《网络地址翻译NetworkAddressTranslation.ppt》由会员分享,可在线阅读,更多相关《网络地址翻译NetworkAddressTranslation.ppt(29页珍藏版)》请在三一办公上搜索。
1、网络地址翻译Network Address Translation,深圳职业技术学院计算机系网络专业,教学目标(Objectives),1.私有地址(Private Addressing)2.NAT操作(NAT Operation)3.NAT分类(NAT Class)4.配置NAT(Configuring NAT)5.NAT排错(Troubleshooting NAT Configuration),IP Address Class and Range,Class A:Class B:Class C:,1-126128-191192-223,127 is lost,why?,公网地址和私有地址(
2、Public Address and Private Address),1.公网地址必须被注册 Public Internet addresses must be registered by a company with an Internet authority.2.私有地址被保留,并可以被任何人使用 Private IP addresses are reserved and can be used by anyone.,私有地址范围(Private Address Range),Catalyst 4006,Catalyst 6509,教学楼,工业中心,信息大楼,行政大楼,图书馆,Catal
3、yst 6509,Catalyst 2948G,Catalyst 2948G,Catalyst 2948G,Catalyst 3548G,Catalyst 3548,Cisco 7206,Internet,163,165,Cernet,Backbone Channel,Channel,LoadBalance,上期已铺光纤,本期待铺光纤,Channel,深职院二期网络核心拓扑图,HSRP,NAT操作(NAT Operation),1.NAT典型工作存根网络的边缘A NAT enabled device typically operates at the border of a stub netw
4、ork.2.边界路由器执行NAT功能,将内部私有地址转换成公网可路由的地址。The border gateway router performs the NAT process,translating the internal private address of a host to a public,external routable address.,NAT操作(NAT Operation),1.Inside local address 指定给内部主机使用的地址The IP address assigned to a host on the inside network.2.Inside
5、global address 从SP或NIC注册的地址,即内部主机地址被NAT转换的外部地址A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.3.Address Pool-NIC或SP分配使用的多个地址IP addresses assigned by the NIC or service provider,NAT术语(NAT Terms),1.静态NAT 静态NAT的特
6、征是内部主机地址被一对一映射到外部主机地址 Static NAT is designed to allow one-to-one mapping of local and global addresses.,NAT分类(NAT Class),Pc1:10.1.1.1-200.200.200.1Pc2:10.1.1.2-200.200.200.2Pc3:10.1.1.3-Pc4:10.1.1.4-,200.200.200.2?,X,NAT分类(NAT Class),2.动态NAT动态NAT的特征是内部主机使用地址池中的公网地址来映射Dynamic NAT is designed to map a
7、 private IP address to a public address.Any IP address from a pool of public IP addresses is assigned to a network host.,Pc1:10.1.1.1-200.200.200.1Pc2:10.1.1.2-200.200.200.2Pc3:10.1.1.3-Pc4:10.1.1.4-,200.200.200.2?,3.端口复用(PAT)端口复用的特征是内部多个私有地址通过不同的端口被映射到一个公网地址,Overloading,or Port Address Translation(
8、PAT),maps multiple private IP addresses to a single public IP address.Multiple addresses can be mapped to a single address because each private address is tracked by a port number.理想状况下,一个单一的IP地址可以使用的端口数为4000个。Realistically,the number of ports that can be assigned a single IP address is around 4000.
9、,NAT分类(NAT Class),PAT特征(PAT Features),配置NAT(Configuring NAT),静态NAT配置实例(Static NAT Example),静态NAT配置实例(Static NAT Example),r1(config)#ip nat inside source static 10.1.1.2 200.200.200.3r1(config)#ip nat inside source static 10.1.1.3 200.200.200.4r1(config)#interface f0/0r1(config-if)#ip nat inside r1(c
10、onfig)#int s0/0r1(config-if)#ip nat outside,静态NAT配置实例(Static NAT Example),r1#debug ip nat IP NAT debugging is on00:11:09:NAT:s=10.1.1.2-200.200.200.3,d=2.2.2.2 4093600:11:09:NAT*:s=2.2.2.2,d=200.200.200.3-10.1.1.2 4093600:11:10:NAT*:s=10.1.1.2-200.200.200.3,d=2.2.2.2 40938r1#sh ip nat translations P
11、ro Inside global Inside local Outside local Outside global-200.200.200.3 10.1.1.2-200.200.200.4 10.1.1.3-,动态NAT配置实例(Dynamic NAT Example),动态NAT配置实例(Dynamic NAT Example),r1(config)#ip nat pool NAT 200.200.200.3 200.200.200.50 netmask 255.255.255.0r1(config)#access-list 1 permit 10.1.1.0 0.0.0.255r1(co
12、nfig)#ip nat inside source list 1 pool NATr1(config)#interface f0/0r1(config-if)#ip nat inside r1(config)#int s0/0r1(config-if)#ip nat outside,动态NAT配置实例(Dynamic NAT Example),r1#debug ip nat 00:45:40:NAT:s=10.1.1.2-200.200.200.3,d=2.2.2.2 3893000:45:40:NAT*:s=2.2.2.2,d=200.200.200.3-10.1.1.2 3893000:
13、46:03:NAT:s=10.1.1.3-200.200.200.4,d=2.2.2.2 3896100:46:03:NAT*:s=2.2.2.2,d=200.200.200.4-10.1.1.3 3896100:46:27:NAT:s=10.1.1.4-200.200.200.5,d=2.2.2.2 3899300:46:27:NAT*:s=2.2.2.2,d=200.200.200.5-10.1.1.4 38993,动态NAT配置实例(Dynamic NAT Example),r1#sh ip nat translations Pro Inside global Inside local
14、Outside local Outside global-200.200.200.3 10.1.1.2-200.200.200.4 10.1.1.3-200.200.200.5 10.1.1.4-r1#clear ip nat translation*r1#sh ip nat translations,动态NAT深入研究(Dynamic NAT Further Study),如果我们已经用完地址池中的地址,将发生什么事情?If we have used all available public address in pool,what will happen in next translati
15、on?,动态NAT深入研究(Dynamic NAT Further Study),01:07:36:NAT:translation failed(A),dropping packet s=10.1.1.3 d=2.2.2.2r1#01:07:37:NAT:translation failed(A),dropping packet s=10.1.1.3 d=2.2.2.2以上结果表明NAT转换失败,并将丢包,PAT配置实例(PAT Example),PAT配置实例(PAT Example),r1(config)#ip nat pool NAT 200.200.200.3 200.200.200.
16、50 netmask 255.255.255.0r1(config)#access-list 1 permit 10.1.1.0 0.0.0.255r1(config)#ip nat inside source list 1 pool NAT overloadr1(config)#interface f0/0r1(config-if)#ip nat inside r1(config)#int s0/0r1(config-if)#ip nat outside r1(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.2,PAT配置实例(PAT Example
17、),r1#sh ip nat translations Pro Inside global Inside local Outside local Outside globalicmp 200.200.200.3:1792 10.1.1.4:1792 2.2.2.2:1792 2.2.2.2:1792icmp 200.200.200.3:1024 10.1.1.2:1792 2.2.2.2:1792 2.2.2.2:1024,NAT排错(Troubleshooting NAT Configuration),小结(Brief),1.Why2.Principle3.How,思考题(Questions),1.用_命令清除NAT转换表中所有的动态地址转换条目。2.用_命令查看NAT的活跃的转换。3.用_命令查看NAT转换的统计信息。4.NAT有_、_、_三种类型。5.什么是NAT?6.复用动态NAT与动态NAT的差别是什么?,
