自動目錄
NAT 的型態
- Static NAT -- 一個私有ip對應到一個公有ip
- Dynamic NAT -- 一個私有ip對應到一群公有ip
- Overlapping -- 多個私有ip對應到一個公有ip,也是我們一般認知的NAT
位址型態
- inside global
- inside local
- outside local
- outside global
我畫一個圖來解釋,此圖上的IP不具意義,僅供參考
架構圖
設定參數
Router2: FastEth 0/0 10.200.0.254/25 連接 PC4 ,提供PC4 DHCP
FastEth 4/0 172.20.0.1/24 介接 Router3
Router2: FastEth 4/0 172.20.0.254/24 介接 Router2
設定
Router2
- 由FastEth 0/0 進來之IP 經由FastEth 4/0出去,會帶著自訂的 myippool (172.20.0.250~172.20.0.253)其中之一出去
- 只淮許 10.200.0.128/25 的IP進行 PAT
interface FastEthernet0/0
ip address 10.200.0.254 255.255.255.128
ip nat inside
!
interface FastEthernet4/0
ip address 172.20.0.1 255.255.255.0
ip nat outside
!
ip nat pool myippool 172.20.0.250 172.20.0.253 netmask 255.255.255.0
ip nat inside source list 2 pool myippool overload
access-list 2 permit 10.200.0.128 0.0.0.127
- 排除 10.200.0.129 ~10.200.0.133、10.200.0.151~10.200.0.160
(這兩段 cisco可以容許多個dhcp,排除的設定是設定在global而非在dhcp 內) - 設定dhcp network0 配發在10.200.0.128 255.255.255.128網段中、預設路由10.200.0.254和dns 163.17.40.3
ip dhcp excluded-address 10.200.0.129 10.200.0.133
ip dhcp excluded-address 10.200.0.151 10.200.0.160
!
ip dhcp pool network0
network 10.200.0.128 255.255.255.128
default-router 10.200.0.254
dns-server 163.17.40.3
!
除錯
Router#sh ip nat translations
Router#
NAT: s=10.200.0.129->172.20.0.250, d=192.168.0.1[5] 出去 pkgs
NAT*: s=172.20.0.254, d=172.20.0.250->10.200.0.129[5] 回來的pkgs
NAT: s=10.200.0.129->172.20.0.250, d=192.168.0.1[6]
NAT*: s=172.20.0.254, d=172.20.0.250->10.200.0.129[6]
NAT: s=10.200.0.129->172.20.0.250, d=192.168.0.1[7]
....
參考資料
[1] cisco local and global def. http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml
[2] NAT http://blog.yam.com/linadonis/article/21205470
[3] http://tosian.blogspot.com/2008/04/cisco-dhcp-on-cisco-switch.html
原文 2012-03-27 10:40:23
