概述:
NAT是指网络地址转换,指内网地址访问外网,私网地址访问公网等。
- 静态NAT:内部网络的私有IP地址转换为公有IP地址,IP地址对是一对一的,是一成不变的。
- 动态NAT:内部网络的私有IP地址转换为公用IP地址时,IP地址是不确定的,是随机的,所有被授权访问上Internet的私有IP地址可随机转换为任何指定的合法IP地址。
- Easy ip NAT(基于接口)
实验拓扑图如下:
- R1模拟出口路由器
- ISP模拟运营商
- LSW1此处为空配
- PC1-3为局域网内的电脑
ISP配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysna ISP
[ISP]undo in en
Info: Information center is disabled.
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip ad 181.160.11.200 24
[ISP-GigabitEthernet0/0/0]静态NAT:
R1配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn R1
[R1]undo in en
Info: Information center is disabled.
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip ad 172.16.10.254 24
[R1-GigabitEthernet0/0/0]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip ad 181.160.11.100 24
[R1-GigabitEthernet0/0/1]nat static global 181.160.11.11 inside 172.16.10.11 netmask 255.255.255.255
[R1-GigabitEthernet0/0/0]nat static enable验证
动态NAT:
R1配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysna R1
[R1]undo in en
Info: Information center is disabled.
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip ad 172.16.10.254 24
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip ad 181.160.11.100 24
[R1-GigabitEthernet0/0/0]q
[R1]nat address-group 1 181.160.11.11 181.160.11.21
[R1]acl 2001
[R1-acl-basic-2001]rule 1 permit source 172.16.10.0 0.0.0.255
[R1-acl-basic-2001]rule 2 deny source any
[R1-acl-basic-2001]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2001 address-group 1验证:
Easy ip NAT:
R1配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysna R1
[R1]undo in en
Info: Information center is disabled.
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip ad 172.16.10.254 24
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip ad 181.160.11.100 24
[R1-GigabitEthernet0/0/0]q
[R1]acl 2001
[R1-acl-basic-2001]rule 1 permit source 172.16.10.0 0.0.0.255
[R1-acl-basic-2001]rule 2 deny source any验证
0