HCIA--NAT实验

news2024/11/20 20:21:17

1. 划分网段，配置接口IP地址，内网启用OSPF协议，并配置一对一的NAT：

AR1配置：

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 10.1.1.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 11.1.1.1 24
[Huawei]sys isp
[isp]telnet 11.1.1.3   #telnet登陆

AR2配置：

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 11.1.1.2 24 
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 12.1.1.1 24 
[Huawei-GigabitEthernet0/0/1]qu
[Huawei]ospf 100 router-id 1.1.1.1
[Huawei-ospf-100]area 0
[Huawei-ospf-100-area-0.0.0.0]network 12.1.1.1 0.0.0.0
[Huawei]ip route-static 0.0.0.0 0 11.1.1.1   #下放缺省
[Huawei]ospf 100
[Huawei-ospf-100]default-route-advertise 
[Huawei]int g0/0/0   #启用一对一的NAT 进行地址转换
[Huawei-GigabitEthernet0/0/0]nat static global 11.1.1.3 inside 192.168.1.2
[Huawei]int g0/0/0   #telnet转换，远程登陆
[Huawei-GigabitEthernet0/0/0]nat server protocol tcp global 11.1.1.3 telnet insi
de 23.1.1.2 telnet

AR3配置：

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 23.1.1.1 24
[Huawei-GigabitEthernet0/0/1]qu
[Huawei]ospf 100 router-id 3.3.3.3
[Huawei-ospf-100]area 0
[Huawei-ospf-100-area-0.0.0.0]network 0.0.0.0 255.255.255.255

AR4配置：

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 23.1.1.2 24 
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.1.1 24
[Huawei-GigabitEthernet0/0/1]qu
[Huawei]ospf 100 router-id 4.4.4.4
[Huawei-ospf-100]area 0
[Huawei-ospf-100-area-0.0.0.0]network 0.0.0.0 255.255.255.255
[Huawei]user-interface vty 0 4   #telnet转换，远程登陆
[Huawei-ui-vty0-4]authentication-mode password
Please configure the login password (maximum length 16):123

2. AR2启用一对一的NAT后，PC2 ping PC1结果：

3. 多对多的NAT配置：

AR2配置多对多的NAT:

[Huawei]sys R2
[R2]acl 2000    #抓内网流量，内网里面所有设备都能上外网
[R2-acl-basic-2000]rule permit source any
[R2-acl-basic-2000]qu
[R2]nat address-group 1 11.1.1.4 11.1.1.5   #抓取公网地址
[R2]int g0/0/0   #acl抓取的私网地址转换成group1中的任一地址
[R2-GigabitEthernet0/0/0]nat outbound 2000 address-group 1
[R2]acl 2000   #补充：多对一easyNAT
[R2-acl-basic-2000]rule permit source any
[R2-acl-basic-2000]qu
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]nat outbound 2000

AR4开启DHCP：

[R4]dhcp enable 
[R4]ip pool 1
[R4-ip-pool-1]network 192.168.1.0 mask 255.255.255.0
[R4-ip-pool-1]gateway-list 192.168.1.1	
[R4-ip-pool-1]dns-list 8.8.8.8
[R4-ip-pool-1]qu
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]dhcp select global