本次实验通过nat技术实现私网转公网。
实验中 pc1和ar2的基本配置省略,只需要配置基本IP地址就行。主要记录AR3的配置代码。
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
Huawei\]int g0/0/0 \[Huawei-GigabitEthernet0/0/0\]ip address 192.168.1.254 255.255.255.0 //为0号接口配置IP地址 Feb 4 2024 18:53:25-08:00 Huawei %%01IFNET/4/LINK_STATE(l)\[2\]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. \[Huawei-GigabitEthernet0/0/0\]int g0/0/1 \[Huawei-GigabitEthernet0/0/1\]ip address 64.1.1.1 255.255.255.0 //为1号接口配置IP地址 Feb 4 2024 18:53:51-08:00 Huawei %%01IFNET/4/LINK_STATE(l)\[3\]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. \[Huawei-GigabitEthernet0/0/1
Huawei-GigabitEthernet0/0/1\]q \[Huawei\]acl name neiwang basic //定义一个基本的 名称为neiwang的acl \[Huawei-acl-basic-neiwang\]rule permit source 192.168.0.0 0.0.255.255 //规则为允许来自192.168的IP数据通过该接口 \[Huawei-acl-basic-neiwang\]q \[Huawei\]nat ? //通过此方法查看nat命令 address-group IP address-group of NAT alg Application level gateway dns-map DNS mapping filter-mode NAT filter mode link-down Link down reset session function mapping-mode NAT mapping mode overlap-address Overlap address pool to temp address pool map static Specify static NAT \[Huawei\]nat address-group 1 64.1.1.2 64.1.1.6 //设定一个nat地址池编号为1 允许内网用户使用2到6IP地址 \[Huawei\]dis acl all //查看当前配置的所有acl Total quantity of nonempty ACL number is 1 Basic ACL neiwang 2999, 1 rule Acl's step is 5 rule 5 permit source 192.168.0.0 0.0.255.255 \[Huawei\]int g0/0/1 \[Huawei-GigabitEthernet0/0/1\]nat outbound 2999 address-group 1 //配置nat所有2999acl规则和使用1号地址池