Basic NAT 实验
实验拓扑
实验需求
- 按照搭建拓扑,并配置IP地址
- 在RTA上配置Basic NAT
- 私网到公网写一条默认路由
- 在Client-A或Client-B上通过ping命令检查与PC-6的互通性
实验解析
1、配置IP地址
步骤1:配置Client-A的IP地址
步骤2:配置Client-B的IP地址
步骤3:配置RTA的IP地址
[RTA]interface GigabitEthernet 0/0 [RTA-GigabitEthernet0/0]ip address 10.0.0.254 24 [RTA]interface GigabitEthernet 0/1 [RTA-GigabitEthernet0/1]ip address 192.168.1.1 24
步骤4:配置RTB的IP地址
[RTB]interface GigabitEthernet 0/0 [RTB-GigabitEthernet0/0]ip address 192.168.1.2 24 [RTB]interface GigabitEthernet 0/1 [RTB-GigabitEthernet0/1]ip address 192.168.2.1 24
步骤4:配置PC-6的IP地址
2、在RTA上配置Basic NAT
步骤1:通过acl定义源地址为10.0.0.0/24网段的流
[RTA]acl basic 2000 [RTA-acl-ipv4-basic-2000]rule permit source 10.0.0.0 0.0.0.255
步骤2:创建NAT地址池,用来地址转换的地址范围:192.168.1.10-192.168.1.20
[RTA]nat address-group 1 [RTA-address-group-1]address 192.168.1.11 192.168.1.20
步骤3:在接口视图下,将NAT地址池与ACL关联并在出方向下发
[RTA]interface GigabitEthernet 0/1 [RTA-GigabitEthernet0/1]nat outbound 2000 address-group 1 no-pat
3、私网到公网写一条默认路由
[RTA]ip route-static 0.0.0.0 0 192.168.1.2
4、在Client-A或Client-B上通过ping命令检查与PC-6的互通性
步骤1:在Client-A上ping PC-6的IP地址
<H3C>ping 192.168.2.2 Ping 192.168.2.2 (192.168.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 192.168.2.2: icmp_seq=0 ttl=253 time=4.000 ms 56 bytes from 192.168.2.2: icmp_seq=1 ttl=253 time=4.000 ms 56 bytes from 192.168.2.2: icmp_seq=2 ttl=253 time=5.000 ms 56 bytes from 192.168.2.2: icmp_seq=3 ttl=253 time=5.000 ms 56 bytes from 192.168.2.2: icmp_seq=4 ttl=253 time=4.000 ms
步骤2:在Client-B上ping PC-6的IP地址
<H3C>ping 192.168.2.2 Ping 192.168.2.2 (192.168.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 192.168.2.2: icmp_seq=0 ttl=253 time=4.000 ms 56 bytes from 192.168.2.2: icmp_seq=1 ttl=253 time=5.000 ms 56 bytes from 192.168.2.2: icmp_seq=2 ttl=253 time=4.000 ms 56 bytes from 192.168.2.2: icmp_seq=3 ttl=253 time=4.000 ms 56 bytes from 192.168.2.2: icmp_seq=4 ttl=253 time=3.000 ms