I kēia lā e aʻo mākou i ka PAT (Port Address Translation), he ʻenehana no ka unuhi ʻana i nā helu IP me ka hoʻohana ʻana i nā awa, a me NAT (Network Address Translation), he ʻenehana no ka unuhi ʻana i nā helu IP o nā ʻeke transit. ʻO PAT kahi hihia kūikawā o NAT. E uhi mākou i ʻekolu mau kumuhana:
— pilikino, a kūloko paha (intranet, kūloko) IP a me ka lehulehu, a i ʻole nā IP address waho;
- NAT a me PAT;
— Hoʻonohonoho NAT/PAT.
E hoʻomaka me nā helu IP pilikino kūloko. Ua ʻike mākou ua māhele ʻia lākou i ʻekolu papa: A, B a me C.
Loaʻa nā ʻōlelo i loko o ka papa A i nā ʻumi mai ka 10.0.0.0 a i ka 10.255.255.255, a ʻo nā helu waho e noho ana i ka laulā mai 1.0.0.0 a i 9 a mai 255.255.255 a i 11.0.0.0.
Loaʻa nā helu kūloko B papa i ka laulā mai 172.16.0.0 a i 172.31.255.255, a ʻo nā helu waho mai 128.0.0.0 a i 172.15.255.255 a mai 172.32.0.0 a i 191.255.255.255.
Loaʻa nā helu o ka papa C i loko o ka laulā mai 192.168.0.0 a i 192.168.255.255, a me nā helu waho mai 192.0.0 a i 192.167.255.255 a mai 192.169.0.0 a i 223.255.255.255.
ʻO nā helu helu papa A he /8, ʻo ka papa B he /12 a ʻo ka papa C he /16. No laila, ʻokoʻa nā helu IP waho a me loko o nā papa like ʻole.
Ua kūkākūkā mākou i nā manawa he aha ka ʻokoʻa ma waena o nā IP IP pilikino a me ka lehulehu. Ma nā ʻōlelo maʻamau, inā loaʻa iā mākou kahi alalai a me kahi hui o nā IP IP kūloko, ke hoʻāʻo lākou e komo i ka Pūnaewele, hoʻohuli ke alalai iā lākou i nā helu IP waho. Hoʻohana wale ʻia nā helu kūloko ma nā pūnaewele kūloko, ʻaʻole ma ka Pūnaewele.
Inā ʻike wau i nā ʻāpana pūnaewele o kaʻu kamepiula me ka hoʻohana ʻana i ka laina kauoha, e ʻike wau i kaʻu IP IP address kūloko 192.168.1.103.
I mea e ʻike ai i kāu helu IP lehulehu, hiki iā ʻoe ke hoʻohana i kahi lawelawe pūnaewele e like me "He aha kaʻu IP?" E like me kāu e ʻike ai, ʻokoʻa ka helu waho o ka kamepiula 78.100.196.163 mai kona helu kūloko.
I nā hihia a pau, ʻike ʻia kaʻu kamepiula ma ka Pūnaewele ma o kāna helu IP waho. No laila, ʻo ka helu kūloko o kaʻu kamepiula ʻo 192.168.1.103, a ʻo ka helu waho ʻo 78.100.196.163. Hoʻohana wale ʻia ka helu kūloko no ka kamaʻilio kūloko, ʻaʻole hiki iā ʻoe ke komo i ka Pūnaewele me ia, no kēia mea pono ʻoe i kahi IP IP lehulehu. Hiki iā ʻoe ke hoʻomanaʻo i ke kumu i hana ʻia ai ka hoʻokaʻawale ʻana i nā ʻōlelo pilikino a me ka lehulehu ma o ka nānā ʻana i ka wikiō aʻoaʻo Day 3.
E nānā kākou i ke ʻano o NAT. ʻEkolu ʻano o NAT: static, dynamic a "overloaded" NAT, a i ʻole PAT.
Loaʻa iā Cisco nā huaʻōlelo 4 e wehewehe ana i ka NAT. E like me kaʻu i ʻōlelo ai, ʻo NAT kahi hana no ka hoʻololi ʻana i nā ʻōlelo kūloko i waho. Inā loaʻa i kahi mea pili i ka Pūnaewele i kahi ʻeke mai kahi mea ʻē aʻe ma ka pūnaewele kūloko, e hoʻolei wale ia i kēia ʻeke, no ka mea, ʻaʻole i kūlike ka ʻano helu kūloko i ke ʻano o nā helu i hoʻohana ʻia ma ka Pūnaewele puni honua. No laila, pono e loaʻa i ka hāmeʻa kahi IP IP ākea e hiki ai i ka Pūnaewele.
No laila, ʻo ka huaʻōlelo mua ʻo Inside Local, ʻo ia ka IP address o ka mea hoʻokipa ma ka pūnaewele kūloko kūloko. Ma nā ʻōlelo maʻalahi, ʻo ia ka helu kumu kumu mua o ke ʻano 192.168.1.10. ʻO ka huaʻōlelo ʻelua, Inside Global, ʻo ia ka IP address o ka mea hoʻokipa kūloko i ʻike ʻia ma ka pūnaewele waho. I kā mākou hihia, ʻo kēia ka IP address o ke awa waho o ke alalai 200.124.22.10.
Hiki iā mākou ke ʻōlelo ʻo Inside Local kahi IP IP pilikino, a ʻo Inside Global kahi IP IP lehulehu. E hoʻomanaʻo ʻo ka huaʻōlelo Inside e pili ana i ke kumu o ke kaʻa, a ʻo waho e pili ana i kahi e hele ai ke kaʻa. Ma waho o ka Local ka IP address o ka mea hoʻokipa ma ka pūnaewele waho, ma lalo e ʻike ʻia e ka pūnaewele kūloko. ʻO ka ʻōlelo maʻalahi, ʻo ia ka helu o ka mea loaʻa i ʻike ʻia mai ka pūnaewele kūloko. ʻO kahi hiʻohiʻona o ia ʻano helu he IP address 200.124.22.100 o kahi mea i loaʻa ma ka Pūnaewele.
Ma waho o Global ka helu IP o ka mea hoʻokipa e like me ka ʻike ʻia ma ka pūnaewele waho. I ka nui o na hihia, ua like ke ano o na helu wahi o waho a me waho o ka honua no ka mea ma hope o ka unuhi ʻana, ʻike ʻia ka helu IP wahi e hele ai i ke kumu e like me ia ma mua o ka unuhi ʻana.
E nānā kākou i ke ʻano o NAT static. ʻO Static NAT ka unuhi hoʻokahi-a-hoʻokahi o nā helu IP kūloko i waho, a i ʻole he unuhi hoʻokahi-a-hoʻokahi. Ke hoʻouna aku nā mea hana i nā kaʻa i ka Pūnaewele, unuhi ʻia kā lākou Inside Local address i loko o Inside Global address.
Aia 3 mau mea hana ma kā mākou pūnaewele kūloko, a ke hele lākou ma ka pūnaewele, loaʻa kēlā me kēia o lākou i kāna helu Inside Global ponoʻī. Hāʻawi ʻia kēia mau helu wahi i nā kumu kaʻa. ʻO ke kumu hoʻokahi-a-hoʻokahi, ʻo ia ka mea inā he 100 mau mea ma ka pūnaewele kūloko, loaʻa iā lākou 100 mau ʻōlelo waho.
Ua hānau ʻia ʻo NAT e hoʻopakele i ka Pūnaewele, e pau ana i nā helu IP lehulehu. Mahalo iā NAT, hiki i nā hui he nui a me nā ʻupena he nui i hoʻokahi helu IP waho maʻamau, kahi e hoʻololi ʻia ai nā ʻōlelo kūloko o nā polokalamu ke komo i ka Pūnaewele. Hiki iā ʻoe ke ʻōlelo i kēia hihia o static NAT ʻaʻohe mālama i ka helu o nā helu helu, no ka mea ua hāʻawi ʻia hoʻokahi haneli kamepiula kūloko i hoʻokahi haneli mau helu waho, a e pololei loa ʻoe. Eia nō naʻe, he nui nā pono o ka NAT static.
No ka laʻana, loaʻa iā mākou kahi kikowaena me kahi helu IP kūloko o 192.168.1.100. Inā makemake kekahi mea mai ka Pūnaewele e hoʻopili iā ia, ʻaʻole hiki iā ia ke hana pēlā me ka hoʻohana ʻana i ka helu kuhi kūloko, no kēia mea pono ia e hoʻohana i ka helu kikowaena waho 200.124.22.3. Inā hoʻonohonoho ʻia kāu mea hoʻokele me NAT paʻa, hoʻouna ʻia nā kaʻa a pau i 200.124.22.3 i ka 192.168.1.100. Hāʻawi kēia i ke komo i waho i nā polokalamu pūnaewele kūloko, i kēia hihia i ka pūnaewele pūnaewele o ka hui, pono paha i kekahi mau hihia.
E noʻonoʻo kākou i ka NAT dynamic. He like loa ia me ka static, akā ʻaʻole ia e hāʻawi i nā helu kūwaho mau loa i kēlā me kēia hāmeʻa kūloko. No ka laʻana, loaʻa iā mākou 3 mau mea kūloko a me 2 mau helu waho wale nō. Inā makemake ka mea ʻelua e komo i ka Pūnaewele, e hāʻawi ʻia ia i ka helu IP manuahi mua. Inā makemake kahi kikowaena pūnaewele e komo i ka Pūnaewele ma hope o ia, e hāʻawi ka mea alalai iā ia i kahi helu lua i loaʻa i waho. Inā ma hope o kēia makemake ka mea mua e hoʻopili i ka pūnaewele waho, ʻaʻohe wahi IP i loaʻa iā ia, a e hoʻolei ka mea alalai i kāna ʻeke.
Loaʻa paha iā mākou he mau haneli mau mea me nā helu IP kūloko, a hiki i kēlā me kēia o kēia mau mea ke komo i ka Pūnaewele. Akā, no ka mea ʻaʻohe o mākou ʻōlelo kikoʻī o nā ʻōlelo i waho, ʻaʻole ʻoi aku ma mua o 2 mau mea o ka haneli e hiki ke komo i ka Pūnaewele i ka manawa like, no ka mea, ʻelua wale nō kā mākou mau ʻōlelo i hoʻonohonoho ʻia i waho.
Loaʻa i nā polokalamu Cisco kahi manawa unuhi helu helu, ʻaʻole i 24 mau hola. Hiki ke hoʻololi i 1,2,3, 10 minuke, i kēlā me kēia manawa āu e makemake ai. Ma hope o kēia manawa, hoʻokuʻu ʻia nā helu o waho a hoʻihoʻi ʻia i ka waihona helu helu. Inā i kēia manawa makemake ka mea mua e komo i ka Pūnaewele a loaʻa kekahi helu waho, a laila e loaʻa iā ia. Aia i loko o ka mea alalai kahi papa NAT i hoʻonui hou ʻia, a hiki i ka pau ʻana o ka manawa unuhi, mālama ʻia ka helu wahi i hāʻawi ʻia e ka hāmeʻa. ʻO ka waiho wale ʻana, hana ʻo NAT ikaika ma ke kumu o ka "hiki mua, lawelawe mua."
E nānā kākou i ke ʻano o ka NAT, a i ʻole PAT. ʻO kēia ke ʻano maʻamau o NAT. Nui nā polokalamu ma kāu pūnaewele home - PC, smartphone, laptop, tablet, a pili lākou a pau i kahi alalai i loaʻa hoʻokahi helu IP waho. No laila, ʻae ʻo PAT i nā polokalamu he nui me nā IP address kūloko e komo i ka Pūnaewele ma lalo o hoʻokahi helu IP waho. Hiki kēia ma muli o ka hoʻohana ʻana o kēlā me kēia pilikino, IP IP kūloko i kahi helu port kikoʻī i ka wā o kahi hālāwai kamaʻilio.
E noʻonoʻo mākou he hoʻokahi helu helu lehulehu 200.124.22.1 a me nā mea hana kūloko he nui. No laila, i ke komo ʻana i ka Pūnaewele, e loaʻa i kēia mau pūʻali āpau ka helu helu like 200.124.22.1. ʻO ka mea wale nō e hoʻokaʻawale iā lākou mai kekahi i kekahi, ʻo ia ka helu awa.
Inā hoʻomanaʻo ʻoe i ke kūkākūkā o ka papa lawe, ʻike ʻoe aia i ka papa lawe kaʻa nā helu awa, me ka helu awa kumu he helu maʻamau.
E noʻonoʻo kākou aia kahi mea hoʻokipa ma ka pūnaewele waho me ka IP address 200.124.22.10, i pili i ka Pūnaewele. Inā makemake ka lolouila 192.168.1.11 e kamaʻilio me ka lolouila 200.124.22.10, e hana ʻo ia i kahi awa kumu ʻole 51772. I kēia hihia, ʻo 80 ke awa e hele ai o ka kamepiula pūnaewele waho.
Ke loaʻa i ka mea alalai kahi ʻeke kamepiula kūloko i kuhikuhi ʻia i ka pūnaewele waho, e unuhi ʻo ia i kāna Inside Local address i ka Inside Global address 200.124.22.1 a hāʻawi i ka helu awa 23556. E hiki ka ʻeke i ka kamepiula 200.124.22.10, a pono ia e e hoʻihoʻi i kahi pane e like me ke kaʻina hana lima, i kēia hihia, ʻo ka wahi e hele ai ʻo ia ka helu 200.124.22.1 a me ke awa 23556.
He papa unuhi NAT ka mea alalai, no laila ke loaʻa iā ia kahi ʻeke mai kahi kamepiula waho, e hoʻoholo ʻo ia i ka Inside Local address e pili ana i ka Inside Global address e like me 192.168.1.11: 51772 a hoʻouna i ka ʻeke iā ia. Ma hope o kēia, hiki ke noʻonoʻo ʻia ka pilina ma waena o nā kamepiula ʻelua.
I ka manawa like, loaʻa paha iā ʻoe hoʻokahi haneli mau mea e hoʻohana ana i ka helu helu hoʻokahi 200.124.22.1 e kamaʻilio, akā nā helu awa like ʻole, no laila hiki iā lākou ke komo i ka Pūnaewele i ka manawa like. ʻO kēia ke kumu he ʻano hoʻolaha kaulana ʻo PAT.
E nānā kākou i ka hoʻonohonoho ʻana i ka NAT static. No kēlā me kēia pūnaewele, ʻo ka mea mua, pono ia e hoʻoholo i nā mea hoʻokomo a me nā mea hoʻopuka. Hōʻike ke kiʻikuhi i kahi alalai kahi e hoʻouna ʻia ai ke kaʻa mai ke awa G0/0 a i ke awa G0/1, ʻo ia hoʻi, mai ka pūnaewele kūloko a i ka pūnaewele waho. No laila, loaʻa iā mākou kahi kikowaena hoʻokomo o 192.168.1.1 a me kahi kikowaena puka o 200.124.22.1.
No ka hoʻonohonoho ʻana i ka NAT, hele mākou i ka interface G0 / 0 a hoʻonohonoho i nā ʻāpana ip addres 192.168.1.1 255.255.255.0 a hōʻike ʻo kēia interface ka mea hoʻokomo e hoʻohana ana i ka ip nat inside command.
Ma ke ala like, hoʻonohonoho mākou i ka NAT ma ke kikowaena puka G0/1, e kuhikuhi ana i ka helu IP 200.124.22.1, subnet mask 255.255.255.0 a me ka ip nat ma waho. E hoʻomanaʻo e hoʻokō mau ʻia ka unuhi NAT ikaika mai ka hoʻokomo a i ke kikowaena puka, mai loko a i waho. Ma keʻano maʻamau, no ka NAT dynamic, hiki mai ka pane i ke kikowaena hoʻokomo ma o ka mea hoʻopuka puka, akā i ka wā e hoʻomaka ai ke kaʻa, ʻo ia ka ʻaoʻao i waho. I ka hihia o NAT static, hiki ke hoʻomaka ka hoʻomaka ʻana ma nā ʻaoʻao ʻelua - i waho a i waho paha.
A laila, pono mākou e hana i kahi papa NAT static, kahi e pili ai kēlā me kēia helu kūloko i kahi helu honua ʻokoʻa. I kā mākou hihia, aia nā mea hana 3, no laila e loaʻa i ka papa ʻaina he 3 mau moʻolelo, e hōʻike ana i ka Inside Local IP address o ke kumu, i hoʻohuli ʻia i ka Inside Global address: ip nat inside static 192.168.1.10 200.124.22.1.
No laila, ma ka NAT static, kākau lima ʻoe i kahi unuhi no kēlā me kēia helu wahi hoʻokipa kūloko. I kēia manawa e hele wau i Packet Tracer a hana i nā hoʻonohonoho i wehewehe ʻia ma luna.
Aia ma luna he kikowaena 192.168.1.100, ma lalo ka kamepiula 192.168.1.10 a ma lalo loa he kamepiula 192.168.1.11. Loaʻa i ka Port G0/0 o Router0 kahi IP address o 192.168.1.1, a ʻo ka port G0/1 he IP address o 200.124.22.1. Ma ka "cloud" e hōʻike ana i ka Pūnaewele, ua kau wau i ka Router1, kahi aʻu i hāʻawi ai i ka IP address 200.124.22.10.
Hele wau i loko o nā hoʻonohonoho o Router1 a paʻi i ke kauoha debug ip icmp. I kēia manawa, hiki i ka ping i kēlā hāmeʻa, e ʻike ʻia kahi memo debug ma ka puka aniani e hōʻike ana i ke ʻano o ka ʻeke.
E hoʻomaka kākou i ka hoʻonohonoho ʻana i ka router0 Router0. Hele au i ke ʻano hoʻonohonoho honua a kāhea aku i ka interface G0/0. A laila, hoʻokomo wau i ke kauoha ip nat inside, a laila hele i ka interface g1/XNUMX a komo i ka ip nat outside command. No laila, ua hāʻawi wau i nā mea hoʻokomo a me nā mea hoʻopuka o ka router. I kēia manawa pono wau e hoʻonohonoho lima i nā leka uila IP, ʻo ia hoʻi, e hoʻololi i nā laina mai ka papa ma luna i nā hoʻonohonoho:
Ip nat i loko o ke kumu static 192.168.1.10 200.124.22.1
Ip nat i loko o ke kumu static 192.168.1.11 200.124.22.2
Ip nat i loko o ke kumu static 192.168.1.100 200.124.22.3
I kēia manawa, e ping au i ka Router1 mai kēlā me kēia o kā mākou mau mea hana a ʻike i ka IP address e hōʻike ana i ka ping i loaʻa iā ia. No ka hana ʻana i kēia, hoʻonoho wau i ka puka makani CLI wehe o ka R1 router ma ka ʻaoʻao ʻākau o ka pale i hiki iaʻu ke ʻike i nā memo debug. I kēia manawa, hele au i ka PC0 command line terminal a ping i ka helu 200.124.22.10. Ma hope o kēia, ʻike ʻia kahi leka ma ka puka aniani i loaʻa ka ping mai ka IP address 200.124.22.1. 'O ia ho'i, ua unuhi 'ia ka helu IP o ka lolouila 192.168.1.10 i ka helu honua 200.124.22.1.
Hana like au me ka lolouila kūloko aʻe a ʻike ua unuhi ʻia kona helu wahi i 200.124.22.2. A laila ping au i ke kikowaena a ʻike i ka helu 200.124.22.3.
No laila, i ka hele ʻana mai kahi ʻoihana pūnaewele kūloko i kahi alalai kahi i hoʻonohonoho ʻia ai ka NAT static, ke alalai, e like me ka papaʻaina, hoʻololi i ka IP IP kūloko i kahi honua a hoʻouna i ke kaʻa i ka pūnaewele waho. No ka nānā ʻana i ka papa NAT, hoʻokomo wau i ke kauoha unuhi ip nat.
I kēia manawa hiki iā mākou ke nānā i nā hoʻololi a pau i hana ʻia e ka router. Aia ma ka kolamu mua Inside Global ka helu wahi o ka hāmeʻa ma mua o ka hoʻolaha ʻana, ʻo ia hoʻi, ka helu wahi e ʻike ʻia ai ka hāmeʻa mai ka pūnaewele waho, a ukali ʻia e ka Inside Local address, ʻo ia hoʻi, ka helu o ka hāmeʻa ma ka pūnaewele kūloko. Hōʻike ke kolamu ʻekolu i ka helu o waho Local a ʻo ke kolamu ʻehā e hōʻike ana i ka helu Outside Global, ua like ia mau mea ʻelua no ka mea ʻaʻole mākou e unuhi i ka helu IP wahi e hele ai. E like me kāu e ʻike ai, ma hope o kekahi mau kekona, ua hoʻomaʻemaʻe ʻia ka papaʻaina no ka mea ua loaʻa iā Packet Tracer kahi manawa pōkole ping.
Hiki iaʻu ke ping i ke kikowaena ma 1 mai ka mea hoʻokele R200.124.22.3, a inā e hoʻi au i ka hoʻonohonoho router, hiki iaʻu ke ʻike ua hoʻopiha hou ʻia ka papaʻaina me nā lālani ping ʻehā me ka helu wahi i unuhi ʻia 192.168.1.100.
E like me kaʻu i ʻōlelo ai, ʻoiai ke hoʻomaka ʻia ka manawa unuhi, ke hoʻomaka ʻia ke kaʻa mai kahi kumu waho, hoʻāla ʻia ka mīkini NAT. Hana wale kēia i ka hoʻohana ʻana i ka NAT static.
I kēia manawa, e nānā kākou i ka hana ʻana o ka dynamic NAT. I kā mākou laʻana, aia he 2 mau helu lehulehu no ʻekolu mau polokalamu pūnaewele kūloko, akā aia paha he ʻumi a haneli paha o ia mau pūʻali pilikino. I ka manawa like, hiki i nā polokalamu 2 ke komo i ka Pūnaewele i ka manawa like. E noʻonoʻo kākou he aha ka ʻokoʻa ma waena o ka static a me ka dynamic NAT.
E like me ka hihia ma mua, pono ʻoe e hoʻoholo i ka hoʻokomo a me nā mea hoʻopuka puka o ke alalai. A laila, hana mākou i kahi ʻano papa inoa komo, akā ʻaʻole kēia ka ACL like a mākou i kamaʻilio ai ma ka haʻawina mua. Hoʻohana ʻia kēia papa inoa e ʻike ai i ke kaʻa a mākou e makemake ai e hoʻololi. Ma ʻaneʻi e ʻike ʻia ai kahi huaʻōlelo hou "kaikaʻi hoihoi" a i ʻole "kalepa hoihoi". ʻO kēia kaʻa kaʻa āu e makemake ai no kekahi kumu, a i ka wā e kūlike ai kēlā huakaʻi i nā kūlana o ka papa inoa komo, hele mai ia ma lalo o NAT a unuhi ʻia. Pili kēia huaʻōlelo i nā kaʻa i nā hihia he nui, no ka laʻana, i ka hihia o VPN, "ʻoluʻolu" ke kaʻa e hele ana ma ka tunnel VPN.
Pono mākou e hana i kahi ACL e hōʻike ana i nā kaʻa hoihoi, i kā mākou hihia, ʻo ia ke kaʻa o ka pūnaewele 192.168.1.0 holoʻokoʻa, me kahi mask hoʻihoʻi o 0.0.0.255 i kuhikuhi ʻia.
A laila pono mākou e hana i kahi pool NAT, kahi e hoʻohana ai mākou i ke kauoha ip nat pool <pool name> a kuhikuhi i ka wai o nā IP address 200.124.22.1 200.124.22.2. ʻO ke ʻano kēia, hāʻawi mākou i ʻelua mau helu IP waho. A laila, hoʻohana ke kauoha i ka huaʻōlelo netmask a komo i ka subnet mask 255.255.255.252. ʻO ka octet hope loa o ka mask (255 - helu o nā helu wai - 1), no laila inā loaʻa iā ʻoe nā helu 254 i loko o ka wai, a laila ʻo ka subnet mask ʻo 255.255.255.0. He hoʻonohonoho koʻikoʻi kēia, no laila e hoʻokomo i ka waiwai netmask pololei i ka wā e hoʻonohonoho ai i ka NAT dynamic.
A laila hoʻohana mākou i ke kauoha e hoʻomaka ai i ka mīkini NAT: ip nat i loko o ka papa inoa kumu 1 pool NWKING, kahi ʻo NWKING ka inoa o ka loko, a ʻo ka papa inoa 1 ʻo ia ka helu ACL 1. E hoʻomanaʻo - i mea e hana ai kēia kauoha, pono ʻoe e hana mua i kahi kolamu helu wahi a me ka papa inoa komo.
No laila, ma lalo o kā mākou mau kūlana, hiki i ka mea mua e makemake ana e komo i ka Pūnaewele ke hana i kēia, hiki i ka lua o ka mea hana ke hana pēlā, akā e kali ke kolu a hiki i ka manuahi o kekahi o nā ʻōlelo wai. ʻO ka hoʻonohonoho ʻana i ka NAT ikaika he 4 mau ʻanuʻu: ka hoʻoholo ʻana i ke kikowaena hoʻokomo a me ka hoʻopukapuka, ʻike ʻana i ke kaʻa "hoihoi", hana i kahi wai NAT a me ka hoʻonohonoho maoli.
I kēia manawa e neʻe mākou i ka Packet Tracer a hoʻāʻo e hoʻonohonoho i ka NAT ikaika. ʻO ka mea mua, pono mākou e wehe i nā hoʻonohonoho NAT static, kahi a mākou e hoʻokomo ai i nā kauoha i ka sequentially:
ʻaʻohe Ip nat i loko o ke kumu static 192.168.1.10 200.124.22.1
ʻaʻohe Ip nat i loko o ke kumu static 192.168.1.11 200.124.22.2
ʻaʻohe Ip nat i loko o ke kumu static 192.168.1.100 200.124.22.3.
A laila, hana wau i kahi papa inoa papa inoa 1 no ka pūnaewele holoʻokoʻa me ka ʻae ʻana i ke kauoha komo-list 1 192.168.1.0 0.0.0.255 a hana i kahi wai NAT me ka hoʻohana ʻana i ke kauoha ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask 255.255.255.252. Ma kēia kauoha, ua kuhikuhi au i ka inoa o ka loko, nā ʻōlelo i hoʻokomo ʻia i loko, a me ka netmask.
A laila, kuhikuhi wau i ka NAT - i loko a i waho paha, a me ke kumu e loaʻa ai i ka NAT ka ʻike, i kā mākou hihia he papa inoa, me ka hoʻohana ʻana i ke kauoha ip nat i loko o ka papa inoa kumu 1. Ma hope o kēia, e kuhikuhi ka ʻōnaehana iā ʻoe inā ʻoe. pono i kahi loko wai holoʻokoʻa a i ʻole kahi kikowaena kikoʻī. Koho au i ka loko wai no ka mea ua ʻoi aku ka nui o kā mākou helu wahi waho. Inā koho ʻoe i ka interface, pono ʻoe e kuhikuhi i kahi awa me kahi helu IP kikoʻī. Ma ke ʻano hope, e like ke ʻano o ke kauoha: ip nat inside source list 1 pool NWKING. I kēia manawa, aia i loko o kēia pūnāwai ʻelua mau helu helu 1 200.124.22.1, akā hiki iā ʻoe ke hoʻololi wale iā lākou a i ʻole e hoʻohui i nā helu wahi hou i pili ʻole me kahi interface kikoʻī.
Pono ʻoe e hōʻoia i ka hōʻano hou ʻia ʻana o kāu papa kuhikuhi no laila e hoʻohuli ʻia kekahi o kēia mau IP address i loko o ka loko wai i kēia hāmeʻa, inā ʻaʻole e loaʻa iā ʻoe ke kaʻa hoʻihoʻi. No ka hōʻoia i ka hana ʻana o nā hoʻonohonoho, e hana hou mākou i ke kaʻina hana no ka pinging i ka mea ala ala, a mākou i hana ai no static NAT. E wehe au i ka puka makani ʻo Router 1 i hiki iaʻu ke ʻike i nā memo debug mode a ping iā ia mai kēlā me kēia o nā mea hana 3.
ʻIke mākou i nā helu kumu a pau e hele mai ai nā ʻeke ping e pili ana i nā hoʻonohonoho. I ka manawa like, ʻaʻole hana ka ping mai ka PC0 kamepiula no ka mea ʻaʻole lawa ka helu waho manuahi. Inā ʻoe e hele i nā hoʻonohonoho o ka Router 1, hiki iā ʻoe ke ʻike i ka hoʻohana ʻia ʻana o nā helu wai 200.124.22.1 a me 200.124.22.2. I kēia manawa e hoʻopau wau i ka hoʻolaha, a e ʻike ʻoe i ka nalo ʻana o nā laina. Pihi hou au iā PC0 a e like me kāu e ʻike ai, hana nā mea a pau i kēia manawa no ka mea hiki iā ia ke kiʻi i ka helu waho manuahi 200.124.22.1.
Pehea e hiki ai iaʻu ke hoʻomaʻemaʻe i ka papa NAT a wehe i kahi unuhi ʻōlelo i hāʻawi ʻia? E hele i nā hoʻonohonoho o ka Router0 router a paʻi i ke kauoha clear ip nat unuhi * me kahi asterisk ma ka hope o ka laina. Inā mākou e nānā i ke kūlana unuhi me ka hoʻohana ʻana i ka hōʻike ip nat unuhi kauoha, hāʻawi ka ʻōnaehana iā mākou i kahi laina ʻole.
No ka ʻike ʻana i nā helu NAT, e hoʻohana i ke kauoha hōʻike ip nat statistics.
He kauoha maikaʻi loa kēia e hiki ai iā ʻoe ke ʻike i ka huina o nā unuhi dynamic, static a holomua NAT/PAT. Hiki iā ʻoe ke ʻike he 0 ia no ka mea ua hoʻomaʻemaʻe mākou i ka ʻikepili hoʻolaha me ke kauoha mua. Hōʻike kēia i nā kikowaena hoʻokomo a me nā mea hoʻopuka, ka helu o nā hits kūleʻa a lanakila ʻole a nalo i ka hoʻololi ʻana (ʻo ka nui o nā hemahema ma muli o ka nele o kahi helu waho manuahi no ka mea hoʻokipa kūloko), ka inoa o ka papa inoa komo a me ka wai.
I kēia manawa, e neʻe mākou i ke ʻano kaulana loa o ka unuhi IP address - advanced NAT, a i ʻole PAT. No ka hoʻonohonoho ʻana i ka PAT, pono ʻoe e hahai i nā ʻanuʻu like me ka hoʻonohonoho ʻana i ka NAT dynamic: e hoʻoholo i nā mea hoʻokomo a me nā mea hoʻopuka puka o ka mea alalai, e ʻike i ke kaʻa "hoihoi", hana i kahi wai NAT, a hoʻonohonoho i ka PAT. Hiki iā mākou ke hana i ka wai hoʻokahi o nā helu he nui e like me ka hihia ma mua, akā ʻaʻole pono kēia no ka mea hoʻohana ʻo PAT i ka helu waho like i nā manawa āpau. ʻO ka ʻokoʻa wale nō ma waena o ka hoʻonohonoho ʻana i ka NAT a me ka PAT ʻo ia ka huaʻōlelo overload e hoʻopau i ke kauoha hoʻonohonoho hope. Ma hope o ka hoʻokomo ʻana i kēia huaʻōlelo, huli ʻo NAT dynamic i PAT.
Eia kekahi, hoʻohana wale ʻoe i hoʻokahi helu wahi i loko o ka loko NWKING, no ka laʻana 200.124.22.1, akā e kuhikuhi ʻelua ia ma ke ʻano he hoʻomaka a hoʻopau i ka helu waho me kahi netmask o 255.255.255.0. Hiki iā ʻoe ke hana maʻalahi ma ka hoʻohana ʻana i ka pākuʻi kumu kumu a me ka helu paʻa 1 o ka interface G200.124.22.1/200.124.22.1 ma kahi o ka laina ip nat 255.255.255.0 pool NWKING 200.124.22.1 0 netmask 1. I kēia hihia, e hoʻololi ʻia nā helu kūloko āpau i ka wā e komo ai i ka Pūnaewele i kēia IP address.
Hiki iā ʻoe ke hoʻohana i nā leka uila IP ʻē aʻe i loko o ka loko wai, ʻaʻole i kūpono i kahi kikowaena kino kikoʻī. Eia nō naʻe, i kēia hihia, pono ʻoe e hōʻoia e hiki i nā mea ala āpau ma ka pūnaewele ke hoʻouna i ka hoʻihoʻi ʻana i ke kaʻa i ka hāmeʻa āu e koho ai. ʻO ka hemahema o NAT, ʻaʻole hiki ke hoʻohana ʻia no ka hoʻopuka ʻana i ka hopena, no ka mea, i ka manawa e hoʻi ai ka ʻeke hoʻihoʻi i ka hāmeʻa kūloko, hiki ke loaʻa ka manawa e hoʻololi ai i kāna IP IP IP. ʻO ia hoʻi, pono ʻoe e hōʻoia e loaʻa ka helu IP i koho ʻia no ka manawa holoʻokoʻa o ke kau kamaʻilio.
E nānā kākou i kēia ma o Packet Tracer. Pono mua wau e wehe i ka NAT ikaika me ke kauoha no Ip nat i loko o ka papa inoa kumu 1 NWKING a wehe i ka wai NAT me ke kauoha no Ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask 225.255.255.252.
A laila pono wau e hana i kahi wai PAT me ke kauoha Ip nat pool NWKING 200.124.22.2 200.124.22.2 netmask 225.255.255.255. I kēia manawa ke hoʻohana nei au i kahi IP address ʻaʻole i pili i ka hāmeʻa kino no ka mea he helu helu o ka mea kino 200.124.22.1 a makemake wau e hoʻohana i ka 200.124.22.2. I kā mākou hihia, hana ia no ka mea he pūnaewele kūloko kā mākou.
A laila, hoʻonohonoho wau i ka PAT me ke kauoha Ip nat i loko o ka papa inoa kumu 1 pool NWKING overload. Ma hope o ke komo ʻana i kēia kauoha, hoʻāla ʻia ka unuhi ʻōlelo PAT. No ka nānā ʻana i ka pololei o ka hoʻonohonoho ʻana, hele wau i kā mākou mau polokalamu, ke kikowaena a me ʻelua kamepiula, a ping PC0 Router1 ma 200.124.22.10 mai ke kamepiula. Ma ka puka makani hoʻonohonoho router, hiki iā ʻoe ke ʻike i nā laina debug e hōʻike ana i ke kumu o ka ping, e like me kā mākou i manaʻo ai, ʻo ia ka IP address 200.124.22.2. ʻO kahi ping i hoʻouna ʻia e ka PC1 kamepiula a me ka server Server0 mai ka helu like.
E ʻike kākou i ka mea i hana ʻia ma ka papa unuhi o Router0. Hiki iā ʻoe ke ʻike i ka holomua o nā unuhi a pau, ua hāʻawi ʻia kēlā me kēia hāmeʻa i kona awa ponoʻī, a pili nā helu kūloko āpau me Router1 ma o ka IP address pool 200.124.22.2.
Hoʻohana au i ke kauoha hōʻike ip nat statistics e nānā i nā helu PAT.
ʻIke mākou he 12 ka nui o nā hoʻololi ʻana, a i ʻole nā unuhi ʻōlelo, ʻike mākou i nā ʻano o ka loko a me nā ʻike ʻē aʻe.
I kēia manawa e hana wau i kahi mea ʻē aʻe - e hoʻokomo wau i ke kauoha Ip nat i loko o ka papa inoa kumu 1 interface gigabit Ethernet g0/1 overload. Inā ʻoe e ping i ke alalai mai PC0, e ʻike ʻoe ua hele mai ka ʻeke mai ka helu helu 200.124.22.1, ʻo ia hoʻi, mai ke kino kino! He ala maʻalahi kēia: inā ʻaʻole ʻoe makemake e hana i kahi loko wai, ka mea i hana pinepine ʻia i ka wā e hoʻohana ai i nā mea hoʻokele home, a laila hiki iā ʻoe ke hoʻohana i ka IP address o ke kikowaena kino o ke alalai ma ke ʻano he wahi NAT waho. Penei ka unuhi pinepine ʻia ʻana o kāu helu wahi hoʻokipa pilikino no ka pūnaewele lehulehu.
I kēia lā ua aʻo mākou i kahi kumuhana koʻikoʻi, no laila pono ʻoe e hoʻomaʻamaʻa. E hoʻohana i ka Packet Tracer e hoʻāʻo i kāu ʻike kuʻuna e pili ana i nā pilikia hoʻonohonoho NAT a me PAT. Ua hiki mai mākou i ka pau ʻana o ke aʻo ʻana i nā kumuhana o ICND1 - ka hōʻike mua o ka papa CCNA, no laila e hāʻawi paha wau i ka haʻawina wikiō aʻe e hōʻuluʻulu i nā hopena.
Mahalo no kou noho pū ʻana me mākou. Makemake ʻoe i kā mākou ʻatikala? Makemake ʻoe e ʻike i nā mea hoihoi hou aʻe? E kākoʻo iā mākou ma ke kau ʻana i kahi kauoha a i ʻole ka ʻōlelo ʻana i nā hoaaloha, 30% ho'ēmi no nā mea hoʻohana Habr ma kahi kūʻokoʻa kūʻokoʻa o nā kikowaena helu komo, i hana ʻia e mākou no ʻoe: (loaʻa me RAID1 a me RAID10, a hiki i 24 cores a hiki i 40GB DDR4).
ʻO Dell R730xd 2 mau manawa maʻalahi? Eia wale nō ma Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - mai $99! Heluhelu e pili ana
Source: www.habr.com