R3配置

[V200R003C00]
#
 sysname Router
#
 board add 0/4 8FE1GE 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone Indian Standard Time minus 05:13:20
 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23 00:00 2005 2005 
#
 drop illegal-mac alarm
#
vlan batch 100 200
#
 set cpu-usage threshold 80 restore 75
#
acl number 2000  
 rule 5 permit source 192.168.20.0 0.0.0.255 
acl number 2001  
 rule 5 permit source 10.0.0.0 0.0.0.255 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
 nat address-group 1 202.169.10.100 202.169.10.200
 nat address-group 2 202.169.10.80 202.169.10.83
#
interface Vlanif100
 ip address 192.168.20.1 255.255.255.0 
#
interface Vlanif200
 ip address 10.0.0.1 255.255.255.0 
#
interface Ethernet4/0/0
 port link-type access
 port default vlan 100
#
interface Ethernet4/0/1
 port link-type access
 port default vlan 200
#
interface Ethernet4/0/2
#
interface Ethernet4/0/3
#
interface Ethernet4/0/4
#
interface Ethernet4/0/5
#
interface Ethernet4/0/6
#
interface Ethernet4/0/7
#
interface GigabitEthernet0/0/0
 ip address 202.169.10.1 255.255.255.0 
 nat outbound 2000 address-group 1 no-pat
 nat outbound 2001 address-group 2 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 202.169.10.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

R4配置

[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone Indian Standard Time minus 05:13:20
 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23 00:00 2005 2005 
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 202.169.10.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

在R3上查看NAT信息

dis nat address-group verbose

在R3的g 0/0/0口抓包,会发现NAT地址经过了正常的转换了

1）在PC1上ping 202.169.10.2，同时发现转换的公网IP地址是变化的

2）在PC2上ping 202.169.10.2，同时发现转换的公网IP地址是不化的

• 先只ping一个包
  
• 长ping，一直都是202.169.10.82这个地址