您好,欢迎来到九壹网。
科技 教育 生活 旅游 时尚 美容 美食 健康 体育 游戏 汽车 家电
搜索
您的当前位置:首页网络地址转换(NAT)四种方式及访问控制策略(ACL)应用

网络地址转换(NAT)四种方式及访问控制策略(ACL)应用

来源:九壹网
NAT实验总结:

在配置静态NAT/动态NAT/NAPT时映射外部地址不能使用外部接口地址,要不会出现IP冲突

网络搭建配置情况

[LSW1]

interface Vlanif1

ip address 192.168.1.1 255.255.255.0

#

interface Vlanif2

ip address 192.168.2.1 255.255.255.0

#

interface Vlanif3

ip address 172.16.1.1 255.255.255.0

#

interface Vlanif4

ip address 172.16.2.1 255.255.255.0

#

interface Ethernet0/0/2

port lixxxxnk-type access

port default vlan 2

#

interface Ethernet0/0/3

port lixxxxnk-type access

port default vlan 3

#

interface Ethernet0/0/4

port lixxxxnk-type access

port default vlan 4

#

ip route-static 0.0.0.0 0.0.0.0 192.168.1.254

#

[AR1]

#

interface GigabitEthernet0/0/0

ip address 192.168.1.254 255.255.255.0

#

interface GigabitEthernet0/0/1

ip address 10.0.0.1 255.0.0.0

#

rip 1

version 2

network 10.0.0.0

#

ip route-static 172.16.0.0 255.255.0.0 192.168.1.1

ip route-static 192.168.0.0 255.255.0.0 192.168.1.1

#

[AR2]

#

interface GigabitEthernet0/0/0

ip address 10.0.0.2 255.0.0.0

#

interface GigabitEthernet0/0/1

ip address 20.0.0.1 255.0.0.0

#

rip 1

version 2

network 20.0.0.0

network 10.0.0.0

#

[AR3]

#

interface GigabitEthernet0/0/0

ip address 20.0.0.2 255.0.0.0

#

interface GigabitEthernet0/0/1

ip address 180.1.1.1 255.255.255.0

#

rip 1

version 2

network 20.0.0.0

#

ip route-static 0.0.0.0 0.0.0.0 10.0.0.1

#

ACL访问控制策略

简单ACL

[LSW1]

#

acl number 2000

rule 1 deny source 172.16.1.2 0

#

interface Ethernet0/0/5

traffic-filter outbound acl 2000

#

高级ACL

[LSW1]

#

acl number 3000

rule 1 deny ip source 192.168.2.0 0.0.0.255 destination 20.0.0.1 0

#

interface Ethernet0/0/5

traffic-filter outbound acl 3000

#

静态NAT

[AR1]

#

interface GigabitEthernet0/0/1

nat static global 10.0.0.3 inside 192.168.1.2 netmask 255.255.255.255

nat static enable

#

验证静态NAT

使用抓包工具可以看到静态映射访问AR3时使用的IP地址是10.0.0.3

动态NAT

[AR1]

#

nat address-group 1 10.0.0.4 10.0.0.5

#

acl number 2000

rule 1 permit source 192.168.2.0 0.0.0.255

#

interface GigabitEthernet0/0/1

nat outbound 2000 address-group 1

#

验证

NAPT(端口映射)

[AR3]

#

interface GigabitEthernet0/0/0

nat server protocol tcp global 20.0.0.3 8080 inside 180.1.1.2 www

#

使用AR1下的http客户端进行访问验证已成功访问

Easy IP

[AR1]

#

acl number 2001

rule 1 permit source 172.16.0.0 0.0.255.255

#

interface GigabitEthernet0/0/1

nat outbound 2001

#

因篇幅问题不能全部显示,请点此查看更多更全内容

查看全文

Copyright © 2019- 91gzw.com 版权所有 湘ICP备2023023988号-2

违法及侵权请联系:TEL:199 18 7713 E-MAIL:2724546146@qq.com

本站由北京市万商天勤律师事务所王兴未律师提供法律服务