Nhasi tichadzidza PAT (Port Kero Dudziro), tekinoroji yekushandura kero dzeIP uchishandisa zviteshi, uye NAT (Network Kero Dudziro), tekinoroji yekushandura IP kero yemapaketi ekufambisa. PAT inyaya yakakosha yeNAT. Tichabata misoro mitatu:
- yakavanzika, kana yemukati (intranet, yemuno) IP kero neruzhinji, kana ekunze IP kero;
- NAT uye PAT;
-NAT/PAT kumisikidzwa.
Ngatitangei nemukati Private IP kero. Tinoziva kuti vakakamurwa kuita makirasi matatu: A, B uye C.
Yemukati Kirasi A kero dzinotora makumi kubva pa10.0.0.0 kusvika 10.255.255.255, uye kero dzekunze dzinotora kubva pa1.0.0.0 kusvika 9 uye kubva 255.255.255 kusvika 11.0.0.0.
Kero dzemukati dzekirasi B dzinotora kubva 172.16.0.0 kusvika 172.31.255.255, uye kero dzekunze dzinobva 128.0.0.0 kusvika 172.15.255.255 uye kubva 172.32.0.0 kusvika 191.255.255.255.
Kero dzemukati dzekirasi C dzinotora kubva 192.168.0.0 kusvika 192.168.255.255, uye kero dzekunze dzinobva 192.0.0 kusvika 192.167.255.255 uye kubva 192.169.0.0 kusvika 223.255.255.255.
Kero dzeKirasi A dzinoti /8, Kirasi B iri /12 uye Kirasi C iri /16. Saka, ekunze uye emukati IP kero emakirasi akasiyana anogara akasiyana siyana.
Takurukura kakawanda kuti musiyano uripi pakati peyakavanzika uye yeruzhinji IP kero. Kazhinji, kana tine router uye boka remukati IP kero, pavanoedza kuwana Internet, router inovashandura kune ekunze IP kero. Kero dzemukati dzinoshandiswa chete pamanetiweki emuno, kwete paInternet.
Kana ndikatarisa network parameters yekombuta yangu ndichishandisa mutsara wekuraira, ndichaona yangu yemukati LAN IP kero 192.168.1.103.
Kuti uzive yako IP kero yeruzhinji, unogona kushandisa Internet sevhisi senge "Chii chinonzi IP yangu?" Sezvauri kuona, kero yekunze yekombuta 78.100.196.163 yakasiyana nekero yayo yemukati.
Muzviitiko zvese, komputa yangu inoonekwa paInternet chaizvo neyekunze IP kero. Saka, kero yemukati yekombuta yangu ndeye 192.168.1.103, uye yekunze ndeye 78.100.196.163. Iyo kero yemukati inoshandiswa chete pakutaurirana kwenzvimbo, haugone kuwana iyo Internet nayo, nekuda kweizvi unoda yeruzhinji IP kero. Unogona kurangarira kuti sei kupatsanurwa kuita kero dzakavanzika nedzeruzhinji kwakaitwa nekuongorora vhidhiyo yekudzidzisa Zuva rechitatu.
Ngatitarisei kuti chii chinonzi NAT. Kune marudzi matatu eNAT: static, dynamic uye "overloaded" NAT, kana PAT.
Cisco ine mazwi mana anotsanangura NAT. Sezvandakataura, NAT inzira yekushandura kero dzemukati kune dzekunze. Kana mudziyo wakabatana neInternet ukagamuchira pakiti kubva kune imwe mudziyo panetiweki yemuno, inongorasa pakiti iyi, sezvo iyo yemukati kero fomati isingaenderane nefomati yemakero anoshandiswa paInternet yepasi rose. Naizvozvo, mudziyo unofanirwa kuwana yeruzhinji IP kero kuti uwane iyo Internet.
Saka, iyo yekutanga temu ndeye Mukati Yenzvimbo, zvichireva iyo IP kero yemuiti pane yemukati yemuno network. Nemashoko akareruka, iyi ndiyo kero yekutanga yerudzi 192.168.1.10. Temu yechipiri, Mukati meGlobal, ndiyo IP kero yemuiti wepanzvimbo iyo inoonekwa pane yekunze network. Muchiitiko chedu, iyi ndiyo IP kero yekunze kwechiteshi che router 200.124.22.10.
Tinogona kutaura kuti Mukati Yenzvimbo ndeye yakavanzika IP kero, uye Mukati Global iruzhinji IP kero. Rangarira kuti izwi rekuti Mukati rinoreva kunobva traffic, uye Kunze kunoreva kwainoenda traffic. Kunze Kwenzvimbo ndiyo IP kero yemugadziri pane yekunze network, pasi payo inoonekwa kune yemukati network. Zvichitaurwa zviri nyore, iyi ndiyo kero yemugamuchiri inoonekwa kubva kunetiweki yemukati. Muenzaniso wekero yakadaro ndiyo IP kero 200.124.22.100 yechigadzirwa chiri paInternet.
Kunze kweGlobal ndiyo IP kero yemugamuchiri seinooneka pane network yekunze. Kazhinji, Kero dzeKunze Kwenzvimbo neKunze kweGlobal dzinotaridzika zvakafanana nekuti kunyangwe mushure meshandurudzo, kero yeIP inoonekwa kune kwazvaimboita isati yashandurwa.
Ngatitarisei kuti chii chinonzi NAT. Static NAT zvinoreva shandurudzo imwe-kune-imwe yemakero emukati eIP kune ekunze, kana shandurudzo yemumwe-kune-imwe. Kana zvishandiso zvinotumira traffic kuInternet, kero yavo yeMukati Yenzvimbo inoshandurirwa muInside Global kero.
Pane zvishandiso zvitatu panetiweki yedu yemuno, uye pavanoenda online, imwe neimwe yadzo inowana yayo Inside Global kero. Kero idzi dzakaiswa kune zviwanikwa zvetraffic. Iyo imwe-kune-imwe musimboti inoreva kuti kana paine zana pane network yemuno, vanogashira zana kero dzekunze.
NAT yakazvarwa kuti ichengetedze iyo Internet, iyo yaive ichipera neruzhinji IP kero. Kutenda kuNAT, makambani mazhinji uye akawanda network anogona kuve neakajairika IP kero yekunze, iyo iyo kero dzenzvimbo dzemidziyo inoshandurwa kana ichisvika paInternet. Iwe unogona kutaura kuti munyaya iyi ye static NAT hapana kuchengetedza munhamba yekero, sezvo zana makombiyuta emunharaunda anopiwa zana kero dzekunze, uye iwe uchave wakarurama. Nekudaro, static NAT ichine akati wandei mabhenefiti.
Semuenzaniso, tine sevha ine yemukati IP kero ye192.168.1.100. Kana chero mudziyo unobva kuInternet uchida kubata nawo, haugone kuzviita uchishandisa kero yemukati yekuenda, nekuda kweizvi inoda kushandisa kero yekunze server 200.124.22.3. Kana router yako yakagadziridzwa ine static NAT, traffic yese inotumirwa ku200.124.22.3 inongotumirwa ku192.168.1.100. Izvi zvinopa kunze kwekunze kune emunharaunda network zvishandiso, mune iyi kesi kune kambani yewebhu server, izvo zvingave zvakakosha mune dzimwe nguva.
Ngatitarisei dynamic NAT. Iyo yakafanana chaizvo neiyo static, asi haigove zvachose kero dzekunze kune yega yega mudziyo. Semuenzaniso, tine 3 zvishandiso zvemunharaunda uye 2 chete kero dzekunze. Kana iyo yechipiri mudziyo ichida kuwana iyo Internet, ichapihwa yekutanga yemahara IP kero. Kana sevha yewebhu ichida kuwana iyo Internet mushure mayo, iyo router inozopa iyo yechipiri inowanikwa kero yekunze. Kana mushure meizvi chigadzirwa chekutanga chinoda kubatanidza kune network yekunze, hapazovipo nekero ye IP yayo, uye router icharasa pakiti yayo.
Tinogona kunge tiine mazana emidziyo ine emukati IP kero, uye chimwe nechimwe chezvishandiso izvi chinogona kuwana Indaneti. Asi sezvo isu tisina static assignment yemakero ekunze, hapana anopfuura 2 michina kubva zana ichakwanisa kuwana Internet panguva imwe chete, nekuti isu tine maviri chete dynamically akagoverwa ekunze kero.
Midziyo yeCisco ine kero yakatarwa nguva yekushandura, iyo inosarudzika kusvika kumaawa makumi maviri nemana. Inogona kushandurwa kuita 24, 1,2,3 maminetsi, kune chero nguva yaunoda. Mushure menguva ino, kero dzekunze dzinoburitswa uye dzinodzoserwa otomatiki kudziva rekero. Kana panguva ino chigadzirwa chekutanga chichida kuwana Indaneti uye chero kero yekunze iripo, ipapo ichaigamuchira. Iyo router ine tafura yeNAT iyo inovandudzwa zvine simba, uye kusvika nguva yekushandura yapera, kero yakapihwa inochengetwa nemudziyo. Zvichitaurwa zviri nyore, simba reNAT rinoshanda pamusimboti wekuti "tanga huya pekutanga, tanga kushumirwa."
Ngatitarisei kuti chii chakaremerwa NAT, kana PAT, chii. Iyi ndiyo mhando yakajairika yeNAT. Panogona kuve nemidziyo yakawanda pane yako network network - PC, smartphone, laptop, piritsi, uye zvese zvinobatana kune router ine imwe yekunze IP kero. Saka, PAT inobvumira akawanda madivayiri ane emukati IP kero kuti akwanise kuwana Internet panguva imwe chete yekunze IP kero. Izvi zvinogoneka nekuda kwekuti yega yega yega, yemukati IP kero inoshandisa chaiyo chiteshi nhamba panguva yekutaurirana.
Ngatifungei tine kero yeruzhinji 200.124.22.1 uye midziyo yakawanda yemuno. Saka, kana uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchingedzo kuInternet, mauto ese aya achagamuchira iyo yakafanana kero 200.124.22.1. Chinhu chimwe chete chinovasiyanisa kubva kune mumwe kune nhamba yechiteshi.
Kana iwe ukarangarira nhaurirano yeyekutakura layer, iwe unoziva kuti iyo yekufambisa layer ine manhamba echiteshi, neiyo sosi yechiteshi nhamba iri nhamba isina kurongeka.
Ngatifungei kuti kune muenzi pane yekunze network ine IP kero 200.124.22.10, iyo yakabatana neInternet. Kana komputa 192.168.1.11 ichida kutaurirana nekombuta 200.124.22.10, ichagadzira isina kujairika source port 51772. Muchiitiko ichi, nzvimbo yekuenda yekunze network komputa ichave makumi masere.
Apo router inogamuchira kombiyuta yepakiti yepakiti inotungamirirwa kune network yekunze, ichashandura Inside Local kero kuInside Global kero 200.124.22.1 uye inopa nhamba yechiteshi 23556. Pakiti ichasvika pakombiyuta 200.124.22.10, uye inofanira tumira zvakare mhinduro zvinoenderana nemaitiro ekubata ruoko, mune iyi nyaya, kwainoenda kuchava kero 200.124.22.1 uye port 23556.
Router ine tafura yekushandura yeNAT, saka kana ikagamuchira pakiti kubva kune kombiyuta yekunze, ichasarudza Inside Local address inoenderana neInside Global address se 192.168.1.11: 51772 uye kutumira pakiti kwairi. Mushure meizvi, kubatana pakati pemakomputa maviri kunogona kutariswa kwakagadzwa.
Panguva imwecheteyo, iwe unogona kunge uine zana zana uchishandisa kero imwechete 200.124.22.1 kutaurirana, asi nhamba dzakasiyana dzechiteshi, saka vese vanogona kuwana Indaneti panguva imwe chete. Ichi ndicho chikonzero PAT iri nzira yakakurumbira yekutepfenyura.
Ngatitarisei kumisikidza static NAT. Kune chero network, kutanga kune zvese, zvinodikanwa kuti utarise iyo yekupinda uye inobuda interfaces. Dhiagiramu inoratidza router kuburikidza iyo traffic inofambiswa kubva kuchiteshi G0/0 kuenda kuchiteshi G0/1, ndiko kuti, kubva kunetiweki yemukati kuenda kune yekunze network. Saka isu tine inopinza interface ye 192.168.1.1 uye inobuda interface ye 200.124.22.1.
Kuti tigadzirise NAT, tinoenda kuG0/0 interface uye tinogadzirisa zvigadziridzo ip addres 192.168.1.1 255.255.255.0 uye kuratidza kuti iyi interface ndiyo inopinza inoshandisa ip nat mukati mekuraira.
Nenzira imwecheteyo, isu tinogadzirisa NAT pane inobuda interface G0/1, inotsanangura ip kero 200.124.22.1, subnet mask 255.255.255.0 uye ip nat kunze. Rangarira kuti kushandura kweNAT kunogara kuchiitwa kubva pakuisa kune inobuda interface, kubva mukati kuenda kunze. Nomuzvarirwo, kune ine simba NAT, mhinduro inouya kune yekuisa interface kuburikidza neinobuda interface, asi kana traffic yatangwa, ndiyo yeku-kunze nzira inokonzereswa. Panyaya ye static NAT, kutangisa traffic kunogona kuitika mune chero nzira - mukati-kunze kana kunze-mukati.
Tevere, isu tinofanirwa kugadzira iyo static NAT tafura, apo yega yega kero yenzvimbo inoenderana neakasiyana kero yepasirese. Muchiitiko chedu, kune zvigadzirwa zve 3, saka tafura ichave ne 3 zvinyorwa, izvo zvinoratidza Inside Local IP kero yezvinyorwa, iyo inoshandurwa kuInside Global kero: ip nat mukati static 192.168.1.10 200.124.22.1.
Saka, mune static NAT, iwe unonyora nemaoko dudziro kune yega yega kero yemunharaunda. Iye zvino ndichaenda kuPacket Tracer uye ndiite marongero anotsanangurwa pamusoro apa.
Pamusoro tine server 192.168.1.100, pazasi pane komputa 192.168.1.10 uye pazasi chaipo pane komputa 192.168.1.11. Port G0/0 yeRouter0 ine IP kero ye 192.168.1.1, uye port G0/1 ine IP kero ye 200.124.22.1. Mu "gore" rinomiririra Indaneti, ndakaisa Router1, iyo yandakapa IP kero 200.124.22.10.
Ini ndinoenda muzvigadziro zveRouter1 ndonyora murairo debug ip icmp. Ikozvino, kana ping yasvika pachishandiso ichocho, meseji yedebug ichaonekwa muhwindo rezvigadziriso inoratidza kuti packet chii.
Ngatitangei kumisikidza Router0 router. Ini ndinoenda mune yepasi rose marongero modhi uye ndinofonera iyo G0/0 interface. Tevere, ini ndinoisa iyo ip nat mukati mekuraira, wozoenda kune iyo g0/1 interface uye isa iyo ip nat yekunze yekuraira. Nekudaro, ini ndakapa iyo yekupinza uye yekubuda interfaces ye router. Ikozvino ini ndoda kugadzirisa nemaoko IP kero, ndiko kuti, kutamisa mitsara kubva patafura iri pamusoro kune zvigadziriso:
Ip nat inside source static 192.168.1.10 200.124.22.1
Ip nat inside source static 192.168.1.11 200.124.22.2
Ip nat inside source static 192.168.1.100 200.124.22.3
Ikozvino ini ndicha ping Router1 kubva kune imwe neimwe yemidziyo yedu uye ndoona iyo IP kero iyo ping inogamuchira inoratidza. Kuti ndiite izvi, ndinoisa hwindo reCLI rakavhurika reR1 router kurudyi rwechidzitiro kuti ndione mameseji ekugadzirisa. Iye zvino ndinoenda kuPC0 command line terminal uye ping kero 200.124.22.10. Mushure meizvi, meseji inoonekwa pahwindo iyo iyo ping yakagamuchirwa kubva kuIP kero 200.124.22.1. Izvi zvinoreva kuti IP kero yekombuta yemuno 192.168.1.10 yakashandurwa kukero yepasi rose 200.124.22.1.
Ndinoita zvakafanana nekombuta yemunharaunda inotevera uye ndinoona kuti kero yayo yakashandurwa ku200.124.22.2. Ipapo ini ping sevha uye ndinoona iyo kero 200.124.22.3.
Nekudaro, kana traffic kubva kune yemunharaunda network mudziyo inosvika kune router iyo iyo static NAT inogadziriswa, iyo router, zvinoenderana netafura, inoshandura kero yenzvimbo yeIP kune yepasi rose uye inotumira traffic kune yekunze network. Kutarisa tafura yeNAT, ini ndinoisa iyo show ip nat shanduro yekuraira.
Iye zvino tinogona kuona shanduko dzese dzinoitwa nerouter. Koramu yekutanga Mukati meGlobal ine kero yechishandiso isati yatepfenyurwa, ndiko kuti, kero iyo mudziyo unoonekwa kubva kune yekunze network, ichiteverwa neInside Local kero, ndiko kuti, kero yechishandiso pane network yemuno. Koramu yechitatu inoratidza kero yeKunze Kwenzvimbo uye koramu yechina inoratidza Kero yeKunze Kwepasi rose, ose ari maviri akafanana nekuti hatisi kushandura kero yeIP yepanzvimbo. Sezvauri kuona, mushure memasekondi mashoma tafura yakacheneswa nekuti Packet Tracer yaive nepfupi ping timeout set.
Ndinogona ping sevha pa 1 kubva router R200.124.22.3, uye kana ndikadzokera kune router marongero, ndinogona kuona kuti tafura zvakare akazadzwa mana ping mitsetse ine rakashandurwa kuenda kero 192.168.1.100.
Sezvandakataura, kunyangwe kana nguva yekushandura ikavhurwa, kana traffic yatangwa kubva kune yekunze sosi, iyo NAT michina inongoitwa. Izvi zvinoitika chete kana uchishandisa static NAT.
Zvino ngatitarisei kuti dynamic NAT inoshanda sei. Mumuenzaniso wedu, kune 2 kero dzeruzhinji dzematurusi etiweki emunharaunda, asi panogona kunge paine makumi kana mazana evaenzi akadaro. Panguva imwecheteyo, zvishandiso zviviri chete zvinogona kuwana Internet panguva imwe chete. Ngationei kuti chii, mukuwedzera, musiyano uripo pakati peiyo static uye ine simba NAT.
Sezvakaitika mune yakapfuura, iwe unofanirwa kutanga waona iyo yekupinza uye inobuda interfaces ye router. Tevere, tinogadzira rudzi rwekuwana runyorwa, asi iyi haisi iyo ACL yatakataura nezvayo muchidzidzo chapfuura. Rondedzero yekuwana iyi inoshandiswa kuona traffic yatinoda kushandura. Pano pane izwi idzva rekuti "traffic inonakidza" kana "traffic inonakidza" inooneka. Iyi ndiyo traffic yauri kufarira nekuda kwechimwe chikonzero, uye kana iyo traffic inoenderana nemamiriro eiyo rondedzero yekuwana, inouya pasi peNAT uye inoshandurwa. Iri izwi rinoshanda kune traffic muzviitiko zvakawanda, semuenzaniso, mune yeVPN, "inofadza" ndiyo traffic ichapfuura nepaVPN tunnel.
Tinofanira kuumba ACL inoratidza chifambiso chinonakidza, munyaya yedu iyi ndiyo traffic yese 192.168.1.0 network, pamwe chete neiyo mask yekudzoka ye 0.0.0.255 inotsanangurwa.
Zvadaro tinofanira kugadzira dziva reNAT, ratinoshandisa murairo ip nat pool <zita redziva> uye tsanangura dziva re IP kero 200.124.22.1 200.124.22.2. Izvi zvinoreva kuti tinongopa maviri ekunze IP kero. Zvadaro, murairo unoshandisa netmask keyword uye inopinda subnet mask 255.255.255.252. Yekupedzisira octet yemasikisi ndeye (255 - nhamba yemakero edziva - 1), saka kana uine 254 kero mudziva, ipapo subnet mask ichava 255.255.255.0. Uku kurongedza kwakakosha, saka ive shuwa yekuisa iyo chaiyo netmask kukosha paunenge uchiseta ine simba NAT.
Tevere tinoshandisa murairo unotanga nzira yeNAT: ip nat inside source list 1 dziva NWKING, apo NWKING ndiro zita redziva, uye nyora 1 zvinoreva ACL nhamba 1. Rangarira - kuti murairo uyu ushande, iwe unofanirwa kutanga wagadzira ine simba kero dziva uye rondedzero yekuwana.
Saka, pasi pemamiriro edu ezvinhu, chigadziro chekutanga chinoda kuwana Indaneti chichakwanisa kuita izvi, chigadzirwa chechipiri chichakwanisa kuita kudaro, asi chechitatu chichafanira kumirira kusvikira imwe yekero dzedziva yakasununguka. Kumisikidza ine simba NAT ine nhanho ina: kuona yekupinza uye inobuda interface, kuzivisa "inonakidza" traffic, kugadzira dziva reNAT uye iyo chaiyo yekumisikidza.
Iye zvino tichaenda kuPacket Tracer uye edza kugadzirisa inoshanduka NAT. Chekutanga isu tinofanirwa kubvisa iyo static NAT marongero, ayo isu tinopinza mirairo sequentially:
no Ip nat inside source static 192.168.1.10 200.124.22.1
no Ip nat inside source static 192.168.1.11 200.124.22.2
kwete Ip nat mukati kunobva static 192.168.1.100 200.124.22.3.
Tevere, ndinogadzira runyoro rwekuwana Rondedzero 1 yetiweki yese nemirairo yekuwana-rondedzero 1 mvumo 192.168.1.0 0.0.0.255 uye kugadzira dziva reNAT ndichishandisa command ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask 255.255.255.252. Mumurairo uyu, ndakatsanangura zita redziva, kero dzinosanganisirwa mariri, uye netmask.
Zvadaro ndinotsanangura kuti NAT ndeipi - yemukati kana yekunze, uye inobva iyo NAT inofanira kuwana ruzivo, mune yedu rondedzero, uchishandisa murairo ip nat mukati mezvinyorwa zvinyorwa 1. Mushure meizvi, hurongwa huchakukurudzira iwe vanoda dziva rose kana imwe interface. Ini ndinosarudza dziva nekuti isu tine anopfuura 1 kero yekunze. Kana ukasarudza chimiro, iwe uchafanirwa kutsanangura chiteshi chine chaiyo IP kero. Muchimiro chekupedzisira, iwo murairo uchaita seizvi: ip nat mukati mesosi runyorwa 1 dziva NWKING. Parizvino dziva iri rine kero mbiri 200.124.22.1 200.124.22.2, asi iwe unogona kuzvishandura zvakasununguka kana kuwedzera kero itsva dzisingabatanidzi neinoti interface.
Iwe unofanirwa kuve nechokwadi chekuti tafura yako yekufambisa yakagadziridzwa kuitira kuti chero yeaya ma IP kero mudziva inofanirwa kuendeswa kune iyi kifaa, zvikasadaro iwe haugamuchire kudzoka traffic. Kuti tive nechokwadi chekuti marongero ari kushanda, isu tichadzokorora maitiro epinging yegore router, izvo zvatakaitira static NAT. Ini ndichavhura hwindo reRouter 1 kuitira kuti ndione mameseji edebug mode uye ping kubva kune imwe neimwe yemidziyo mitatu.
Isu tinoona kuti ese masosi kero kubva kune iyo ping mapaketi anouya anoenderana nezvirongwa. Panguva imwecheteyo, ping kubva komputa PC0 haishande nekuti haina yakakwana yemahara kero yekunze. Kana iwe ukapinda muzvirongwa zveRouter 1, unogona kuona kuti dziva kero 200.124.22.1 uye 200.124.22.2 dziri kushandiswa. Zvino ini ndichadzima nhepfenyuro, uye iwe uchaona kuti mitsetse inonyangarika sei imwe neimwe. Ini ping PC0 zvakare uye sezvauri kuona, zvese zvinoshanda ikozvino nekuti yakakwanisa kuwana yemahara kero yekunze 200.124.22.1.
Ndingabvisa sei tafura yeNAT uye ndobvisa shanduro yakapihwa kero? Enda kune zvigadziriso zveRouter0 router uye nyora iwo mutemo wakajeka ip nat dudziro * ine asterisk kumagumo emutsara. Kana isu zvino tatarisa chimiro cheshanduro tichishandisa iyo show ip nat dudziro yekuraira, sisitimu inotipa mutsara usina chinhu.
Kuti uone nhamba dzeNAT, shandisa iyo show ip nat statistics command.
Uyu ndiwo murairo unobatsira kwazvo unobvumidza iwe kuti uwane huwandu hwese hweshanduro ine simba, static uye yepamusoro NAT/PAT. Iwe unogona kuona kuti iri 0 nekuti isu takabvisa iyo nhepfenyuro data neyakapfuura rairo. Izvi zvinoratidzira zvipindiro zvekupinza uye zvinobuda, nhamba yeakabudirira uye asina kubudirira hits uye anopotsa kutendeuka (nhamba yekutadza inokonzerwa nekushaikwa kwemahara kero yekunze yemukati memuiti), zita rekupinda rondedzero uye dziva.
Zvino tichaenda kune inonyanya kufarirwa mhando yeIP kero kududzira - yepamusoro NAT, kana PAT. Kuti ugadzirise PAT, unofanirwa kutevedzera matanho akafanana ekugadzirisa simba reNAT: sarudza iyo router inopinza uye inobuda nzvimbo, tsvaga "inonakidza" traffic, gadzira dziva reNAT, uye gadzirisa PAT. Tinogona kugadzira dziva rimwechete rekero dzakawanda sezvakaitika kare, asi izvi hazvidikanwi nokuti PAT inoshandisa kero imwe chete yekunze nguva dzose. Musiyano chete pakati pekugadzirisa inoshanduka NAT uye PAT ndiro izwi repamusoro rinopedza iyo yekupedzisira yekumisikidza kuraira. Mushure mekuisa izwi iri, ine simba NAT inoshanduka kuita PAT.
Zvakare, unongoshandisa kero imwe chete mudziva reNWKING, semuenzaniso 200.124.22.1, asi itsanangure kaviri sekero yekutanga nekupera kwekunze netmask ye255.255.255.0. Unogona kuzviita zviri nyore nekushandisa iyo source interface parameter uye iyo yakatarwa kero 1 yeG200.124.22.1/200.124.22.1 interface pane ip nat 255.255.255.0 dziva NWKING 200.124.22.1 0 netmask 1 mutsara. Muchiitiko ichi, kero dzese dzemunharaunda kana uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchingedzo kuInternet dzinoshandurwa kune iyi IP kero.
Iwe unogona zvakare kushandisa chero imwe kero yeIP mudziva, iyo isingaenderane neyakajeka chimiro chemuviri. Nekudaro, mune iyi kesi, iwe unofanirwa kuve nechokwadi chekuti marouters ese ari panetiweki anogona kutumira kudzorera traffic kune mudziyo waunosarudza. Izvo zvakashata zveNAT ndezvekuti hazvigone kushandiswa pakuguma-kusvika-kumagumo kero, nekuti panguva iyo yekudzosera packet inodzokera kumudziyo wenzvimbo, iyo ine simba NAT IP kero inogona kuve nenguva yekuchinja. Ndokunge, iwe unofanirwa kuve nechokwadi chekuti yakasarudzwa IP kero icharamba iripo kwenguva yese yemusangano wekutaurirana.
Ngatitarisei izvi kuburikidza nePacket Tracer. Kutanga ndinofanira kubvisa iyo inoshanduka NAT nemurairo no Ip nat mukati mezvinyorwa zvinyorwa 1 NWKING uye kubvisa dziva reNAT nemurairo kwete Ip nat dziva NWKING 200.124.22.1 200.124.22.2 netmask 225.255.255.252.
Ipapo ndinofanira kugadzira PAT dziva nemurairo Ip nat dziva NWKING 200.124.22.2 200.124.22.2 netmask 225.255.255.255. Panguva ino ndiri kushandisa IP kero isiri yemuviri mudziyo nekuti yenyama mudziyo ine kero 200.124.22.1 uye ndinoda kushandisa 200.124.22.2. Kwatiri kunoshanda nekuti tine network yemuno.
Tevere, ini ndinogadzirisa PAT nemurairo Ip nat mukati mezvinyorwa zvinyorwa 1 dziva NWKING yakawandisa. Mushure mekuisa uyu murairo, PAT kero shanduro inovhurwa. Kuti ndione kuti kugadzirisa kwakarurama, ndinoenda kumidziyo yedu, sevha nemakombiyuta maviri, uye ping PC0 Router1 pa 200.124.22.10 kubva pakombiyuta. Muwindo rezvirongwa zve router, unogona kuona mitsara yedebug inoratidza kuti tsime reping, sezvataitarisira, i IP kero 200.124.22.2. Ping inotumirwa nekombuta PC1 uye server Server0 inobva kune imwecheteyo kero.
Ngationei zvinoitika mushanduro tafura yeRouter0. Iwe unogona kuona kuti shanduro dzese dzakabudirira, mudziyo wega wega unopihwa chiteshi chayo, uye kero dzese dzenzvimbo dzakabatana neRouter1 kuburikidza nedziva IP kero 200.124.22.2.
Ini ndinoshandisa show ip nat statistics command kuona PAT manhamba.
Isu tinoona kuti huwandu hwese hweshanduko, kana shanduro dzekero, i12, tinoona maitiro edziva uye rumwe ruzivo.
Zvino ini ndichaita chimwe chinhu - ini ndichaisa iyo yekuraira Ip nat mukati mesosi runyorwa 1 interface gigabit Ethernet g0/1 yakawandisa. Kana iwe ipapo ping router kubva kuPC0, iwe uchaona kuti iyo packet yakabva kune kero 200.124.22.1, kureva, kubva kuhutano hwepanyama! Iyi inzira iri nyore: kana iwe usingadi kugadzira dziva, rinowanzoitika kana uchishandisa ma routers epamba, ipapo unogona kushandisa IP kero ye router's physical interface seyekunze NAT kero. Aya ndiwo mashandurirwo anoitwa kero yako yakavanzika yeruzhinji network.
Nhasi tadzidza nyaya inokosha zvikuru, saka unofanira kuidzidzira. Shandisa Packet Tracer kuyedza ruzivo rwako rwe theoretical kupesana neNAT uye PAT yekumisikidza matambudziko. Tasvika kumagumo ekudzidza misoro yeICND1 - bvunzo yekutanga yekosi yeCCNA, saka ini ndichapa chidzidzo chinotevera chevhidhiyo kupfupisa zvabuda.
Ndinokutendai nekugara nesu. Unoda zvinyorwa zvedu here? Unoda kuona zvimwe zvinonakidza zvemukati? Titsigire nekuisa odha kana kukurudzira kushamwari, 30% kuderedzwa kwevashandisi veHabr pane yakasarudzika analogue yekupinda-level maseva, iyo yakagadzirwa nesu kuti iwe: (inowanikwa neRAID1 uye RAID10, kusvika ku24 cores uye kusvika ku40GB DDR4).
Dell R730xd kaviri zvakachipa? Chete pano muNetherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - kubva pamadhora makumi mapfumbamwe nemapfumbamwe! Verenga nezve
Source: www.habr.com