静态NAT和ACL的区别.docx
- 文档编号:9763966
- 上传时间:2023-05-21
- 格式:DOCX
- 页数:8
- 大小:34.96KB
静态NAT和ACL的区别.docx
《静态NAT和ACL的区别.docx》由会员分享,可在线阅读,更多相关《静态NAT和ACL的区别.docx(8页珍藏版)》请在冰点文库上搜索。
静态NAT和ACL的区别
静态nat与标准acl的混合使用
2009-06-2020:
36:
03
标签:
aclnat
原创作品,允许转载,转载时请务必以超链接形式标明文章原始出处、作者信息和本声明。
否则将追究法律责任。
静态nat与标准acl的混合使用
<1>、将pc0和pc1得ip转换为环回地址。
<2>、阻止1.1.1.2的通信
Router1配置:
Router>en
Router#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#intf0/0
Router(config-if)#ipadd1.1.1.1255.0.0.0
Router(config-if)#noshut
%LINK-5-CHANGED:
InterfaceFastEthernet0/0,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceFastEthernet0/0,changedstatetoup
Router(config-if)#intf0/1
Router(config-if)#ipadd2.2.2.1255.0.0.0
Router(config-if)#noshutdown
%LINK-5-CHANGED:
InterfaceFastEthernet0/1,changedstatetoup
Router(config-if)#exit
Router(config)#
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceFastEthernet0/1,changedstatetoup
Router(config)#intloopback0
%LINK-5-CHANGED:
InterfaceLoopback0,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceLoopback0,changedstatetoup
Router(config-if)#ipadd4.4.4.1255.0.0.0
Router(config-if)#noshut
Router(config-if)#exit
Router(config)#routerrip
Router(config-router)#network1.0.0.0
Router(config-router)#network2.0.0.0
Router(config-router)#network4.0.0.0
Router(config-router)#end
%SYS-5-CONFIG_I:
Configuredfromconsolebyconsole
Router#showiprou
Router#showiproute
Codes:
C-connected,S-static,I-IGRP,R-RIP,M-mobile,B-BGP
D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2,E-EGP
i-IS-IS,L1-IS-ISlevel-1,L2-IS-ISlevel-2,ia-IS-ISinterarea
*-candidatedefault,U-per-userstaticroute,o-ODR
P-periodicdownloadedstaticroute
Gatewayoflastresortisnotset
C1.0.0.0/8isdirectlyconnected,FastEthernet0/0
C2.0.0.0/8isdirectlyconnected,FastEthernet0/1
R3.0.0.0/8[120/1]via2.2.2.2,00:
00:
11,FastEthernet0/1
C4.0.0.0/8isdirectlyconnected,Loopback0
Router#configureterminal
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#ipnatinsidesources
Router(config)#ipnatinsidesourcestatic1.1.1.24.4.4.2
Router(config)#ipnatinsidesourcestatic1.1.1.34.4.4.3
Router(config)#interfacefastEthernet0/0
Router(config-if)#ipnatin
Router(config-if)#ipnatinside
Router(config-if)#noshut
Router(config-if)#noshutdown
Router(config-if)#intf0/1
Router(config-if)#ipnatoutside
Router(config-if)#end
%SYS-5-CONFIG_I:
Configuredfromconsolebyconsole
Router#showipnat?
statisticsTranslationstatistics
translationsTranslationentries
Router#showipnattr
Router#showipnattranslations
ProInsideglobalInsidelocalOutsidelocalOutsideglobal
---4.4.4.21.1.1.2------
---4.4.4.31.1.1.3------
Router#ping3.3.3.2
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto3.3.3.2,timeoutis2seconds:
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=62/62/63ms
Router#conf
Configuringfromterminal,memory,ornetwork[terminal]?
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#acc
Router(config)#access-list?
<1-99>IPstandardaccesslist
<100-199>IPextendedaccesslist
Router(config)#access-list1?
denySpecifypacketstoreject
permitSpecifypacketstoforward
remarkAccesslistentrycomment
Router(config)#access-list1denyho
Router(config)#access-list1denyhost1.1.1.2
Router(config)#access-list1per
Router(config)#access-list1permitany
Router(config)#exit
%SYS-5-CONFIG_I:
Configuredfromconsolebyconsole
Router#showacc
Router#showaccess-lists
StandardIPaccesslist1
denyhost1.1.1.2
permitany
Router#configureterminal
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#interfacefastEthernet0/0
Router(config-if)#ipaccess-group1in
Router(config-if)#noshut
Router(config-if)#
Router(config-if)#
Rourer1的配置:
Router>en
Router#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#intf0/0
Router(config-if)#ipadd3.3.3.1255.0.0.0
Router(config-if)#noshutdown
%LINK-5-CHANGED:
InterfaceFastEthernet0/0,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceFastEthernet0/0,changedstatetoup
Router(config-if)#
Router(config-if)#intf0/1
Router(config-if)#ipadd2.2.2.2255.0.0.0
Router(config-if)#noshut
%LINK-5-CHANGED:
InterfaceFastEthernet0/1,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceFastEthernet0/1,changedstatetoup
Router(config-if)#
Router(config-if)#exit
Router(config)#routerrip
Router(config-router)#net
Router(config-router)#network2.0.0.0
Router(config-router)#network3.0.0.0
Router(config-router)#end
%SYS-5-CONFIG_I:
Configuredfromconsolebyconsole
Router#showiprou
Router#showiproute
Codes:
C-connected,S-static,I-IGRP,R-RIP,M-mobile,B-BGP
D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2,E-EGP
i-IS-IS,L1-IS-ISlevel-1,L2-IS-ISlevel-2,ia-IS-ISinterarea
*-candidatedefault,U-per-userstaticroute,o-ODR
P-periodicdownloadedstaticroute
Gatewayoflastresortisnotset
R1.0.0.0/8[120/1]via2.2.2.1,00:
00:
24,FastEthernet0/1
C2.0.0.0/8isdirectlyconnected,FastEthernet0/1
C3.0.0.0/8isdirectlyconnected,FastEthernet0/0
R4.0.0.0/8[120/1]via2.2.2.1,00:
00:
24,FastEthernet0/1
Router#ping4.4.4.2
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto4.4.4.2,timeoutis2seconds:
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=81/91/94ms
Router#ping4.4.4.3
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto4.4.4.3,timeoutis2seconds:
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=63/84/94ms
Router#
在pc1上的测试:
PacketTracerPCCommandLine1.0
PC>ping3.3.3.2
Pinging3.3.3.2with32bytesofdata:
Requesttimedout.
Requesttimedout.
Requesttimedout.
Requesttimedout.
Pingstatisticsfor3.3.3.2:
Packets:
Sent=4,Received=0,Lost=4(100%loss),
PC>ping1.1.1.1
Pinging1.1.1.1with32bytesofdata:
Requesttimedout.
Requesttimedout.
Requesttimedout.
Requesttimedout.
Pingstatisticsfor1.1.1.1:
Packets:
Sent=4,Received=0,Lost=4(100%loss),
PC>
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 静态 NAT ACL 区别
![提示](https://static.bingdoc.com/images/bang_tan.gif)