本次实验通过nat技术实现私网转公网。
实验中 pc1和ar2的基本配置省略,只需要配置基本IP地址就行。主要记录AR3的配置代码。
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.254 255.255.255.0 //为0号接口配置IP地址
Feb 4 2024 18:53:25-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[2]:The line protocol
IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 64.1.1.1 255.255.255.0 //为1号接口配置IP地址
Feb 4 2024 18:53:51-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[3]:The line protocol
IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[Huawei-GigabitEthernet0/0/1]
[Huawei-GigabitEthernet0/0/1]q
[Huawei]acl name neiwang basic //定义一个基本的 名称为neiwang的acl
[Huawei-acl-basic-neiwang]rule permit source 192.168.0.0 0.0.255.255 //规则为允许来自192.168的IP数据通过该接口
[Huawei-acl-basic-neiwang]q
[Huawei]nat ? //通过此方法查看nat命令
address-group IP address-group of NAT
alg Application level gateway
dns-map DNS mapping
filter-mode NAT filter mode
link-down Link down reset session function
mapping-mode NAT mapping mode
overlap-address Overlap address pool to temp address pool map
static Specify static NAT
[Huawei]nat address-group 1 64.1.1.2 64.1.1.6 //设定一个nat地址池编号为1 允许内网用户使用2到6IP地址
[Huawei]dis acl all //查看当前配置的所有acl
Total quantity of nonempty ACL number is 1
Basic ACL neiwang 2999, 1 rule
Acl's step is 5
rule 5 permit source 192.168.0.0 0.0.255.255
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2999 address-group 1 //配置nat所有2999acl规则和使用1号地址池