华为路由器配置NAT、NAPT
来源:原创
时间:2024-04-19
作者:脚本小站
分类:网络
NAPT的配置
AR1:实验环境中路由器不要选“Router”这个路由器,这里选的是AR1200。
# 为端口配置上地址 interface GigabitEthernet0/0/0 ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 12.2.2.1 255.255.255.0 nat outbound 2000 address-group 1 # 默认路由 [Huawei]ip route-static 0.0.0.0 0.0.0.0 12.2.2.254 # nat规则,地址池中拿出一个作为出口,其他地址作为上网的地址池 [Huawei]nat address-group 1 12.2.2.2 12.2.2.3 [Huawei]acl 2000 [Huawei-acl-basic-2000]rule 5 permit source 192.168.0.0 0.0.0.255 # 有几个网段加几条规则,5、6、7...递增即可。 [Huawei-acl-basic-2000]rule 10 deny [Huawei]interface GigabitEthernet 0/0/1 [Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 [Huawei]display nat static
AR2:AR2不用配置路由。
interface GigabitEthernet0/0/0 ip address 12.2.2.254 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 20.1.2.1 255.255.255.0
如图:加上nat规则之后从192.168.0.3 ping 20.1.2.3 就可以通了。
静态NAT的配置
AR1:
方法一: [Huawei]interface GigabitEthernet 0/0/1 [Huawei-GigabitEthernet0/0/1]nat static global 12.2.2.2 inside 192.168.0.3 [Huawei-GigabitEthernet0/0/1]nat static global 12.2.2.3 inside 192.168.0.4 方法二: [Huawei]nat static global 12.2.2.2 inside 192.168.0.3 [Huawei]nat static global 12.2.2.3 inside 192.168.0.4 [Huawei]interface GigabitEthernet 0/0/1 [Huawei-GigabitEthernet0/0/1]nat static enable 删除: [Huawei]undo interface GigabitEthernet 0/0/1 [Huawei-GigabitEthernet0/0/1]undo nat static global 12.2.2.2 inside 192.168.0.3 [Huawei-GigabitEthernet0/0/1]undo nat static global 12.2.2.3 inside 192.168.0.4 [Huawei]undo nat static global 12.2.2.2 inside 192.168.0.3 [Huawei]undo nat static global 12.2.2.3 inside 192.168.0.4 [Huawei]interface GigabitEthernet 0/0/1 [Huawei-GigabitEthernet0/0/1]undo nat static enable [Huawei]display nat static Static Nat Information: Global Nat Static Global IP/Port : 12.2.2.2/---- Inside IP/Port : 192.168.0.3/---- Protocol : ---- VPN instance-name : ---- Acl number : ---- Netmask : 255.255.255.255 Description : ---- Global Nat Static Global IP/Port : 12.2.2.3/---- Inside IP/Port : 192.168.0.4/---- Protocol : ---- VPN instance-name : ---- Acl number : ---- Netmask : 255.255.255.255 Description : ---- Total : 2