拓扑图如下:
实验目的:
所有链路正常情况下:
vlan10的主机(PC1)从AR1——AR3——ISP1访问互联网,vlan20的主机(PC2)从AR2——ISP2访问互联网;
当AR1——AR3链路故障时,vlan10的主机(PC1)启用备用链路从AR1——AR4——ISP1访问互联网;
当AR1——AR3和AR1——AR4链路都故障时,vlan10的主机(PC1)启用备用链路AR2——ISP2访问互联网;
当AR2——ISP2链路故障时,vlan20的主机(PC2)启用备用链路AR1——AR3——ISP1访问互联网。
SW配置
sysname SW1
vlan batch 10 20
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)
VRRP的作用:出口网关的备份,保证出口网关的高可用性。
VRRP的好处:
1. 主路由器失效后,备份路由器立即顶替主路由器的工作,保证数据的不丢失。
2.两个不同的路由器成为不同组的主路由器,相互备份。
3.跟踪上行链路接口状态,当上行链路接口失效时,自动将备份路由份提升为主路由器,保证数据的不丢失。
VRRP的工作原理:
通过在冗余网关间共享虚拟MAC和IP地址,保证数据转发时并不是转给某一个具体网关的IP,而是把数据转发给虚拟网关的IP,因此,不论哪一个路由器成为主路由,都不会影响数据通信。通过组播协议对数据端口进行监控,一旦检测数据转发的端口坏掉,主路由器会停发HELLO包,备路由器提升为主路由,实现数据的稳定高效转发。
在VRRP协议中,有两组重要的概念:VRRP路由器和虚拟路由器,主控路由器和备份路由器。VRRP路由器是指运行VRRP的路由器,是物理实体;虚拟路由器是指VRRP协议创建的,是逻辑概念。一组VRRP路由器协同工作,共同构成一台虚拟路由器。该虚拟路由器对外表现为一个具有唯一固定的IP地址和MAC地址的逻辑路由器。处于同一个VRRP组中的路由器具有两种互斥的角色:主控路由器和备份路由器,一个VRRP组中有且只有一台处于主控角色的路由器,可以有一个或者多个处于备份角色的路由器VRRP协议从路由器组中选出一台作为主控路由器,负责ARP解析和转发IP数据包,组中的其他路由器作为备份的角色并处于待命状态,当由于某种原因主控路由器发生故障时,其中的一台备份路由器能在瞬间的时延后升级为主控路由器,由于此切换非常迅速而且不用改变IP地址和MAC地址,故对终端使用者系统是透明的。
BFD(Bidirectional Forwarding Detection,双向转发检测)是一个通用的、标准化的、介质无关和协议无关的快速故障检测机制,用于检测IP网络中链路的连通状况,保证设备之间能够快速检测到通信故障,以便能够及时采取措施,保证业务持续运行。
BFD可以为各种上层协议(如路由协议、MPLS、PIM等)快速检测两台设备间双向转发路径的故障。上层协议通常采用Hello报文机制检测故障,所需时间为秒级,而BFD可以提供毫秒级检测。
实际应用中,BFD可以用来进行单跳和多跳检测:
单跳检测:用于两个直连的路由器间进行IP连通性检测,这里的单跳,仅代表IP的一跳。(Ps Echo也仅限于单跳检测中)
多跳检测:用于两个非直连间的三层设备间,任意路径的链路情况(Ps 这里的路径可以跨域多跳)
BFD需要双方都支持BFD,且双方建立BFD会话,一台不支持BFD会话的情况,那么就是BFD Echo。
AR1配置
sysname AR1
//各接口配置如下:
<AR1>display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/0.10 192.168.10.251/24 up up
GigabitEthernet0/0/0.20 192.168.20.251/24 up up
GigabitEthernet0/0/1 10.0.13.1/24 up up
GigabitEthernet0/0/2 10.0.14.1/24 up up
<AR1>
//DHCP配置如下:
dhcp enable
ip pool vlan10 //创建vlan10的地址池
gateway-list 192.168.10.254 //配置网关
network 192.168.10.0 mask 255.255.255.0 //配置分配的网段
static-bind ip-address 192.168.10.10 mac-address 5489-98de-06e7 //静态绑定
excluded-ip-address 192.168.10.251 192.168.10.252 //排除被分配的地址
lease day 2 hour 0 minute 0 //租期为2天
dns-list 114.114.114.114 //DNS列表
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.251 192.168.20.253
lease day 2 hour 0 minute 0
dns-list 114.114.114.114
interface GigabitEthernet0/0/0.10
dot1q termination vid 10 //三层以太网子接口不支持VLAN报文,当它收到VLAN报文时,会将VLAN报文当成是非法报文而丢弃,因此,需要在子接口上将VLAN Tag剥掉,也就是需要VLAN终结
ip address 192.168.10.251 255.255.255.0
arp broadcast enable //开启ARP报文
dhcp select global //基于全局DHCP
interface GigabitEthernet0/0/0.20
dot1q termination vid 20
ip address 192.168.20.251 255.255.255.0
arp broadcast enable
dhcp select global
//VRRP配置如下:
interface GigabitEthernet0/0/0.10
vrrp vrid 10 virtual-ip 192.168.10.254 //创建VRRP虚拟路由器的标识VRID为10,并配置VRID 10的虚拟IP地址
vrrp vrid 10 priority 120 //设置优先级为120 (缺省值为100)数值越大越优先
vrrp vrid 10 preempt-mode timer delay 20 //配置Master设备的抢占时延为20秒(缺省值为0,立即抢占),以防止频繁地进行状态切换
vrrp vrid 10 track interface GigabitEthernet0/0/2 reduced 30 //监控上行接口G0/0/2的状态,如端口故障则Master优先级降低30(缺省值为10)
interface GigabitEthernet0/0/0.20
vrrp vrid 20 virtual-ip 192.168.20.254 //创建VRRP虚拟路由器的标识VRID为20,并配置VRID 20的虚拟IP地址,此为Backup设备,不需要要配置优先级
//BFD会话状态与接口状态联动功能是指当BFD会话的状态变化时,直接修改接口的BFD状态。
//当BFD会话状态变为Down时,与其绑定的接口的BFD状态变为Down,然后将接口状态通告给接口上的应用。
//当BFD会话的状态变为Up时,与其绑定的接口的BFD状态变为Up。
//BFD配置如下:
bfd //创建BFD配置视图
bfd ar1_to_ar3 bind peer-ip 10.0.13.3 //配置BFD会话绑定信息,结合AR3配置使用
discriminator local 1 //配置BFD会话的本地标识符
discriminator remote 2 //配置BFD会话的远端标识符
commit //用于提交会话配置
//配置静态路由
ip route-static 0.0.0.0 0.0.0.0 10.0.13.3 track bfd-session ar1_to_ar3 //绑定BFD会话监控此静态路由
ip route-static 0.0.0.0 0.0.0.0 10.0.14.4 preference 75 //配置此路由为浮动路由
AR2配置
sysname AR2
//各接口配置如下:
<AR2>display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/0.10 192.168.10.252/24 up up
GigabitEthernet0/0/0.20 192.168.20.252/24 up up
GigabitEthernet0/0/1 100.1.22.2/24 up up
<AR2>
//配置DHCP和VRRP
dhcp enable
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
static-bind ip-address 192.168.10.10 mac-address 5489-98de-06e7
excluded-ip-address 192.168.10.251 192.168.10.252
lease day 2 hour 0 minute 0
dns-list 114.114.114.114
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.251 192.168.20.253
lease day 2 hour 0 minute 0
dns-list 114.114.114.114
interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
arp broadcast enable
dhcp select global
interface GigabitEthernet0/0/0.20
dot1q termination vid 20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 120
vrrp vrid 20 preempt-mode timer delay 20
vrrp vrid 20 track interface GigabitEthernet0/0/1 reduced 30 //监控上行接口G0/0/1的状态,如端口故障则Master优先级降低30(缺省值为10)
arp broadcast enable
dhcp select global
//配置访问控制列表ACL+NAT
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 deny
interface GigabitEthernet0/0/1
nat outbound 2000
//配置默认静态路由
ip route-static 0.0.0.0 0.0.0.0 100.1.22.1
查看AR1和AR2的VRRP状态信息
//AR1上查看
<AR1>display vrrp brief
Total:2 Master:1 Backup:1 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master GE0/0/0.10 Normal 192.168.10.254
20 Backup GE0/0/0.20 Normal 192.168.20.254
<AR1>
//AR2上查看
<AR2>display vrrp brief
Total:2 Master:1 Backup:1 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Backup GE0/0/0.10 Normal 192.168.10.254
20 Master GE0/0/0.20 Normal 192.168.20.254
<AR2>
//当SW到AR1链路链路故障时
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]shutdown
Oct 5 2022 09:49:15-08:00 SW1 %%01PHY/1/PHY(l)[0]: GigabitEthernet0/0/1: change status to down
Oct 5 2022 09:49:24-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 1, the change loop count is 0, and the maximum number of records is 4095.
//AR2上查看VRRP状态
<AR2>display vrrp brief
Total:2 Master:2 Backup:0 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master GE0/0/0.10 Normal 192.168.10.254
20 Master GE0/0/0.20 Normal 192.168.20.254
<AR2>
查看PC1和PC2获取IP地址
//PC1获取IP地址信息
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fede:6e7
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-DE-06-E7
DNS server........................: 114.114.114.114
//PC2获取IP地址信息
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:feed:3724
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.250
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.254
Physical address..................: 54-89-98-ED-37-24
DNS server........................: 114.114.114.114
AR3配置,此链路为访问ISP1的主链路
sysname AR3
//AR3各接口配置如下:
<AR3>display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 100.1.31.3/24 up up
GigabitEthernet0/0/1 10.0.13.3/24 up up
<AR3>
//配置ACL+NAT
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 deny
interface GigabitEthernet0/0/0
nat outbound 2000
//BFD会话状态与接口状态联动
bfd //创建BFD配置视图
bfd ar1_to_ar3 bind peer-ip 10.0.13.1
discriminator local 2 //配置BFD会话的本地标识符,与AR1上相反
discriminator remote 1 //配置BFD会话的远端标识符,与AR1上相反
commit
//配置静态路由
ip route-static 0.0.0.0 0.0.0.0 100.1.31.1
ip route-static 192.168.10.0 255.255.255.0 10.0.13.1
ip route-static 192.168.20.0 255.255.255.0 10.0.13.1
AR4配置,此链路为访问ISP1的备用链路
sysname AR4
//AR4各接口配置如下:
<AR4>display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 100.1.41.4/24 up up
GigabitEthernet0/0/2 10.0.14.4/24 up up
<AR4>
//配置ACL+NAT
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 deny
interface GigabitEthernet0/0/0
nat outbound 2000
//配置静态路由
ip route-static 0.0.0.0 0.0.0.0 100.1.41.1
ip route-static 192.168.10.0 255.255.255.0 10.0.14.1
ip route-static 192.168.20.0 255.255.255.0 10.0.14.1
ISP1和ISP2配置
ISP为网络营运商提供,除接口配置外,基本不会有其它配置
//ISP1的各接口配置如下:
<ISP1>display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/1 100.1.31.1/24 up up
GigabitEthernet0/0/2 100.1.41.1/24 up up
LoopBack0 1.1.1.1/24 up up(s)
<ISP1>
//ISP2的各接口配置如下:
<ISP2>display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/1 100.1.22.1/24 up up
LoopBack0 2.2.2.2/24 up up(s)
<ISP2>
实验验证:
链路完整情况下:
//PC1访问ISP情况
PC>ping 1.1.1.1 //访问ISP1
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
From 1.1.1.1: bytes=32 seq=1 ttl=253 time=62 ms
From 1.1.1.1: bytes=32 seq=2 ttl=253 time=47 ms
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=63 ms
From 1.1.1.1: bytes=32 seq=4 ttl=253 time=31 ms
From 1.1.1.1: bytes=32 seq=5 ttl=253 time=47 ms
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/50/63 ms
PC>ping 2.2.2.2 //访问ISP2
Ping 2.2.2.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
**********************************************************
//PC2访问ISP情况
PC>ping 1.1.1.1 //访问ISP1
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 2.2.2.2 //访问ISP2
Ping 2.2.2.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 2.2.2.2: bytes=32 seq=2 ttl=254 time=47 ms
From 2.2.2.2: bytes=32 seq=3 ttl=254 time=31 ms
From 2.2.2.2: bytes=32 seq=4 ttl=254 time=32 ms
From 2.2.2.2: bytes=32 seq=5 ttl=254 time=31 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/35/47 ms
当访问ISP1链路故障时
//断开AR1——AR3链路前,查看AR1上路由表,下一跳为IP为10.0.13.3,接口为GE 0/0/1
<AR1>display ip routing-table | exclude 127.0.0.1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 10.0.13.3 GigabitEthernet0/0/1
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet0/0/1
10.0.14.0/24 Direct 0 0 D 10.0.14.1 GigabitEthernet0/0/2
192.168.10.0/24 Direct 0 0 D 192.168.10.251 GigabitEthernet0/0
/0.10
192.168.20.0/24 Direct 0 0 D 192.168.20.251 GigabitEthernet0/0
/0.20
<AR1>
//查看AR3的NAT会话表
PC>ping 1.1.1.1 -t
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=46 ms
From 1.1.1.1: bytes=32 seq=4 ttl=253 time=63 ms
From 1.1.1.1: bytes=32 seq=5 ttl=253 time=31 ms
From 1.1.1.1: bytes=32 seq=6 ttl=253 time=31 ms
From 1.1.1.1: bytes=32 seq=7 ttl=253 time=63 ms
<AR3>display nat session all
NAT Session Table Information:
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.10.10 //源地址为192.168.10.10
DestAddr Vpn : 1.1.1.1 //目的地址1.1.1.1
Type Code IcmpId : 0 8 60381
NAT-Info
New SrcAddr : 100.1.31.3 //NAT转换地址为100.1.31.3
New DestAddr : ----
New IcmpId : 10261
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.10.10
DestAddr Vpn : 1.1.1.1
Type Code IcmpId : 0 8 60380
NAT-Info
New SrcAddr : 100.1.31.3
New DestAddr : ----
New IcmpId : 10260
************************************************************************
//断开AR1——AR3链路后,查看AR1上路由表,下一跳为IP为10.0.14.4,接口为GE 0/0/2
[AR1]display ip routing-table | exclude 127.0.0.1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 75 0 RD 10.0.14.4 GigabitEthernet0/0/2
10.0.14.0/24 Direct 0 0 D 10.0.14.1 GigabitEthernet0/0/2
192.168.10.0/24 Direct 0 0 D 192.168.10.251 GigabitEthernet0/0
/0.10
192.168.20.0/24 Direct 0 0 D 192.168.20.251 GigabitEthernet0/0
/0.20
[AR1]
//查看AR4的NAT会话表
<AR4>display nat session all
NAT Session Table Information:
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.10.10 //源地址为192.168.10.10
DestAddr Vpn : 1.1.1.1 //目的地址1.1.1.1
Type Code IcmpId : 0 8 60741
NAT-Info
New SrcAddr : 100.1.41.4 //NAT转换地址为100.1.41.4
New DestAddr : ----
New IcmpId : 10299
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.10.10
DestAddr Vpn : 1.1.1.1
Type Code IcmpId : 0 8 60756
NAT-Info
New SrcAddr : 100.1.41.4
New DestAddr : ----
New IcmpId : 10313
************************************************************************
//断开AR1——AR3链路的同时,断开AR1——AR4链路
[AR1]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/0.10 192.168.10.251/24 up up
GigabitEthernet0/0/0.20 192.168.20.251/24 up up
GigabitEthernet0/0/1 10.0.13.1/24 *down down //已断开
GigabitEthernet0/0/2 10.0.14.1/24 *down down //已断开
[AR1]
//查看AR1的VRRP状态
[AR1]display vrrp brief
Total:2 Master:0 Backup:2 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Backup GE0/0/0.10 Normal 192.168.10.254
20 Backup GE0/0/0.20 Normal 192.168.20.254
[AR1]
//查看AR2的VRRP状态
<AR2>display vrrp brief
Total:2 Master:2 Backup:0 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master GE0/0/0.10 Normal 192.168.10.254
20 Master GE0/0/0.20 Normal 192.168.20.254
<AR2>
//此时PC1无法通过ISP1访问互联网,可以智能选路通过ISP2访问互联网
PC>ping 1.1.1.1
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>
PC>ping 2.2.2.2
Ping 2.2.2.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 2.2.2.2: bytes=32 seq=2 ttl=254 time=31 ms
From 2.2.2.2: bytes=32 seq=3 ttl=254 time=31 ms
From 2.2.2.2: bytes=32 seq=4 ttl=254 time=31 ms
From 2.2.2.2: bytes=32 seq=5 ttl=254 time=47 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/35/47 ms
PC>
//查看AR2的NAT会话
<AR2>display nat session all
NAT Session Table Information:
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.10.10 //源地址为192.168.10.10
DestAddr Vpn : 1.1.1.1 //目的地址1.1.1.1
Type Code IcmpId : 0 8 61179
NAT-Info
New SrcAddr : 100.1.22.2 //NAT转换地址为100.1.22.2
New DestAddr : ----
New IcmpId : 10251
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.10.10
DestAddr Vpn : 1.1.1.1
Type Code IcmpId : 0 8 61181
NAT-Info
New SrcAddr : 100.1.22.2
New DestAddr : ----
New IcmpId : 10252
当访问ISP2链路故障时
//恢复AR1上访问ISP1的链路
[AR1]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/0.10 192.168.10.251/24 up up
GigabitEthernet0/0/0.20 192.168.20.251/24 up up
GigabitEthernet0/0/1 10.0.13.1/24 up up
GigabitEthernet0/0/2 10.0.14.1/24 up up
[AR1]
//断开AR2访问ISP2的链路
[AR2]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/0.10 192.168.10.252/24 up up
GigabitEthernet0/0/0.20 192.168.20.252/24 up up
GigabitEthernet0/0/1 100.1.22.2/24 *down down //断开链路
[AR2]
//查看AR1的VRRP状态
[AR1]display vrrp brief
Total:2 Master:2 Backup:0 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master GE0/0/0.10 Normal 192.168.10.254
20 Master GE0/0/0.20 Normal 192.168.20.254
[AR1]
//此时PC2无法通过ISP2访问互联网,可以智能选路通过ISP1访问互联网
PC>ping 2.2.2.2
Ping 2.2.2.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 1.1.1.1
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 1.1.1.1: bytes=32 seq=2 ttl=253 time=32 ms
From 1.1.1.1: bytes=32 seq=3 ttl=253 time=47 ms
From 1.1.1.1: bytes=32 seq=4 ttl=253 time=31 ms
From 1.1.1.1: bytes=32 seq=5 ttl=253 time=47 ms
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/39/47 ms
PC>
//在AR3查看PC2访问互联网的NAT会话表,
<AR3>display nat session all
NAT Session Table Information:
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.20.250 //源地址为192.168.20.250
DestAddr Vpn : 2.2.2.2 //目的地址为2.2.2.2
Type Code IcmpId : 0 8 62060
NAT-Info
New SrcAddr : 100.1.31.3 //NAT转换地址为100.1.31.3
New DestAddr : ----
New IcmpId : 10555
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.20.250
DestAddr Vpn : 2.2.2.2
Type Code IcmpId : 0 8 62058
NAT-Info
New SrcAddr : 100.1.31.3
New DestAddr : ----
New IcmpId : 10554
实验验证完毕!!!