您的位置:首页 > 其它

思科路由器NAT配置详解

2013-07-09 09:55 246 查看
192.168.55.2这一个ip给上网,cisco7206路由器,(E0/0外网,F1/1.1vlan34 F1/1.2vlan35 F1/1.3vlan36,F1/1与C2950F0/1相连)下面挂一个CISCO2950 想通过这一个ip把多网段主机都上网,vlan34 10.10.3.Xvlan35 10.10.4.Xvlan36 10.10.5.X(VLAN在C2950上做好了已经)

(config)#int F1/1.1 / 配置F1/1.1 子接口
(config-if)# encapsulation dot1Q 34/封装属于VLAN34
(config-if)#ip address 10.10.3.1 255.255.255.0
(config-if)#ip nat inside /设置为内网
(config-if)#no sh
(config-if)#exit
(config)#int F1/1.2 / 配置F1/1.2 子接口
(config-if)# encapsulation dot1Q 35/封装属于VLAN35
(config-if)#ip address 10.10.4.1 255.255.255.0
(config-if)#ip nat inside /设置为内网
(config-if)#no sh
(config-if)#exit
(config)#int F1/1.3 / 配置F1/1.3 子接口
(config-if)# encapsulation dot1Q 36/封装属于VLAN36
(config-if)#ip address 10.10.5.1 255.255.255.0
(config-if)#ip nat inside /设置为内网
(config-if)#no sh
(config-if)#exit

(config)#int E0/0
(config-if)# ip address 192.168.55.2 255.255.255.128*外网端口,假设192.168.55.2为外部上网IP
(config-if)#ip nat outside /设置为外网
(config-if)#no sh
(config-if)#exit

(config)#ip nat pool zytvoa 192.168.55.2 192.168.55.2 netmask 255.255.255.128 /设置外部地址池起始地址掩码
(config)#access-list 1 permit 10.10.0.0 0.0.255.255 /配置内网口段范围
(config)#ip nat inside source list 1 pool zytvoa overload/配置PAT
(config)#ip route 0.0.0.0 0.0.0.0 Ethernet0/0 192.168.55.1/配置默认路由下一跳(网关)
C7206完成后配置
interface Ethernet0/0*外网端口,假设192.168.55.2为外部上网IP
ip address 192.168.55.2 255.255.255.128
ip nat outside*
ip virtual-reassembly
duplex auto
!
interface GigabitEthernet0/0
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface FastEthernet1/0
ip address 10.10.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex half
!
interface FastEthernet1/1
no ip address
duplex half
!
interface FastEthernet1/1.1
encapsulation dot1Q 34
ip address 10.10.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet1/1.2
encapsulation dot1Q 35
ip address 10.10.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet1/1.3
encapsulation dot1Q 36
ip address 10.10.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface ATM2/0
no ip address
shutdown
no atm ilmi-keepalive
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 192.168.55.1
!
no ip http server
no ip http secure-server
!
ip nat pool zytvoa 192.168.55.2 192.168.55.2 netmask 255.255.255.128
ip nat inside source list 1 pool zytvoa overload
!
access-list 1 permit 10.10.0.0 0.0.255.255
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: