目录
- 静态NAT配置
- 配置
- 抓包测试
- 动态NAT配置
- 配置
- 测试
- Easy IP配置
- 配置
- 测试
静态NAT配置
配置
nat static global { global-address} inside {host-address } 命令用于创建静态NAT。
global参数用于配置外部公网地址。
inside参数用于配置内部私有地址。
- AR1-NAT
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy NAT
[NAT]int g0/0/0
[NAT-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[NAT-GigabitEthernet0/0/0]int s1/0/0
[NAT-Serial1/0/0]ip address 200.10.10.2 24
[NAT-Serial1/0/0]nat static global 202.10.10.1 inside 192.168.1.1
[NAT-Serial1/0/0]nat static global 202.10.10.2 inside 192.168.1.2
- Internet
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]int s1/0/0
[Huawei-Serial1/0/0]ip address 100.1.1.1 24
[Huawei-Serial1/0/0]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 200.10.10.2
抓包测试
动态NAT配置
配置
- AR1-NAT
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy NAT
[NAT]nat address-group 1 200.10.10.1 200.10.10.200
[NAT]acl 2000
[NAT-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[NAT-acl-basic-2000]q
[NAT]int s1/0/0
[NAT-Serial1/0/0]nat outbound 2000 address-group 1 no-pat
[NAT-Serial1/0/0]ip address 200.10.10.201 24
[NAT-GigabitEthernet0/0/0]ip address 192.168.1.254 24
- Internet
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]int s1/0/0
[Huawei-Serial1/0/0]ip address 100.1.1.1 24
[Huawei-Serial1/0/0]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 200.10.10.201
测试
Easy IP配置
配置
- AR1-NAT
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy NAT
[NAT]int g0/0/0
[NAT-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[NAT-GigabitEthernet0/0/0]q
[NAT]int s1/0/0
[NAT-Serial1/0/0]ip address 200.10.10.1 24
[NAT-Serial1/0/0]q
[NAT]acl 2000
[NAT-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[NAT-acl-basic-2000]q
[NAT]int s1/0/0
[NAT-Serial1/0/0]nat outbound 2000
- Internet
<Huawei>sy
[Huawei]int s1/0/0
[Huawei-Serial1/0/0]ip address 100.1.1.1 24
[Huawei-Serial1/0/0]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 200.10.10.1
测试
- PC1
- PC2
