Yup, apalagi kalo bukan fitur NAT.
NAT (Network Address Translation) seperti namanya berfungsi untuk melakukan konversi IP address local / LAN ke IP address public / WAN maupun sebaliknya.
Jenis NAT sendiri ada bermacam - macam, mulai dari static NAT, dynamic NAT, NAT overload dan beberapa lainnya (yang lainnya cari sendiri ya :P )
Nah... untuk lab di CCIE Foundation, kita mulai dari NAT yang paling mudah cara konfigurasinya, yaitu NAT static - IP to IP alias 1 IP address local akan dikonversi ke 1 IP address public.
Lab 1 - NAT Static - IP to IP.
Topologi cukup pake 2 router, tipe router nya terserah keyakinan masing - masing :
Konfig di R1 (yang akan melakukan NAT alias aktor utama) :
R1(config)#int lo0
R1(config-if)#ip
*Mar 1 00:03:29.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R1(config-if)#ip add 10.10.10.1 255.255.255.0
R1(config-if)#ip add 10.10.10.2 255.255.255.0 secondary
R1(config-if)#ip add 10.10.10.3 255.255.255.0 secondary
R1(config-if)#ip add 10.10.10.4 255.255.255.0 secondary
R1(config-if)#ip add 10.10.10.5 255.255.255.0 secondary
R1(config-if)#ip nat inside
R1(config-if)#
R1(config-if)#int fa0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#ip nat outside
R1(config-if)#no shut
*Mar 1 00:04:48.047: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:04:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0
R1(config)#ip nat inside source static 10.10.10.1 12.12.12.3
R1(config-if)#ip
*Mar 1 00:03:29.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R1(config-if)#ip add 10.10.10.1 255.255.255.0
R1(config-if)#ip add 10.10.10.2 255.255.255.0 secondary
R1(config-if)#ip add 10.10.10.3 255.255.255.0 secondary
R1(config-if)#ip add 10.10.10.4 255.255.255.0 secondary
R1(config-if)#ip add 10.10.10.5 255.255.255.0 secondary
R1(config-if)#ip nat inside
R1(config-if)#
R1(config-if)#int fa0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#ip nat outside
R1(config-if)#no shut
*Mar 1 00:04:48.047: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:04:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0
R1(config)#ip nat inside source static 10.10.10.1 12.12.12.3
Konfig di R2 (gak melakukan apa - apa alias aktor figuran )
R2(config)#int lo0
R2(config-if)#ip add
*Mar 1 00:05:35.359: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R2(config-if)#ip add 1.1.1.1 255.255.255.0
R2(config-if)#ip add 1.1.1.2 255.255.255.0 secondary
R2(config-if)#ip add 1.1.1.3 255.255.255.0 secondary
R2(config-if)#ip add 1.1.1.4 255.255.255.0 secondary
R2(config-if)#ip add 1.1.1.5 255.255.255.0 secondary
R2(config-if)#int fa0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
*Mar 1 00:06:21.723: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:06:22.723: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#ip add
*Mar 1 00:05:35.359: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R2(config-if)#ip add 1.1.1.1 255.255.255.0
R2(config-if)#ip add 1.1.1.2 255.255.255.0 secondary
R2(config-if)#ip add 1.1.1.3 255.255.255.0 secondary
R2(config-if)#ip add 1.1.1.4 255.255.255.0 secondary
R2(config-if)#ip add 1.1.1.5 255.255.255.0 secondary
R2(config-if)#int fa0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
*Mar 1 00:06:21.723: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:06:22.723: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Kudu dicek dulu di R1, hasil NAT atau translation nya :
R1(config)#do sh ip nat trans
Pro Inside global Inside local Outside local Outside global
--- 12.12.12.3 10.10.10.1 --- ---
Pro Inside global Inside local Outside local Outside global
--- 12.12.12.3 10.10.10.1 --- ---
Tuh sudah keliatan secara gamblang dan jelas bahwa IP 10.10.10.1 (Inside local) di NAT ke IP 12.12.12.3 (Inside global).
Buat mastiinnya... kita debug dulu tuh ip nat nya , jangan lupa kita test ping dari R1 ke R2
R1(config)#do debug ip nat
IP NAT debugging is on
IP NAT debugging is on
R1(config)#do ping 1.1.1.1 source 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/37/40 ms
R1(config)#
*Mar 1 00:07:49.055: NAT: s=10.10.10.1->12.12.12.3, d=1.1.1.1 [5]
*Mar 1 00:07:49.083: NAT*: s=1.1.1.1, d=12.12.12.3->10.10.10.1 [5]
*Mar 1 00:07:49.087: NAT: s=10.10.10.1->12.12.12.3, d=1.1.1.1 [6]
*Mar 1 00:07:49.127: NAT*: s=1.1.1.1, d=12.12.12.3->10.10.10.1 [6]
*Mar 1 00:07:49.131: NAT: s=10.10.10.1->12.12.12.3, d=1.1.1.1 [7]
*Mar 1 00:07:49.163: NAT*: s=1.1.1.1, d=12.12.12.3->10.10.10.1 [7]
*Mar 1 00:07:49.167: NAT: s=10.10.10.1->12.12.12.3, d=1.1.1.1 [8]
*Mar 1 00:07:49.203: NAT*: s=1.1.1.1, d=12.12.12.3->10.10.10.1 [8]
*Mar 1 00:07:49.207: NAT: s=10.10.10.1->12.12.12.3, d=1.1.1.1 [9]
*Mar 1 00:07:49.247: NAT*: s=1.1.1.1, d=12.12.12.3->10.10.10.1 [9]
Sip... keliatan deh pas abis diping... si NAT nya bekerja dengan sempurna.
Hasil debug, karena kita kirim paket ICMP alias paket nya bolak balik, maka di hasil debug pasti ada dua baris konversi NAT :
Jadi waktu IP 10.10.10.1 ping ke IP 1.1.1.1, NAT melakukan translasi IP 10.10.10.1 ke 12.12.12.3 sebelum diteruskan ke IP 1.1.1.1.
*Mar 1 00:07:49.083: NAT*: s=1.1.1.1, d=12.12.12.3->10.10.10.1 [5]
Demikian juga sebaliknya... waktu paket ICMP balik dari IP 1.1.1.1 mau ke IP 10.10.10.1, NAT translasi dulu tuh dari IP 12.12.12.3 ke 10.10.10.1
Nah, biar lebih jelasnya bisa dilihat ko video lab dibawah ini :
Tidak ada komentar:
Posting Komentar