环境：两台路由器，由串口相联。

要求：如下图所示，设置R1以太口的secondary地址为10.1.1.2-10.1.1.4,将10.1.1.2和10.1.1.3这两个辅助地址做动态NAT转换,地址池范围:80.1.1.2-80.1.1.9；将辅助地址10.1.1.4静态转换成80.1.1.10，将以太口的主IP地址作PAT转换。10.1.1.6和80.1.1.8 进行端口的映射。然后使用PC来测试。

步骤一、基本配置

R1的配置：

R1(config)#interface e0

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#ip address 10.1.1.2 255.255.255.0 secondary   à设置辅助IP

R1(config-if)#ip address 10.1.1.3 255.255.255.0 secondary

R1(config-if)#ip address 10.1.1.4 255.255.255.0 secondary

R1(config-if)#ip address 10.1.1.5 255.255.255.0 secondary

R1(config-if)#ip address 10.1.1.6 255.255.255.0 secondary

R1(config-if)#no keepalive     à关闭检测

R1(config-if)#no shutdown

R1(config-if)#interface s0

R1(config-if)#ip address 30.1.1.1 255.255.255.0

R1(config-if)#clock rate 64000

R1(config-if)#no shutdown

R2的配置：

R2(config)#interface loopback 0

R2(config-if)#ip address 20.1.1.1 255.255.255.0

R2(config-if)#interface s1

R2(config-if)#ip address 30.1.1.2 255.255.255.0

R2(config-if)#no shutdown

配置路由：

R2(config)#ip route 80.1.1.0 255.255.255.240 serial 1 

R1(config)#ip route 0.0.0.0 0.0.0.0 serial 0

步骤二、NAT与PAT的创建

NAT的配置:

R1(config)#access-list 10 permit host 10.1.1.2         à定义转换列表

R1(config)#access-list 10 permit host 10.1.1.3

R1(config)#ip nat pool ippool 80.1.1.2 80.1.1.9 prefix-length 28 à定义地址池

R1(config)#ip nat inside source list 10 pool ippool       à将池和列表关联

PAT的配置：

R1(config)#access-list 11 permit host 10.1.1.1           àPAT转换列表

R1(config)#ip nat inside source list 11 interface serial 0 overload à与接口映射

静态NAT的配置：

R1(config)#ip nat inside source static 10.1.1.4 80.1.1.10

R1(config)#ip nat inside source static tcp 10.1.1.6 80 80.1.1.8 80

R1(config)#interface e0

R1(config-if)#ip nat inside    à加载到接口

R1(config-if)#interface s0

R1(config-if)#ip nat outside   à加载到接口

R1(config-if)#ip http server       开启路由器的http服务，验证80端口是否映射成功 

步骤三、测试

R1#ping

Protocol [ip]:

Target IP address:20.1.1.1

Extended commands [n]: y

Source address or interface: 10.1.1.1

!!!!!

R1#ping

Protocol [ip]:

Target IP address: 20.1.1.1

Extended commands [n]: y

Source address or interface: 10.1.1.2

!!!!!

R1#ping

Protocol [ip]:

Target IP address:20.1.1.1

Extended commands [n]: y

Source address or interface: 10.1.1.3

!!!!!

R1#show ip nat translation    à查看转换列表

Pro Inside global      Inside local       Outside local      Outside global

--- 80.1.1.10          10.1.1.4           ---                ---

--- 80.1.1.2           10.1.1.2           ---                ---

--- 80.1.1.3           10.1.1.3           ---                ---

icmp 30.1.1.1:2832     10.1.1.1:2832      20.1.1.1:2832      20.1.1.1:2832

icmp 30.1.1.1:2833     10.1.1.1:2833      20.1.1.1:2833      20.1.1.1:2833

icmp 30.1.1.1:2834     10.1.1.1:2834      20.1.1.1:2834      20.1.1.1:2834

icmp 30.1.1.1:2835     10.1.1.1:2835      20.1.1.1:2835      20.1.1.1:2835

icmp 30.1.1.1:2836     10.1.1.1:2836      20.1.1.1:2836      20.1.1.1:2836

步骤四、显示当前配置

R1的当前配置：

R1#show running-config

hostname R1

!

no ip domain-lookup

!

interface Ethernet0

 ip address 10.1.1.2 255.255.255.0 secondary

 ip address 10.1.1.3 255.255.255.0 secondary

 ip address 10.1.1.4 255.255.255.0 secondary

 ip address 10.1.1.5 255.255.255.0 secondary

 ip address 10.1.1.6 255.255.255.0 secondary

 ip address 10.1.1.1 255.255.255.0

 ip nat inside

 no keepalive

!

interface Serial0

 ip address 30.1.1.1 255.255.255.0

 ip nat outside

 clockrate 64000

!

ip nat pool ippool 80.1.1.2 80.1.1.9 prefix-length 28

ip nat inside source list 10 pool ippool

ip nat inside source list 11 interface Serial0 overload

ip nat inside source static 10.1.1.4 80.1.1.10

ip nat inside source static tcp 10.1.1.6 80 80.1.1.8 80 extendable

ip route 0.0.0.0 0.0.0.0 Serial0

ip route 192.168.155.0 255.255.255.0 30.1.1.2  /这个是我PC机的网段
ip http server
!

!

access-list 10 permit 10.1.1.2

access-list 10 permit 10.1.1.3

access-list 11 permit 10.1.1.1

!

line con 0

 exec-timeout 0 0

 logging synchronous

end

R2的当前配置：

r2#show running-config

hostname r2

no ip domain-lookup

!

interface Loopback0

 ip address 20.1.1.1 255.255.255.0

!

interface FastEthernet0/0
 ip address 192.168.155.11 255.255.255.0
 duplex half

!

interface Serial1

 ip address 30.1.1.2 255.255.255.0

!

ip route 80.1.1.0 255.255.255.240 Serial1

line con 0

 exec-timeout 0 0

 logging synchronous

end

PC上设置：

c:>route add 80.1.1.0 mask 255.255.255.0 192.168.155.11 metric 5

然后在PC上浏览80.1.1.8网址，再浏览80.1.1.7网址。看谁能够正常访问，谁不能正常访问，从而验证端口映射是否成功~！