Switch and Router Technology-34-Dynamic NAT

动态NAT        

静态NAT 回顾

静态NAT  1—>1转 192.168.1.1----->64.23.54.99

命令：

Define intranet and extranet interfaces on the interface

Router(config)#int g0/0

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#int g0/1

Router(config-if)#ip nat outside

Router(config-if)#exit

Router(config-if)#in nat  inside source static内部ip 公网ip

Check out the conversion table：

Show ip nat translations

To do this experiment, the external network host does not need to configure the gateway,Configuring a gateway is routing rather than static translation

动态NAT

动态的,多对多

第一步,Complete topology construction,划分网段,为PC配置IP地址,注意PC3No gateway is required

第二步：Define the internal network interface and the external network interface on the egress router

Router(config)#int g0/0

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#int g0/1

Router(config-if)#ip nat outside

Router(config-if)#exit

Router(config)#

第三步：

1.Define the scope of the intranet 使用ACL来定义允许

Router(config)#access-list 10 permit 192.168.10.0 0.0.0.255

2. Define the scope of the extranet,使用名称指定范围IP

Router(config)#ip nat pool dtnat 23.34.56.70 23.34.56.71 netmask 255.255.255.0

3.应用

Router(config)#ip nat inside source list 10 pool dtnat

The three internal addresses correspond to the two public network addresses,Only two devices can use the external network at most at the same time

Check out the conversion table

clear conversion table

Router#Clear ip nat translations *

The configuration of the egress router

Router(config)#

Router(config)#int g0/0

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#int g0/1

Router(config-if)#ip nat outside

Router(config-if)#exit

Router(config)#ip nat inside ?

source Source address translation

Router(config)#ip nat inside source ?

list Specify access list describing local addresses

static Specify static local->global mapping

Router(config)#ip nat inside source list ?

<1-199> Access list number for local addresses

WORD Access list name for local addresses

第一步：

创建ACL 允许192.168.10.0 网段通过,注意ACL使用的是反掩码

Router(config)#access-list 10 permit ?

  A.B.C.D  Address to match

  any      Any source host

  host     A single host address

Router(config)#access-list 10 permit 192.168.10.0 ?

  A.B.C.D  Wildcard bits

  <cr>

Router(config)#access-list 10 permit 192.168.10.0 0.0.0.255

第二步：

创建PoolDefine the public network address range,Note that the subnet mask should be added to determine the size of the network range

Router(config)#ip nat ?

  inside   Inside address translation

  outside  Outside address translation

  pool     Define pool of addresses

Router(config)#ip nat pool nat ?

  A.B.C.D  Start IP address

Router(config)#ip nat pool nat 23.34.56.70 ?

  A.B.C.D  End IP address

Router(config)#ip nat pool nat 23.34.56.70 23.34.56.71

% Incomplete command.

Router(config)#ip nat pool nat 23.34.56.70 23.34.56.71 ?

  netmask  Specify the network mask

Router(config)#ip nat pool nat 23.34.56.70 23.34.56.71 netmask 255.255.255.0

应用：

Router(config)#ip nat inside source ?

  list    Specify access list describing local addresses

  static  Specify static local->global mapping

Router(config)#ip nat inside source list 10 ?

  interface  Specify interface for global address

  pool       Name pool of global addresses

Router(config)#ip nat inside source list 10 pool nat