CCNA培训课总结笔记--NAT转换实验(十二)
2008-10-15 16:56
405 查看
实验目的
理解NAT地址转换的原理,熟悉NAT地址转换的配置命令及过程.理解NAT转换在节省IP地址资源方面的强大作用,理解NAT地址转换过程中是如何将内部地址转换为外部地址的.
实验拓扑图
一、静态NAT
实验内容:
原理是先在R1上建立两个环回接口loopback0、loopback1,为每一个loopback口分配一个IP地址,用来模拟2台内部的PC机.R1的S1/0看成外网的接口,而R2即当作是外部的某台服务器.若PC要想与R2通信的话,只能利用NAT来将内部的IP地址转换成R1上的S1/0口的地址来实现.
路由器上的配置
R1上的配置
Router>en
Router#conf t
粘贴上基本的路由配置命令
Router(config)#enable password cisco
Router(config)#no ip domain-lookup
Router(config)#line con 0
Router(config-line)# exec-timeout 0 0
Router(config-line)# logging synchronous
Router(config-line)#
Router(config-line)#line aux 0
Router(config-line)# exec-timeout 0 0
Router(config-line)# logging synchronous
Router(config-line)#line vty 0 4
Router(config-line)#
Router(config-line)#
Router(config-line)# exec-timeout 0 0
Router(config-line)# password cisco
Router(config-line)#
Router(config-line)# login
Router(config-line)#
Router(config-line)#
Router(config-line)#alias exec a sh ip int bri
Router(config)#alias exec b sh ip route
Router(config)#alias exec c sh ip route rip
Router(config)#alias exec d sh run
配置好名称,接口和逻辑接口的IP地址
Router(config)#host R1
R1(config)#int loopback0
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#int loopback1
R1(config-if)#ip add 10.1.2.1 255.255.255.0
R1(config-if)#int s1/0
R1(config-if)#ip add 202.192.4.6 255.255.255.0
R1(config-if)#clock rate 64000
R1(config-if)#no shut
R2上的配置
粘贴命令省略掉
Router(config)#host R2
R2(config)#int s1/1
R2(config-if)#ip add 202.192.4.5 255.255.255.0
R2(config-if)#no shut
好了,现在从R1用扩展的ping以10.1.1.1、10.1.2.1为源地址以202.192.4.5为目的地址验证一下
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.2.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.2.1
.....
Success rate is 0 percent (0/5)
明显是不能通的,因为内部地址无法直接与外部地址通信.那就让我们用下NAT来进行转换看下.
在R1的S1/0上启用NAT静态转换
R1(config)#int s1/0
R1(config-if)#int loopback0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int loop1
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int s1/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#ip nat inside source static 10.1.1.1 202.192.4.6 (将内部的loop0地址静态的一对一转换为202.192.4.6)
R1(config)#ip nat inside source static 10.1.2.1 202.192.4.7 (将内部的loop1地址静态的一对一转换为202.192.4.7)
好了,现在用内部的逻辑地址扩展pingR2的目的为202.192.4.5地址
R1#debug ip nat (开放debug进行发送ping)包时抓包转换测试)
IP NAT debugging is on
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/76/96 ms
R1#
*Mar 1 00:11:13.227: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [10]
(这里很清楚地看到逻辑的源地址已经进行了转换,将转换后的地址与目的地址通信)
*Mar 1 00:11:13.319: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [10]
*Mar 1 00:11:13.319: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [11]
*Mar 1 00:11:13.415: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [11]
*Mar 1 00:11:13.415: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [12]
*Mar 1 00:11:13.463: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [12]
*Mar 1 00:11:13.463: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [13]
*Mar 1 00:11:13.535: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [13]
*Mar 1 00:11:13.535: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [14]
R1#
*Mar 1 00:11:13.607: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [14]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.2.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/76/96 ms
R1#
*Mar 1 00:13:47.739: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [15]
*Mar 1 00:13:47.807: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [15]
*Mar 1 00:13:47.807: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [16]
*Mar 1 00:13:47.879: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [16]
*Mar 1 00:13:47.879: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [17]
*Mar 1 00:13:47.975: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [17]
*Mar 1 00:13:47.975: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [18]
*Mar 1 00:13:48.047: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [18]
*Mar 1 00:13:48.047: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [19]
R1#
*Mar 1 00:13:48.119: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [19]
经过ping的结果可以知道,现在内部PC能够和外部的服务器进行通信了.再加上debug命令调试,可以清楚地看到NAT地址转换的进行.静态NAT转换是最简单的地址转换.如果有大量的地址转换的话要根据地址一对一地去转换,输入命令很多,配置起来很麻烦.
二、动态NAT
首先给R1的loopback0定义多个逻辑地址来模仿多个PC机
R1(config)#int loop0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#ip add 192.168.1.2 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.3 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.4 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.5 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.6 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.7 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.8 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.9 255.255.255.0 secondary
接下来定义外部转换的地址池
R1(config)#ip nat pool outpool 202.192.4.6 202.192.4.7 netmask 255.255.255.0 (定义一个转换地址池名称为outpool,内部地址转换后的地址都是从这个outpool里面的地址的)
R1(config)#access-list 10 permit host 192.168.1.1 (这里即是定义内部转换的地址)
R1(config)#access-list 10 permit host 10.1.2.1
R1(config)#access-list 10 permit host 192.168.1.2
R1(config)#access-list 10 permit host 192.168.1.3
R1(config)#access-list 10 permit host 192.168.1.4
定义转换
R1(config)#ip nat inside source list 10 pool outpool (定义了内部地址转换要通过access―list 10的验证控制,转换后的地址即是从outpool里面挑选)
好了,配置好动态NAT转换了,下面让我们来验证一下转换的效果如何
用扩展的ping以192.168.1.1和10.1.1.1为源地址,以202.192.4.5为目的地址,注意观察转换效果
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
*Mar 1 00:21:56.091: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [25]
*Mar 1 00:21:56.183: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [25].!
*Mar 1 00:21:58.087: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [26]
*Mar 1 00:21:58.199: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [26]
*Mar 1 00:21:58.199: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [27]
*Mar 1 00:21:58.295: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [27].!
*Mar 1 00:22:00.199: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [28]
*Mar 1 00:22:00.239: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [28]
*Mar 1 00:22:00.239: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [29]
*Mar 1 00:22:00.311: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [29].
Success rate is 40 percent (2/5), round-trip min/avg/max = 40/76/112 ms
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.2.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/91/120 ms
R1#
*Mar 1 00:24:04.467: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [35]
*Mar 1 00:24:04.559: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [35]
*Mar 1 00:24:04.559: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [36]
*Mar 1 00:24:04.631: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [36]
*Mar 1 00:24:04.631: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [37]
*Mar 1 00:24:04.727: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [37]
*Mar 1 00:24:04.727: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [38]
*Mar 1 00:24:04.847: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [38]
*Mar 1 00:24:04.847: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [39]
R1#
*Mar 1 00:24:04.919: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [39]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.3
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/76/120 ms
R1#
*Mar 1 00:27:24.771: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [65]
*Mar 1 00:27:24.815: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [65]
*Mar 1 00:27:24.815: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [66]
*Mar 1 00:27:24.887: NAT*: s=202.192.4.5, d=202.192.4.7->192.168.1.3 [66]
*Mar 1 00:27:24.887: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [67]
*Mar 1 00:27:25.007: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [67]
*Mar 1 00:27:25.007: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [68]
*Mar 1 00:27:25.079: NAT*: s=202.192.4.5, d=202.192.4.7->192.168.1.3 [68]
*Mar 1 00:27:25.079: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [69]
R1#
*Mar 1 00:27:25.151: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [69]
可以看到转换的外部地址是变化着的,即是动态的转换.
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.4
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.4
*Mar 1 00:27:37.035: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
*Mar 1 00:27:39.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
*Mar 1 00:27:41.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
*Mar 1 00:27:43.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
*Mar 1 00:27:45.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
Success rate is 0 percent (0/5)
到这里要留意一下了,当用三个地址连续地ping202.192.4.5的时候,到第三个地址时提示出现在了错误.NAT放弃了地址的转换.细心的你可能发现了我们的外部转换地址只有2个,所以即使是动态转换也只能转换两个内部地址.如果要进行第3个地址转换的话,就只能等到前面的2个地址转换有一个转换停止.由此可看出这样的转换也有很大的局限性.如果想要实现多个地址去转换一个地址的话,就要用到新的转换方法了,也就下面所说的NAT超载转换.
三、NAT超载转换(PAT转换)
NAT超载的配置其实很简单,只需要在动态NAT配置命令的后面多加一个“overload”即可
R1(config)#ip nat inside source list 10 pool outpool overload (overload表示重复地选取地址池中的地址进行转换.其实是采用了逻辑地址的多个端口来进行映射交换,也就是一个被用来转换的外部地址可以取不同的端口对应内部的地址,这种技术称作PAT)
现在连续地用地址192.168.1.1、192.168.1.2、192.168.1.3、192.168.1.4、10.1.2.1扩展地去ping对端R2的S1/1(202.192.4.5),看一下能否连续地进行转换?会不会又像上面的动态NAT转换出现错误的信息?
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/100/120 ms
R1#
*Mar 1 00:10:58.127: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [15]
*Mar 1 00:10:58.243: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [15]
*Mar 1 00:10:58.243: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [16]
*Mar 1 00:10:58.339: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [16]
*Mar 1 00:10:58.339: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [17]
*Mar 1 00:10:58.435: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [17]
*Mar 1 00:10:58.435: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [18]
*Mar 1 00:10:58.531: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [18]
*Mar 1 00:10:58.531: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [19]
R1#
*Mar 1 00:10:58.627: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [19]
R1#ping
Protocol [ip]:
Target IP address:
% Bad IP address
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms
R1#
*Mar 1 00:11:12.671: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [20]
*Mar 1 00:11:12.787: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [20]
*Mar 1 00:11:12.787: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [21]
*Mar 1 00:11:12.859: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [21]
*Mar 1 00:11:12.859: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [22]
*Mar 1 00:11:12.955: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [22]
*Mar 1 00:11:12.955: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [23]
*Mar 1 00:11:13.075: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [23]
*Mar 1 00:11:13.075: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [24]
R1#
*Mar 1 00:11:13.147: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [24]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.3
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/100/120 ms
R1#
*Mar 1 00:11:30.719: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [25]
*Mar 1 00:11:30.811: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [25]
*Mar 1 00:11:30.811: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [26]
*Mar 1 00:11:30.931: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [26]
*Mar 1 00:11:30.931: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [27]
*Mar 1 00:11:31.003: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [27]
*Mar 1 00:11:31.003: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [28]
*Mar 1 00:11:31.099: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [28]
*Mar 1 00:11:31.099: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [29]
R1#
*Mar 1 00:11:31.219: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [29]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.4
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms
R1#
*Mar 1 00:11:40.247: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [30]
*Mar 1 00:11:40.315: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [30]
*Mar 1 00:11:40.315: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [31]
*Mar 1 00:11:40.435: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [31]
*Mar 1 00:11:40.435: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [32]
*Mar 1 00:11:40.507: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [32]
*Mar 1 00:11:40.507: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [33]
*Mar 1 00:11:40.603: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [33]
*Mar 1 00:11:40.603: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [34]
R1#
*Mar 1 00:11:40.723: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [34]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.2.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms
R1#
*Mar 1 00:11:49.463: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [35]
*Mar 1 00:11:49.579: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [35]
*Mar 1 00:11:49.579: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [36]
*Mar 1 00:11:49.651: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [36]
*Mar 1 00:11:49.651: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [37]
*Mar 1 00:11:49.723: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [37]
*Mar 1 00:11:49.723: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [38]
*Mar 1 00:11:49.819: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [38]
*Mar 1 00:11:49.819: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [39]
R1#
*Mar 1 00:11:49.939: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [39]
细心的你可能发现了,前面的三个内部地址转换都是转换成202.192.4.6.这就说明了它是充许将多个地址转换成外部一个地址的.也就是所谓的NAT超载转换了.这种NAT地址转换可以大大地扩展IP地址的数量,为我们节省了大量的IP地址.因此是最常用的NAT地址转换方法.
本文出自 “孤帆远影碧空尽” 博客,请务必保留此出处/article/4226485.html本文出自 51CTO.COM技术博客
理解NAT地址转换的原理,熟悉NAT地址转换的配置命令及过程.理解NAT转换在节省IP地址资源方面的强大作用,理解NAT地址转换过程中是如何将内部地址转换为外部地址的.
实验拓扑图
一、静态NAT
实验内容:
原理是先在R1上建立两个环回接口loopback0、loopback1,为每一个loopback口分配一个IP地址,用来模拟2台内部的PC机.R1的S1/0看成外网的接口,而R2即当作是外部的某台服务器.若PC要想与R2通信的话,只能利用NAT来将内部的IP地址转换成R1上的S1/0口的地址来实现.
路由器上的配置
R1上的配置
Router>en
Router#conf t
粘贴上基本的路由配置命令
Router(config)#enable password cisco
Router(config)#no ip domain-lookup
Router(config)#line con 0
Router(config-line)# exec-timeout 0 0
Router(config-line)# logging synchronous
Router(config-line)#
Router(config-line)#line aux 0
Router(config-line)# exec-timeout 0 0
Router(config-line)# logging synchronous
Router(config-line)#line vty 0 4
Router(config-line)#
Router(config-line)#
Router(config-line)# exec-timeout 0 0
Router(config-line)# password cisco
Router(config-line)#
Router(config-line)# login
Router(config-line)#
Router(config-line)#
Router(config-line)#alias exec a sh ip int bri
Router(config)#alias exec b sh ip route
Router(config)#alias exec c sh ip route rip
Router(config)#alias exec d sh run
配置好名称,接口和逻辑接口的IP地址
Router(config)#host R1
R1(config)#int loopback0
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#int loopback1
R1(config-if)#ip add 10.1.2.1 255.255.255.0
R1(config-if)#int s1/0
R1(config-if)#ip add 202.192.4.6 255.255.255.0
R1(config-if)#clock rate 64000
R1(config-if)#no shut
R2上的配置
粘贴命令省略掉
Router(config)#host R2
R2(config)#int s1/1
R2(config-if)#ip add 202.192.4.5 255.255.255.0
R2(config-if)#no shut
好了,现在从R1用扩展的ping以10.1.1.1、10.1.2.1为源地址以202.192.4.5为目的地址验证一下
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.2.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.2.1
.....
Success rate is 0 percent (0/5)
明显是不能通的,因为内部地址无法直接与外部地址通信.那就让我们用下NAT来进行转换看下.
在R1的S1/0上启用NAT静态转换
R1(config)#int s1/0
R1(config-if)#int loopback0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int loop1
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int s1/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#ip nat inside source static 10.1.1.1 202.192.4.6 (将内部的loop0地址静态的一对一转换为202.192.4.6)
R1(config)#ip nat inside source static 10.1.2.1 202.192.4.7 (将内部的loop1地址静态的一对一转换为202.192.4.7)
好了,现在用内部的逻辑地址扩展pingR2的目的为202.192.4.5地址
R1#debug ip nat (开放debug进行发送ping)包时抓包转换测试)
IP NAT debugging is on
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/76/96 ms
R1#
*Mar 1 00:11:13.227: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [10]
(这里很清楚地看到逻辑的源地址已经进行了转换,将转换后的地址与目的地址通信)
*Mar 1 00:11:13.319: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [10]
*Mar 1 00:11:13.319: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [11]
*Mar 1 00:11:13.415: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [11]
*Mar 1 00:11:13.415: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [12]
*Mar 1 00:11:13.463: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [12]
*Mar 1 00:11:13.463: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [13]
*Mar 1 00:11:13.535: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [13]
*Mar 1 00:11:13.535: NAT: s=10.1.1.1->202.192.4.6, d=202.192.4.5 [14]
R1#
*Mar 1 00:11:13.607: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [14]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.2.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/76/96 ms
R1#
*Mar 1 00:13:47.739: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [15]
*Mar 1 00:13:47.807: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [15]
*Mar 1 00:13:47.807: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [16]
*Mar 1 00:13:47.879: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [16]
*Mar 1 00:13:47.879: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [17]
*Mar 1 00:13:47.975: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [17]
*Mar 1 00:13:47.975: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [18]
*Mar 1 00:13:48.047: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [18]
*Mar 1 00:13:48.047: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [19]
R1#
*Mar 1 00:13:48.119: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [19]
经过ping的结果可以知道,现在内部PC能够和外部的服务器进行通信了.再加上debug命令调试,可以清楚地看到NAT地址转换的进行.静态NAT转换是最简单的地址转换.如果有大量的地址转换的话要根据地址一对一地去转换,输入命令很多,配置起来很麻烦.
二、动态NAT
首先给R1的loopback0定义多个逻辑地址来模仿多个PC机
R1(config)#int loop0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#ip add 192.168.1.2 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.3 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.4 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.5 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.6 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.7 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.8 255.255.255.0 secondary
R1(config-if)#ip add 192.168.1.9 255.255.255.0 secondary
接下来定义外部转换的地址池
R1(config)#ip nat pool outpool 202.192.4.6 202.192.4.7 netmask 255.255.255.0 (定义一个转换地址池名称为outpool,内部地址转换后的地址都是从这个outpool里面的地址的)
R1(config)#access-list 10 permit host 192.168.1.1 (这里即是定义内部转换的地址)
R1(config)#access-list 10 permit host 10.1.2.1
R1(config)#access-list 10 permit host 192.168.1.2
R1(config)#access-list 10 permit host 192.168.1.3
R1(config)#access-list 10 permit host 192.168.1.4
定义转换
R1(config)#ip nat inside source list 10 pool outpool (定义了内部地址转换要通过access―list 10的验证控制,转换后的地址即是从outpool里面挑选)
好了,配置好动态NAT转换了,下面让我们来验证一下转换的效果如何
用扩展的ping以192.168.1.1和10.1.1.1为源地址,以202.192.4.5为目的地址,注意观察转换效果
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
*Mar 1 00:21:56.091: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [25]
*Mar 1 00:21:56.183: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [25].!
*Mar 1 00:21:58.087: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [26]
*Mar 1 00:21:58.199: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [26]
*Mar 1 00:21:58.199: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [27]
*Mar 1 00:21:58.295: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [27].!
*Mar 1 00:22:00.199: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [28]
*Mar 1 00:22:00.239: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [28]
*Mar 1 00:22:00.239: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [29]
*Mar 1 00:22:00.311: NAT*: s=202.192.4.5, d=202.192.4.6->10.1.1.1 [29].
Success rate is 40 percent (2/5), round-trip min/avg/max = 40/76/112 ms
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.2.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/91/120 ms
R1#
*Mar 1 00:24:04.467: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [35]
*Mar 1 00:24:04.559: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [35]
*Mar 1 00:24:04.559: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [36]
*Mar 1 00:24:04.631: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [36]
*Mar 1 00:24:04.631: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [37]
*Mar 1 00:24:04.727: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [37]
*Mar 1 00:24:04.727: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [38]
*Mar 1 00:24:04.847: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [38]
*Mar 1 00:24:04.847: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [39]
R1#
*Mar 1 00:24:04.919: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [39]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.3
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/76/120 ms
R1#
*Mar 1 00:27:24.771: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [65]
*Mar 1 00:27:24.815: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [65]
*Mar 1 00:27:24.815: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [66]
*Mar 1 00:27:24.887: NAT*: s=202.192.4.5, d=202.192.4.7->192.168.1.3 [66]
*Mar 1 00:27:24.887: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [67]
*Mar 1 00:27:25.007: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [67]
*Mar 1 00:27:25.007: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [68]
*Mar 1 00:27:25.079: NAT*: s=202.192.4.5, d=202.192.4.7->192.168.1.3 [68]
*Mar 1 00:27:25.079: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [69]
R1#
*Mar 1 00:27:25.151: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [69]
可以看到转换的外部地址是变化着的,即是动态的转换.
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.4
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.4
*Mar 1 00:27:37.035: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
*Mar 1 00:27:39.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
*Mar 1 00:27:41.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
*Mar 1 00:27:43.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
*Mar 1 00:27:45.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.
Success rate is 0 percent (0/5)
到这里要留意一下了,当用三个地址连续地ping202.192.4.5的时候,到第三个地址时提示出现在了错误.NAT放弃了地址的转换.细心的你可能发现了我们的外部转换地址只有2个,所以即使是动态转换也只能转换两个内部地址.如果要进行第3个地址转换的话,就只能等到前面的2个地址转换有一个转换停止.由此可看出这样的转换也有很大的局限性.如果想要实现多个地址去转换一个地址的话,就要用到新的转换方法了,也就下面所说的NAT超载转换.
三、NAT超载转换(PAT转换)
NAT超载的配置其实很简单,只需要在动态NAT配置命令的后面多加一个“overload”即可
R1(config)#ip nat inside source list 10 pool outpool overload (overload表示重复地选取地址池中的地址进行转换.其实是采用了逻辑地址的多个端口来进行映射交换,也就是一个被用来转换的外部地址可以取不同的端口对应内部的地址,这种技术称作PAT)
现在连续地用地址192.168.1.1、192.168.1.2、192.168.1.3、192.168.1.4、10.1.2.1扩展地去ping对端R2的S1/1(202.192.4.5),看一下能否连续地进行转换?会不会又像上面的动态NAT转换出现错误的信息?
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/100/120 ms
R1#
*Mar 1 00:10:58.127: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [15]
*Mar 1 00:10:58.243: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [15]
*Mar 1 00:10:58.243: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [16]
*Mar 1 00:10:58.339: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [16]
*Mar 1 00:10:58.339: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [17]
*Mar 1 00:10:58.435: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [17]
*Mar 1 00:10:58.435: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [18]
*Mar 1 00:10:58.531: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [18]
*Mar 1 00:10:58.531: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [19]
R1#
*Mar 1 00:10:58.627: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [19]
R1#ping
Protocol [ip]:
Target IP address:
% Bad IP address
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms
R1#
*Mar 1 00:11:12.671: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [20]
*Mar 1 00:11:12.787: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [20]
*Mar 1 00:11:12.787: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [21]
*Mar 1 00:11:12.859: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [21]
*Mar 1 00:11:12.859: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [22]
*Mar 1 00:11:12.955: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [22]
*Mar 1 00:11:12.955: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [23]
*Mar 1 00:11:13.075: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [23]
*Mar 1 00:11:13.075: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [24]
R1#
*Mar 1 00:11:13.147: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [24]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.3
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/100/120 ms
R1#
*Mar 1 00:11:30.719: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [25]
*Mar 1 00:11:30.811: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [25]
*Mar 1 00:11:30.811: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [26]
*Mar 1 00:11:30.931: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [26]
*Mar 1 00:11:30.931: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [27]
*Mar 1 00:11:31.003: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [27]
*Mar 1 00:11:31.003: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [28]
*Mar 1 00:11:31.099: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [28]
*Mar 1 00:11:31.099: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [29]
R1#
*Mar 1 00:11:31.219: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [29]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 192.168.1.4
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms
R1#
*Mar 1 00:11:40.247: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [30]
*Mar 1 00:11:40.315: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [30]
*Mar 1 00:11:40.315: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [31]
*Mar 1 00:11:40.435: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [31]
*Mar 1 00:11:40.435: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [32]
*Mar 1 00:11:40.507: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [32]
*Mar 1 00:11:40.507: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [33]
*Mar 1 00:11:40.603: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [33]
*Mar 1 00:11:40.603: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [34]
R1#
*Mar 1 00:11:40.723: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [34]
R1#ping
Protocol [ip]:
Target IP address: 202.192.4.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands
: y
Source address or interface: 10.1.2.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes
:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms
R1#
*Mar 1 00:11:49.463: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [35]
*Mar 1 00:11:49.579: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [35]
*Mar 1 00:11:49.579: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [36]
*Mar 1 00:11:49.651: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [36]
*Mar 1 00:11:49.651: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [37]
*Mar 1 00:11:49.723: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [37]
*Mar 1 00:11:49.723: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [38]
*Mar 1 00:11:49.819: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [38]
*Mar 1 00:11:49.819: NAT: s=10.1.2.1->202.192.4.7, d=202.192.4.5 [39]
R1#
*Mar 1 00:11:49.939: NAT*: s=202.192.4.5, d=202.192.4.7->10.1.2.1 [39]
细心的你可能发现了,前面的三个内部地址转换都是转换成202.192.4.6.这就说明了它是充许将多个地址转换成外部一个地址的.也就是所谓的NAT超载转换了.这种NAT地址转换可以大大地扩展IP地址的数量,为我们节省了大量的IP地址.因此是最常用的NAT地址转换方法.
本文出自 “孤帆远影碧空尽” 博客,请务必保留此出处/article/4226485.html本文出自 51CTO.COM技术博客
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- CCNA培训课总结笔记--NAT转换实验(十二)
- CCNA培训课总结笔记--RIP的基本配置(五)
- CCNA培训课总结笔记--RIPv1负载均衡(六)
- CCNA培训课总结笔记--交换机的基本配置(十三)
- CCNA培训课总结笔记--静态路由配置(三)
- CCNA培训课总结笔记--配置OSPF实验(十一)
- CCNA培训课总结笔记(一)
- CCNA培训课总结笔记--RIPv2的汇总实验(七)
- CCNA培训课总结笔记--扩展访问控制列表实验(九)
- CCNA培训课总结笔记--配置OSPF实验(十一)
- CCNA培训课总结笔记--交换机的基本配置(十三)
- CCNA培训课总结笔记--静态路由实现负载均衡(四)
- CCNA培训课总结笔记--交换机的基本配置(十三)
- CCNA培训课总结笔记--RIPv1负载均衡(六)
- CCNA培训课总结笔记--静态路由实现负载均衡(四)
- CCNA培训课总结笔记--RIP的基本配置(五)
- CCNA培训课总结笔记(一)
- CCNA培训课总结笔记--RIPv1负载均衡(六)
- CCNA培训课总结笔记--静态路由配置(三)
- CCNA培训课总结笔记--RIPv2的汇总实验(七)