動态位址轉換(Dynamic NAT)是一種網絡位址轉換技術,它能夠将内部網絡的私有IP位址動态映射到公網IP位址,進而實作内部網絡主機通路外部網絡的功能。在華為路由器上配置動态位址轉換可以幫助您更好地管理内部網絡主機的通路權限,并提高網絡安全性。本文将為您詳細介紹如何在華為路由器上配置動态位址轉換,希望能夠對此感興趣的友友們有所幫助。
實驗要求:
某公司研發部和銷售部通過公司兩條專線(移動和電信)與網際網路相連,路由器上接口GigabitEthernet0/0/0的公網位址為2.2.2.2/24,對端營運商側位址為2.2.2.1/24,研發部使用者希望使用移動專線公網位址池中的位址(2.2.2.100~2.2.2.200)采用NAT方式替換内部的主機位址(網段為192.168.1.0/24),通路網際網路。銷售部使用者希望使用電信專線的公網IP位址位址池(2.2.2.20~2.2.2.50)采用NAT方式替換内部的主機位址(網段為192.168.2.0/24),通路網際網路。
實驗拓撲:
配置思路:
配置接口的IP位址、預設路由和在WAN接口下設定NAT出站,以實作各部門内部主機所在的專線,通路外部網絡服務的功能。
具體過程:
1、登入路由器
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info
[Huawei]undo info-center en
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]
[Huawei] 2、建立vlan
[Huawei]vlan batch 100 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei] 3、給vlan 設定ip,并将相關接口加入到vlan中
[Huawei]interface Vlanif 100
[Huawei-Vlanif100]
[Huawei-Vlanif100]ip add
[Huawei-Vlanif100]ip address 192.168.1.1 24
[Huawei-Vlanif100]
[Huawei-Vlanif100]q
[Huawei]int
[Huawei]interface vlan
[Huawei]interface Vlanif 200
[Huawei-Vlanif200]ip add
[Huawei-Vlanif200]ip address 192.168.2.1 24
[Huawei-Vlanif200]
[Huawei-Vlanif200]q
[Huawei]
Huawei]interface Ethernet 0/0/0
[Huawei-Ethernet0/0/0]port link
[Huawei-Ethernet0/0/0]port link-type ac
[Huawei-Ethernet0/0/0]port link-type access
[Huawei-Ethernet0/0/0]port def
[Huawei-Ethernet0/0/0]port default vlan 100
[Huawei-Ethernet0/0/0]q
[Huawei]interf
[Huawei]interface
[Huawei]interface ethe
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link
[Huawei-Ethernet0/0/1]port link-type acc
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port def
[Huawei-Ethernet0/0/1]port default vlan 200
[Huawei-Ethernet0/0/1]q
[Huawei] 4、給連接配接外網的接口設定ip
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip ad
[Huawei-GigabitEthernet0/0/0]ip address 2.2.2.2 24
[Huawei-GigabitEthernet0/0/0]
[Huawei-GigabitEthernet0/0/0]
[Huawei-GigabitEthernet0/0/0]q 5、添加靜态路由
[Huawei]
[Huawei]ip route-static 0.0.0.0 0.0.0.0 2.2.2.1 6、建立acl 規則,并設定nat 轉換,應用到出接口
Huawei]nat address-group 1 2.2.2.100 2.2.2.200
[Huawei]nat address-group 2 2.2.2.20 2.2.2.50
[Huawei]
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2000]q
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule 5 permit source 192.168.2.0 0.0.0.255
[Huawei-acl-basic-2001]q
[Huawei]
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat
[Huawei-GigabitEthernet0/0/0]nat outbound 2001 address-group 2
[Huawei-GigabitEthernet0/0/0]q
[Huawei]
[Huawei] 7、檢視
Huawei]dis nat outbound
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
GigabitEthernet0/0/0 2000 1 no-pat
GigabitEthernet0/0/0 2001 2 pat
--------------------------------------------------------------------------
Total : 2
[Huawei] 8、測試
1)路由器上進行測試
[Huawei]ping -a 192.168.1.1 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
[Huawei] 2)通過PC測試
寫在最後:
自我設限,固步自封,唯有突破極限,才能發掘潛能。以上就是本期整理的《如何在華為路由器上配置動态位址轉換》,自己經曆過的風雨,是以知道你也會堅強。你的【評論】+【點贊】+【關注】,我會自動解讀為認可。
作者簡介:
我是“網絡系統技藝者”,系統運維工程師一枚,持續分享【網絡技術+系統運維技術】幹貨。