【Dynamips】PC1台でNATと各種サーバ環境構築  8.Dynamipsの設定(2)

8.Dynamipsの設定(2)


8.1.Configの設定

ネットワーク構成のうち、主要なNW機器についてのConfigを記載します。

画像


・host1

Building configuration...

*Mar 1 00:12:13.587: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1197 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname host1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$dTak$NXHri0hXY1BixB1Drtzcm1
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip cef
!
ip name-server 10.1.2.2
!
multilink bundle-name authenticated
!
!
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.240
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
no ip route-cache
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
no ip route-cache
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
no ip route-cache
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
no ip route-cache
shutdown
serial restart-delay 0
!
ip default-gateway 10.1.1.14
!
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 020507520E565E
login
!
end


・point
①ホストとして扱うため、「no ip routing」を設定する。
②DNSサーバにドメインのIPアドレスを問い合わせるため、
 「ip name-server 」を設定する。
③デフォルトゲートウェイを設定する。

-------------------------

・hidari-intra

Building configuration...

Current configuration : 1430 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hidari-intra
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$RnT4$EKJsJEX.6DKNnknEb.63s0
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 10.1.1.14 255.255.255.240
!
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 10.1.1.30 255.255.255.240
!
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.1.3.1 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router eigrp 1
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
no auto-summary
!
ip route 10.1.5.0 255.255.255.0 Serial1/0
ip route 10.1.6.0 255.255.255.0 Serial1/0
!
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 1306141B0E5C55
login
!
end

・point
外部ドメイン「migi.lemuria」向けのルーティングは、スタティックルーティングで行っている。
その際、migi.lemuriaの実IPアドレス「192.168.xxx.xxx」ではなく、ルータ「nat-router」の「ip nat outside …」で設定したアドレスでルーティングしていることに注意。
つまり、hidari.ne.atlantisのホストは、migi.lemuriaの実セグメントとアドレスを知らない。

・sh ip routeの表示結果

hidari-intra#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.1.3.0/24 is directly connected, Serial1/0
C 10.1.2.0/24 is directly connected, FastEthernet0/1
C 10.1.1.0/28 is directly connected, FastEthernet0/0.100
S 10.1.6.0/24 is directly connected, Serial1/0
S 10.1.5.0/24 is directly connected, Serial1/0
C 10.1.1.16/28 is directly connected, FastEthernet0/0.200

-------------------------

・nat-router

Building configuration...

*Mar 1 00:48:43.167: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1688 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname nat-router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$DiUo$9/6BdPTiZIPl15UE9R1A01
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.1.3.2 255.255.255.0
ip nat inside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.4.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router eigrp 1
network 10.1.3.0 0.0.0.255
no auto-summary
!
router ospf 1
log-adjacency-changes
network 192.168.4.0 0.0.0.255 area 0
!
ip route 10.1.5.0 255.255.255.0 Serial1/1
ip route 10.1.6.0 255.255.255.0 Serial1/1
ip route 192.168.1.0 255.255.255.0 Serial1/0
ip route 192.168.2.0 255.255.255.0 Serial1/0
!
!
no ip http server
no ip http secure-server
ip nat inside source static 10.1.1.1 192.168.1.1
ip nat inside source static 10.1.1.17 192.168.1.17
ip nat inside source static 10.1.2.2 192.168.2.2
ip nat outside source static 192.168.5.1 10.1.5.1
ip nat outside source static 192.168.6.2 10.1.6.2
!
control-plane
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 03075802035F70
login
!
end

・point
①ダイナミックルーティングついては、両ドメインにルーティングの再配布をしていない。そのため、スタティックルーティングのアドレスのみが反対側のドメインにアドバタイズされる。

・sh ip routeの表示結果
nat-router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.4.0/24 is directly connected, Serial1/1
O 192.168.5.0/24 [110/74] via 192.168.4.2, 00:01:00, Serial1/1
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.1.3.0/24 is directly connected, Serial1/0
D 10.1.2.0/24 [90/2195456] via 10.1.3.1, 00:01:15, Serial1/0
D 10.1.1.0/28 [90/2172416] via 10.1.3.1, 00:01:15, Serial1/0
S 10.1.6.0/24 is directly connected, Serial1/1
S 10.1.5.0/24 is directly connected, Serial1/1
D 10.1.1.16/28 [90/2172416] via 10.1.3.1, 00:01:15, Serial1/0
O 192.168.6.0/24 [110/74] via 192.168.4.2, 00:01:00, Serial1/1
S 192.168.1.0/24 is directly connected, Serial1/0
S 192.168.2.0/24 is directly connected, Serial1/0

・sh ip nat translationsの表示結果

画像


-------------------------

・migi-intra

Building configuration...

*Mar 1 00:12:08.995: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1308 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname migi-intra
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ALyU$hjWa3FJkfm7uj89WcPLWe0
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
interface FastEthernet0/0
ip address 192.168.5.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.6.1 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 192.168.4.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 192.168.4.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 0
!
ip route 192.168.1.0 255.255.255.0 Serial1/0
ip route 192.168.2.0 255.255.255.0 Serial1/0
!
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 094F4D001C5546
login
!
end

・pointは、hidari-intraと同じ。

・sh ip routeの表示結果

migi-intra#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.4.0/24 is directly connected, Serial1/0
C 192.168.5.0/24 is directly connected, FastEthernet0/0
C 192.168.6.0/24 is directly connected, FastEthernet0/1
S 192.168.1.0/24 is directly connected, Serial1/0
S 192.168.2.0/24 is directly connected, Serial1/0

-------------------------

最後に、NATの動作確認をします。

host1から、migi.lemuriaのhost3にpingを打ちます。

host1#ping 10.1.6.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.6.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/149/200 ms

IPアドレスの10.1.6.2は、「nat-router」のip nat outside文で設定した外部向けアドレスです。
host1は外部の実セグメントとアドレスを知らないために、外部向けアドレスを使って接続します。


次に、host3から、hidari.ne.atlantisのhost2にpingを打ちます。

host3#ping 192.168.1.17

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/40/96 ms

host3もhost2の実アドレスを知らないので、ip nat inside文の設定したアドレスを使って接続します。

もし、pingの疎通がうまくいかないときは、どこかの機器で設定を間違えている可能性が高いので、configをよく見直してみましょう。


<前に戻る | 目次 | 次に進む >






ブログ気持玉

クリックして気持ちを伝えよう!

ログインしてクリックすれば、自分のブログへのリンクが付きます。

→ログインへ

なるほど(納得、参考になった、ヘー)
驚いた
面白い
ナイス
ガッツ(がんばれ!)
かわいい

気持玉数 : 0

この記事へのコメント

この記事へのトラックバック