华为-NAT网络地址转换
NAT:进行网络地址转换,因为Ipv4 的公网地址无法做到人手一个,需要将私有地址转换成公网地址,
保证局域网内可以上网,如下图
1、启动设置,设置PC1、PC2、PC3、 PC4、Server1和Client1的Ip地址、子网掩码和网关、具体配置如下:
SW1配置信息
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]idle-timeout 0 0
[Huawei-ui-console0]sysname SW1
[SW1]int g0/0/1
[SW1]vlan batch 10 20 30 40
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 30
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 20
[SW1-GigabitEthernet0/0/4]int g0/0/6
[SW1-GigabitEthernet0/0/6]port link-type access
[SW1-GigabitEthernet0/0/6]port default vlan 10
[SW1-GigabitEthernet0/0/6]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5]port default vlan 40
[SW1-GigabitEthernet0/0/5]quit
[SW1]int vlanif 10
[SW1-Vlanif10]ip add 192.168.10.1 24
[SW1-Vlanif10]undo shutdown
[SW1-Vlanif10]int vlanif 20
[SW1-Vlanif20]ip add 192.168.20.1 24
[SW1-Vlanif20]undo shutdown
[SW1-Vlanif20]int vlanif 30
[SW1-Vlanif30]ip add 192.168.30.1 24
[SW1-Vlanif30]undo shutdown
[SW1-Vlanif30]int vlanif 40
[SW1-Vlanif40]ip add 11.0.0.2 24
[SW1-Vlanif40]undo shutdown
[SW1-Vlanif40]quit
[SW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1
R1配置信息
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]idle-timeout 0 0
[Huawei-ui-console0]sysname R1
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[R1-GigabitEthernet0/0/1]undo shutdown
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
[R1-GigabitEthernet0/0/0]undo shutdown
[R1-GigabitEthernet0/0/0]quit
[R1]ip route-static 192.168.10.1 24 11.0.0.2
[R1]ip route-static 192.168.20.1 24 11.0.0.2
[R1]ip route-static 192.168.30.1 24 11.0.0.2
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat static global 8.8.8.8 inside 192.168.10.10
[R1-GigabitEthernet0/0/1]quit
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
[R1]nat address-group 1 212.0.0.100 212.0.0.200
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[R1-acl-basic-2000]rule permit source 11.0.0.0 0.0.0.255
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
[R1-GigabitEthernet0/0/1]quit
[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]quit
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 3000
[R1-GigabitEthernet0/0/1]quit
[R1]int g
[R1]int GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]nat server protocol tcp global 9.9.9.9 www inside 192.1
68.10.100 www
[R1-GigabitEthernet0/0/1]quit
R2配置信息
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]idle-timeout 0 0
[Huawei-ui-console0]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[R2-GigabitEthernet0/0/0]undo shutdown
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 13.0.0.1 24
[R2-GigabitEthernet0/0/1]undo shutdown
[R2-GigabitEthernet0/0/1]int loop 0
[R2-LoopBack0]ip add 114.114.114.114 32
[R2-LoopBack0]quit
[R2]ip route-static 8.8.8.8 32 12.0.0.1
[R2]ip route-static 212.0.0.0 24 12.0.0.1
[R2]ip route-static 9.9.9.9 32 12.0.0.1
注意:1、静态NAT:需要配置静态路由,设置好后用PC1去ping 114.114.114.114(如图一),
用抓包软件抓取R2的G0/0/0接口去看地址情况(如图二)
图一
图二
2、动态NAT:需要配置静态路由,设置好后用PC2或PC4去ping 114.114.114.114(如图三),
用抓包软件抓取R2的G0/0/0接口去看地址情况(如图四)、会发现每一次的地址会进行转换
图三
图四
3、easyIp:不需要配置静态路由,设置好后用PC2或PC4去ping 114.114.114.114(如图五),
用抓包软件抓取R2的G0/0/0接口去看地址情况(如图六)会发现地址变成了R1的G0/0/1接口地址
图五
图六
