HCIA--NAT地址转换(复习)

先交换后路由:

1:在交换机上创建vlan,进入接口划分vlan,接着在交换机连接路由器的接口上建立trunk干道

2:在路由器上,先配置物理接口IP,接着在路由器上创建两个子接口,将建立的vlan封装到子接口中,

3:创建DHCP池塘,宣告池塘所用的IP地址段,并在接口上开启DHCP功能

4:接口汇总

5:加快收敛

6:缺省路由,以及边界路由器的缺省路由

7:空接口防环

8:nat一对多进行地址转换 端口映射 一对一 多对多

acl2000:定义感兴趣流量

sw1:

The device is running!

<Huawei>sys
[Huawei]sysname sw1
[sw1]vlan batch 2 to 3        --创建vlan

[sw1]interface e0/0/4         --接口划入vlan
[sw1-Ethernet0/0/4]p l a	
[sw1-Ethernet0/0/4]p d vlan 2
[sw1-Ethernet0/0/4]q

[sw1]interface e0/0/5
[sw1-Ethernet0/0/5]port link-type access 
[sw1-Ethernet0/0/5]port default vlan 3
[sw1-Ethernet0/0/5]q

[sw1]interface e0/0/1	     --trunk干道
[sw1-Ethernet0/0/1]port link-type trunk                       
[sw1-Ethernet0/0/1]port trunk allow-pass vlan 2 3

SW2:

<Huawei>system-view 
[Huawei]sysname sw2
[sw2]vlan batch 2 to 3

[sw2]interface e0/0/2
[sw2-Ethernet0/0/2]p l a
[sw2-Ethernet0/0/2]p d vlan 2

[sw2]interface e0/0/3
[sw2-Ethernet0/0/3]p l a
[sw2-Ethernet0/0/3]p d vlan 3
[sw2-Ethernet0/0/3]q

[sw2]interface e0/0/1	
[sw2-Ethernet0/0/1]port link-type trunk 
[sw2-Ethernet0/0/1]port trunk allow-pass vlan 2 3

R1:

[Huawei]sysname r1	
[r1]interface g0/0/0	
[r1-GigabitEthernet0/0/0]ip address 192.168.0.1 30
[r1]interface g0/0/1            ---创建物理接口
[r1-GigabitEthernet0/0/1]ip address 192.168.1.1 26
[r1-GigabitEthernet0/0/1]q

[r1]interface g0/0/1.1	         ---创建vlan2的子接口
[r1-GigabitEthernet0/0/1.1]dot1q termination vid 2    --用dot1q标准在管理vlan2   
[r1-GigabitEthernet0/0/1.1]ip address 192.168.1.65 26
[r1-GigabitEthernet0/0/1.1]arp broadcast enable    打开广播功能
[r1-GigabitEthernet0/0/1.1]q

[r1]interface g0/0/1.2           ---创建vlan3的子接口
[r1-GigabitEthernet0/0/1.2]dot1q termination vid 3        
[r1-GigabitEthernet0/0/1.2]ip address 192.168.1.129 26	
[r1-GigabitEthernet0/0/1.2]arp broadcast  enable  
[r1-GigabitEthernet0/0/1.2]q


[r1]dhcp enable 
[r1]ip pool v2                ---创建名叫v2的池塘
Info: It's successful to create an IP address pool.	
[r1-ip-pool-v2]network 192.168.1.64 mask 26	    --为192.168.1.64/26网段分配地址
[r1-ip-pool-v2]gateway-list 192.168.1.65        --网关为192.168.1.65
[r1-ip-pool-v2]dns-list 192.168.2.2             --DNS为192.168.2.2   
[r1-ip-pool-v2]q

[r1]ip pool v3
Info: It's successful to create an IP address pool.	
[r1-ip-pool-v3]network 192.168.1.128 mask 26
[r1-ip-pool-v3]gateway-list 192.168.1.129
[r1-ip-pool-v3]dns-list 192.168.2.2
[r1-ip-pool-v3]q
	
[r1]interface g0/0/1.1	        ---在子接口上开启DHCP功能
[r1-GigabitEthernet0/0/1.1]dhcp select global     
[r1-GigabitEthernet0/0/1.1]q

[r1]interface g0/0/1.2	
[r1-GigabitEthernet0/0/1.2]dhcp select global 
[r1-GigabitEthernet0/0/1.2]





[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]rip		
[r1-GigabitEthernet0/0/0]rip summary-address 192.168.1.0 255.255.255.0  --接口汇总
[r1-GigabitEthernet0/0/0]display ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 17       Routes : 17       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    192.168.0.0/30  Direct  0    0           D   192.168.0.1     GigabitEthernet
0/0/0
    192.168.0.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
    192.168.0.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
    192.168.1.0/26  Direct  0    0           D   192.168.1.1     GigabitEthernet
0/0/1
    192.168.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
   192.168.1.63/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
   192.168.1.64/26  Direct  0    0           D   192.168.1.65    GigabitEthernet
0/0/1.1
   192.168.1.65/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1.1
  192.168.1.127/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1.1
  192.168.1.128/26  Direct  0    0           D   192.168.1.129   GigabitEthernet
0/0/1.2
  192.168.1.129/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1.2
  192.168.1.191/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1.2
    192.168.2.0/24  RIP     100  1           D   192.168.0.2     GigabitEthernet
0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[r1-GigabitEthernet0/0/0]q
[r1]rip	 
[r1-rip-1]timers rip 15 90 150         ---加快收敛
[r1]rip
[r1-rip-1]silent-interface g0/0/1      ---沉默接口
[r1-rip-1]silent-interface g0/0/1.1    ---沉默接口
[r1-rip-1]silent-interface g0/0/1.2    ---沉默接口
[r1-rip-1]

[r1]ip route-static 192.168.1.0 24 NULL 0    ---空接口防环
[r1]

HTTP服务器:

R2:

[Huawei]sysname r2
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.0.2 30
[r2-GigabitEthernet0/0/0]q

[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]ip address 12.1.1.1 24
[r2-GigabitEthernet0/0/1]q
	
[r2]interface g0/0/2
[r2-GigabitEthernet0/0/2]ip address 192.168.2.1 26
[r2-GigabitEthernet0/0/2]q
	
[r2]interface g0/0/2.1
[r2-GigabitEthernet0/0/2.1]ip address 192.168.2.65 26
[r2-GigabitEthernet0/0/2.1]dot1q termination vid 2
[r2-GigabitEthernet0/0/2.1]arp broadcast enable 
[r2-GigabitEthernet0/0/2.1]q
	
[r2]interface g0/0/2.2	
[r2-GigabitEthernet0/0/2.2]dot1q termination vid 3
[r2-GigabitEthernet0/0/2.2]ip address 192.168.2.129 26	
[r2-GigabitEthernet0/0/2.2]arp broadcast  enable 
[r2-GigabitEthernet0/0/2.2]q

[r2]dhcp enable 
[r2]ip pool v2	
[r2-ip-pool-v2]network 192.168.2.64 mask 26
[r2-ip-pool-v2]gateway-list 192.168.2.65
[r2-ip-pool-v2]dns-list 192.168.2.2
[r2-ip-pool-v2]q
	
[r2]ip pool v3
[r2-ip-pool-v3]network 192.168.2.128 mask 26	
[r2-ip-pool-v3]gateway-list 192.168.2.129
[r2-ip-pool-v3]dns-list 192.168.2.2
[r2-ip-pool-v3]q

[r2]interface g0/0/2.1	
[r2-GigabitEthernet0/0/2.1]dhcp select ?
  global     Local server
  interface  Interface server pool
  relay      DHCP relay	
[r2-GigabitEthernet0/0/2.1]dhcp select global 
[r2-GigabitEthernet0/0/2.1]q

[r2]interface g0/0/2.2	
[r2-GigabitEthernet0/0/2.2]dhcp select global 
[r2-GigabitEthernet0/0/2.2]


[r2]interface g0/0/0	
[r2-GigabitEthernet0/0/0]rip summary-address 192.168.2.0 255.255.255.0
[r2-GigabitEthernet0/0/0]display ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 20       Routes : 20       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       12.1.1.0/24  Direct  0    0           D   12.1.1.1        GigabitEthernet
0/0/1
       12.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
     12.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    192.168.0.0/30  Direct  0    0           D   192.168.0.2     GigabitEthernet
0/0/0
    192.168.0.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
    192.168.0.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
    192.168.1.0/24  RIP     100  1           D   192.168.0.1     GigabitEthernet
0/0/0
    192.168.2.0/26  Direct  0    0           D   192.168.2.1     GigabitEthernet
0/0/2
    192.168.2.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2
   192.168.2.63/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2
   192.168.2.64/26  Direct  0    0           D   192.168.2.65    GigabitEthernet
0/0/2.1
   192.168.2.65/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2.1
  192.168.2.127/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2.1
  192.168.2.128/26  Direct  0    0           D   192.168.2.129   GigabitEthernet
0/0/2.2
  192.168.2.129/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2.2
  192.168.2.191/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2.2
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[r2-GigabitEthernet0/0/0]q
[r2]rip 	
[r2-rip-1]timers rip 15 90 150
[r2-rip-1]
[r2-rip-1]silent-interface g0/0/2
[r2-rip-1]silent-interface g0/0/2.1
[r2-rip-1]silent-interface g0/0/2.2

[r2]rip	
[r2-rip-1]default-route originate   ---在边界路由器上通过RIP写一条缺省路由,
[r2-rip-1]q

[r2]ip route-static 0.0.0.0 0 12.1.1.2   边界路由器的缺省路由只能手写
[r2]

[r2]ip route-static 192.168.2.0 24 null 0    ---空接口防环
[r2]

[r2]acl 2000	
[r2-acl-basic-2000]rule  permit source 192.168.1.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]interface g0/0/1	
[r2-GigabitEthernet0/0/1]nat outbound 2000
[r2-GigabitEthernet0/0/1]

[r2]acl 2000  先使用acl定义可被转换的私有ip地址范围
[r2-acl-basic-2000]rule  permit source 192.168.1.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]interface g0/0/2  再在边界路由器连接外部的接口上配置一多对
[r2-GigabitEthernet0/0/2]nat outbound 2000  acl表格2000中关联ip流量,在通过该接口转出时修改其源ip地址为该物理接口(g0/0/2)的ip地址,并产生临时的映射列表,用于数据包的回复;


[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]nat static global 12.1.1.3 inside 192.168.1.2
[r2-GigabitEthernet0/0/1]

一对一    标准的一种静态nat,固定将一个ip地址转换为另一个ip地址
在边界路由器上连接外部的接口进行配置,华为要求一多一的公有ip地址,不能为外部接口上实际配置的ip地址;
[r2-GigabitEthernet0/0/2]nat static global 12.1.1.3 inside 192.168.1.2 
公有ip地址12.1.1.3与私有ip地址192.168.1.2 进行静态转换


---端口映射:
[r2-GigabitEthernet0/0/1]
[r2-GigabitEthernet0/0/1]nat static protocol tcp global current-interface 80 ins
ide 192.168.1.2 80
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r2-GigabitEthernet0/0/1]


端口映射 --- 属于静态nat;仅用于一个ip地址的一个固定端口与另一个ip地址的一个固定端口进行地址转换
当外部访问本地G0/0/2的ip地址,且目标端口号为80时,将目标ip地址转换为192.168.1.2的80端口;
[r2-GigabitEthernet0/0/2]nat static protocol tcp global current-interface 80 inside 192.168.1.2 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y

[r2-GigabitEthernet0/0/2]nat static protocol tcp global current-interface 8888 inside 192.168.1.3 80
当外部设备访问g0/0/2的接口ip地址时,且目标端口号8888,那么将被转换为192.168.1.3的80端口;

PC1

ISP:

[Huawei]sysname isp
[isp]interface g0/0/0	
[isp-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[isp-GigabitEthernet0/0/0]q

[isp]interface g0/0/1 	
[isp-GigabitEthernet0/0/1]ip address 1.1.1.1 24
[isp-GigabitEthernet0/0/1]

PC1pingPC3:

PC1PINGPC5:

相关推荐
几何心凉1 小时前
实践篇:青果IP助理跨境电商的高效采集
网络·网络协议·tcp/ip
群联云防护小杜2 小时前
为什么DDoS防御很贵?
网络·网络协议·web安全·ddos
Dearrrrrrrr2 小时前
H3C OSPF 多区域实验
网络·计算机网络·智能路由器
fpcc2 小时前
c++应用网络编程之十五Nagle算法
网络·c++
网络安全King3 小时前
[网络安全系列面试题] GET 和 POST 的区别在哪里?
网络·安全·web安全
KeyBordkiller3 小时前
PVE相关名词通俗表述方式———多处细节实验(方便理解)
linux·服务器·网络
网络安全Ash3 小时前
企业网络安全之OPENVPN
开发语言·网络·php
Deca~3 小时前
《网络是怎样连接的》整体的总结
网络
scoone3 小时前
解决Ubuntu 22.04系统中网络Ping问题的方法
linux·网络
我是唐青枫4 小时前
Linux firewalld 命令详解
linux·运维·网络