静态NAT与标准ACL的混合使用

静态nat与标准acl 的混合使用

    <1>、将pc0和pc1得ip转换为环回地址。
    <2>、阻止1.1.1.2 的通信

    Router 1配置：
    Router>en
    Router#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#int f 0/0
    Router(config-if)#ip add 1.1.1.1 255.0.0.0
    Router(config-if)#no shut

    %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
    Router(config-if)#int f0/1
    Router(config-if)#ip add 2.2.2.1 255.0.0.0
    Router(config-if)#no shutdown

    %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
    Router(config-if)#exit
    Router(config)#
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
    Router(config)#int loopback 0

    %LINK-5-CHANGED: Interface Loopback0, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
    Router(config-if)#ip add 4.4.4.1 255.0.0.0
    Router(config-if)#no shut
    Router(config-if)#exit
    Router(config)#router rip
    Router(config-router)#network 1.0.0.0
    Router(config-router)#network 2.0.0.0
    Router(config-router)#network 4.0.0.0
    Router(config-router)#end
    %SYS-5-CONFIG_I: Configured from console by console
    Router#show ip rou
    Router#show ip route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default, U - per-user static route, o - ODR
           P - periodic downloaded static route

    Gateway of last resort is not set

    C    1.0.0.0/8 is directly connected, FastEthernet0/0
    C    2.0.0.0/8 is directly connected, FastEthernet0/1
    R    3.0.0.0/8 [120/1] via 2.2.2.2, 00:00:11, FastEthernet0/1
    C    4.0.0.0/8 is directly connected, Loopback0
    Router#configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#ip nat inside source s
    Router(config)#ip nat inside source static 1.1.1.2 4.4.4.2
    Router(config)#ip nat inside source static 1.1.1.3 4.4.4.3
    Router(config)#interface fastEthernet 0/0
    Router(config-if)#ip nat in
    Router(config-if)#ip nat inside
    Router(config-if)#no shut
    Router(config-if)#no shutdown
    Router(config-if)#int f0/1
    Router(config-if)#ip nat outside
    Router(config-if)#end
    %SYS-5-CONFIG_I: Configured from console by console
    Router#show ip nat ?
      statistics    Translation statistics
      translations  Translation entries
    Router#show ip nat tr
    Router#show ip nat translations
    Pro  Inside global     Inside local       Outside local      Outside global
    ---  4.4.4.2           1.1.1.2            ---                ---
    ---  4.4.4.3           1.1.1.3            ---                ---

    Router#ping 3.3.3.2

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 3.3.3.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 ms

    Router#conf
    Configuring from terminal, memory, or network [terminal]?
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#acc
    Router(config)#access-list ?
      <1-99>     IP standard access list
      <100-199>  IP extended access list
    Router(config)#access-list 1 ?
      deny    Specify packets to reject
      permit  Specify packets to forward
      remark  Access list entry comment
    Router(config)#access-list 1 deny ho
    Router(config)#access-list 1 deny host 1.1.1.2
    Router(config)#access-list 1 per
    Router(config)#access-list 1 permit any
    Router(config)#exit
    %SYS-5-CONFIG_I: Configured from console by console
    Router#show acc
    Router#show access-lists
    Standard IP access list 1
        deny host 1.1.1.2
        permit any
    Router#configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#interface fastEthernet 0/0
    Router(config-if)#ip access-group 1 in
    Router(config-if)#no shut
    Router(config-if)#
    Router(config-if)#

    Rourer 1 的配置：
    Router>en
    Router#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#int f0/0
    Router(config-if)#ip add 3.3.3.1 255.0.0.0
    Router(config-if)#no shutdown

    %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
    Router(config-if)#
    Router(config-if)#int f0/1
    Router(config-if)#ip add 2.2.2.2 255.0.0.0
    Router(config-if)#no shut

    %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
    Router(config-if)#
    Router(config-if)#exit
    Router(config)#router rip
    Router(config-router)#net
    Router(config-router)#network 2.0.0.0
    Router(config-router)#network 3.0.0.0
    Router(config-router)#end
    %SYS-5-CONFIG_I: Configured from console by console
    Router#show ip rou
    Router#show ip route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default, U - per-user static route, o - ODR
           P - periodic downloaded static route

    Gateway of last resort is not set

    R    1.0.0.0/8 [120/1] via 2.2.2.1, 00:00:24, FastEthernet0/1
    C    2.0.0.0/8 is directly connected, FastEthernet0/1
    C    3.0.0.0/8 is directly connected, FastEthernet0/0
    R    4.0.0.0/8 [120/1] via 2.2.2.1, 00:00:24, FastEthernet0/1
    Router#ping 4.4.4.2

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 81/91/94 ms

    Router#ping 4.4.4.3

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 4.4.4.3, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 63/84/94 ms

    Router#

    在pc1 上的测试：
    Packet Tracer PC Command Line 1.0
    PC>ping 3.3.3.2

    Pinging 3.3.3.2 with 32 bytes of data:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 3.3.3.2:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    PC>ping 1.1.1.1

    Pinging 1.1.1.1 with 32 bytes of data:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 1.1.1.1:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    PC>