(+84) 236.3827111 ex. 402

LAB - NAT Overload vs NAT Staic

Cho sơ đồ mạng như sau:

Yêu cầu:

  • Cấu hình IP như trong sơ đồ

  • Tạo 2 VLAN 10 & 20, định tuyến cho các VLAN dùng Switch L3

  • Định tuyến tĩnh cho toàn bộ sơ đồ

  • Cấu hình NAT Overload & NAT Static để các máy bên trong truy cập Internet & các máy bên ngoài truy cập được Web Server dtu.vn

Thông tin cấu hình trên các thiết bị:

DHCP Server

Web Server dtu.vn

DNS-Web Server tuoitre.vn

SWCore

SWCore#show running-config

Building configuration...

Current configuration : 2452 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname SWCore

!

!

!

!

!

!

!

ip routing

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

ip address 192.168.1.2 255.255.255.0

!

interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip helper-address 192.168.1.100

!

interface Vlan20

ip address 192.168.20.1 255.255.255.0

ip helper-address 192.168.1.100

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

ip flow-export version 9

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

SWCore#

FW

FW#show running-config

Building configuration...

Current configuration : 805 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname FW

!

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.100.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.0.2 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip route 192.168.10.0 255.255.255.0 192.168.1.2

ip route 192.168.20.0 255.255.255.0 192.168.1.2

!

ip flow-export version 9

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

FW#

GW

GW#show running-config

Building configuration...

Current configuration : 1208 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname GW

!

!

!

!

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface FastEthernet0/0

ip address 200.1.1.1 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.0.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.100.2 80 200.1.1.1 80

ip nat inside source static tcp 192.168.100.2 443 200.1.1.1 443

ip classless

ip route 192.168.100.0 255.255.255.0 192.168.0.2

ip route 192.168.10.0 255.255.255.0 192.168.0.2

ip route 192.168.20.0 255.255.255.0 192.168.0.2

ip route 192.168.1.0 255.255.255.0 192.168.0.2

!

ip flow-export version 9

!

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 192.168.20.0 0.0.0.255

access-list 1 permit 192.168.100.0 0.0.0.255

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

GW#

Kiểm thử

Đứng tại máy PCVLAN10:

Đứng tại máy Client ngoài Internet:

Đứng tại Router GW:

GW#show ip nat translations

Pro Inside global Inside local Outside local Outside global

udp 200.1.1.1:1025 192.168.10.101:1025200.1.1.2:53 200.1.1.2:53

udp 200.1.1.1:1026 192.168.10.101:1026200.1.1.2:53 200.1.1.2:53

udp 200.1.1.1:1027 192.168.10.101:1027200.1.1.2:53 200.1.1.2:53

udp 200.1.1.1:1028 192.168.10.101:1028200.1.1.2:53 200.1.1.2:53

tcp 200.1.1.1:1025 192.168.10.101:1025200.1.1.2:80 200.1.1.2:80

tcp 200.1.1.1:1026 192.168.10.101:1026200.1.1.2:80 200.1.1.2:80

tcp 200.1.1.1:1027 192.168.10.101:1027200.1.1.2:80 200.1.1.2:80

tcp 200.1.1.1:1028 192.168.10.101:1028200.1.1.2:80 200.1.1.2:80

tcp 200.1.1.1:443 192.168.100.2:443 --- ---

tcp 200.1.1.1:80 192.168.100.2:80 --- ---

tcp 200.1.1.1:80 192.168.100.2:80 200.1.1.3:1025 200.1.1.3:1025

GW#


GW#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.0.0/24 is directly connected, FastEthernet0/1

S 192.168.1.0/24 [1/0] via 192.168.0.2

S 192.168.10.0/24 [1/0] via 192.168.0.2

S 192.168.20.0/24 [1/0] via 192.168.0.2

S 192.168.100.0/24 [1/0] via 192.168.0.2

C 200.1.1.0/24 is directly connected, FastEthernet0/0

GW#

By: dangocuong@gmail.com

Tin khác:

Khoa Công Nghệ Thông Tin

Phòng 1058 – Tầng 10, Tòa Nhà Duy Tân, 03 Quang Trung , Đà Nẵng.

(+84) 236.3827111 ex. 402

Liên kết

Theo dõi chúng tôi

Copyright 2026 © Khoa Công Nghệ Thông Tin - Trường Khoa Học Máy Tính & Trí Tuệ Nhân Tạo. All rights reserved.