With the rapid development of the Internet, the shortage of IP addresses has become a very prominent problem. For example, in my organization, 200 computers and 4 servers, only 6 class C addresses are allocated. So how can we solve this problem? I chose to implement NAT on the vro to solve this problem. NAT (NetworkAddressTranslation) is the network IP address.
With the rapid development of the Internet, the shortage of IP addresses has become a very prominent problem. For example, in my organization, 200 computers and 4 servers, only 6 class C addresses are allocated. So how can we solve this problem? I chose to implement NAT on the vro to solve this problem. As the name implies, NAT (Network Address Translation) is a Network IP Address.
With the rapid development of the Internet, the shortage of IP addresses has become a very prominent problem. For example, in my organization, 200 computers and 4 servers, only 6 class C addresses are allocated. So how can we solve this problem? I chose
VroTo solve this problem.
NAT (Network Address Translation) is the Translation of Network IP addresses. NAT is designed to address the increasing shortage of IP addresses. It maps multiple internal addresses to a few or even one public IP address. In this way, computers in our Intranet can access INTERNET resources through pseudo IP addresses.
Set NAT
FunctionOf
VroThere must be at least one internal port (Inside) and one external port (Outside ).
The user of the internal port connection network uses an internal IP address (invalid IP address); the external port connects to an external network and uses the IP address assigned to us by the Telecommunications Department. Generally, the internal port should use the ETHERNET port and the external port should use the SERIAL port. In addition, you want to use NAT
Function,
VroIOS must support NAT
Function.
NAT settings can be divided into static address translation, dynamic address translation, and multiplexing dynamic address translation. The following settings take Cisco
VroFor example.
1. Static address translation
Static address translation performs one-to-one conversion between the internal local address and the internal legal address, and specifies the legal address to which the conversion is required. If there are WWW servers or FTP servers in the internal network that can provide services to external users, the IP addresses of these servers must adopt static address translation so that external users can use these services.
2. Dynamic Address Translation
Dynamic Address Translation also converts an internal local address and an internal legal address one to one, however, dynamic address translation dynamically selects an unused address from the internal valid address pool to convert the internal local address.
3. Reuse Dynamic Address Translation
Multiplexing dynamic address translation is a kind of dynamic address translation, but it allows multiple internal local addresses to share one internal legal address. This type of conversion is extremely useful when only a small number of IP addresses are applied but multiple users are on the external network at the same time.
PAT (Port Address Translation), also known as NAPT, maps multiple internal addresses into a public Address, but corresponds to different internal addresses using different protocol Port numbers. This method is usually used for dialing Internet.
Below is 2611
VroFor example,
ConfigurationThe list is as follows:
Current configuration:
!
Version 12.0:
Service timestamps debug uptime
Service timestamps log uptime
No service password-encryption
!
Hostname 2611
!
Enable secret 5 $1 $ JIeG $ UZJNjKhcptJXHPc/BP5GG0
Enable password 2323 ipro
!
Ip subnet-zero
No ip source-route
No ip finger
!
!
!
Interface Ethernet0/0
Ip address 192.168.10.254 255.255.255.0 secondary
Ip address 218.27.84.249 255.255.255.255.248
No ip directed-broadcast
Ip accounting output-packets
No ip mroute-cache
No cdp enable
!
Interface Serial0/0
Ip unnumbered Ethernet0/0
No ip directed-broadcast
Ip accounting output-packets
Ip nat outside
No ip mroute-cache
No fair-queue
No cdp enable
!
Interface Ethernet0/1
Ip address 192.168.2.254 255.255.255.0
No ip directed-broadcast
Ip nat inside
No ip mroute-cache
No cdp enable
!
Interface Virtual-TokenRing35
No ip address
No ip directed-broadcast
No ip mroute-cache
Shutdown
Ring-speed 16
!
Router rip
Redistribute connected
Network 192.168.2.0
Network 192.168.10.0
Network 218.27.84.0
!
Ip default-gateway 218.27.127.217
Ip nat pool nat-pool 218.27.84.252 218.27.84.254 netmask 255.255.255.248
Ip nat inside source list 1 pool nat-pool overload
Ip nat inside source static 192.168.2.254 218.27.84.249
Ip classless
Ip route 0.0.0.0 0.0.0.0 Serial0/0
Ip http server
Ip http port 9091
Ip ospf name-lookup
!
!
Ip access-list extended filterin
Permit tcp any host 218.27.84.249 eq www reflect httpfilter
Access-list 1 permit 192.168.2.0 0.0.255
No cdp run
!
Line con 0
Transport input none
Line aux 0
Line vty 0 4
Password rohowever
Login
!
End
Of course, we can also use PAT technology, but PAT technology is not suitable for applications that specify TCP/UDP ports, such as video conferences. Therefore, if PAT technology is used, NAT + PAT should also be used to avoid
FunctionRestricted.