热门标签
热门文章
- 1Unrecognized SSL message, plaintext connection?https请求遇到异常分析_unrecognized ssl messgae
- 2WebStorm 超好用的10款插件,效率提升了好多!_webstorm插件推荐
- 3基于Atlas200 DK开发板,Ascend310芯片的嵌入式系统:模拟温度检测系统_atlas200 dk与stm32通信
- 4高中英语复杂语句分析_高中英语复杂句分析
- 5JAVA开发环境安装配置(JDK安装)_配置开发环境javajdk的配置头歌
- 6javamail写邮件/邮箱验证报错javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection_unrecognized ssl message, plaintext connection?; n
- 7常用加密算法go实现_golang sm3
- 8vmware(大数据)虚拟机网络配置(学不会打死我)_配置vmware虚拟机
- 9将 max 或 min 或 0-1 判断条件转为线性表达式_min线性化
- 10机器学习:(PCA)主成分分析法及应用(spss)_spss主成分分析
当前位置: article > 正文
华为NAT基本配置_华为nat配置
作者:weixin_40725706 | 2024-06-02 12:12:46
赞
踩
华为nat配置
client1:192.168.1.1 gw:192.168.1.254
client2:192.168.1.2 gw:192.168.1.254
私有地址:
(1)a: 10.0.0.0 ~ 10.255.255.255/8
(2)b: 172.16.0.0 ~ 172.32.255.255/12
(3)c: 192.168.0.0 ~ 192.168.255.255/16
NAT的类型:
(1)静态NAT:一对一,内部本地地址—>内部全局地址
(2)动态NAT:在地址池选一个空闲的地址进行转换,先到先得
(3)端口复用NAPT:192.168.1.1-->100.1.1.0:2048
192.168.1.2-->100.0.0.0:2059
192.168.1.3-->100.0.0.0:2050
(4)easy ip:类似于NAPT,但没有地址池,都可以通过
AR1
- <Huawei>sys
- Enter system view, return user view with Ctrl+Z.
- [Huawei]sys AR1
- [AR1]int g0/0/1
- [AR1-GigabitEthernet0/0/1]ip add 192.168.1.254 24
- [AR1-GigabitEthernet0/0/1]int g0/0/0
- [AR1-GigabitEthernet0/0/0]ip add 10.1.11.1 24
- [AR1-GigabitEthernet0/0/0]q
- [AR1]ospf router-id 2.2.2.2
- [AR1-ospf-1]area 0
- [AR1-ospf-1-area-0.0.0.0]net 192.168.1.0 0.0.0.255
- [AR1-ospf-1-area-0.0.0.0]net 10.1.11.0 0.0.0.255
- [AR1-ospf-1-area-0.0.0.0]net 2.2.2.2 0.0.0.0
- [AR1-ospf-1-area-0.0.0.0]q
FW1
- 配置ip
- [FW1]int g1/0/1
- [FW1-GigabitEthernet1/0/1]di th
- ip address 10.1.11.2 255.255.255.0
- [FW1-GigabitEthernet1/0/1]int g1/0/0
- [FW1-GigabitEthernet1/0/0]dis th
- ip address 102.1.1.1 255.255.255.0
- 将两个端口分别加入trust和untrust
- [FW1]firewall zone trust
- [FW1-zone-trust]dis th
- firewall zone trust
- set priority 85
- add interface GigabitEthernet0/0/0
- add interface GigabitEthernet1/0/1
- [FW1-zone-trust]firewall zone untrust
- [FW1-zone-untrust]dis th
- firewall zone untrust
- set priority 5
- add interface GigabitEthernet1/0/0
-
-
- 配置安全策略
- [FW1]security-policy
- [FW1-policy-security]rule name trust_untrust
- [FW1-policy-security-rule-trust_untrust]dis th
- #
- rule name trust_untrust
- source-zone trust
- destination-zone untrust
- destination-address 8.8.8.1 0.0.0.0
- action permit
- #
- 配置动态路由
- [FW1]ospf router-id 1.1.1.1
- [FW1-ospf-1]dis th
- #
- ospf 1 router-id 1.1.1.1
- area 0.0.0.0
- network 1.1.1.1 0.0.0.0
- network 10.1.11.0 0.0.0.255
- network 102.1.1.0 0.0.0.255
- #
- [FW1-ospf-1]default-route-advertise always
- [FW1]nat address-group trust_untrust
- [FW1-address-group-trust_untrust]dis th
- #
- nat address-group trust_untrust 0
- mode pat
-
- [FW1-address-group-trust_untrust]section 100.1.1.1 100.1.1.6
- [FW1-address-group-trust_untrust]q
-
- [FW1]nat-policy
- [FW1-policy-nat]rule name trust_untrust
- [FW1-policy-nat-rule-trust_untrust]source-zone trust
- [FW1-policy-nat-rule-trust_untrust]destination-zone untrust
- [FW1-policy-nat-rule-trust_untrust]source-address 192.168.1.0 24
- [FW1-policy-nat-rule-trust_untrust]action source-nat easy-ip
- [FW1-policy-nat-rule-trust_untrust]dis th
-
- #
- rule name trust_untrust
- source-zone trust
- destination-zone untrust
- source-address 192.168.1.0 mask 255.255.255.0
- action source-nat easy-ip
- #
- return
-
-
-
-
-
AR2
- <Huawei>sys
- [Huawei]sys AR2
- [AR2]undo info-center enable
- [AR2]int g0/0/0
- [AR2-GigabitEthernet0/0/0]ip add 102.1.1.2 24
- [AR2-GigabitEthernet0/0/0]int g0/0/1
- [AR2-GigabitEthernet0/0/1]ip add 8.8.8.254 24
- [AR2-GigabitEthernet0/0/1]q
- 配置动态路由
- [AR2]ospf router-id 3.3.3.3
- [AR2-ospf-1]area 0
- [AR2-ospf-1-area-0.0.0.0]net 102.1.1.0 0.0.0.255
- [AR2-ospf-1-area-0.0.0.0]net 8.8.8.0 0.0.0.255
- [AR2-ospf-1-area-0.0.0.0]net 3.3.3.3 0.0.0.0
- [AR2-ospf-1-area-0.0.0.0]q
-
- 配置静态路由
- [AR2]ip route-static 100.1.1.1 32 102.1.1.1
最后加入测试阶段:
client1 ping server1
client2 ping server1
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/weixin_40725706/article/detail/662674
推荐阅读
相关标签
