1. 作業要求:
實作SNAT 功能 利用基于端口的NAPT方法來彌補IP不夠用不能上網的缺陷!
2. 拓撲圖如下:
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422016Bp11.jpg"></a>
3.配置及必要的說明資訊:
R1(config)#int f0/0
R1(config-if)#ip add 192.168.3.1 255.255.255.0
R1(config-if)#no shut
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_13444220232bvj.jpg"></a>
用的是<b>Host-only </b><b>到Vmware1</b> 一台PC
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422032Xu7y.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422038TCrz.jpg"></a>
R1(config)#int s1/0
R1(config-if)#ip add 192.168.4.2 255.255.255.0
R1(config-if)#int s1/1
R1(config-if)#ip add 192.168.5.2 255.255.255.0
R2(config)#int s1/0
R2(config-if)#ip add 192.168.4.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#int loopback 1
R2(config-if)#ip add 192.168.1.1 255.255.255.0
R3(config)#int s1/1
R3(config-if)#ip add 192.168.5.1 255.255.255.0
R3(config-if)#no shut
R3(config-if)#int f
R3(config-if)#int f0/0
R3(config-if)#ip add 192.168.2.1 255.255.255.0
R1#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/56 ms
R1#ping 192.168.4.1
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/52/80 ms
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422042yGpm.jpg"></a>
橋接到本地連接配接!
C:\Documents and Settings\Administrator&gt;ipconfig /all
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422046gOOp.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_13444220513ubS.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422055EbGz.jpg"></a>
R1(config)#ip route 192.168.1.0 255.255.255.0 192.168.4.1
R1(config)#ip route 192.168.2.0 255.255.255.0 192.168.5.1
R1(config-if)#ip nat inside
R1(config-if)#int s1/0
R1(config-if)#ip nat outside
R1(config-if)#end
<b>R1(config)#access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255</b>
<b>R1(config)#access-list 102 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255</b>
R1(config)#ip nat inside source list 101 interface s1/0 overload
R1(config)#ip nat inside source list 102 interface s1/1 overload
4.測試:
Window server2003
開啟遠端桌面:
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422061s6D2.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422070uD1U.jpg"></a>
X p 作為192.168.3.0 網段的一台PC
開始-------運作 輸入:<b>mstsc</b>
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_13444220760e7B.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422081Js6U.jpg"></a>
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
<b>tcp</b> 192.168.5.2:1102 192.168.3.10:1102 192.168.2.12:3389 192.168.2.12:3389
tcp 192.168.5.2:1103 192.168.3.10:1103 192.168.2.12:3389 192.168.2.12:3389
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422087pzp5.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422091MbZn.jpg"></a>
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422095FwoZ.jpg"></a>
<b>icmp</b> 192.168.4.2:512 192.168.3.10:512 192.168.1.1:512 192.168.1.1:512
icmp 192.168.5.2:512 192.168.3.10:512 192.168.2.1:512 192.168.2.1:512
icmp 192.168.5.2:512 192.168.3.10:512 192.168.2.12:512 192.168.2.12:512
<a href="http://5645432.blog.51cto.com/attachment/201208/8/5635432_1344422101qcpD.jpg"></a>
為了便于了解,附加上此圖!
本文轉自 gjp0731 51CTO部落格,原文連結:http://blog.51cto.com/guojiping/958712
![謝謝你,我愛你[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)