CCIE实验室考试指南(8)
添加时间: 2008-1-4 4:06:15 作者: Cisco教程指导 阅读次数:32 来源: http://www.d9soft.com
lab 08 -
nat translation
all configurations will refer to the diagram below.
此主题相关图片如下:
version 11.3
no service password-encryption
!
hostname router_a
!
enable secret 5 $1$.s1r$iaeqzxlnyjo2qlzi8unao0
enable password guess
!
ip nat pool nat-example
200.200.200.1 200.200.200.255 prefix-length 24
ip nat inside source list 1 pool nat-example
!
interface ethernet0/0
ip address 200.200.200.1 255.255.255.0
secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
!
interface serial0/0
ip address 150.100.10.72 255.255.255.0
ip nat outside
encapsulation frame-relay
!
interface tokenring0/0
no ip address
shutdown
ring-speed 16
!
interface fastethernet1/0
no ip address
shutdown
!
router rip
network 200.200.200.0
network 150.100.0.0
!
ip classless
no logging buffered
access-list 1 permit 10.10.10.0 0.0.0.255
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end
explanation of the bold commands:
ip nat pool-
defines the pool name of "nat-example" the first public address is
200.200.200.1 and the last address 200.200.200.255. the mask is
255.255.255.0 or /24
ip nat inside source-
applies the access-list 1 to the pool "nat-example"
ip address 200.200.200.1 255.255.255.0 secondary-
applies the public address to the e0/0 interface as a secondary
address. since we want to advertise the public address we must
configure the address.
ip nat inside-
defines the e0/0 interface as the inside address
ip nat outside-
define serial 0 as the outside addresses
router rip-
network 200.200.200.0
because we configures the 200.200.200.0 address as a secondary
address we can advertise it with rip.
access-list 1 permit 10.10.10.0 0.0.0.0.255
permits the private addresses on the 10.10.10.o subnet to be
translated to the public address.
the following is the actual translation taken after the seri10.10.10.1
interface of the router and the workstation 10.10.10.2 performed a
ping of the serial interface of the isp’s router.
router_a#sh ip nat trans
pro inside global inside local outside local outside global
--- 200.200.200.1 10.10.10.1 --- ---
--- 200.200.200.2 10.10.10.2 --- --
the scenario is as follows:
your organization is using the private address of 10.0.0.0 /24. your
isp has assigned the public address of 200.200.200.0 /24 to your
organization.
our goal is to configure router a to provide us with address
translation to go from the private address to the public address. we
also want to advertise this public address out to the world.
the configuration commands that accomplish these goals are
presented in bold.
current configuration:
!
上一篇文章: 半双工与全双工网卡之区别 下一篇文章: CCIE实验室考试指南(6)