我正在尝试在一个带有来自 ISP 的公共 IP 的面向外部的子接口的棒上创建一个路由器。我尝试配置 NAT 和路由,但我无法 ping 互联网。我使用的是 cisco 2811 路由器和 2960 交换机。
这是我想要实现的拓扑
目前这是我的运行配置
2811路由器
Current configuration : 2430 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $xxxxxx
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
ip name-server 8.8.8.8
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username xxxx privilege 15 secret 5 $xxxxxxxxx
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.1.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.1.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 10.1.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.155
encapsulation dot1Q 155
ip address 197.221.155.30 255.255.255.252
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
router eigrp 100
network 10.0.0.0
network 197.221.155.0
no auto-summary
!
ip default-gateway 197.221.155.29
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 197.221.155.29
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0.155 overload
!
access-list 1 permit any
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^C^C
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end
对于 2960 交换机
Building configuration...
Current configuration : 4603 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname sw1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $xxxxx..
!
username xxx privilege 15 secret 5 $xxxxxxxxxxxxxxx
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
crypto pki trustpoint TP-self-signed-3654552704
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3654552704
revocation-check none
rsakeypair TP-self-signed-3654552704
!
!
crypto pki certificate chain TP-self-signed-3654552704
certificate self-signed 01
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
switchport access vlan 155
switchport mode access
!
interface Vlan1
ip address 10.1.1.253 255.255.255.0
!
ip default-gateway 10.1.1.254
ip http server
ip http secure-server
banner login ^C^C
!
line con 0
logging synchronous
login local
line vty 0 4
login
line vty 5 15
login
!
end
在 2960 交换机上显示 vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Fa0/25
Fa0/26, Fa0/27, Fa0/28, Fa0/29
Fa0/30, Fa0/31, Fa0/32, Fa0/33
Fa0/34, Fa0/35, Fa0/36, Fa0/37
Fa0/38, Fa0/39, Fa0/40, Fa0/41
Fa0/42, Fa0/43, Fa0/44, Fa0/45
Fa0/46, Fa0/47, Fa0/48, Gi0/1
Gi0/2, Gi0/3
10 VLAN0010 active
20 VLAN0020 active
155 ISP-Airtel active Gi0/4
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
155 enet 100155 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
我的 2811 路由器上的 traceroute 8.8.8.8 给出了这个输出
traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to dns.google (8.8.8.8)
1 197.221.155.161 12 msec 16 msec 16 msec
2 teng-0-0-0-3-PE2-kpl.liquidtelecom.net (41.222.1.86) 12 msec 12 msec 16 msec
3 ipt-41-222-1-85.liquidtelecom.net (41.222.1.85) 20 msec 16 msec 12 msec
4 te-0-0-1-0.lug-p2-kpl.liquidtelecom.net (197.155.94.150) [MPLS: Label 24073 Exp 0] 28 msec
41.222.0.181 [MPLS: Label 24029 Exp 0] 28 msec
41.222.0.159 [MPLS: Label 24073 Exp 0] 28 msec
5 te-0-5-0-6.lke-p1-nbi.liquidtelecom.net (197.155.94.220) [MPLS: Label 24062 Exp 0] 28 msec
te-0-5-0-7.lke-p1-nbi.liquidtelecom.net (197.155.94.222) [MPLS: Label 24062 Exp 0] 28 msec
te-0-5-0-5.lke-p1-nbi.liquidtelecom.net (197.155.94.126) [MPLS: Label 24062 Exp 0] 28 msec
6 et-0-1-10.lke-p1-mbs.liquidtelecom.net (197.155.94.217) [MPLS: Label 928698 Exp 0] 36 msec 32 msec
et-1-1-8.lke-p2-msa.liquidtelecom.net (197.155.94.9) [MPLS: Label 859512 Exp 0] 36 msec
7 hu-0-3-0-0.lke-pe1-msa.liquidtelecom.net (197.155.94.168) 28 msec 28 msec 32 msec
8 196.216.70.222 28 msec 28 msec 32 msec
9 172.253.53.65 28 msec
172.253.53.49 28 msec
172.253.53.65 32 msec
10 209.85.249.141 32 msec 32 msec 28 msec
11 dns.google (8.8.8.8) 32 msec 28 msec 32 msec
我的 2960 路由上的 traceroute 8.8.8.8 给出
traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 10.1.1.254 0 msec 0 msec 0 msec
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
我需要一些帮助才能成功地在带有公共 IP WAN 网关的棒上配置路由器。我是思科的新手