PAT acl 1 不起作用
用工大的模拟器,在路由器上做基于VLAN的DHCP fa0/0 内部 s1/0做外 ip:123.157.233.2 对端路由端口地址:123.157.233.1/30IP地址段:192.168.3.0/24 不能访问外网
但是ACL 1 好像没有起作用
开启 DEBGU IP NAT能看到 192.168.2.0/24 的PAT但是用3.0段 仍然可以PING 通外
是我ACL 1 定义的有问题 还是 模拟器有问题啊
R#sh run
Building configuration...
Current configuration : 1977 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$RN2t$/fpqq5z2LCIHaK29pf9ys/
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.0 192.168.0.1
ip dhcp excluded-address 192.168.1.0 192.168.1.1
ip dhcp excluded-address 192.168.1.255
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.3.1
!
ip dhcp pool vlan110
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
ip dhcp pool vlan120
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 110
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.2
encapsulation dot1Q 120
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
bandwidth 2048
ip address 123.157.233.2 255.255.255.252
ip nat outside
ip virtual-reassembly
serial restart-delay 0
clock rate 64000
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip route 0.0.0.0 0.0.0.0 123.157.233.1
!
!
no ip http server
no ip http secure-server
ip nat pool wai 123.157.233.2 123.157.233.2 prefix-length 30
ip nat inside source list 1 pool wai overload
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 deny any
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
logging synchronous
login
!
!
end
页:
[1]