Home > Others

Huawei, NAT configuration detailed

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Experimental topology

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/92/wKiom1WgqZTTCjORAADD0sW7Qp0942.jpg "title=" mri% E7rp3i1~meh]t6r9rzs.png "alt=" Wkiom1wgqzttcjoraadd0sw7qp0942.jpg "/>

PC1 belongs to VLAN10,PC2 belongs to VLAN20

PC1 ip:192.168.10.254/24 R1 g0/0/0 ip:12.0.0.1/24

PC2 ip:192.168.20.254/24 R2 g0/0/0 ip:12.0.0.2/24

SW1 VLAN1 ip:192.168.1.10/24

SW2 VLAN1 ip:192.168.1.20/24


Experimental content

R1 analog Network Export routing, R2 analog operator equipment

1. Do static NAT on R1 to enable intranet members to access the extranet

2. Do dynamic NAT on R1 to enable intranet members to access the extranet

3, Pat on the R1 so that the network members can access the extranet

4. Do static port mapping on R1, so R2 can manage SW1 and SW2 remotely.


1. Static NAT Configuration

Existing 2 public network addresses

202.106.1.1/32

202.106.1.2/32


static NAT is a pair cannot save IP address


R1 static NAT configuration:


<r1>system-view

[R1]int g0/0/0

[R1-gigabitethernet0/0/0]nat Static global 202.106.1.1 inside 192.168.10.254// Map this public address to the internal IP: 192.168.10.254 's host is the C1

[R1-gigabitethernet0/0/0]nat Static global 202.106.1.2 inside 192.168.20.254//Ibid map to C2


R2 Configure backhaul routing:

[R2]ip route-static 202.106.1.1 32 12.0.0.1

[R2]ip route-static 202.106.1.2 32 12.0.0.1


Now, C1 and C2 should be able to communicate with the outside network.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/8F/wKioL1WgtaWys1iSAAH4udFOXAU489.jpg "style=" float: none; "title=" {$1gvcxd]4zw8~imfdn9f ' x.png "alt=" Wkiol1wgtawys1isaah4udfoxau489.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/92/wKiom1Wgs9GyZ_ibAAH4MgKqQV8335.jpg "style=" float: none; "Title=" @DA49JHE6JPQKX8QHB ' (e%t.png "alt=" Wkiom1wgs9gyz_ibaah4mgkqqv8335.jpg "/>

Capture the packet on R2 Verify that the source address is 202.106.1.1 and 202.106.1.2

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/92/wKiom1WgtM7zlkr8AAGSI8L8mmI791.jpg "style=" float: none; "title="}lxp]7jbazr]h ' e6{pj%) 72.png "alt=" Wkiom1wgtm7zlkr8aagsi8l8mmi791.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/8F/wKioL1WgtqODHJtTAAG3tlJh3pk769.jpg "style=" float: none; "Title=" H) 8$m5j~16}pszpz}q%bm~7.png "alt=" Wkiol1wgtqodhjttaag3tljh3pk769.jpg "/>


2. Dynamic NAT

The existing public network address 202.106.1.0/24


Dynamic NAT is an address pool made on the egress router, which gets a public IP from the address pool when the intranet PC accesses the extranet.


R1 Dynamic NAT Configuration:

[R1]nat address-group 1 202.106.1.1 202.106.1.254//Create a NAT address pool

[R1]ACL 2000//Define an Access control list

[R1-acl-basic-2000]rule Permit Source 192.168.10.0 0.0.0.255

[R1-acl-basic-2000]rule Permit Source 192.168.20.0 0.0.0.255

[R1-acl-basic-2000]quit

[R1]interface g0/0/0

[R1-gigabitethernet0/0/0]nat Outbound Address-group 1 No-pat//associate ACL with address pool, no-pat means not reusable


R2 Configure backhaul routing:


[R2]ip route-static 202.106.1.0 24 12.0.0.1



Grab Bag test

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/93/wKiom1Wgud6wa_hBAAIHr2BkvBE087.jpg "title=" Weqz@5y6cchc0[]v (j8mh2i.png "alt=" Wkiom1wgud6wa_hbaaihr2bkvbe087.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6F/93/wKiom1WgunyDAKkMAAPEQDZ-bIY529.jpg "title=" (TDP9} 2q4~%) SKW ' ur2tlpm.png "alt=" wkiom1wgunydakkmaapeqdz-biy529.jpg "/> will find here that the simulator is a bug, the ping command sends 5 packets, Here, each package gets an address.


3. Pat Configuration

A public network address is available 202.106.1.1/32


Pat is using a public address over and over again, and all of the hosts use it to surf the net.


R1 Pat Configuration:


[R1]nat address-group 1 202.106.1.1 202.106.1.1//Create an address pool

[R1]ACL 2000//Define an Access control list

[R1-acl-basic-2000]rule Permit Source 192.168.10.0 0.0.0.255

[R1-acl-basic-2000]rule Permit Source 192.168.20.0 0.0.0.255

[R1-gigabitethernet0/0/0]nat Outbound Address-group 1//associate ACL with address pool


R2 on backhaul routes:

[R2]ip route-static 202.106.1.1 32 12.0.0.1


Grab Bag test

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/93/wKiom1WgvdTwMbn4AAHxFH4N5j0717.jpg "title=" $4y~ MCR ' fk_ykfozhw8%yzu.png ' alt= "wkiom1wgvdtwmbn4aahxfh4n5j0717.jpg"/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/93/wKiom1WgvmDgPe0iAANwy3o7OJw218.jpg "title=" 2o~s24 %v%$1[zpbbwmhce6r.png "alt=" Wkiom1wgvmdgpe0iaanwy3o7ojw218.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/93/wKiom1WgvuCDRjTtAAH8zfXnkho341.jpg "title=" 5V " Wuqi78s0tq[pbj2~p9n0.png "alt=" Wkiom1wgvucdrjttaah8zfxnkho341.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/90/wKioL1WgwRfwJ6luAANjy_X_DCo865.jpg "title=" 17EM] hp8w~~) 3]~kk[vz9mr.png "alt=" Wkiol1wgwrfwj6luaanjy_x_dco865.jpg "/>


Now a public network IP is not only one external network port g0/0/0ip:12.0.0.1

[R1]ACL 2000//Define an Access control list

[R1-acl-basic-2000]rule Permit Source 192.168.10.0 0.0.0.255

[R1-acl-basic-2000]rule Permit Source 192.168.20.0 0.0.0.255

[R1]interface g0/0/0

[R1-gigabitethernet0/0/0]ip Address 12.0.0.1 24

[R1-gigabitethernet0/0/0]nat Outbound 2000//Reuse Current interface address


Capture Package Verification

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/90/wKioL1WgwyrS82GSAALOKxLlHtQ152.jpg "title=" K}) xbh51wz20~ ' Fjs~06r64.png "alt=" Wkiol1wgwyrs82gsaalokxllhtq152.jpg "/>


5. Static port mapping


On the basis of Pat, enter the following command

R1:


[R1-gigabitethernet0/0/0]nat Static Protocol TCP global Current-interface Telnet

Inside 192.168.1.10 telnet

Map Port 23 of the current interface to Port 23 of 192.168.1.10, where the port number or protocol can be



[R1-gigabitethernet0/0/0]nat Static Protocol TCP global Current-interface 1212 inside 192.168.1.20 telnet

Map Port 1212 of the current interface to port 23 of 192.168.1.20



Test

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/93/wKiom1WgyNCShfB8AAEWAEFz-vI388.jpg "title=" "[$ 10M1 (I0)%s) 2oug88}2.png "alt=" Wkiom1wgyncshfb8aaewaefz-vi388.jpg "/>

-------------------------------------------------------------------------------------------

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/90/wKioL1WgywXj3NJEAACzheNdMMk251.jpg "title="%1cflm %A ' Ov%1vcpbploj72.png "alt=" Wkiol1wgywxj3njeaaczhendmmk251.jpg "/>





Huawei, NAT configuration detailed

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
linksys nat nat zero huawei huawei detailed network statistics detailed world map vector cloudwatch detailed monitoring detailed network statistics

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More