You are on page 1of 4

Cu hnh k thut NAT v DHCP trn router

Cisco

Thc hin cc cu hnh sau:


a) Set up h thng nh s trn (Nhng ta s gi s l my server ang ni vi interface
fast ethernet ca ISP Router lun)
b) Do khng c nhiu pc test nn ta s cu hnh 3 a ch ip trn interface fastethernet ca
Customer Router : ip address ip-address subnet-mask secondary
c) Router Customer cu hnh 1 ng default route ch ra cng serial 1/0.
d) Cu hnh DHCP trn Customer Router cp ip ng cho cc my nm bn trong mng
LAN.
e) Cu hnh NAT trn router customer cho php ng mng 172.16.10.0/24 s i ra net bng
a ch ip public : 210.100.109.0/30 (s dng NAT overloading )
f) Router ISP cu hnh nh tuyn cho ng mng ca a ch ip 210.100.109.1/32 m ISP
cho thu: ip route 210.100.109.1 255.255.255.255 210.105.200.2
g) Test:
_Ti router customer: Ping m rng s dng ip ngun l cc ip cu hnh trn interface fast
ethernet n ip 203.162.4.190 ca server trn internet (Ta s thy thnh cng).
_Dng cc cu lnh debug kim tra hot ng ca NAT
+ debug ip nat
Hng dn:
Bc 1: t IP cho cc interface nh m hnh trn

Lu : Ta ly loop0 trn router ISP gi lm IP ca server .


Bc 2: Cu hnh DHCP trn CR
Ch nh dy ip loi tr khng cho cp ng
CR#configure terminal
CR(config)#ip dhcp excluded-address 172.168.10.1 172.168.10.10
Cu hnh pool a ch ip cho cp ng
CR(config)#ip dhcp pool abc
CR(dhcp-config)#network 172.168.10.0 255.255.255.0
CR(dhcp-config)#dns-server 172.168.10.10
CR(dhcp-config)#default-router 172.168.10.1
Test DHCP bng cch cho my client nhn ip ng t Customer Router
Bc 3: Cu hnh NAT
To access-list cho php nhng ip no c nat :
CR(config)#access-list 1 permit 172.168.10.0 0.0.0.255
To pool a ch nat :
CR(config)#ip nat pool nat-pool 210.100.109.1 210.100.109.2 netmask 255.255.255.252
Cu hnh nat :
CR(config)#ip nat inside source list 1 pool nat-pool overload
Cu hnh ch nh vng inside v outside cho NAT trn tng interface
CR(config)#interface s1/0
CR(config-if)#ip nat outside
CR(config)#interface fa0/0
CR(config-if)#ip nat inside
Bc 4: Cu hnh default route ra internet :
CR(config)#ip route 0.0.0.0 0.0.0.0 s1/0
Bc 5: Ti router ISP : nh tuyn cho nhng a ch cung cp cho khch hng
ISP#configure terminal
ISP(config)#ip route 210.100.109.0 255.255.255.252 210.105.200.2
ISP(config)#interface loop 0
ISP(config-if)#ip address 203.162.4.190 255.255.255.0
Bc 6: Dng lnh ping m rng test th v dng lnh debug ip nat theo di qu trnh
NAT .
Ti pc trong mng LAN ni b ta ping n a ch server ( gi s l loop 0 ca router ISP )

Ta thy kt qu ping thnh cng mc d trn ISP khng nh tuyn cho mng LAN ca cng ty
( ch nh tuyn cho a ch public m ISP cho cng ty thu ) . Nh vy ta thy uc cng
dng ca k thut NAT .
Bc 7: Dng lnh debug ip nat phn tch qu trnh NAT:
CR#debug ip nat

Ta thy khi pc trong mng LAN ping ti server th pc dng a ch source l 172.168.10.2 i
. n router CR , router CR s chuyn 172.168.10.2 thnh 210.100.109.1 (y l a ch

public m cng ty thu ca ISP , a ch ny c route trn internet).


Khi server tr li li lnh ping th server dng a ch destination l 210.100.109.1 , router ISP
s route cho a ch ny n router CR, router CR s chuyn i ch destination ny thnh
172.168.10.2 v chuyn n pc .
Nh vy khi cc pc trong mng LAN truy cp internet th u dng chung 1 a ch public . u
lm ta tit kim uc s lng a ch public ng k vi tnh hnh khan him IP nh hin
nay , chnh l u im ca k thut NAT.

You might also like