Tarmoq xavfsizligi
Dynamic Address Translation
Yüklə 305,53 Kb.
|
- Bu səhifədəki naviqasiya:
- Dinamik NAT bo`yicha ishni bajarish tartibi
- NAPT, NAT Overload, PAT PAT
| Dynamic Address Translation
Dinamik NAT - ro'yxatdan o'tmagan IP manzilni ro'yxatdan o'tgan IP-manzillar guruhiga translatsiya qilishdan iborat. Dinamik NAT ning Statik NAT dan farqi shuki, bu yerda bir nechta xususiy (Private) adresga bir nechta ommaviy (public) adreslar to‘gri keladi. Ushbu holatni amalga oshirish uchun access list va Pool dan foydalanimiz Dinamik NAT bo`yicha ishni bajarish tartibi 10.6 – rasm. Dinamik NAT tamoyili asosida qurilgan tarmoq tuzilishi Birinchi navbatda Router1 va Router2 larga statik ip route beriladi. Chunki internet qismidagi adreslarni oldindan bilmaymiz. Router1(config)#ip route 0.0.0.0 0.0.0.0 11.11.11.2 Router2(config)#ip route 0.0.0.0 0.0.0.0 11.11.11.1 195.158.1.1 dan 195.158.1.10 gacha public IP adreslarni tarqatishimiz uchun TATU nomli Pool yaratamiz. Router(config)#ip nat pool TATU 195.158.1.1 195.158.1.10 netmask 255.255.255.240 LAN tarmoqlar ichida aynan 192.168.1.0/24 tarmoq internetga chiqishi uchun Access list foydalanamiz Router1(config)#access-list 10 permit 192.168.1.0 0.0.0.255 Access list ni TATU nomli yaratilgan NAT ga biriktiramiz. Router1(config)#ip nat inside source list 10 pool TATU Router ning kirish va chiqish portlariga NAT ni biriktiramiz Router1(config)#interface fastEthernet 0/0 Router1(config-if)#ip nat inside Router1(config-if)#exit Router1(config)#interface fastEthernet 0/1 Router1(config-if)#ip nat outside Router1(config-if)#exit 10.7 Rasm Router1# show ip nat translations Router1#show running-config 10.7-rasm. Manzillarni translatsiyasi bo’yicha olingan natijalar NAPT, NAT Overload, PAT PAT- dinamik NATning bir shakli bo'lib, bir nechta ro'yxatdan o'tmagan manzillarni turli xil portlardan foydalangan holda bitta ro'yxatdan o'tgan IP manzilga translatsiya qilishdan iborat. PAT bo`yicha ishni bajarish tartibi 10.8 – rasm. PAT tamoyili asosida qurilgan tarmoq tuzilishi Router1(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.2 Router1(config)#ip nat pool nad_pat 195.158.1.1 195.158.1.4 netmask 255.255.255.240 Router1(config)#access-list 10 permit 192.168.1.0 0.0.0.255 Router1(config)#ip nat inside source list 10 pool nad_pat overload Router1(config)#interface fastEthernet 0/0 Router1(config-if)#ip nat inside Router1(config-if)#exit Router1(config)#interface fastEthernet 0/1 Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#end Router#copy run startup-config Router 2 konfiguratsiyasi Router(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.1 10.9 Rasm LAN tarmog`idagi barcha Private adreslar bitta 195.158.1.1 Public adres orqali translatsiya bo`ladi faqat port har xil. Topshiriq Cisco packet tracer muhiti asosida tarmoqni tuzilishini yarating Tamoqdag har bir R1, R2 marshrutizatorlarining interfeyslarini sozlang va tekshiring Statik NAT bo`yicha tarmoq konfiguratsiyalarini sozlang va tekshiring Dinamik NAT bo`yicha tarmoq konfiguratsiyalarini sozlang va tekshiring PAT bo`yicha tarmoq konfiguratsiyalarini sozlang va tekshiring Yüklə 305,53 Kb. Dostları ilə paylaş:
|