×

华为NAT地址转换(静态、动态)及端口映射

hqy hqy 发表于2020-07-08 10:43:30 浏览2019 评论0

抢沙发发表评论

华为静态、动态地址转换及端口映射

1、静态NAT地址转换

eNSP中拓扑:


sw1配置

<Huawei>sys

[Huawei]sysname SW1

[SW1]vlan batch 10 20 30 40

Info: This operation may take a few seconds. Please wait for a moment...done.

[SW1]int vlanif10

[SW1-Vlanif10]ip add 192.168.10.1 24

[SW1-Vlanif10]int vlanif20

[SW1-Vlanif20]ip add 192.168.20.1 24

[SW1-Vlanif20]int vlanif30

[SW1-Vlanif30]ip add 192.168.30.1 24

[SW1-Vlanif30]int vlanif40

[SW1-Vlanif40]ip add 11.0.0.2 24

[SW1-Vlanif40]q

[SW1]dis ip int b

*down: administratively down

^down: standby

(l): loopback

(s): spoofing

The number of interface that is UP in Physical is 2

The number of interface that is DOWN in Physical is 5

The number of interface that is UP in Protocol is 1

The number of interface that is DOWN in Protocol is 6

Interface                         IP Address/Mask      Physical   Protocol  

MEth0/0/1                         unassigned           down       down      

NULL0                             unassigned           up         up(s)     

Vlanif1                           unassigned           up         down      

Vlanif10                          192.168.10.1/24      down       down      

Vlanif20                          192.168.20.1/24      down       down      

Vlanif30                          192.168.30.1/24      down       down      

Vlanif40                          11.0.0.2/24          down       down 

[SW1]int g0/0/1

[SW1-GigabitEthernet0/0/1]port link-type access 

[SW1-GigabitEthernet0/0/1]port default vlan 10

[SW1-GigabitEthernet0/0/1]int g0/0/2

[SW1-GigabitEthernet0/0/2]port link-type access 

[SW1-GigabitEthernet0/0/2]port default vlan 20

[SW1-GigabitEthernet0/0/2]int g0/0/3

[SW1-GigabitEthernet0/0/3]port link-type access

[SW1-GigabitEthernet0/0/3]port default vlan 30

[SW1-GigabitEthernet0/0/3]int g0/0/4

[SW1-GigabitEthernet0/0/4]port link-type access

[SW1-GigabitEthernet0/0/4]port default vlan 20

[SW1-GigabitEthernet0/0/4]int g0/0/5

[SW1-GigabitEthernet0/0/5]port link-type access

[SW1-GigabitEthernet0/0/5]port default vlan 40

[SW1-GigabitEthernet0/0/5]dis vlan

The total number of vlans is : 5

--------------------------------------------------------------------------------

U: Up;         D: Down;         TG: Tagged;         UT: Untagged;

MP: Vlan-mapping;               ST: Vlan-stacking;

#: ProtocolTransparent-vlan;    *: Management-vlan;

--------------------------------------------------------------------------------

VID  Type    Ports                                                          

--------------------------------------------------------------------------------

1    common  UT:GE0/0/6(D)      GE0/0/7(D)      GE0/0/8(D)      GE0/0/9(D)      

                GE0/0/10(D)     GE0/0/11(D)     GE0/0/12(D)     GE0/0/13(D)     

                GE0/0/14(D)     GE0/0/15(D)     GE0/0/16(D)     GE0/0/17(D)     

                GE0/0/18(D)     GE0/0/19(D)     GE0/0/20(D)     GE0/0/21(D)     

                GE0/0/22(D)     GE0/0/23(D)     GE0/0/24(D)                     

10   common  UT:GE0/0/1(U)                                                      

20   common  UT:GE0/0/2(U)      GE0/0/4(U)                                      

30   common  UT:GE0/0/3(U)                                                      

40   common  UT:GE0/0/5(U)                                                      


VID  Status  Property      MAC-LRN Statistics Description      

--------------------------------------------------------------------------------

1    enable  default       enable  disable    VLAN 0001                         

10   enable  default       enable  disable    VLAN 0010                         

20   enable  default       enable  disable    VLAN 0020                         

30   enable  default       enable  disable    VLAN 0030                         

40   enable  default       enable  disable    VLAN 0040                         

[SW1-GigabitEthernet0/0/5]q

[SW1]dis ip int b

*down: administratively down

^down: standby

(l): loopback

(s): spoofing

The number of interface that is UP in Physical is 5

The number of interface that is DOWN in Physical is 2

The number of interface that is UP in Protocol is 5

The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol  

MEth0/0/1                         unassigned           down       down      

NULL0                             unassigned           up         up(s)     

Vlanif1                           unassigned           down       down      

Vlanif10                          192.168.10.1/24      up         up        

Vlanif20                          192.168.20.1/24      up         up        

Vlanif30                          192.168.30.1/24      up         up        

Vlanif40                          11.0.0.2/24          up         up 

//此时端口全部配置结束并开启

[SW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1


R1配置

<Huawei>sys

[Huawei]sysname R1

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24

[R1-GigabitEthernet0/0/0]un sh 

Info: Interface GigabitEthernet0/0/0 is not shutdown.

[R1-GigabitEthernet0/0/0]q

[R1]ping 11.0.0.2

  PING 11.0.0.2: 56  data bytes, press CTRL_C to break

    Reply from 11.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms

    Reply from 11.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms

    Reply from 11.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms

    Reply from 11.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms

    Reply from 11.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 11.0.0.2 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 20/28/50 ms

[R1]int g0/0/01

[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24

[R1-GigabitEthernet0/0/1]un sh

Info: Interface GigabitEthernet0/0/1 is not shutdown.

[R1-GigabitEthernet0/0/1]nat static enable

[R1-GigabitEthernet0/0/1]q

[R1]nat static global 8.8.8.8 inside 192.168.10.10

[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2

[R1]ip route-static 192.168.10.0 24 11.0.0.2

[R1]ip route-static 192.168.20.0 24 11.0.0.2

[R1]ip route-static 192.168.30.0 24 11.0.0.2

————————————————



R2配置

<Huawei>sys

[Huawei]sysname R2

[R2]int g0/0/0

[R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24

[R2-GigabitEthernet0/0/0]un sh 

Info: Interface GigabitEthernet0/0/0 is not shutdown.

[R2-GigabitEthernet0/0/0]ping 12.0.0.1

  PING 12.0.0.1: 56  data bytes, press CTRL_C to break

    Reply from 12.0.0.1: bytes=56 Sequence=1 ttl=255 time=110 ms

    Reply from 12.0.0.1: bytes=56 Sequence=2 ttl=255 time=30 ms

    Reply from 12.0.0.1: bytes=56 Sequence=3 ttl=255 time=20 ms

    Reply from 12.0.0.1: bytes=56 Sequence=4 ttl=255 time=20 ms

    Reply from 12.0.0.1: bytes=56 Sequence=5 ttl=255 time=10 ms

  --- 12.0.0.1 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 10/38/110 ms

[R2-GigabitEthernet0/0/0]q

[R2]int loopBack0

[R2-LoopBack0]ip add 114.114.114.114 32

[R2-LoopBack0]q

[R2]ip route-static 8.8.8.8 32 12.0.0.1


验证:在PC4中ping:114.114.114.114

PC>ping 114.114.114.114

Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break

From 114.114.114.114: bytes=32 seq=1 ttl=253 time=47 ms

From 114.114.114.114: bytes=32 seq=2 ttl=253 time=31 ms

From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms

From 114.114.114.114: bytes=32 seq=4 ttl=253 time=31 ms

From 114.114.114.114: bytes=32 seq=5 ttl=253 time=47 ms

--- 114.114.114.114 ping statistics ---

  5 packet(s) transmitted

  5 packet(s) received

  0.00% packet loss

  round-trip min/avg/max = 31/40/47 ms

  


动态NAT转换

R1配置:在这里插入代码片

[R1]nat address-group 1 212.0.0.100 212.0.0.200

[R1]acl 2000

[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255

[R1-acl-basic-2000]rule permit source 11.0.0.0 0.0.0.255

[R1-acl-basic-2000]int g0/0/1

[R1-GigabitEthernet0/0/1]dis this

[V200R003C00]

#

interface GigabitEthernet0/0/1

 ip address 12.0.0.1 255.255.255.0 

 nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255

#

return

[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat

[R1-GigabitEthernet0/0/1]q


R2配置

[R2]ip route-static 212.0.0.0 24 12.0.0.1


在PC2中ping:114.114.114.114:

PC>ping 114.114.114.11

Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break

From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms

From 114.114.114.114: bytes=32 seq=2 ttl=253 time=47 ms

From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms

From 114.114.114.114: bytes=32 seq=4 ttl=253 time=47 ms

From 114.114.114.114: bytes=32 seq=5 ttl=253 time=62 ms

--- 114.114.114.114 ping statistics ---

  5 packet(s) transmitted

  5 packet(s) received

  0.00% packet loss

  round-trip min/avg/max = 31/46/62 ms



Easyip多个私网IP地址对应外网口公网IP地址(12.0.0.1)

R1 的配置

[R1]acl 3000

[R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255

[R1-acl-adv-3000]q

[R1]int g0/0/1

[R1-GigabitEthernet0/0/1]dis this

[V200R003C00]

#

interface GigabitEthernet0/0/1

 ip address 12.0.0.1 255.255.255.0 

 nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255

 nat outbound 2000 address-group 1 no-pat

#

return

[R1-GigabitEthernet0/0/1]nat outbound 3000



在PC3中ping:114.114.114.114:

PC>ping 114.114.114.114

Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break

From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms

From 114.114.114.114: bytes=32 seq=2 ttl=253 time=78 ms

From 114.114.114.114: bytes=32 seq=3 ttl=253 time=31 ms

From 114.114.114.114: bytes=32 seq=4 ttl=253 time=16 ms

From 114.114.114.114: bytes=32 seq=5 ttl=253 time=31 ms

--- 114.114.114.114 ping statistics ---

  5 packet(s) transmitted

  5 packet(s) received

  0.00% packet loss

  round-trip min/avg/max = 16/37/78 ms



打赏

本文链接:https://www.kinber.cn/post/1426.html 转载需授权!

分享到:


推荐本站淘宝优惠价购买喜欢的宝贝:

image.png

 您阅读本篇文章共花了: 

群贤毕至

访客