动态地址转换( NAT)是一种网络地址转换技术,它能够将内部网络的私有IP地址动态映射到公网IP地址,从而实现内部网络主机访问外部网络的功能。在华为路由器上配置动态地址转换可以帮助您更好地管理内部网络主机的访问权限,并提高网络安全性。本文将为您详细介绍如何在华为路由器上配置动态地址转换,希望能够对此感兴趣的友友们有所帮助。
实验要求:
某公司研发部和销售部通过公司两条专线(移动和电信)与互联网相连,路由器上接口/0/0的公网地址为2.2.2.2/24,对端运营商侧地址为2.2.2.1/24,研发部用户希望使用移动专线公网地址池中的地址(2.2.2.100~2.2.2.200)采用NAT方式替换内部的主机地址(网段为192.168.1.0/24),访问因特网。销售部用户希望使用电信专线的公网IP地址地址池(2.2.2.20~2.2.2.50)采用NAT方式替换内部的主机地址(网段为192.168.2.0/24),访问因特网。
实验拓扑:
配置思路:
配置接口的IP地址、默认路由和在WAN接口下设置NAT出站,以实现各部门内部主机所在的专线,访问外部网络服务的功能。
具体过程:
1、登录路由器
sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info
[Huawei]undo info-center en
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]
[Huawei]
2、创建vlan
[Huawei]vlan batch 100 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]
3、给vlan 设置ip,并将相关接口加入到vlan中
[Huawei]interface Vlanif 100
[Huawei-Vlanif100]
[Huawei-Vlanif100]ip add
[Huawei-Vlanif100]ip address 192.168.1.1 24
[Huawei-Vlanif100]
[Huawei-Vlanif100]q
[Huawei]int
[Huawei]interface vlan
[Huawei]interface Vlanif 200
[Huawei-Vlanif200]ip add
[Huawei-Vlanif200]ip address 192.168.2.1 24
[Huawei-Vlanif200]
[Huawei-Vlanif200]q
[Huawei]
Huawei]interface Ethernet 0/0/0
[Huawei-Ethernet0/0/0]port link
[Huawei-Ethernet0/0/0]port link-type ac
[Huawei-Ethernet0/0/0]port link-type access
[Huawei-Ethernet0/0/0]port def
[Huawei-Ethernet0/0/0]port default vlan 100
[Huawei-Ethernet0/0/0]q
[Huawei]interf
[Huawei]interface
[Huawei]interface ethe
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link
[Huawei-Ethernet0/0/1]port link-type acc
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port def
[Huawei-Ethernet0/0/1]port default vlan 200
[Huawei-Ethernet0/0/1]q
[Huawei]
4、给连接外网的接口设置ip
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip ad
[Huawei-GigabitEthernet0/0/0]ip address 2.2.2.2 24
[Huawei-GigabitEthernet0/0/0]
[Huawei-GigabitEthernet0/0/0]
[Huawei-GigabitEthernet0/0/0]q
5、添加静态路由
[Huawei]
[Huawei]ip route-static 0.0.0.0 0.0.0.0 2.2.2.1
6、创建acl 规则,并设置nat 转换,应用到出接口
Huawei]nat address-group 1 2.2.2.100 2.2.2.200
[Huawei]nat address-group 2 2.2.2.20 2.2.2.50
[Huawei]
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2000]q
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule 5 permit source 192.168.2.0 0.0.0.255
[Huawei-acl-basic-2001]q
[Huawei]
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat
[Huawei-GigabitEthernet0/0/0]nat outbound 2001 address-group 2
[Huawei-GigabitEthernet0/0/0]q
[Huawei]
[Huawei]
7、查看
Huawei]dis nat outbound
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
GigabitEthernet0/0/0 2000 1 no-pat
GigabitEthernet0/0/0 2001 2 pat
--------------------------------------------------------------------------
Total : 2
[Huawei]
8、测试
1)路由器上进行测试
[Huawei]ping -a 192.168.1.1 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
[Huawei]
2)通过PC测试
写在最后:
自我设限,固步自封,唯有突破极限,才能发掘潜能。以上就是本期整理的《如何在华为路由器上配置动态地址转换》,自己经历过的风雨,所以知道你也会坚强。你的【评论】+【点赞】+【关注】,我会自动解读为认可。
作者简介:
我是“网络系统技艺者”,系统运维工程师一枚,持续分享【网络技术+系统运维技术】干货。
———END———
限 时 特 惠: 本站每日持续更新海量各大内部创业教程,永久会员只需109元,全站资源免费下载 点击查看详情
站 长 微 信: nanadh666