请教！~CCNA--V102题库一道NAT实验出现的问题~求解释！~

ligang_636 · 发表于 2010-8-15 19:40:05

NAT拓扑图

【拓扑如上】
实验过程中遇到的问题是，Router Bomar的se2/0口一敲上命令ip nat outside，从主机192.168.16.33 到ISP router 192.0.2.114就ping 不通了！！！
附上show run 结果：
【Router Bomar se2/0没有配置ip nat outside时】
Bomar#show run
Current configuration : 963 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Bomar
!
!
no ip domain-lookup
!

!
interface FastEthernet0/0
ip address 192.168.16.46 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 192.0.2.110 255.255.255.224
clock rate 64000
!
interface Serial3/0
no ip address
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
router rip
version 2
network 192.0.2.0
network 192.168.16.0
no auto-summary
!
ip nat pool NAT 198.18.237.225 198.18.237.230 netmask 255.255.255.248
ip nat inside source list 1 pool NAT overload
ip classless
!
!
access-list 1 permit 192.168.16.32 0.0.0.15
!

!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
!
!
!
end

---------------------------------------------------------------------
ISP#
ISP#sh run
Building configuration...
Current configuration : 738 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP
!
!
!
no ip domain-lookup
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 192.0.2.114 255.255.255.224
!
interface Serial3/0
no ip address
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
router rip
version 2
network 192.0.2.0
no auto-summary
!
ip classless
!

!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
!
!
!
end
-----------------------------------------------------------------
从主机PC 192.168.16.33 ping 192.0.2.114：
PC>ping 192.0.2.114
Pinging 192.0.2.114 with 32 bytes of data:
Reply from 192.0.2.114: bytes=32 time=60ms TTL=254
Reply from 192.0.2.114: bytes=32 time=60ms TTL=254
Reply from 192.0.2.114: bytes=32 time=60ms TTL=254
Reply from 192.0.2.114: bytes=32 time=60ms TTL=254
Ping statistics for 192.0.2.114:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 60ms, Average = 60ms
----------------------------------------------------------------------------
----------以上是可以ping通的！在Bomar上只在fa0/0配了ip nat inside，在se2/0上没有配ip nat outside，再看下面-------------------
-----------------------------------------------------------------------------
==========================================================================================================
【下面是在se2/0敲上ip nat outside】
再看PC主机：
PC>ping 192.0.2.114
Pinging 192.0.2.114 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.0.2.114:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
-----------------------------------不通了！！！（试了好几次的）

-------------------------
Bomar#sh run
Building configuration...
Current configuration : 979 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Bomar
!
!

!
no ip domain-lookup
!

!
interface FastEthernet0/0
ip address 192.168.16.46 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 192.0.2.110 255.255.255.224
ip nat outside
clock rate 64000
!
interface Serial3/0
no ip address
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
router rip
version 2
network 192.0.2.0
network 192.168.16.0
no auto-summary
!
ip nat pool NAT 198.18.237.225 198.18.237.230 netmask 255.255.255.248
ip nat inside source list 1 pool NAT overload
ip classless
!
!
access-list 1 permit 192.168.16.32 0.0.0.15
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
!
!
!
end
-----------------------------------------------------------------------------------

----------------------------------------------------------------------------------
---------------------------Router ISP 配置不变！------------------------
高手解释下啊？~原则上配NAT时明明应该在串口上配ip nat outside的啊！！！

。。。。。。。。。。。。。

dragonlijian · 发表于 2010-8-16 00:34:32

我看了题库,应该你还有少写了一条ACL 去拒绝其它的 deny any

鸿鹄 · 发表于 2010-8-16 08:41:54

没仔细看题库和教学视频讲解

8697623 · 发表于 2010-8-16 09:11:05

ACL默认是有一条deny any any

victor · 发表于 2010-8-16 09:18:52

你没做静态路由，我看了视频讲解，根本就没讲到，为了通过的狗屎视频，说实在讲的不咋地

ligang_636 · 发表于 2010-8-16 13:21:13

用RIPv2通告了啊，还要静态路由做什么？。。。没做ACL之前，两两都可以ping通的啊。。。。

ligang_636 · 发表于 2010-8-16 13:23:13

ACL默认最后有一条隐藏的deny any的命令的！。。。我觉得如果是用意是拒绝其他所有的话，deny any可以不用配的，默认有的啊，。。。

ligang_636 · 发表于 2010-8-19 17:28:27

其实是ISP路由器上没有去往198.18.237.224 /29的路由，还有就是rip不应该宣告192.168.16.32/28这个网段！！！

账号		自动登录	找回密码
密码			论坛注册

[已解决] 请教！~CCNA--V102题库一道NAT实验出现的问题~求解释！~

回 4楼(victor) 的帖子

回 1楼(dragonlijian) 的帖子

客服中心

投诉建议