华为静态、动态地址转换及端口映射
1、静态NAT地址转换
eNSP中拓扑:
sw1配置
<Huawei>sys
[Huawei]sysname SW1
[SW1]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int vlanif10
[SW1-Vlanif10]ip add 192.168.10.1 24
[SW1-Vlanif10]int vlanif20
[SW1-Vlanif20]ip add 192.168.20.1 24
[SW1-Vlanif20]int vlanif30
[SW1-Vlanif30]ip add 192.168.30.1 24
[SW1-Vlanif30]int vlanif40
[SW1-Vlanif40]ip add 11.0.0.2 24
[SW1-Vlanif40]q
[SW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 5
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 6
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.10.1/24 down down
Vlanif20 192.168.20.1/24 down down
Vlanif30 192.168.30.1/24 down down
Vlanif40 11.0.0.2/24 down down
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 30
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 20
[SW1-GigabitEthernet0/0/4]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5]port default vlan 40
[SW1-GigabitEthernet0/0/5]dis vlan
The total number of vlans is : 5
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D)
GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D)
GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D)
GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D)
GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common UT:GE0/0/1(U)
20 common UT:GE0/0/2(U) GE0/0/4(U)
30 common UT:GE0/0/3(U)
40 common UT:GE0/0/5(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
40 enable default enable disable VLAN 0040
[SW1-GigabitEthernet0/0/5]q
[SW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned down down
Vlanif10 192.168.10.1/24 up up
Vlanif20 192.168.20.1/24 up up
Vlanif30 192.168.30.1/24 up up
Vlanif40 11.0.0.2/24 up up
//此时端口全部配置结束并开启
[SW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1
R1配置
<Huawei>sys
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
[R1-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/0]q
[R1]ping 11.0.0.2
PING 11.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 11.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 11.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 11.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 11.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 11.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 11.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/50 ms
[R1]int g0/0/01
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[R1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R1-GigabitEthernet0/0/1]nat static enable
[R1-GigabitEthernet0/0/1]q
[R1]nat static global 8.8.8.8 inside 192.168.10.10
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
[R1]ip route-static 192.168.10.0 24 11.0.0.2
[R1]ip route-static 192.168.20.0 24 11.0.0.2
[R1]ip route-static 192.168.30.0 24 11.0.0.2
————————————————
R2配置
<Huawei>sys
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[R2-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R2-GigabitEthernet0/0/0]ping 12.0.0.1
PING 12.0.0.1: 56 data bytes, press CTRL_C to break
Reply from 12.0.0.1: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 12.0.0.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 12.0.0.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 12.0.0.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 12.0.0.1: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 12.0.0.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/38/110 ms
[R2-GigabitEthernet0/0/0]q
[R2]int loopBack0
[R2-LoopBack0]ip add 114.114.114.114 32
[R2-LoopBack0]q
[R2]ip route-static 8.8.8.8 32 12.0.0.1
验证:在PC4中ping:114.114.114.114
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=47 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/40/47 ms
动态NAT转换
R1配置:在这里插入代码片
[R1]nat address-group 1 212.0.0.100 212.0.0.200
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[R1-acl-basic-2000]rule permit source 11.0.0.0 0.0.0.255
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 12.0.0.1 255.255.255.0
nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255
#
return
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
[R1-GigabitEthernet0/0/1]q
R2配置
[R2]ip route-static 212.0.0.0 24 12.0.0.1
在PC2中ping:114.114.114.114:
PC>ping 114.114.114.11
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=62 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/46/62 ms
Easyip多个私网IP地址对应外网口公网IP地址(12.0.0.1)
R1 的配置
[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 12.0.0.1 255.255.255.0
nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255
nat outbound 2000 address-group 1 no-pat
#
return
[R1-GigabitEthernet0/0/1]nat outbound 3000
在PC3中ping:114.114.114.114:
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=78 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=16 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=31 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/37/78 ms
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/1426.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
休息一下~~