Tải bản đầy đủ (.pdf) (30 trang)
  1. Trang chủ
    2. >>
  2. Công Nghệ Thông Tin
    3. >>
  3. Quản trị mạng

Managing IP Services

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (4.99 MB, 30 trang )

PART VIII
Managing IP Services
Chapter 23 Network Address Translation
Chapter 24 DHCP
Chapter 25 IPv6
This page intentionally left blank
CHAPTER 23
Network Address
Translation
This chapter provides information and commands concerning the following topics:
• Private IP addresses: RFC 1918
• Configuring dynamic NAT: One private to one public address translation
• Configuring Port Address Translation (PAT): Many private to one public address
translation
• Configuring static NAT: One private to one permanent public address translation
• Verifying NAT and PAT configurations
• Troubleshooting NAT and PAT configurations
• Configuration example: PAT
Private IP Addresses: RFC 1918
The following table lists the address ranges as specified in RFC 1918 that can be used
by anyone as internal private addresses. These will be your “inside-the-LAN”
addresses that will have to be translated into public addresses that can be routed across
the Internet. Any network is allowed to use these addresses; however, these addresses
are not allowed to be routed onto the public Internet.
Configuring Dynamic NAT: One Private to
One Public Address Translation
NOTE: For a complete configuration of NAT/PAT with a diagram for visual
assistance, see the sample configuration at the end of this chapter.
Private Addresses
Class RFC 1918 Internal Address Range CIDR Prefix
A 10.0.0.0–10.255.255.255 10.0.0.0/8


B 172.16.0.0–172.31.255.255 172.16.0.0/12
C 192.168.0.0–192.168.255.255 192.168.0.0/16
222 Configuring Dynamic NAT: One Private to One Public Address Translation
Step 1: Define a
static route on
the remote router
stating where the
public addresses
should be
routed.
ISP(config)#ii
ii
pp
pp


rr
rr
oo
oo
uu
uu
tt
tt
ee
ee


66
66

44
44
..
..
66
66
44
44
..
..
66
66
44
44
..
..
66
66
44
44


22
22
55
55
55
55
..
..

2
2
22
55
55
55
55
..
..
22
22
55
55
55
55
..
..
11
11
22
22
88
88


ss
ss
00
00
//

//
00
00
//
//
00
00
Informs the ISP router
where to send packets with
addresses destined for
64.64.64.64
255.255.255.128.
Step 2: Define a
pool of usable
public IP
addresses on
your router that
will perform
NAT.
The private address will
receive the first available
public address in the pool.
Corp(config)#ii
ii
pp
pp


nn
nn

aa
aa
tt
tt


pp
pp
oo
oo
oo
oo
ll
ll


ss
ss
cc
cc
oo
oo
tt
tt
tt
tt


66
66

44
44
..
..
66
66
44
44
..
..
66
66
4
4
44
..
..
77
77
00
00


66
66
44
44
..
..
66

66
44
44
..
..
66
66
44
44
..
..
11
11
22
22
66
66


nn
nn
ee
ee
tt
tt
mm
mm
aa
aa
ss

ss
kk
kk


22
22
55
55
55
55
..
..
22
22
55
55
55
55
..
..
22
22
55
55
55
55
..
..
11

11
22
22
88
88
Defines the following:
The name of the pool is
scott. (The name of the pool
can be anything.)
The start of the pool is
64.64.64.70.
The end of the pool is
64.64.64.126.
The subnet mask is
255.255.255.128.
Step 3: Create
an access control
list (ACL) that
will identify
which private IP
addresses will be
translated.
Corp(config)#aa
aa
cc
cc
cc
cc
ee
ee

ss
ss
ss
ss
--
--
ll
ll
ii
ii
ss
ss
tt
tt


11
11


pp
pp
ee
ee
rr
rr
mm
mm
ii
ii

tt
tt


11
11
77
77
22
22
..
..
1
1
11
66
66
..
..
11
11
00
00
..
..
00
00


00

00
..
..
00
00
..
..
00
00
..
..
22
22
55
55
55
55
Step 4: Link the
ACL to the pool
of addresses
(create the
translation).
Corp(config)#ii
ii
pp
pp


nn
nn

aa
aa
tt
tt


ii
ii
nn
nn
ss
ss
ii
ii
dd
dd
ee
ee


ss
ss
oo
oo
uu
uu
rr
rr
cc
cc

ee
ee


ll
ll
ii
ii
ss
ss
tt
tt



11
11


pp
pp
oo
oo
oo
oo
ll
ll


ss

ss
cc
cc
oo
oo
tt
tt
tt
tt
Defines the following:
The source of the private
addresses is from ACL 1.
The pool of available public
addresses is named scott.
Configuring PAT: Many Private to One Public Address Translation 223
Configuring PAT: Many Private to One Public Address Translation
All private addresses use a single public IP address and numerous port numbers for
translation.
Step 5: Define
which interfaces
are inside
(contain the
private
addresses).
Router(config)#ii
ii
nn
nn
tt
tt

ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee


ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee

rr
rr
nn
nn
ee
ee
tt
tt


00
00
//
//
0
0
00
Moves to interface
configuration mode.
Router(config-if)#ii
ii
pp
pp


nn
nn
aa
aa
tt

tt


ii
ii
nn
nn
ss
ss
ii
ii
dd
dd
ee
ee
You can have more than one
inside interface on a router.
Addresses from each inside
interface are then allowed to
be translated into a public
address.
Router(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global

configuration mode.
Step 6: Define
the outside
interface (the
interface leading
to the public
network).
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee


ss
ss
ee

ee
rr
rr
ii
ii
aa
aa
ll
ll


00
00
//
//
00
00
//
//
00
00
Router(config-if)#ii
ii
pp
pp


nn
nn
aa

aa
tt
tt


oo
oo
uu
uu
tt
tt
ss
ss
ii
ii
dd
dd
ee
ee
Step 1: Define a
static route on the
remote router
stating where
public addresses
should be routed.
ISP(config)#ii
ii
pp
pp



rr
rr
oo
oo
uu
uu
tt
tt
ee
ee


66
66
44
44
..
..
66
66
44
44
..
..
66
66
44
44
..

..
66
66
44
44


22
22
55
55
55
55
..
..
2
2
22
55
55
55
55
..
..
22
22
55
55
55
55

..
..
11
11
22
22
88
88


ss
ss
00
00
//
//
00
00
Informs the Internet service
provider (ISP) where to
send packets with addresses
destined for 64.64.64.64
255.255.255.128.
224 Configuring PAT: Many Private to One Public Address Translation
Step 2: Define a
pool of usable
public IP
addresses on your
router that will
perform NAT

(optional).
Use this step if you have
many private addresses to
translate. A single public IP
address can handle
thousands of private
addresses. Without using a
pool of addresses, you can
translate all private
addresses into the IP address
of the exit interface (the
serial link to the ISP, for
example).
Corp(config)#ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


pp
pp
oo

oo
oo
oo
ll
ll


ss
ss
cc
cc
oo
oo
tt
tt
tt
tt


66
66
44
44
..
..
66
66
44
44
..

..
66
66
4
4
44
..
..
77
77
00
00


66
66
44
44
..
..
66
66
44
44
..
..
66
66
44
44

..
..
77
77
00
00


nn
nn
ee
ee
tt
tt
mm
mm
aa
aa
ss
ss
kk
kk


22
22
55
55
55
55

..
..
22
22
55
55
55
55
..
..
22
22
55
55
55
55
..
..
11
11
22
22
88
88
Defines the following:
The name of the pool is
scott. (The name of the pool
can be anything.)
The start of the pool is
64.64.64.70.

The end of the pool is
64.64.64.70.
The subnet mask is
255.255.255.128.
Step 3: Create an
ACL that will
identify which
private IP
addresses will be
translated.
Corp(config)#aa
aa
cc
cc
cc
cc
ee
ee
ss
ss
ss
ss
--
--
ll
ll
ii
ii
ss
ss

tt
tt


11
11


pp
pp
ee
ee
rr
rr
mm
mm
ii
ii
tt
tt


11
11
77
77
22
22
..
..

1
1
11
66
66
..
..
11
11
00
00
..
..
00
00


00
00
..
..
00
00
..
..
00
00
..
..
22

22
55
55
55
55
Step 4 (Option 1):
Link the ACL to
the outside public
interface (create
the translation).
Corp(config)#ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


ii
ii
nn
nn
ss
ss

ii
ii
dd
dd
ee
ee


ss
ss
oo
oo
uu
uu
rr
rr
cc
cc
ee
ee


ll
ll
ii
ii
ss
ss
tt
tt




11
11


ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee


ss
ss
ee

ee
rr
rr
ii
ii
aa
aa
ll
ll


00
00
//
//
00
00
//
//
00
00


oo
oo
vv
vv
ee
ee
rr

rr
ll
ll
oo
oo
aa
aa
dd
dd
The source of the private
addresses is from ACL 1.
The public address to be
translated into is the one
assigned to serial 0/0/0.
The overload keyword
states that port numbers will
be used to handle many
translations.
Configuring PAT: Many Private to One Public Address Translation 225
NOTE: You can have an IP NAT pool of more than one address, if needed. The
syntax for this is as follows:
Corp(config)#ii
ii
pp
pp


nn
nn
aa

aa
tt
tt


pp
pp
oo
oo
oo
oo
ll
ll


ss
ss
cc
cc
oo
oo
tt
tt
tt
tt


66
66
44

44
..
..
66
66
44
44
..
..
66
66
44
44
..
..
77
77
00
00


77
77
44
44
..
..
66
66
44

44
..
..
66
66
44
44
..
..
11
11
22
22
88
88


nn
nn
ee
ee
tt
tt
mm
mm
aa
aa
ss
ss
kk

kk


22
22
55
55
55
55
..
..
22
22
55
55
55
55
..
..
22
22
55
55
55
55
..
..
11
11
22

22
88
88
You would then have a pool of 63 addresses (and all of their ports) available for
translation.
Step 4 (Option 2):
Link the ACL to
the pool of
addresses (create
the translation).
If using the pool created in
Step 1 . . .
Corp(config)#ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


ii
ii
nn
nn

ss
ss
ii
ii
dd
dd
ee
ee


ss
ss
oo
oo
uu
uu
rr
rr
cc
cc
ee
ee


ll
ll
ii
ii
ss
ss

tt
tt



11
11


pp
pp
oo
oo
oo
oo
ll
ll


ss
ss
cc
cc
oo
oo
tt
tt
tt
tt



oo
oo
vv
vv
ee
ee
rr
rr
ll
ll
oo
oo
aa
aa
dd
dd
The source of the private
addresses is from ACL 1.
The pool of the available
addresses is named scott.
The overload keyword
states that port numbers will
be used to handle many
translations.
Step 5: Define
which interfaces
are inside (contain
the private
addresses).

Corp(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee


ff
ff
aa
aa
ss
ss
tt
tt
ee
ee

tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt


00
00
//
//
0
0
00
Moves to interface
configuration mode.
Corp(config-if)#ii
ii
pp
pp



nn
nn
aa
aa
tt
tt


ii
ii
nn
nn
ss
ss
ii
ii
dd
dd
ee
ee
You can have more than one
inside interface on a router.
Corp(config-if)#ee
ee
xx
xx
ii
ii
tt

tt
Returns to global
configuration mode.
Step 6: Define the
outside interface
(the interface
leading to the
public network).
Corp(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee


ss
ss

ee
ee
rr
rr
ii
ii
aa
aa
ll
ll


00
00
//
//
00
00
//
//
00
00
Moves to interface
configuration mode.
Corp(config-if)#ii
ii
pp
pp



nn
nn
aa
aa
tt
tt


oo
oo
uu
uu
tt
tt
ss
ss
ii
ii
dd
dd
ee
ee
Defines which interface is
the outside interface for
NAT.
226 Configuring Static NAT: One Private to One Permanent Public Address
Configuring Static NAT: One Private to One Permanent
Public Address Translation
CAUTION: Make sure that you have in your router configurations a way for
packets to travel back to your NAT router. Include a static route on the ISP router

advertising your NAT pool and how to travel back to your internal network.
Without this in place, a packet can leave your network with a public address, but
Step 1: Define a static
route on the remote
router stating where the
public addresses should
be routed.
ISP(config)#ii
ii
pp
pp


rr
rr
oo
oo
uu
uu
tt
tt
ee
ee


66
66
44
44
..

..
66
66
44
44
..
..
66
66
44
44
..
..
66
66
44
44


22
22
55
55
55
55
..
..
2
2
22

55
55
55
55
..
..
22
22
55
55
55
55
..
..
11
11
22
22
88
88


ss
ss
00
00
//
//
00
00

Informs the ISP where
to send packets with
addresses destined for
64.64.64.64
255.255.255.128.
Step 2: Create a static
mapping on your router
that will perform NAT.
Corp(config)#ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


ii
ii
nn
nn
ss
ss
ii
ii

dd
dd
ee
ee


ss
ss
oo
oo
uu
uu
rr
rr
cc
cc
ee
ee


ss
ss
tt
tt
aa
aa
tt
tt
i
i

ii
cc
cc


11
11
77
77
22
22
..
..
11
11
66
66
..
..
11
11
00
00
..
..
55
55


66

66
44
44
..
..
66
66
44
44
..
..
66
66
44
44
..
..
66
66
55
55
Permanently translates
the inside address of
172.16.10.5 to a public
address of 64.64.64.65.
Use the command for
each of the private IP
addresses you want to
statically map to a
public address.

Step 3: Define which
interfaces are inside
(contain the private
addresses).
Corp(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee


ff
ff
aa
aa
ss
ss

tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt


00
00
//
//
0
0
00
Moves to interface
configuration mode.
Corp(config-if)#ii

ii
pp
pp


nn
nn
aa
aa
tt
tt


ii
ii
nn
nn
ss
ss
ii
ii
dd
dd
ee
ee
You can have more than
one inside interface on a
router.
Step 4: Define the
outside interface (the

interface leading to the
public network).
Corp(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee


ss
ss
ee
ee
rr
rr
ii
ii

aa
aa
ll
ll


00
00
//
//
00
00
//
//
00
00
Moves to interface
configuration mode.
Corp(config-if)#ii
ii
pp
pp


nn
nn
aa
aa
tt
tt



oo
oo
uu
uu
tt
tt
ss
ss
ii
ii
dd
dd
ee
ee
Defines which interface
is the outside interface
for NAT.
Troubleshooting NAT and PAT Configurations 227
it will not be able to return if your ISP router does not know where the pool of
public addresses exists in the network. You should be advertising the pool of
public addresses, not your private addresses.
Verifying NAT and PAT Configurations
Troubleshooting NAT and PAT Configurations
Router#ss
ss
hh
hh
oo

oo
ww
ww


ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


tt
tt
rr
rr
aa
aa
nn
nn
ss
ss
ll

ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss
Displays the translation table
Router#ss
ss
hh
hh
oo
oo
ww
ww


ii
ii
pp
pp



nn
nn
aa
aa
tt
tt


ss
ss
tt
tt
aa
aa
tt
tt
ii
ii
ss
ss
tt
tt
ii
ii
cc
cc
ss
ss
Displays NAT statistics
Router#cc

cc
ll
ll
ee
ee
aa
aa
rr
rr


ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


tt
tt
rr
rr
aa

aa
nn
nn
ss
ss
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss


ii
ii
nn
nn
ss
ss
ii
ii
dd

dd
ee
ee

a
.
b
.
c
.
d
oo
oo
uu
uu
tt
tt
ss
ss
ii
ii
dd
dd
ee
ee

e
.
f
.

g
.
h
Clears a specific translation
from the table before it
times out
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr


ii
ii
pp
pp


nn
nn
aa
aa
tt
tt



tt
tt
rr
rr
aa
aa
nn
nn
ss
ss
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss
**
**
Clears the entire translation
table before entries time out

Router#dd
dd
ee
ee
bb
bb
uu
uu
gg
gg


ii
ii
pp
pp


nn
nn
aa
aa
tt
tt
Displays information about
every packet that is translated.
Be careful with this
command. The router’s CPU
might not be able to handle
this amount of output and

might therefore hang the
system.
Router#dd
dd
ee
ee
bb
bb
uu
uu
gg
gg


ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


dd
dd

ee
ee
tt
tt
aa
aa
ii
ii
ll
ll
ee
ee
dd
dd
Displays greater detail about
packets being translated.
228 Configuration Example: PAT
Configuration Example: PAT
Figure 23-1 shows the network topology for the PAT configuration that follows using the
commands covered in this chapter.
Figure 23-3 Port Address Translation Configuration
ISP Router
router>ee
ee
nn
nn
aa
aa
bb
bb

ll
ll
ee
ee
Moves to privileged mode.
router#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee


tt
tt
ee
ee
rr

rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration mode.
router(config)#hh
hh
oo
oo
ss
ss
tt
tt


II
II
SS
SS
PP
PP
Sets the host name.
ISP(config)#nn

nn
oo
oo


ii
ii
pp
pp


dd
dd
oo
oo
mm
mm
aa
aa
ii
ii
nn
nn
--
--
ll
ll
oo
oo
oo

oo
kk
kk
uu
uu
pp
pp
Turns off Domain Name System
(DNS) resolution to avoid wait time
due to DNS lookup of spelling errors.
ISP(config)#ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee


ss
ss
ee
ee
cc
cc

rr
rr
ee
ee
tt
tt


cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the encrypted password to cisco.
ISP(config)#ll
ll
ii
ii
nn
nn
ee
ee


cc

cc
oo
oo
nn
nn
ss
ss
oo
oo
ll
ll
ee
ee


00
00
Moves to line console mode.
ISP(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
User must log in to be able to access
the console port.

ISP(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd


cc
cc
ll
ll
aa
aa
ss
ss
ss
ss
Sets the console line password to
class.

ISP(config-line)#ll
ll
oo
oo
gg
gg
gg
gg
ii
ii
nn
nn
gg
gg


ss
ss
yy
yy
nn
nn
cc
cc
hh
hh
rr
rr
oo
oo

nn
nn
oo
oo
uu
uu
ss
ss
Commands will be appended to a new
line.
ISP(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Network 172.16.10.0/24
Network 198.133.219.0/30
IP NAT
Outside
IP NAT
Inside
172.16.10.10
DCE
s0/0/1
DCE
198.133.219.2/30

fa0/0
172.16.10.1
s0/0/0
198.133.219.1/30
Lo0
192.31.7.1/24
ISP
Company
Configuration Example: PAT 229
Company Router
ISP(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee



ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll


00
00
//
//
00
00
//
//
11
11
Moves to interface configuration
mode.
ISP(config-if)#ii
ii
pp
pp



aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss


11
11
99
99
88
88
..
..
11
11
33
33

33
33
..
..
22
22
11
11
99
99
..
..
22
22


2
2
22
55
55
55
55
..
..
22
22
55
55
55

55
..
..
22
22
55
55
55
55
..
..
22
22
55
55
22
22
Assigns an IP address and netmask.
ISP(config-if)#cc
cc
ll
ll
oo
oo
cc
cc
kk
kk



rr
rr
aa
aa
tt
tt
ee
ee


55
55
66
66
00
00
00
00
00
00
Assigns the clock rate to the DCE
cable on this side of the link.
ISP(config-if)#nn
nn
oo
oo


ss
ss

hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
ISP(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc

cc
ee
ee


ll
ll
oo
oo
oo
oo
pp
pp
bb
bb
aa
aa
cc
cc
kk
kk


00
00
Creates loopback interface 0 and
moves to interface configuration
mode.
ISP(config-if)#ii
ii

pp
pp


aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss


11
11
99
99
22
22
..
..
33
33

11
11
..
..
77
77
..
..
11
11
22
22
55
55
55
55
..
..
2
2
22
55
55
55
55
..
..
22
22
55

55
55
55
..
..
22
22
55
55
55
55
Assigns an IP address and netmask.
ISP(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
ISP(config)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to privileged mode.

ISP#cc
cc
oo
oo
pp
pp
yy
yy


rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
--
--
cc
cc
oo
oo

nn
nn
ff
ff
ii
ii
gg
gg


ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
--
--
cc
cc
oo
oo

nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to NVRAM.
router>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Moves to privileged mode.
router#cc
cc
oo
oo
nn
nn
ff
ff

ii
ii
gg
gg
uu
uu
rr
rr
ee
ee


tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration mode.
router(config)#hh

hh
oo
oo
ss
ss
tt
tt


CC
CC
oo
oo
mm
mm
pp
pp
aa
aa
nn
nn
yy
yy
Sets the host name.
Company(config)#nn
nn
oo
oo



ii
ii
pp
pp


dd
dd
oo
oo
mm
mm
aa
aa
ii
ii
nn
nn
--
--
ll
ll
oo
oo
oo
oo
kk
kk
uu
uu

pp
pp
Turns off DNS resolution to avoid
wait time due to DNS lookup of
spelling errors.
Company(config)#ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee


ss
ss
ee
ee
cc
cc
rr
rr
ee
ee
tt

tt


cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the secret password to cisco.
Company(config)#ll
ll
ii
ii
nn
nn
ee
ee


cc
cc
oo
oo
nn
nn

ss
ss
oo
oo
ll
ll
ee
ee


00
00
Moves to line console mode.
Company(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
User must log in to be able to access
the console port.
Company(config-line)#pp
pp
aa
aa
ss

ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd


cc
cc
ll
ll
aa
aa
ss
ss
ss
ss
Sets the console line password to
class.
Company(config-line)#ll
ll
oo
oo
gg

gg
gg
gg
ii
ii
nn
nn
gg
gg


ss
ss
yy
yy
nn
nn
cc
cc
hh
hh
rr
rr
oo
oo
nn
nn
oo
oo
uu

uu
ss
ss
Commands will be appended to a new
line.
230 Configuration Example: PAT
Company(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Company(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc

cc
ee
ee


ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt



00
00
//
//
0
0
00
Moves to interface configuration
mode.
Company(config-if)#ii
ii
pp
pp


aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss



11
11
77
77
22
22
..
..
11
11
66
66
..
..
11
11
00
00
..
..
11
11


22
22
55
55

5
5
55
..
..
22
22
55
55
55
55
..
..
22
22
55
55
55
55
..
..
00
00
Assigns an IP address and netmask.
Company(config-if)#nn
nn
oo
oo



ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Company(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa

aa
cc
cc
ee
ee


ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll


00
00
//
//
00
00
//
//
00

00
Moves to interface configuration
mode.
Company(config-if)#ii
ii
pp
pp


aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss


11
11
99
99
88

88
..
..
11
11
33
33
33
33
..
..
22
22
11
11
99
99
..
..
11
11


2
2
22
55
55
55
55

..
..
22
22
55
55
55
55
..
..
22
22
55
55
55
55
..
..
22
22
55
55
22
22
Assigns an IP address and netmask.
Company(config-if)#nn
nn
oo
oo



ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Company(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Company(config)#ii
ii
pp

pp


rr
rr
oo
oo
uu
uu
tt
tt
ee
ee


00
00
..
..
00
00
..
..
00
00
..
..
00
00



00
00
..
..
00
00
..
..
00
00
..
..
00
00


1
1
11
99
99
88
88
..
..
11
11
33
33

33
33
..
..
22
22
11
11
99
99
..
..
22
22
Sends all packets not defined in the
routing table to the ISP router.
Company(config)#aa
aa
cc
cc
cc
cc
ee
ee
ss
ss
ss
ss
--
--

ll
ll
ii
ii
ss
ss
tt
tt


11
11


pp
pp
ee
ee
rr
rr
mm
mm
ii
ii
tt
tt


11
11

77
77
22
22
..
..
1
1
11
66
66
..
..
11
11
00
00
..
..
00
00


00
00
..
..
00
00
..

..
00
00
..
..
22
22
55
55
55
55
Defines which addresses are
permitted through; these addresses are
those that will be allowed to be
translated with NAT.
Company(config)#ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


ii

ii
nn
nn
ss
ss
ii
ii
dd
dd
ee
ee


ss
ss
oo
oo
uu
uu
rr
rr
cc
cc
ee
ee


ll
ll
ii

ii
ss
ss
tt
tt



11
11


ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee



ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll


00
00
//
//
00
00
//
//
00
00


oo
oo

vv
vv
ee
ee
rr
rr
ll
ll
oo
oo
aa
aa
dd
dd
Creates NAT by combining list 1 with
the interface serial 0/0/0. Overloading
will take place.
Company(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa

aa
cc
cc
ee
ee


ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt

tt


00
00
//
//
0
0
00
Moves to interface configuration
mode.
Company(config-if)#ii
ii
pp
pp


nn
nn
aa
aa
tt
tt


ii
ii
nn
nn

ss
ss
ii
ii
dd
dd
ee
ee
Location of private inside addresses.
Company(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee


ss

ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll


00
00
//
//
00
00
//
//
00
00
Moves to interface configuration
mode.
Company(config-if)#ii
ii
pp
pp



nn
nn
aa
aa
tt
tt


oo
oo
uu
uu
tt
tt
ss
ss
ii
ii
dd
dd
ee
ee
Location of public outside addresses.
Company(config-if)#Ç-z
Returns to privileged mode.
Company#cc
cc
oo
oo

pp
pp
yy
yy


rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
--
--
cc
cc
oo
oo
nn
nn
ff
ff

ii
ii
gg
gg


ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
--
--
cc
cc
oo
oo
nn
nn
ff
ff

ii
ii
gg
gg
Saves the configuration to NVRAM.

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×