Cisco router Ppoe client+nat address reflow problem test

Source: Internet
Author: User
Tags domain server


One. Test the topology:


Two. Test ideas:


Three. Basic configuration:
A.R1:
Interface ethernet0/0
IP address 202.100.1.1 255.255.255.0
No shutdown
IP Route 0.0.0.0 0.0.0.0 202.100.1.2

B.R2:
1. Interface configuration:

Interface ethernet0/0
IP address 202.100.1.2 255.255.255.0
No shutdown
Interface ETHERNET0/1
No IP address
No shutdown
2.PPPOE Server configuration:
AAA New-model
AAA Authentication PPP Default Local
Username Cisco password 0 Cisco


IP dhcp excluded-address 202.100.2.2
IP dhcp pool ppoe
   network 202.100.2.0 255.255.255.0
& nbsp;  default-router 202.100.2.2

Bba-group PPPoE TEST
 virtual-template 1

Interface Virtual-template1
 ip address 202.100.2.2 255.255.255.0
 peer default IP address dhcp-pool ppoe
 PPP Authentication chap callin
Interface ETHERNET0/1
 pppoe enable group TEST
C.R3:
1. Interface configuration:

Interface ethernet0/0
 no IP address
 no shutdown
!
Interface ETHERNET0/1
 ip address 192.168.1.3 255.255.255.0
 no shutdown
2.PPPOE Client configuration:
Interface e0/0
 pppoe enable group Global
 pppoe-client dial-pool-number 1
Interface Dialer0
 mtu 1492
 ip address negotiated
 encapsulation PPP
 dialer Pool 1
 PPP chap hostname Cisco
 PPP chap password 0 Cisco

D.R4:

Interface ethernet0/0
IP address 192.168.1.4 255.255.255.0
No shutdown

IP Route 0.0.0.0 0.0.0.0 192.168.1.3

E.R5:

Interface ethernet0/0
IP address 192.168.1.5 255.255.255.0
No shutdown

IP Route 0.0.0.0 0.0.0.0 192.168.1.3


Four. Resolve Address Reflow

---are all configured on R3.

A. method one: NVI
1. Dynamic PAT Configuration:

IP Access-list Extended PAT
Permit IP 192.168.1.0 0.0.0.255 any

IP NAT Source List PAT Interface Dialer0 overload

Interface ETHERNET0/1
IP NAT Enable

Interface Dialer0

IP NAT Enable

2. Static NAT configuration:

IP Nat source static 192.168.1.4 202.100.2.4 extendable

3. Test:

---R5 can be accessed via the R4 mapped public address R4

R5#telnet 202.100.2.4
Trying 202.100.2.4 ... Open


User Access Verification

Password:
R4>show Users
Line User Host (s) Idle location
0 Con 0 UNKNOWN 00:00:16
*130 vty 0 Idle 00:00:00 202.100.2.3

Interface User Mode Idle Peer Address

R4>

---R4 can also be accessed via the R4 mapped public address R4

R4#telnet 202.100.2.4
Trying 202.100.2.4 ... Open


User Access Verification

Password:
R4>show Users
Line User Host (s) Idle location
0 Con 0 202.100.2.4 00:00:00
*131 vty 1 Idle 00:00:00 202.100.2.4

Interface User Mode Idle Peer Address

R4>

---automatically modifies the DNS record back package (similar to the ASA's DNS rewrite) when accessed through a domain name

R2 (config) #ip DNS server
R2 (config) #ip host R4.yuntian.cn 202.100.2.4

R5 (config) #ip domain-lookup
R5 (config) #ip name-server 202.100.2.2

R5#ping R4.yuntian.cn

Translating "R4.yuntian.cn" ... domain server (202.100.2.2) [OK]

Translating "R4.yuntian.cn" ... domain server (202.100.2.2) [OK]

Translating "R4.yuntian.cn" ... domain server (202.100.2.2) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.4, timeout is 2 seconds:
!!!!!
Success rate is percent (5/5), round-trip Min/avg/max = 8/32/52 ms
r5#
*mar 1 02:13:40.991:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
*mar 1 02:13:41.047:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
*mar 1 02:13:41.087:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
*mar 1 02:13:41.095:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
*mar 1 02:13:41.139:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
r5#

Through the different location of the grab packet can be seen, router R3 modified the DNS return packet, the public address is modified to the intranet address:


B. method Two: Modify DNS records


This article is from the "Httpyuntianjxxll.spac.." Blog, make sure to keep this source http://333234.blog.51cto.com/323234/1664185

Cisco router Ppoe client+nat address reflow problem test

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.