3)验证网络通信是否正常
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.0.0.6 to network 0.0.0.0
10.0.0.0/30 is subnetted, 3 subnets
C 10.0.0.8 is directly connected, FastEthernet0/0
O IA 10.0.0.0 [110/2] via 10.0.0.6, 00:02:31, FastEthernet1/0
C 10.0.0.4 is directly connected, FastEthernet1/0
192.168.255.0/32 is subnetted, 3 subnets
C 192.168.255.3 is directly connected, Loopback0
O IA 192.168.255.2 [110/3] via 10.0.0.6, 00:02:31, FastEthernet1/0
O IA 192.168.255.1 [110/2] via 10.0.0.6, 00:02:31, FastEthernet1/0
192.168.1.0/32 is subnetted, 1 subnets
O IA 192.168.1.1 [110/2] via 10.0.0.6, 00:02:33, FastEthernet1/0
O E2 192.168.2.0/24 [110/20] via 10.0.0.6, 00:02:33, FastEthernet1/0
O E2 192.168.100.0/24 [110/20] via 10.0.0.6, 00:02:33, FastEthernet1/0
S 192.168.3.0/24 [1/0] via 10.0.0.9
O*E2 0.0.0.0/0 [110/1] via 10.0.0.6, 00:02:35, FastEthernet1/0
R4#ping 192.168.2.1 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!
R5#ping 10.0.0.5 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
4) 在R1路由器上配置NAT
R1(config)#int f1/0
R1(config-if)#ip nat inside
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config)#int f2/0
R1(config-if)#ip nat outside
R1(config)#access-list 1 permit any
R1(config)#ip nat inside source list 1 int f2/0 overload
测试内网访问外网的连通性
R5#ping 59.56.61.1 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
R4#ping 59.56.61.1 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!
当然,我们可以禁止192.168.2.0的网段对外网的访问:
R1(config)#no access-list 1
R1(config)#access-list 1 deny 192.168.2.0 0.0.0.255
R1(config)#access-list 1 permit any
R1(config)#ip nat inside source list 1 interface f2/0 overload
R5#ping 59.56.61.1 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
.....
R4#ping 59.56.61.1 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!
完整Word文档可以到Linux公社资源站下载:
------------------------------------------分割线------------------------------------------
具体下载目录在 /2017年资料/5月/29日/Cisco之路由重分发和配置NAT/
------------------------------------------分割线------------------------------------------