet,测试目标为4.4.4.4/24
R1
en
conf t
line con 0
no exec-t
exit
host R1
int f0/0
no sh
ip add 192.168.12.1 255.255.255.0
exit
router eigrp 100
no au
net 192.168.12.0 0.0.0.255
end
===================R2===========================
en
conf t
line con 0
no exec-t
exit
host R2
int f0/0
no sh
ip add 192.168.12.2 255.255.255.0
int f1/0
no sh
ip add 192.168.23.2 255.255.255.0
exit
router eigrp 100
no au
net 192.168.12.0 0.0.0.255
net 192.168.23.0 0.0.0.255
end
================R3================================
en
conf t
line con 0
no exec-t
exit
host R3
int f0/0
no sh
ip add 192.168.23.3 255.255.255.0
int f1/0
no sh
ip add 34.34.34.3 255.255.255.0
int lo 0
ip add 3.3.3.3 255.0.0.0
exit
router eigrp 100
no au
net 192.168.23.0 0.0.0.255
net 3.3.3.3 0.0.0.0
end
R3(config)#ip default-network 3.0.0.0
R3(config)#ip route 0.0.0.0 0.0.0.0 34.34.34.4
NAT配置
R3(config)#access-list 1 permit 192.168.0.0 0.0.255.255
R3(config)#ip nat inside source list 1 interface FastEthernet1/0 overload
R3(config)#interface FastEthernet0/0
R3(config-if)#ip nat inside
R3(config)#interface FastEthernet1/0
R3(config-if)#ip nat outside
===================R4===========================
en
conf t
line con 0
no exec-t
exit
host R4
int f0/0
no sh
ip add 34.34.34.4 255.255.255.0
int lo0
no sh
ip add 4.4.4.4 255.255.255.0
实验调试
R1#sh ip route
Gateway of last resort is 192.168.12.2 to network 3.0.0.0
C 192.168.12.0/24 is directly connected, FastEthernet0/0
D* 3.0.0.0/8 [90/158720] via 192.168.12.2, 00:00:12, FastEthernet0/0
D 192.168.23.0/24 [90/30720] via 192.168.12.2, 00:07:52, FastEthernet0/0
R2#sh ip route
Gateway of last resort is 192.168.23.3 to network 3.0.0.0
C 192.168.12.0/24 is directly connected, FastEthernet0/0
D* 3.0.0.0/8 [90/156160] via 192.168.23.3, 00:01:13, FastEthernet1/0
C 192.168.23.0/24 is directly connected, FastEthernet1/0
实验比较
在上篇文章中,RIPv 2在企业中应用,向内网注入默认路由时,R3的外接口进程未宣告进RIP协议中,而EIGRP中,必须将接口宣告进EIGRP进程中。否则无法产生EIGRP的默认路由
请看下例:
R1#sh ip route
C 192.168.12.0/24 is directly connected, FastEthernet0/0
D 192.168.23.0/24 [90/30720] via 192.168.12.2, 00:04:29, FastEthernet0/0
R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4,
timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
当将lo 0宣告进EIGRP进程后
R1#sh ip route
Gateway of last resort is 192.168.12.2 to network 3.0.0.0
C 192.168.12.0/24 is directly connected, FastEthernet0/0
D* 3.0.0.0/8 [90/158720] via 192.168.12.2, 00:00:12, FastEthernet0/0
D 192.168.23.0/24 [90/30720] via 192.168.12.2, 00:07:52, FastEthernet0/0
R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/197/288 ms
R1#tra
R1#traceroute 4.4.4.4
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 192.168.12.2 120 msec 76 msec 156 msec
2 192.168.23.3 172 msec 120 msec 172 msec
3 34.34.34.4 220 msec 208 msec *
NAT调试
R3#debug ip nat
IP NAT debugging is on
*Mar 1 00:18:18.635: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:18:19.939: NAT: s=192.168.23.2->34.34.34.3, d=4.4.4.4 [242]
*Mar 1 00:18:22.887: NAT*: s=192.168.23.2->34.34.34.3, d=4.4.4.4 [245]
*Mar 1 00:18:23.011: NAT: s=34.34.34.4, d=34.34.34.3->192.168.23.2 [0]
*Mar 1 00:18:39.455: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [30]
*Mar 1 00:18:39.599: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [30]
*Mar 1 00:18:39.675: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [31]
*Mar 1 00:18:39.755: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [31]
*Mar 1 00:18:39.911: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [32]
*Mar 1 00:18:40.003: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [32]
*Mar 1 00:18:40.115: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [33]
*Mar 1 00:18:40.175: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [33]
*Mar 1 00:18:40.271: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [34]
*Mar 1 00:18:40.299: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [34]
*Mar 1 00:19:07.327: NAT*: s=192.168.23.2->34.34.34.3, d=4.4.4.4 [277]
*Mar 1 00:19:07.439: NAT: s=34.34.34.4, d=34.34.34.3->192.168.23.2 [6]
*Mar 1 00:19:16.523: NAT*: s=192.168.23.2->34.34.34.3, d=4.4.4.4 [285]
实验注意事项:
- ip default-network 必须有类
- 外网接口必须有类
- 外接口必须宣告进EIGRP进程中
一般电信或网通营运商分给公司的ip地址是可变的无类ip,解决接口有类的方法是在路由器上启用一个环回口配制成有类IP并宣告到EIGRP进程中。