NAPT实验

实验拓扑

NAPT

实验需求

按照图示搭建拓扑并且配置IP地址
在RTA上配置NAPT
私网到公网写一条默认路由
在Client-A或Client-B上通过ping命令检查与PCA的互通性

实验解析

1、配置IP地址

步骤1：配置Client-A的IP地址

Client-A

步骤2：配置Client-B的IP地址

Client-B

步骤3：配置RTA的IP地址

[RTA]interface GigabitEthernet 0/0
[RTA-GigabitEthernet0/0]ip address 10.0.0.254 24
[RTA]interface GigabitEthernet 0/1
[RTA-GigabitEthernet0/1]ip address 192.168.1.1 24

步骤4：配置RTB的IP地址

[RTB]interface GigabitEthernet 0/0
[RTB-GigabitEthernet0/0]ip address 192.168.1.2 24
[RTB]interface GigabitEthernet 0/1
[RTB-GigabitEthernet0/1]ip address 192.168.2.1 24

步骤4：配置PCA的IP地址

PC-6

2、在RTA上配置NAPT

步骤1：通过acl定义源地址为10.0.0.0/24网段的流

[RTA]acl basic 2000
[RTA-acl-ipv4-basic-2000]rule permit source 10.0.0.0 0.0.0.255

步骤2：创建NAT地址池，地址池只放一个地址：192.168.1.11

[RTA]nat address-group 1
[RTA-address-group-1]address 192.168.1.11 192.168.1.11

步骤3：在接口视图下，将NAT地址池与ACL关联并在出方向下发

[RTA]interface GigabitEthernet 0/1
[RTA-GigabitEthernet0/1]nat outbound 2000 address-group 1

3、私网到公网写一条默认路由

[RTA]ip route-static 0.0.0.0 0 192.168.1.2

4、在Client-A或Client-B上通过ping命令检查与PCA的互通性

步骤1：在Client-A上ping PCA的IP地址

<H3C>ping 192.168.2.2
Ping 192.168.2.2 (192.168.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.2.2: icmp_seq=0 ttl=253 time=4.000 ms
56 bytes from 192.168.2.2: icmp_seq=1 ttl=253 time=4.000 ms
56 bytes from 192.168.2.2: icmp_seq=2 ttl=253 time=5.000 ms
56 bytes from 192.168.2.2: icmp_seq=3 ttl=253 time=5.000 ms
56 bytes from 192.168.2.2: icmp_seq=4 ttl=253 time=4.000 ms

步骤2：在Client-B上ping PCA的IP地址

<H3C>ping 192.168.2.2
Ping 192.168.2.2 (192.168.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.2.2: icmp_seq=0 ttl=253 time=4.000 ms
56 bytes from 192.168.2.2: icmp_seq=1 ttl=253 time=5.000 ms
56 bytes from 192.168.2.2: icmp_seq=2 ttl=253 time=4.000 ms
56 bytes from 192.168.2.2: icmp_seq=3 ttl=253 time=4.000 ms
56 bytes from 192.168.2.2: icmp_seq=4 ttl=253 time=3.000 ms