vrrp，nat综合小练习

拓扑图如下

要实现192.168.1.10主机能访问外网100.100.100.100

主要配置如下

交换机为二层交换机不用配置

路由器AR1

#
acl number 2000 配置acl
rule 5 permit
#
nat address-group 1 200.1.1.5 200.1.1.5 配置地址池
#
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0 配接口地址
vrrp vrid 1 virtual-ip 192.168.1.254 为主机配置虚拟网关
vrrp vrid 1 priority 101 修改优先级成为master
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 20 监听g/0/0/1端口，如故障，优先级减小20
#
interface GigabitEthernet0/0/1
ip address 200.1.1.1 255.255.255.0
vrrp vrid 5 virtual-ip 200.1.1.5
vrrp vrid 5 priority 101
vrrp vrid 5 track interface GigabitEthernet0/0/0 reduced 20
nat outbound 2000 address-group 1 NAT调用地址池
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.6 默认路由


AR2

#
acl number 2000
rule 5 permit
#
#
nat address-group 1 200.1.1.5 200.1.1.5
#
interface GigabitEthernet0/0/0
ip address 192.168.1.20 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254
#
interface GigabitEthernet0/0/1
ip address 200.1.1.2 255.255.255.0
vrrp vrid 5 virtual-ip 200.1.1.5
nat outbound 2000 address-group 1
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.6


R1

interface Ethernet0/0/0
ip address 200.1.1.6 255.255.255.0
#
interface LoopBack0
ip address 100.100.100.100 255.255.255.255
#


ENSP模拟器中不能ping通，真机应该可以实现。