R1、R2、R3模擬企業內網跑RIPv2路由協議,R3是企業網關,實現全網互通,內網通過NAT轉換訪問Internet,目標爲4.4.4.4/24
R1
en
conf t
line con 0
no exec-t
exit
host R1
int f0/0
no sh
ip add 192.168.12.1 255.255.255.0
exit
router rip
ver 2
no au
net 192.168.12.0
en
conf t
line con 0
no exec-t
exit
host R1
int f0/0
no sh
ip add 192.168.12.1 255.255.255.0
exit
router rip
ver 2
no au
net 192.168.12.0
===================R2============================
en
conf t
line con 0
no exec-t
exit
host R2
int f0/0
no sh
ip add 192.168.12.2 255.255.255.0
int f1/0
no sh
ip add 192.168.23.2 255.255.255.0
exit
router rip
ver 2
no au
net 192.168.12.0
net 192.168.23.0
end
en
conf t
line con 0
no exec-t
exit
host R2
int f0/0
no sh
ip add 192.168.12.2 255.255.255.0
int f1/0
no sh
ip add 192.168.23.2 255.255.255.0
exit
router rip
ver 2
no au
net 192.168.12.0
net 192.168.23.0
end
================R3=========================
en
conf t
line con 0
no exec-t
exit
host R3
int f0/0
no sh
ip add 192.168.23.3 255.255.255.0
int f1/0
no sh
ip add 34.34.34.3 255.255.255.0
int lo 0
ip add 3.3.3.3 255.0.0.0
exit
router rip
ver 2
no au
net 192.168.23.0
end
conf t
line con 0
no exec-t
exit
host R3
int f0/0
no sh
ip add 192.168.23.3 255.255.255.0
int f1/0
no sh
ip add 34.34.34.3 255.255.255.0
int lo 0
ip add 3.3.3.3 255.0.0.0
exit
router rip
ver 2
no au
net 192.168.23.0
end
R3(config)#ip default-network 3.0.0.0 向內網下發默認路由
R3(config)#ip route 0.0.0.0 0.0.0.0 34.34.34.4
R3(config)#ip route 0.0.0.0 0.0.0.0 34.34.34.4
NAT配置
R3(config)#access-list 1 permit 192.168.0.0 0.0.255.255
R3(config)#ip nat inside source list 1 interface FastEthernet1/0 overload
R3(config)#interface FastEthernet0/0
R3(config-if)#ip nat inside
R3(config)#interface FastEthernet1/0
R3(config-if)#ip nat outside
R3(config)#access-list 1 permit 192.168.0.0 0.0.255.255
R3(config)#ip nat inside source list 1 interface FastEthernet1/0 overload
R3(config)#interface FastEthernet0/0
R3(config-if)#ip nat inside
R3(config)#interface FastEthernet1/0
R3(config-if)#ip nat outside
===================R4===============================
en
conf t
line con 0
no exec-t
exit
host R4
int f0/0
no sh
ip add 34.34.34.4 255.255.255.0
int lo0
no sh
ip add 4.4.4.4 255.255.255.0
conf t
line con 0
no exec-t
exit
host R4
int f0/0
no sh
ip add 34.34.34.4 255.255.255.0
int lo0
no sh
ip add 4.4.4.4 255.255.255.0
實驗調試
向內網下發默認路由後,會產生一條指向下一跳的默認路由
R1#sh ip route
Gateway of last resort is 192.168.12.2 to network 0.0.0.0
Gateway of last resort is 192.168.12.2 to network 0.0.0.0
C 192.168.12.0/24 is directly connected, FastEthernet0/0
R 192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:01, FastEthernet0/0
R* 0.0.0.0/0 [120/2] via 192.168.12.2, 00:00:01, FastEthernet0/0
R 192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:01, FastEthernet0/0
R* 0.0.0.0/0 [120/2] via 192.168.12.2, 00:00:01, FastEthernet0/0
R2#sh ip route
Gateway of last resort is 192.168.23.3 to network 0.0.0.0
Gateway of last resort is 192.168.23.3 to network 0.0.0.0
C 192.168.12.0/24 is directly connected, FastEthernet0/0
C 192.168.23.0/24 is directly connected, FastEthernet1/0
R* 0.0.0.0/0 [120/1] via 192.168.23.3, 00:00:23, FastEthernet1/0
C 192.168.23.0/24 is directly connected, FastEthernet1/0
R* 0.0.0.0/0 [120/1] via 192.168.23.3, 00:00:23, FastEthernet1/0
R3#sh ip route
Gateway of last resort is 34.34.34.4 to network 0.0.0.0
Gateway of last resort is 34.34.34.4 to network 0.0.0.0
34.0.0.0/24 is subnetted, 1 subnets
C 34.34.34.0 is directly connected, FastEthernet1/0
R 192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:17, FastEthernet0/0
C* 3.0.0.0/8 is directly connected, Loopback0
C 192.168.23.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 34.34.34.4
C 34.34.34.0 is directly connected, FastEthernet1/0
R 192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:17, FastEthernet0/0
C* 3.0.0.0/8 is directly connected, Loopback0
C 192.168.23.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 34.34.34.4
NAT調試
R3#debug ip nat
IP NAT debugging is on
R3#
*Mar 1 00:35:16.295: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [25]
*Mar 1 00:35:16.391: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [25]
*Mar 1 00:35:16.515: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [26]
*Mar 1 00:35:16.563: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [26]
*Mar 1 00:35:16.631: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [27]
*Mar 1 00:35:16.671: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [27]
*Mar 1 00:35:16.763: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [28]
*Mar 1 00:35:16.795: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [28]
*Mar 1 00:35:16.907: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [29]
R3#
*Mar 1 00:35:16.999: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [29]
IP NAT debugging is on
R3#
*Mar 1 00:35:16.295: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [25]
*Mar 1 00:35:16.391: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [25]
*Mar 1 00:35:16.515: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [26]
*Mar 1 00:35:16.563: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [26]
*Mar 1 00:35:16.631: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [27]
*Mar 1 00:35:16.671: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [27]
*Mar 1 00:35:16.763: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [28]
*Mar 1 00:35:16.795: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [28]
*Mar 1 00:35:16.907: NAT*: s=192.168.12.1->34.34.34.3, d=4.4.4.4 [29]
R3#
*Mar 1 00:35:16.999: NAT*: s=4.4.4.4, d=34.34.34.3->192.168.12.1 [29]
測試ping
R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
R1#traceroute 4.4.4.4
Type escape sequence to abort.
Tracing the route to 4.4.4.4
Tracing the route to 4.4.4.4
1 192.168.12.2 128 msec 96 msec 60 msec
2 192.168.23.3 128 msec 76 msec 140 msec
3 34.34.34.4 252 msec * 232 msec
2 192.168.23.3 128 msec 76 msec 140 msec
3 34.34.34.4 252 msec * 232 msec
注意事項:
- 向rip網絡中注入默認路由先ip default-network,後寫指向外網的默認路由,宣告ip default-network 必須是有類
- 一般企業分配的公有IP是無類的,所以必須在環回口上宣告一個有類ip地址,例如本文的R3上3.3.3.3/8