Experiment name: Huawei Pat address translation, and intranet Web server publishing
Experimental topology diagram:
3. Purpose of the experiment:
1. Transform the intranet through Pat to Sisu network
2. Using static NAT for Port mapping, publishing a Web server
3. Configure the Switch Telnet
4. Address Planning
Client 1--web:192.168.1.2/24
Gateway 192.168.1.254
Client 2:192.168.1.1/24
Gateway 192.168..1.254
LSW1 Management ip:192.168.1.3/24
ar3-Gateway: 192.168.1.254
External network: G0/0/0:100.1.1.1/24
ar4:g0/0/0:100.1.1.2 g0/0/1:100.1.2.254
Client CLIENT4:100.1.2.1/24 for external network
5. Configuration ideas: As far as I know, in the general configuration of the reality, first configure the boundary device, finally configure each terminal, so today my ideas have changed
# First configure the IP address of the AR3 gateway device, and AR4 IP address, as well as the management IP address of the switch, the last IP address of each terminal, then do pat conversion, so that the intranet can sisu network, finally publish intranet Web server, make the outside network can access, Then finally configure the switch Telnet function
6. Operation Procedure:
First configure the IP address of the gateway device AR3
Intface 0/0/1
IP address 192.168.1.254 255.255.255.0
Undo Shutdown
Interace 0/0/0
IP address 100.1.1.1 255.255.255.0
Undo Shutdown
# Configure IP address of AR4
Interface g0/0/0
IP address 100.1.1.2 255.255.255.0
Undo Shutdown
Interface G0/0/1
IP address 100.1.2.254 255.255.255.0
Undo Shutdown
# Configure the IP address of the extranet client
IP address 100.1.2.1 255.255.255.0
Undo Shutdown
# Configure the Management IP address of the switch LSW1
Interface Van 1
IP address 192.168.1.3 255.255.255.0//Huawei Default interface cannot configure IP addresses and can only be configured to virtual ports
#配置web服务器的ip地址, and Client2 's IP address
IP address 192.168.1.1 255.255.255.0
Configuration on the gateway 192.168.1.254//Client2
IP address 192.168.1.2 255.255.255.0
IP address of the gateway 192.168.1.254//web Server
# All IP addresses are complete
# Next Configure Pat address translation on the gateway device AR3 so that the intranet can sisu the network
# ACL 2000
Rule 5 Permit Source 192.168.1.0 0.0.0.255//create ACL, address pool allowed for conversion
Interface g0/0/0
Nat Outbund 2000
#再到网关设备上配置去往 default route for 100.1.2.0 network segments
IP route 0.0.0.0 0.0.0.0 100.1.1.2//NAT conversion, go out of the first Anza by the side, and then look at the NAT table, back when the exact opposite
# Use the command display NAT session all test as shown in
#以示说明nat已经将内网地址转化
# Next Configure static NAT, publish intranet Web server
Interface G 0/0/0
NAT server Protocol TCP global current-interface 8080 inside 192.168.1.2 80
Validation and testing, input from the extranet client:
http://100.1.1.1:8080 test: as shown
# Next Configure the switch Telnet feature
# user-interface Vty 0 4
Set Authentication password Simple/cipher 123//simple: Clear text, cipher: Dark text
Protocol Inbound Telnet//Turn on switch telnet function, default is off, the router is open by default
User Privilege level 15//maximum of 15
#在网关设备上远程登录LSW1, as shown in
Telnet 192.168.1.3
#以示说明已经成功
Summary: In fact, the most used in reality is, Pat's dynamic address translation, and static NAT intranet server publishing (that is, port mapping), the other should not be used more
Note: I have a question is, Huawei's switch, I do port mapping on the gateway device, but, from the external network can not remotely manage the intranet switch, but Cisco may, if someone knows the answer, please leave a message below thank you:
_______________________________________________________________________________________________________________ ________________________________________ End
Huawei Pat address translation, and intranet Web server publishing