R3配置

[V200R003C00]# sysname Router# board add 0/4 8FE1GE # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone Indian Standard Time minus 05:13:20 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23 00:00 2005 2005 # drop illegal-mac alarm#vlan batch 100 200# set cpu-usage threshold 80 restore 75#acl number 2000   rule 5 permit source 192.168.20.0 0.0.0.255 acl number 2001   rule 5 permit source 10.0.0.0 0.0.0.255 #aaa  authentication-scheme default authorization-scheme default accounting-scheme default domain default  domain default_admin  local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http#firewall zone Local priority 15# nat address-group 1 202.169.10.100 202.169.10.200 nat address-group 2 202.169.10.80 202.169.10.83#interface Vlanif100 ip address 192.168.20.1 255.255.255.0 #interface Vlanif200 ip address 10.0.0.1 255.255.255.0 #interface Ethernet4/0/0 port link-type access port default vlan 100#interface Ethernet4/0/1 port link-type access port default vlan 200#interface Ethernet4/0/2#interface Ethernet4/0/3#interface Ethernet4/0/4#interface Ethernet4/0/5#interface Ethernet4/0/6#interface Ethernet4/0/7#interface GigabitEthernet0/0/0 ip address 202.169.10.1 255.255.255.0  nat outbound 2000 address-group 1 no-pat nat outbound 2001 address-group 2 #interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface GigabitEthernet4/0/0#interface NULL0#ip route-static 0.0.0.0 0.0.0.0 202.169.10.2#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

R4配置

[V200R003C00]# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone Indian Standard Time minus 05:13:20 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23 00:00 2005 2005 # drop illegal-mac alarm# set cpu-usage threshold 80 restore 75#aaa  authentication-scheme default authorization-scheme default accounting-scheme default domain default  domain default_admin  local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http#firewall zone Local priority 15#interface GigabitEthernet0/0/0 ip address 202.169.10.2 255.255.255.0 #interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

在R3上查看NAT信息

dis nat address-group verbose

在R3的g 0/0/0口抓包,会发现NAT地址经过了正常的转换了

1）在PC1上ping 202.169.10.2，同时发现转换的公网IP地址是变化的

2）在PC2上ping 202.169.10.2，同时发现转换的公网IP地址是不化的

• 先只ping一个包
  
• 长ping，一直都是202.169.10.82这个地址