当前位置：网站首页>Hcia-r & s self use notes (25) NAT technical background, NAT type and configuration

Hcia-r & s self use notes (25) NAT technical background, NAT type and configuration

2022-07-29 05:38:00 【Master basket ladle Xiao Lu】

NAT Technical background （7/27,29min）

There will be no private network route in the router of the operator （ mention MPLS VPN）

Broadband / The difference between wireless router and carrier router

A terminal will make the router produce a lot of NAT Convert information

NAT Type and configuration （7/27,86min）

static state NAT

If the operator assigns me five public network addresses ？ Can I configure five addresses on one interface ？（ Just use the address pool ）

static state NAT To configure ：

command	remarks
nat static enable	Turn on static NAT function
nat static global x.x.x.x（ Male ）inside 192.168.1.1	Create static NAT
display nat static	View static NAT To configure

Be careful , static state NAT For one-on-one , A private address corresponds to a public address , It is mostly used for server mapping .

dynamic NAT

The characteristic is the need etc.

dynamic NAT And PAT To configure ：

command	remarks
nat address-group 1 x.x.x.x x.x.x.x.y	To configure NAT Address pool , The range can be set （0-7）
nat outbound acl 2000 address group 1	It's related to a ACL With a ACL Address pool ; ACL Used to match the source address that needs to be converted （ This is the case PAT Pattern ）
nat outbound acl 2000 address group 1 no-pat	ditto , This is a normal dynamic NAT Pattern
display nat address-group	see NAT Address pool configuration information
display nat outbound	See what's going on NAT Configuration information
display nat session all	Check out the router NAT The mapping table

dynamic NAT Under the circumstances , Even a terminal once ping All use a public address

PAT/NAT-PT/NAPT

Usually suitable for large enterprise networks （ Applied for multiple fixed public networks IP）

Every time of different terminals ping when ID（New IcmpID） Dissimilarity , And others include TCP/UDP The message port number of is also different

Easy IP/SNAT（ Source NAT）

Do not create an address pool （PAT You need to create an address pool ）, Directly associate the interface

Easy IP To configure ：

command	remarks
int GigabitEthernet 0/0/1
nat outbound acl 2000	Associate the outbound interface with ACL

NAT The server /DANT

When an Internet user accesses an intranet server ,NAT Server By pre configured “ Public network IP Address + Port number ” And “ The private network IP Address + Port number ” The mapping relationship between , Will server's “ Public network IP Address + Port number ” According to the mapping relationship, replace it with correspondence to get “ The private network IP Address + Port number ”

NAT Server configuration ：

command

remarks

（ Interface view ）

nat server protocol tcp/udp

global x.x.x.x/Gigabitethernet 0/0/x 3333 inside

192.168.1.1 80

To configure NAT The server

（ Internet user access x.x.x.x:3333 when , Actually visit 192.168.1.1:80）

display nat server

verification NAT The server

There are two ways for the external network to access the internal network ：

Port mapping /NAT The server （ Publish services to the Internet ）、VPN（ More secure ）

R1 Interface configuration for ：

#
interface GigabitEthernet0/0/0
 ip address 192.168.0.254 255.255.255.0 
 dhcp select interface
#
interface GigabitEthernet0/0/1
 ip address 12.0.0.1 255.255.255.0 
 traffic-filter outbound acl 2000
 nat server protocol tcp global 12.0.0.10 8888 inside 192.168.0.100 www
// Be careful , This is not an interface address 
 nat outbound 2000
#

Other addresses are configured as above , here HTTP client （2.0.0.20） You can access Server1

原网站

版权声明
本文为[Master basket ladle Xiao Lu]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/210/202207290511132431.html