NAT(Network Address Translation)网络地址转换,主要用于私网地址和公网地址的转换,解决IPv4地址短缺的问题。
私有地址
| 范围 | ||
|---|---|---|
| A | 10.0.0.0 - 10.255.255.255 | 10.0.0.0/8 |
| B | 172.16.0.0 - 172.31.255.255 | 172.16.0.0/12 |
| C | 192.168.0.0 - 192.168.255.255 | 192.168.0.0/16 |
搭建实验拓扑
配置设备的IP地址
| PCA | 10.0.0.1 | 255.255.255.0 |
| PCB | 10.0.0.2 | 255.255.255.0 |
| Server | 198.76.29.4 | 255.255.255.0 |
配置R1的接口IP
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]interface GigabitEthernet 0/0
[H3C-GigabitEthernet0/0]ip address 10.0.0.254 255.255.255.0
[H3C-GigabitEthernet0/0]undo shutdown
[H3C-GigabitEthernet0/0]quit
[H3C]interface GigabitEthernet 0/1
[H3C-GigabitEthernet0/1]ip address 198.76.28.1 255.255.255.0
[H3C-GigabitEthernet0/1]undo shutdown
RA上配置默认路由
[H3C]ip route-static 0.0.0.0 0 198.76.28.2
配置R2的接口信息
H3C]interface g0/0
[H3C-GigabitEthernet0/0]ip add
[H3C-GigabitEthernet0/0]ip address 198.76.28.2 255.255.255.0
[H3C-GigabitEthernet0/0]un
[H3C-GigabitEthernet0/0]undo sh
[H3C-GigabitEthernet0/0]undo shutdown
[H3C]interface GigabitEthernet 0/1
[H3C-GigabitEthernet0/1]ip address 198.76.29.1 255.255.255.0
检查此时的连通性
PCA ping Server
此时,并不能ping通Server
在RA配置NAT
[H3C]nat address-group 1
[H3C-address-group-1]address 198.76.28.11 198.76.28.20
[H3C-address-group-1]quit
[H3C]interface GigabitEthernet 0/1
[H3C-GigabitEthernet0/1]nat outbound address-group 1 no-pat
这里说明:配置了NAT地址池1 ,地址池中转换的地址范围 198.76.28.11~198.76.28.20 共10地址,当然,可根据情况而定地址池中转换的IP范围。目的是将私网中的IP地址,转换为NAT地址池中的任意一个IP地址,进而可以进行通信
此时的连通性
PCA ping Server
PCB ping Server
当然,NAt也可以和ACL进行配合使用,达到不一样的效果