思科静态nat与标准acl怎么混合使用

思科制造的路由器设备、交换机设备和其他设备承载了全世界80%的互联网通信，成为硅谷中新经济的传奇，那么你知道思科静态nat与标准acl怎么混合使用吗?下面是读文网小编整理的一些关于思科静态nat与标准acl怎么混合使用的相关资料，供你参考。

思科静态nat与标准acl混合使用的方法：

静态nat与标准acl 的混合使用

<1>、将pc0和pc1得ip转换为环回地址。

<2>、阻止1.1.1.2 的通信

Router 1配置：

Router>en

Routeconft

Enter configuration commands, one per line. End with CNTL/Z.

Router(configintf 0/0

Router(config-ifipadd 1.1.1.1 255.0.0.0

Router(config-ifnoshut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-ifintf0/1

Router(config-ifipadd 2.2.2.1 255.0.0.0

Router(config-ifnoshutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#exit

Router(config)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Router(configintloopback 0

%LINK-5-CHANGED: Interface Loopback0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up

Router(config-ifipadd 4.4.4.1 255.0.0.0

Router(config-ifnoshut

Router(config-if)#exit

Router(config)routerrip

Router(config-router)network1.0.0.0

Router(config-router)network2.0.0.0

Router(config-router)network4.0.0.0

Router(config-router)#end

%SYS-5-CONFIG_I: Configured from console by console

Routershowip rou

Routershowip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, FastEthernet0/0

C 2.0.0.0/8 is directly connected, FastEthernet0/1

R 3.0.0.0/8 [120/1] via 2.2.2.2, 00:00:11, FastEthernet0/1

C 4.0.0.0/8 is directly connected, Loopback0

Routeconfigureterminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(configipnat inside source s

Router(configipnat inside source static 1.1.1.2 4.4.4.2

Router(configipnat inside source static 1.1.1.3 4.4.4.3

Router(configinterfacefastEthernet 0/0

Router(config-ifipnat in

Router(config-ifipnat inside

Router(config-ifnoshut

Router(config-ifnoshutdown

Router(config-ifintf0/1

Router(config-ifipnat outside

Router(config-if)#end

%SYS-5-CONFIG_I: Configured from console by console

Routershowip nat ?

statistiCSTranslation statistics

translations Translation entries

Routershowip nat tr

Routershowip nat translations

Pro Inside global Inside local Outside local Outside global#p#副标题#e#

--- 4.4.4.2 1.1.1.2 --- ---

--- 4.4.4.3 1.1.1.3 --- ---

Routerping3.3.3.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 ms

Router#conf

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#acc

Router(configaccess-list?

<1-99> IP standard access list

<100-199> IP extended access list

Router(configaccess-list1 ?

deny Specify packets to reject

permit Specify packets to forward

remark Access list entry comment

Router(configaccess-list1 deny ho

Router(configaccess-list1 deny host 1.1.1.2

Router(configaccess-list1 per

Router(configaccess-list1 permit any

Router(config)#exit

%SYS-5-CONFIG_I: Configured from console by console

Routershowacc

Routershowaccess-lists

Standard IP access list 1

deny host 1.1.1.2

permit any

Routeconfigureterminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(configinterfacefastEthernet 0/0

Router(config-ifipaccess-group 1 in

Router(config-ifnoshut

Router(config-if)#

Router(config-if)#

Rourer 1 的配置：

Router>en

Routeconft

Enter configuration commands, one per line. End with CNTL/Z.

Router(configintf0/0

Router(config-ifipadd 3.3.3.1 255.0.0.0

Router(config-ifnoshutdown

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#

Router(config-ifintf0/1

Router(config-ifipadd 2.2.2.2 255.0.0.0

Router(config-ifnoshut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Router(config-if)#

Router(config-if)#exit

Router(config)routerrip

Router(config-router)#net

Router(config-router)network2.0.0.0

Router(config-router)network3.0.0.0

Router(config-router)#end

%SYS-5-CONFIG_I: Configured from console by console

Routershowip rou

Routershowip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

R 1.0.0.0/8 [120/1] via 2.2.2.1, 00:00:24, FastEthernet0/1

C 2.0.0.0/8 is directly connected, FastEthernet0/1

C 3.0.0.0/8 is directly connected, FastEthernet0/0

R 4.0.0.0/8 [120/1] via 2.2.2.1, 00:00:24, FastEthernet0/1

Routerping4.4.4.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 81/91/94 ms

Routerping4.4.4.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 63/84/94 ms

Router#

在pc1 上的测试：

Packet Tracer PC Command Line 1.0

PC>ping 3.3.3.2

Pinging 3.3.3.2 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 3.3.3.2:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 1.1.1.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC>

看过文章“思科静态nat与标准acl怎么混合使用”