DHCP+NAT遇难题，忘大神指点（附图）

、Cover · 发表于 2014-3-22 00:00:15

本帖最后由、Cover 于 2014-3-22 00:09 编辑

拓扑如图

如上图，两台主机一台属于vlan 10 ，一台属于vlan 20，在交换机sw1上配置了DHCP服务器，并能成功获取IP地址，在各节点配置了静态/默认路由后全网互通，但是在AR1上配置的NAT地址转换后就不能通信了，连直连设备之间都不同通信！AR1和SW2之间出现了单向能ping通的现象，费解，忘大神帮我解决问题，不胜感激！！！

flash.efz (6.11 KB, 下载次数: 8) 由于配置信息上传不了，我贴出来SW1
<sw1>dis cur
#
sysname sw1
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
ip pool vlan10
gateway-list 10.0.1.254
network 10.0.1.0 mask 255.255.255.0
lease day 10 hour 0 minute 0
dns-list 101.202.1.1
#
ip pool vlan20
gateway-list 10.0.2.254
network 10.0.2.0 mask 255.255.255.0
lease day 10 hour 0 minute 0
dns-list 101.202.1.1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
ip address 12.12.12.1 255.255.255.0
#
interface Vlanif10
ip address 10.0.1.254 255.255.255.0
dhcp select global
#
interface Vlanif20
ip address 10.0.2.254 255.255.255.0
dhcp select global
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type access
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 12.12.1.2
ip route-static 0.0.0.0 0.0.0.0 12.12.12.2
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
#
return

AR1
<R1>dis cur
[V200R003C00]
#
sysname R1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone Indian Standard Time minus 05:13:20
clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23
00:00 2005 2005
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
ip soft-forward enhance enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl number 2001
rule 5 permit source 10.0.1.0 0.0.0.255
acl number 2002
rule 5 permit source 192.168.1.0 0.0.0.255
#
dhcp server group waiwang
#
ip pool waiguo
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 1 23.23.23.10 23.23.23.20
nat address-group 2 192.168.1.10 192.168.1.20
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 12.12.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 23.23.23.1 255.255.255.0
nat static global 23.23.23.2 inside 172.16.1.1 netmask 255.255.255.255
nat outbound 2001 address-group 1 no-pat
nat outbound 2002 address-group 2
#
interface NULL0
#
interface LoopBack0
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack1
ip address 172.16.1.1 255.255.255.0
#
ip route-static 10.0.0.0 255.0.0.0 12.12.12.1
#
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

SW2
[sw2]dis cur
#
sysname sw2
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
ip address 23.23.23.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
#
return

一瓢江湖水 · 发表于 2014-3-24 15:58:42

AR上面ip route-static 0.0.0.0 0.0.0.0 23.23.23.2

jsbxd · 发表于 2014-3-27 14:05:23

按照你的配置，两台主机肯定ping不通LSW2

jsbxd · 发表于 2014-3-31 09:22:54

你定义了地址池，下面又调用了acl,你做的是动态nat ,nat static global 23.23.23.2 inside 172.16.1.1 netmask 255.255.255.255 这句又是静态nat,导致出错，把这句删了就可以了

三克盐 · 发表于 2014-3-31 11:44:10

你确定没做nat之前能全通？

账号		自动登录	找回密码
密码			论坛注册

[求助] DHCP+NAT遇难题，忘大神指点（附图）

回帖奖励 +1 个鸿鹄币

客服中心

投诉建议