I. Requirements
, Provincial, municipal, and county routers. County-level routers have routes to the municipal and provincial levels, but the municipal and provincial levels do not reach the county-level route information, which will cause the packages sent by the county level to reach the municipal or provincial routers, however, the data packet is lost because the path cannot be found at the time of return. County-level router R1 is required to access municipal and provincial routers through nat translation technology, but municipal and provincial routers cannot access county-level routers.
Configuration ideas:
Because the city-level and provincial-level route information does not reach the county-level, the data packets sent by the county-level cannot be found back to the path that reaches the 1.0 region. You can configure dynamic NAT translation on R1 to change the source address of the sent packet from the address of the original 192.168.1.0 CIDR block to 192.168.4.1 on interface s0/0, when the data packet is returned, the destination address is changed to 4.1, and the path information is available when the packet reaches 4.1. In this way, the sent data packet can be returned.
Lab environment: cisco 3620
2. Topology
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" clip_image002 "border =" 0 "alt =" clip_image002 "src =" http://www.bkjia.com/uploads/allimg/131227/014K24347-0.jpg "" 681 "height =" 423 "/>
3. configuration steps
R1
Router & gt; en
Router # config t
Router (config) # line con 0
Router (config-line) # logg sync // log Synchronization
Router (config-line) # no exec-timeout // cancel timeout
Router (config-line) # exit
R1 (config) # int ser 0/0 // interface connecting to the municipal Router
R1 (config-if) # ip add 192.168.4.1 255.255.255.0
R1 (config-if) # no shut
R1 (config) # int ser 0/1 // interface connecting to the provincial Router
R1 (config-if) # ip add 192.168.5.1 255.255.255.0
R1 (config-if) # no shut
R1 (config-if )#
R1 (config-if) # int ser 0/2 // internal Ethernet Interface
R1 (config-if) # ip add 192.168.1.1 255.255.255.0
R1 (config-if) # no shut
R1 (config) # ip access-list extended 101 // The Expanded access control list acl101 defines which network segments are used for address conversion.
R1 (config-ext-nacl) # permit ip 192.168.1.0 0.0.255 192.168.2.0 0.0.0.255 // allow Intranet 1.0 CIDR blocks to access municipal Ethernet
R1 (config-ext-nacl) # ex
R1 (config) # access-list 102 permit ip 192.168.1.0 0.0.255 192.168.3.0 0.0.0.255 // extend the access control list acl102, define the CIDR blocks from 1.0 to the provincial Ethernet 3.0 for address translation
R1 (config) # ip nat pool pool1 192.168.4.1 192.168.4.1 netmask 255.255.255.0 // define the address pool pool1, including the interface s0/0 IP to the municipal Router
R1 (config) # ip nat pool pool2 192.168.5.1 192.168.5.1 netmask 255.255.255.0 // define the address pool pool2, including the interface s0/1 IP address to the provincial Router
R1 (config) # int ser 0/0 // external interface
R1 (config-if) # ip nat outside
R1 (config-if) # int ser0/1 // external interface
R1 (config-if) # ip nat outside
R1 (config-if) # int ser 0/2 // Internal interface
R1 (config-if) # ip nat inside
R1 (config-if) # ex
R1 (config) # ip nat inside source list 101 pool pool1 overload // map acl101 to pool1
R1 (config) # ip nat inside source list 102 pool pool2 overload // map acl102 to pool2
R1 (config) # ip route 192.168.2.0 255.255.255.0 192.168.4.2 // route to municipal Ethernet
R1 (config) # ip route 192.168.3.0 255.255.255.0 192.168.5.2 // route to the provincial Ethernet
R1 (config) # end
R2
Router # config t
Router (config) # line con 0
Router (config-line) # logg sy
Router (config-line) # no exec-timeout
Router (config-line) # exit
Router (config) # host R2
R2 (config) # int s0/0 // interface connected to the county-level Router
R2 (config-if) # ip add 192.168.4.2 255.255.255.0
R2 (config-if) # no shut
R2 (config-if) # int ser 0/1 // interface connected to internal Ethernet
R2 (config-if) # ip add 192.168.2.1 255.255.255.0
R2 (config-if) # no shut
R3
Router # config t
Router (config) # line con 0
Router (config-line) # logg sy
Router (config-line) # no exec-timeout
Router (config-line) # exit
Router (config) # host R3
R3 (config) # int ser 0/1 // interface connected to the county-level Router
R3 (config-if) # ip add 192.168.5.1 255.255.255.0
R3 (config-if) # no shut
R3 (config-if) # ip add 192.168.5.2 255.255.255.0
R3 (config-if) # int ser 0/0 // interface connected to internal Ethernet
R3 (config-if) # ip add 192.168.3.1 255.255.255.0
R3 (config-if) # no shut
R4
Router # config t
Router (config) # line con 0
Router (config-line) # logg sy
Router (config-line) # no exec-timeout
Router (config-line) # exit
Router (config) # host R4
R4 (config) # int ser 0/2
R4 (config-if) # ip add 192.168.1.100 255.255.255.0
R4 (config-if) # no shut
R4 (config-if )#
R4 (config-if) # ex
R4 (config) # ip route 0.0.0.0 0.0.0.0 192.168.1.1 // configure the gateway address as 192.168.1.1
R4 (config) # end
R5
Router & gt; en
Router # config t
Router (config) # line con 0
Router (config-line) # logg sy
Router (config-line) # no exec-timeout
Router (config-line) # exit
Router (config) # host R5
R5 (config) # int ser 0/1
R5 (config-if) # ip add 192.168.2.100 255.255.255.0
R5 (config-if) # no shut
R5 (config-if) # ex
R5 (config) # ip route 0.0.0.0 0.0.0.0 192.168.2.1 // configure the gateway address as 192.168.2.1
R5 (config) # end
R6
Router & gt; en
Router # config t
Router (config) # line con 0
Router (config-line) # logg sy
Router (config-line) # no exec-timeout
Router (config-line) # exit
Router (config) # sys
Router (config) # host
Router (config) # hostname R6
R6 (config) # int ser 0/0
R6 (config-if) # ip add 192.168.3.100 255.255.255.0
R6 (config-if) # no shut
R6 (config-if) # ex
R6 (config) # ip route 0.0.0.0 0.0.0.0 192.168.3.1 // configure the gateway address as 192.168.3.1
Iv. Test
R1
// R1 configuration information
R1 # show running-config
Building configuration...
Current configuration: 1098 bytes
!
Version 12.2:
Service timestamps debug uptime
Service timestamps log uptime
No service password-encryption
!
Hostname R1
!
!
Ip subnet-zero
!
!
!
!
!
!
Interface Serial0/0
Ip address 192.168.4.1 255.255.255.0
Ip nat outside
Serial restart-delay 0
!
Interface Serial0/1
Ip address 192.168.5.1 255.255.255.0
Ip nat outside
Serial restart-delay 0
!
Interface Serial0/2
Ip address 192.168.1.1 255.255.255.0
Ip nat inside
Serial restart-delay 0
!
Interface Serial0/3
No ip address
Shutdown
Serial restart-delay 0
!
Ip nat pool pool1 192.168.4.1 192.168.4.1 netmask 255.255.255.0
Ip nat pool pool2 192.168.5.1 192.168.5.1 netmask 255.255.255.0
Ip nat inside source list 101 pool pool1 overload
Ip nat inside source list 102 pool pool2 overload
Ip classless
Ip route 192.168.2.0 255.255.255.0 192.168.4.2
Ip route 192.168.3.0 255.255.255.0 192.168.5.2
Ip http server
!
Access-list 101 permit ip 192.168.1.0 0.0.255 192.168.2.0 0.0.255
Access-list 102 permit ip 192.168.1.0 0.0.255 192.168.3.0 0.0.255
!
Line con 0
Exec-timeout 0 0
Logging synchronous
Line aux 0
Line vty 0 4
!
End
R1 # show ip rou
R1 # show ip route
Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP
D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area
N1-ospf nssa external type 1, N2-ospf nssa external type 2
E1-OSPF external type 1, E2-OSPF external type 2, E-EGP
I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2
Ia-IS inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort is not set
C 192.168.4.0/24 is directly connected, Serial0/0
C 192.168.5.0/24 is directly connected, Serial0/1
C 192.168.1.0/24 is directly connected, Serial0/2
S 192.168.2.0/24 [1/0] via 192.168.4.2 // route information to 2.0
S 192.168.3.0/24 [1/0] via 192.168.5.2 // route information to 3.0
R1 #
R2
R2 # show run
Building configuration...
Current configuration: 576 bytes
!
Version 12.2:
Service timestamps debug uptime
Service timestamps log uptime
No service password-encryption
!
Hostname R2
!
!
Ip subnet-zero
!
!
!
!
!
!
Interface Serial0/0
Ip address 192.168.4.2 255.255.255.0
Serial restart-delay 0
!
Interface Serial0/1
Ip address 192.168.2.1 255.255.255.0
Serial restart-delay 0
!
Interface Serial0/2
No ip address
Shutdown
Serial restart-delay 0
!
Interface Serial0/3
No ip address
Shutdown
Serial restart-delay 0
!
Ip classless
Ip http server
!
!
Line con 0
Exec-timeout 0 0
Logging synchronous
Line aux 0
Line vty 0 4
!
End
R2 # show ip rou
Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP
D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area
N1-ospf nssa external type 1, N2-ospf nssa external type 2
E1-OSPF external type 1, E2-OSPF external type 2, E-EGP
I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2
Ia-IS inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort is not set
C 192.168.4.0/24 is directly connected, Serial0/0
C 192.168.2.0/24 is directly connected, Serial0/1
R2 #
R3
R3 # show run
Building configuration...
Current configuration: 576 bytes
!
Version 12.2:
Service timestamps debug uptime
Service timestamps log uptime
No service password-encryption
!
Hostname R3
!
!
Ip subnet-zero
!
!
!
!
!
!
Interface Serial0/0
Ip address 192.168.3.1 255.255.255.0
Serial restart-delay 0
!
Interface Serial0/1
Ip address 192.168.5.2 255.255.255.0
Serial restart-delay 0
!
Interface Serial0/2
No ip address
Shutdown
Serial restart-delay 0
!
Interface Serial0/3
No ip address
Shutdown
Serial restart-delay 0
!
Ip classless
Ip http server
!
!
Line con 0
Exec-timeout 0 0
Logging synchronous
Line aux 0
Line vty 0 4
!
End
R3 # show ip rou
Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP
D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area
N1-ospf nssa external type 1, N2-ospf nssa external type 2
E1-OSPF external type 1, E2-OSPF external type 2, E-EGP
I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2
Ia-IS inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort is not set
C 192.168.5.0/24 is directly connected, Serial0/1
C 192.168.3.0/24 is directly connected, Serial0/0
R3 #
R4
R4 # ping 192.168.2.100 // county host can ping municipal host
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/116/140 MS
R4 # ping 192.168.3.100 // county-level hosts can ping provincial hosts
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/91/108 MS
R5
R5 # ping 192.168.1.100 // municipal host cannot ping County host
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)
R5 # show ip rou
Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP
D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area
N1-ospf nssa external type 1, N2-ospf nssa external type 2
E1-OSPF external type 1, E2-OSPF external type 2, E-EGP
I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2
Ia-IS inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort is 192.168.2.1 to network 0.0.0.0
C 192.168.2.0/24 is directly connected, Serial0/1
S * 0.0.0.0/0 [0, 1/0] via 192.168.2.1
R5 #
R6
R6 # ping 192.168.1.100 // The provincial host cannot ping the county host
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)
R6 # show ip route
Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP
D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area
N1-ospf nssa external type 1, N2-ospf nssa external type 2
E1-OSPF external type 1, E2-OSPF external type 2, E-EGP
I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2
Ia-IS inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route
Gateway of last resort is 192.168.3.1 to network 0.0.0.0
C 192.168.3.0/24 is directly connected, Serial0/0
S * 0.0.0.0/0 [0, 1/0] via 192.168.3.1
This article from the "Jia Liang blog" blog, please be sure to keep this source http://jialiang10086.blog.51cto.com/4496483/958182