Cisco IOS NAT 帮助

tag-icon tag-icon cisco
Cisco IOS NAT 帮助

我是思科新手,我已经配置了 VLAN、dhcp,可以在本地机器上获取 IP 地址。但我似乎无法从该机器访问互联网。我的 NAT 设置中是否遗漏了某些内容?

 Current configuration : 2220 bytes
    !
    ! Last configuration change at 00:46:14 UTC Wed Jan 27 2016
    !
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    !
    !
    no aaa new-model
    !
    !
    no ipv6 cef
    ip source-route
    ip cef
    !
    !
    !
    ip dhcp excluded-address 10.0.10.1
    !
    ip dhcp pool LAN1
    !
    ip dhcp pool LAN10
       network 10.0.10.0 255.255.255.0
       default-router 10.0.10.1
       dns-server 8.8.8.8
    !
    ip dhcp pool vlan20
       network 10.0.20.0 255.255.255.0
       default-router 10.0.20.1
       dns-server 8.8.8.8
    !
    !
    !
    multilink bundle-name authenticated
    !
    crypto pki token default removal timeout 0
    !
    !
    license udi pid CISCO1921/K9 sn FTX151200G2
    !
    !
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface GigabitEthernet0/0
     ip address dhcp
     ip nat outside
     ip virtual-reassembly in
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/1/0
     switchport access vlan 10
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/1
     switchport access vlan 10
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/2
     switchport access vlan 10
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/3
     switchport access vlan 10
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/4
     switchport access vlan 20
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/5
     switchport access vlan 20
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/6
     switchport access vlan 20
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/7
     switchport access vlan 20
     spanning-tree portfast
    !
    interface Vlan1
     no ip address
    !
    interface Vlan10
     ip address 10.0.10.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
    !
    interface Vlan20
     ip address 10.0.20.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip nat source list 10 interface GigabitEthernet0/0 overload
    !
    access-list 10 permit 10.0.10.0 0.0.0.255
    access-list 10 deny   any
    access-list 10 permit 10.0.20.0 0.0.0.255
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
     login
     transport input all
    !
    scheduler allocate 20000 1000
    end

答案1

我可以通过进行以下更改来修复:

ip nat source list 10 interface GigabitEthernet0/0 overload


ip nat inside source list 10 interface GigabitEthernet0/0 overload

inside失踪)

答案2

您当然无法离开 VLAN20,因为访问列表 10 不允许 VLAN20 中的 IP 地址,只允许 VLAN10 中的 IP 地址。ACL 条目按顺序处理,因此拒绝任何条目发生在允许 10.0.20.0 之前。

答案3

虽然有点旧,但也许它能为你指明正确的方向。 http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html

编辑:也许问题与设置默认路由有关。

相关内容