一.测试拓扑:
二.测试思路:
三.基本配置:
A.R1:
interface Ethernet0/0
ip address 202.100.1.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 202.100.1.2
B.R2:
1.接口配置:
interface Ethernet0/0
ip address 202.100.1.2 255.255.255.0
no shutdown
interface Ethernet0/1
no ip address
no shutdown
2.PPPOE Server配置:
aaa new-model
aaa authentication ppp default local
username cisco password 0 cisco
ip dhcp excluded-address 202.100.2.2
ip dhcp pool ppoe
network 202.100.2.0 255.255.255.0
default-router 202.100.2.2
bba-group pppoe TEST
virtual-template 1
interface Virtual-Template1
ip address 202.100.2.2 255.255.255.0
peer default ip address dhcp-pool ppoe
ppp authentication chap callin
interface Ethernet0/1
pppoe enable group TEST
C.R3:
1.接口配置:
interface Ethernet0/0
no ip address
no shutdown
!
interface Ethernet0/1
ip address 192.168.1.3 255.255.255.0
no shutdown
2.PPPOE Client配置:
interface e0/0
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer0
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname cisco
ppp chap password 0 cisco
D.R4:
interface Ethernet0/0
ip address 192.168.1.4 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.1.3
E.R5:
interface Ethernet0/0
ip address 192.168.1.5 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.1.3
四.解决地址回流
---都是在R3上面配置
A.方法一:NVI
1.动态PAT配置:
ip access-list extended PAT
permit ip 192.168.1.0 0.0.0.255 any
ip nat source list PAT interface Dialer0 overload
interface Ethernet0/1
ip nat enable
interface Dialer0
ip nat enable
2.静态NAT配置:
ip nat source static 192.168.1.4 202.100.2.4 extendable
3.测试:
---R5能通过R4映射后的公网地址访问R4
R5#telnet 202.100.2.4
Trying 202.100.2.4 ... Open
User Access Verification
Password:
R4>show users
Line User Host(s) Idle Location
0 con 0 UNKNOWN 00:00:16
*130 vty 0 idle 00:00:00 202.100.2.3
Interface User Mode Idle Peer Address
R4>
---R4也能通过R4映射后的公网地址访问R4
R4#telnet 202.100.2.4
Trying 202.100.2.4 ... Open
User Access Verification
Password:
R4>show users
Line User Host(s) Idle Location
0 con 0 202.100.2.4 00:00:00
*131 vty 1 idle 00:00:00 202.100.2.4
Interface User Mode Idle Peer Address
R4>
---通过域名访问时会自动修改DNS记录回包(类似ASA的dns rewrite)
R2(config)#ip dns server
R2(config)#ip host R4.yuntian.cn 202.100.2.4
R5(config)#ip domain-lookup
R5(config)#ip name-server 202.100.2.2
R5#ping R4.yuntian.cn
Translating "R4.yuntian.cn"...domain server (202.100.2.2) [OK]
Translating "R4.yuntian.cn"...domain server (202.100.2.2) [OK]
Translating "R4.yuntian.cn"...domain server (202.100.2.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/32/52 ms
R5#
*Mar 1 02:13:40.991: ICMP: echo reply rcvd, src 192.168.1.4, dst 192.168.1.5
*Mar 1 02:13:41.047: ICMP: echo reply rcvd, src 192.168.1.4, dst 192.168.1.5
*Mar 1 02:13:41.087: ICMP: echo reply rcvd, src 192.168.1.4, dst 192.168.1.5
*Mar 1 02:13:41.095: ICMP: echo reply rcvd, src 192.168.1.4, dst 192.168.1.5
*Mar 1 02:13:41.139: ICMP: echo reply rcvd, src 192.168.1.4, dst 192.168.1.5
R5#
通过不同位置的抓包可以看出,路由器R3修改了DNS的回包,把公网地址修改为内网地址:
B.方法二:修改DNS记录