实现部分内网主机能够ping通外网

mazaoxia · 发表于 2016-1-1 13:31:11

（拓扑截图和pkt文件附件已经上传）实验拓扑要求：router0模拟校园网络连接internet的出口路由器，router1为internet上路由器，pc8模拟web服务器。校园网有公网地址两个：211.68.176.18-211.68.176.19.1、pc0-pc7分别代表8个vlan10-80，校园网内部全网互通；
2、vlan30-vlan60能够ping通pc8
4、router0配置动态napt
我按照题目要求配了，可是内网和外网ping不同，一直目的主机不可达是什么原因？

实验拓扑.pkt (22.08 KB, 下载次数: 19)

拓扑截图.PNG

lzq8663457 · 发表于 2016-1-1 13:31:12

看看我这个，问题应该能解决！
<r1>dis current-configuration
[V200R003C00]
#
sysname r1
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ip address 201.100.200.1 255.255.255.0
nat outbound 2000
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 201.100.100.2 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 201.100.200.2
ip route-static 192.168.10.0 255.255.255.0 201.100.100.1
ip route-static 192.168.20.0 255.255.255.0 201.100.100.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r1>

<r2>dis current-configuration
[V200R003C00]
#
sysname r2
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ip address 201.100.200.2 255.255.255.0
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r2>

<sw1>dis current-configuration
#
sysname sw1
#
vlan batch 10 20 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
#
interface Vlanif100
ip address 201.100.100.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 1 to 4094
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 201.100.100.2
#
user-interface con 0
user-interface vty 0 4
#
return
<sw1>

<sw2>dis current-configuration
#
sysname sw2
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
<sw2>

<sw3>dis current-configuration
#
sysname sw3
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10 20
#
interface Ethernet0/0/4
port hybrid pvid vlan 20
port hybrid untagged vlan 10 20
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10 20
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
<sw3>

jsjsboy · 发表于 2016-1-2 00:04:29

本帖最后由 jsjsboy 于 2016-1-2 00:07 编辑

上一下traceroute 的信息。还有NAT和ACL的配置

G_star · 发表于 2016-1-2 10:30:21

哎哟，不错哟！

Rockyw · 发表于 2016-1-2 11:37:32

用TP的仿真模式看一下数据包在哪里中断就知道大概的问题所在

michael007 · 发表于 2016-1-2 12:56:42

楼主你的内网网关三层交换机都没有去外网的路由条目，所以网关会回应不可达。

ccna_test · 发表于 2016-1-6 13:07:25

其一，你的三台三层交换应该设置一条默认路由到连接外网的路由器，即Routr0。
其二，你的RIP不应该宣告外网地址，现实中这是不现实的，你不可能把上百万个网段宣告进去。
其三，你的Router0既然是连接外网的接口，那么IP地址就不应该是随便配置，应该是配置你所拥有的公网地址，211.68.176.18-211.68.176.19中的一个。
这三个问题解决，你的问题也就解决了。

C:\Users\qq151\Desktop\pkt.png

michael_kui · 发表于 2016-1-11 23:33:21

NAT没设置好吧

i小艾 · 发表于 2017-1-3 21:32:43

有具体配置过程么

i小艾 · 发表于 2017-1-3 21:32:49

有具体配置过程么

账号		自动登录	找回密码
密码			论坛注册

[求助] 实现部分内网主机能够ping通外网

最佳答案

客服中心

投诉建议