网络地址转换NAT四种方式及访问控制策略ACL应用Word文件下载.docx

网络地址转换NAT四种方式及访问控制策略ACL应用Word文件下载.docx

《网络地址转换NAT四种方式及访问控制策略ACL应用Word文件下载.docx》由会员分享，可在线阅读，更多相关《网络地址转换NAT四种方式及访问控制策略ACL应用Word文件下载.docx（8页珍藏版）》请在冰豆网上搜索。

ipaddress192.168.1.1255.255.255.0

#

interfaceVlanif2

ipaddress192.168.2.1255.255.255.0

interfaceVlanif3

ipaddress172.16.1.1255.255.255.0

interfaceVlanif4

ipaddress172.16.2.1255.255.255.0

interfaceEthernet0/0/2

portlixxxxnk-typeaccess

portdefaultvlan2

interfaceEthernet0/0/3

portdefaultvlan3

interfaceEthernet0/0/4

portdefaultvlan4

iproute-static0.0.0.00.0.0.0192.168.1.254

[AR1]

interfaceGigabitEthernet0/0/0

ipaddress192.168.1.254255.255.255.0

interfaceGigabitEthernet0/0/1

ipaddress10.0.0.1255.0.0.0

rip1

version2

network10.0.0.0

iproute-static172.16.0.0255.255.0.0192.168.1.1

iproute-static192.168.0.0255.255.0.0192.168.1.1

[AR2]

ipaddress10.0.0.2255.0.0.0

ipaddress20.0.0.1255.0.0.0

network20.0.0.0

[AR3]

ipaddress20.0.0.2255.0.0.0

ipaddress180.1.1.1255.255.255.0

iproute-static0.0.0.00.0.0.010.0.0.1

ACL访问控制策略

简单ACL

aclnumber2000

rule1denysource172.16.1.20

interfaceEthernet0/0/5

traffic-filteroutboundacl2000

高级ACL

aclnumber3000

rule1denyipsource192.168.2.00.0.0.255destination20.0.0.10

traffic-filteroutboundacl3000

静态NAT

natstaticglobal10.0.0.3inside192.168.1.2netmask255.255.255.255

natstaticenable

验证静态NAT

使用抓包工具可以看到静态映射访问AR3时使用的IP地址是10.0.0.3

动态NAT

nataddress-group110.0.0.410.0.0.5

aclnumber2000

rule1permitsource192.168.2.00.0.0.255

natoutbound2000address-group1

验证

NAPT（端口映射）

natserverprotocoltcpglobal20.0.0.38080inside180.1.1.2www

使用AR1下的http客户端进行访问验证已成功访问

EasyIP

aclnumber2001

rule1permitsource172.16.0.00.0.255.255

natoutbound2001