 成长值: 35695
|
50鸿鹄币
本帖最后由 renma19th 于 2021-1-5 18:49 编辑
项目中遇到问题,两端数据库服务器为相同IP,需要互相访问。网络结构如下图:
网络两端内网8.3和重载8.3这2台PC地址都是172.30.8.3/24,网关都是172.30.8.254.其中内网8.3的网关设置在SW-A的 interface vlan 120里面。而重载8.3的网关设置在路由器R1的G0/1接口,SW-B是一台2层交换机,所有接口都在2层VLAN 120里面。需求为PC内网8.3需要和PC重载8.3互相通信。在NAT-R1上设置了双向NAT,将内网8.3的地址172.30.8.3地址转换为192.168.10.3,将重载8.3的地址172.30.8.3转换为192.168.7.3
真实环境中SW-A是一台1811加上交换板卡,NAT-R1是思科3945路由器,SW-B是思科2960交换机
SW-A的配置如下:
SW-A#sh run
Building configuration...
!
vlan 120
name old-server
!
vlan 500
name to-6720
!
interface FastEthernet2
switchport access vlan 120
!
interface FastEthernet3
switchport access vlan 120
!
interface FastEthernet4
switchport access vlan 120
!
interface FastEthernet5
switchport access vlan 120
!
interface FastEthernet6
switchport access vlan 500
!
interface Vlan120
ip address 172.30.8.254 255.255.255.0
!
interface Vlan500
ip address 192.168.5.1 255.255.255.252
!
ip route 192.168.7.0 255.255.255.0 192.168.5.2
路由器R1的配置如下:
NAT-R1#sh run
Building configuration...
!
interface GigabitEthernet0/0
ip address 192.168.5.2 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 172.30.8.254 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
!
no ip http secure-server
ip nat inside source static 172.30.8.1 192.168.10.1
ip nat inside source static 172.30.8.2 192.168.10.2
ip nat inside source static 172.30.8.3 192.168.10.3
ip nat inside source static 172.30.8.4 192.168.10.4
ip nat outside source static 172.30.8.3 192.168.7.3
ip nat outside source static 172.30.8.4 192.168.7.4
ip route 172.30.8.3 255.255.255.255 192.168.5.1
ip route 172.30.8.4 255.255.255.255 192.168.5.1
ip route 192.168.7.0 255.255.255.0 GigabitEthernet0/1
!
以上贴的是真机上的配置,在模拟器上只是接口号有一定变化。
目前问题是配置后,内网PC8.3和外网PC8.3之间无法互相PING通。我在思科的模拟器Cisco Packet Tracer上配置的时候能通。但是落实到真机上就不通。从内网8.3上trace路径到了192.168.5.2,从重载8.3上trace,路径到172.30.8.254.
求助,节后就要实际割接了,麻烦哪位大神能帮忙看看是怎么回事。
重启了多次设备,并更换了路由器从3945更换为1841以及3845路由器,结果还是一样。
show ip nat tran结果如下:
NAT-R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- --- --- 192.168.7.3 172.30.8.3
--- --- --- 192.168.7.4 172.30.8.4
--- 192.168.10.1 172.30.8.1 --- ---
--- 192.168.10.2 172.30.8.2 --- ---
--- 192.168.10.3 172.30.8.3 --- ---
--- 192.168.10.4 172.30.8.4 --- ---
路由器上路由如下:
NAT-R1#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
172.30.0.0/16 is variably subnetted, 14 subnets, 2 masks
S 172.30.8.1/32 [1/0] via 192.168.5.1
S 172.30.8.2/32 [1/0] via 192.168.5.1
S 172.30.8.3/32 [1/0] via 192.168.5.1
S 172.30.8.4/32 [1/0] via 192.168.5.1
192.168.5.0/24 is variably subnetted, 2 subnets, 1 masks
C 192.168.5.0/30 is directly connected, GigabitEthernet0/0
L 192.168.5.2/32 is directly connected, GigabitEthernet0/0
S 192.168.7.0/24 [1/0] via GigabitEthernet0/1
|
最佳答案
查看完整内容
debug ip packet and debug ip nat
show ip nat translations
看一下数据包nat 前后的地址是否和你预想的一样
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2021-1-1 15:25:32
置顶卡
喧嚣卡
变色卡
千斤顶
楼主