本次实验通过nat技术实现私网转公网。
实验中 pc1和ar2的基本配置省略,只需要配置基本IP地址就行。主要记录AR3的配置代码。
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
Huaweiint g0/0/0
Huawei-GigabitEthernet0/0/0ip address 192.168.1.254 255.255.255.0 //为0号接口配置IP地址
Feb 4 2024 18:53:25-08:00 Huawei %%01IFNET/4/LINK_STATE(l)2:The line protocol
IP on the interface GigabitEthernet0/0/0 has entered the UP state.
Huawei-GigabitEthernet0/0/0int g0/0/1
Huawei-GigabitEthernet0/0/1ip address 64.1.1.1 255.255.255.0 //为1号接口配置IP地址
Feb 4 2024 18:53:51-08:00 Huawei %%01IFNET/4/LINK_STATE(l)3:The line protocol
IP on the interface GigabitEthernet0/0/1 has entered the UP state.
Huawei-GigabitEthernet0/0/1
Huawei-GigabitEthernet0/0/1q
Huaweiacl name neiwang basic //定义一个基本的 名称为neiwang的acl
Huawei-acl-basic-neiwangrule permit source 192.168.0.0 0.0.255.255 //规则为允许来自192.168的IP数据通过该接口
Huawei-acl-basic-neiwangq
Huaweinat ? //通过此方法查看nat命令
address-group IP address-group of NAT
alg Application level gateway
dns-map DNS mapping
filter-mode NAT filter mode
link-down Link down reset session function
mapping-mode NAT mapping mode
overlap-address Overlap address pool to temp address pool map
static Specify static NAT
Huaweinat address-group 1 64.1.1.2 64.1.1.6 //设定一个nat地址池编号为1 允许内网用户使用2到6IP地址
Huaweidis acl all //查看当前配置的所有acl
Total quantity of nonempty ACL number is 1
Basic ACL neiwang 2999, 1 rule
Acl's step is 5
rule 5 permit source 192.168.0.0 0.0.255.255
Huaweiint g0/0/1
Huawei-GigabitEthernet0/0/1nat outbound 2999 address-group 1 //配置nat所有2999acl规则和使用1号地址池