R3配置
[V200R003C00]
#
sysname Router
#
board add 0/4 8FE1GE
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone Indian Standard Time minus 05:13:20
clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23 00:00 2005 2005
#
drop illegal-mac alarm
#
vlan batch 100 200
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 192.168.20.0 0.0.0.255
acl number 2001
rule 5 permit source 10.0.0.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 1 202.169.10.100 202.169.10.200
nat address-group 2 202.169.10.80 202.169.10.83
#
interface Vlanif100
ip address 192.168.20.1 255.255.255.0
#
interface Vlanif200
ip address 10.0.0.1 255.255.255.0
#
interface Ethernet4/0/0
port link-type access
port default vlan 100
#
interface Ethernet4/0/1
port link-type access
port default vlan 200
#
interface Ethernet4/0/2
#
interface Ethernet4/0/3
#
interface Ethernet4/0/4
#
interface Ethernet4/0/5
#
interface Ethernet4/0/6
#
interface Ethernet4/0/7
#
interface GigabitEthernet0/0/0
ip address 202.169.10.1 255.255.255.0
nat outbound 2000 address-group 1 no-pat
nat outbound 2001 address-group 2
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 202.169.10.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
returnR4配置
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone Indian Standard Time minus 05:13:20
clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23 00:00 2005 2005
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 202.169.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return在R3上查看NAT信息
dis nat address-group verbose
在R3的g 0/0/0口抓包,會發現NAT地址經過了正常的轉換了
1)在PC1上ping 202.169.10.2,同時發現轉換的公網IP地址是變化的
2)在PC2上ping 202.169.10.2,同時發現轉換的公網IP地址是不化的
- 先只ping一個包
![動態NAT,抓包]()
- 長ping,一直都是202.169.10.82這個地址
![動態NAT,抓包]()
