热门标签
热门文章
- 1java商城答辩_毕业答辩-基于Java的网上购物商城的设计与实现.ppt
- 2边缘计算平台原理、关键功能以及技术优势_边缘端可实现哪些功能
- 3阿里云学习笔记_阿里云 个人学习
- 4【 Spark编程基础 】实验1_spark实验一
- 5这是我裸辞接单第一个月的收入
- 6《十堂课学习 Flink》第九章:Flink Stream 的实战案例一:CPU 平均使用率监控告警案例_flink内存cpu任务监控告警
- 7损失次数模型-负二项分布_负二项分布的概率密度函数
- 8怪物猎人物语游戏加载慢、卡加载解决方法一览
- 9图纸识别自动生成BOM清单的方法_图纸的ai自动识别、分析拆解
- 10Ubuntu介绍、与centos的区别、基于VMware安装Ubuntu Server 22.04、配置远程连接、安装jdk+Tomcat_centos ubuntu
当前位置: article > 正文
ENSP华为路由器出口NAT实验_ensp实操题 ar1220配置nat
作者:空白诗007 | 2024-07-01 02:54:53
赞
踩
ensp实操题 ar1220配置nat
1:实验需求
公司拥有多个部门且位于不同网段,各部门均有访问Internet的需求。现要求用户通过二层交换机和路由器访问外部网络,且要求路由器作为用户的网关。
我们按照图示的IP地址进行配置,最终的结果是PC1和PC2可以ping通公网地址192.169.1.2.
2:网络拓补图
这里多说一句哈,华为的ENSP模拟器有的路由器NAT配置了不生效,我在这里使用的是AR1220系列。
3:实验过程
CORE
- <Huawei>sy
- Enter system view, return user view with Ctrl+Z.
- [Huawei]undo info-center enable
- Info: Information center is disabled.
- [Huawei]sysname CORE
- [CORE]vlan batch 2 3 100 //创建vlan 2 3 100备用
- Info: This operation may take a few seconds. Please wait for a moment...done.
-
- [CORE]dhcp enable //全局使能DHCP
- Info: The operation may take a few seconds. Please wait for a moment.done.
-
- [CORE]interface Vlanif 2 //进入vlanif接口配置IP,DHCP的方式是基于接口
- [CORE-Vlanif2]ip address 192.168.2.254 24
- [CORE-Vlanif2]dhcp select interface
- [CORE-Vlanif2]quit
-
- [CORE]interface Vlanif 3
- [CORE-Vlanif3]ip add 192.168.3.254 24
- [CORE-Vlanif3]dhcp select interface
- [CORE-Vlanif3]quit
-
- [CORE]interface Vlanif 100
- [CORE-Vlanif100]ip add 192.168.100.2 24
- [CORE-Vlanif100]quit
-
- [CORE]interface GigabitEthernet 0/0/1 //设置终端链路类型access
- [CORE-GigabitEthernet0/0/1]port link-type access
- [CORE-GigabitEthernet0/0/1]port default vlan 2
- [CORE-GigabitEthernet0/0/1]quit
-
- [CORE]interface GigabitEthernet 0/0/2
- [CORE-GigabitEthernet0/0/2]port link-type access
- [CORE-GigabitEthernet0/0/2]port default vlan 3
- [CORE-GigabitEthernet0/0/2]quit
-
- [CORE]interface GigabitEthernet 0/0/3 //设置链路终端类型,设置为access,路由器才能识别,或者trunk端口设置PVID。
- [CORE-GigabitEthernet0/0/3]port link-type access
- [CORE-GigabitEthernet0/0/3]port default vlan 100
- [CORE-GigabitEthernet0/0/3]quit
-
- [CORE]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1 //写一条默认路由,下一跳地址是对端的路由器
-
ROUTER
- <Huawei>sy
- <Huawei>system-view
- Enter system view, return user view with Ctrl+Z.
- [Huawei]undo info-center enable
- Info: Information center is disabled.
- [Huawei]sysname ROUter
-
- [ROUter]interface GigabitEthernet 0/0/1 //我们配置内网的IP接口
- [ROUter-GigabitEthernet0/0/1]ip add 192.168.100.1 24
- [ROUter-GigabitEthernet0/0/1]quit
-
- [ROUter]ip route-static 192.168.0.0 16 192.168.100.2 //我们配置到内网的回程路由,即192.168.X.X均可以匹配
- [ROUter]ip route-static 0.0.0.0 0.0.0.0 192.169.1.2 //设置一条默认路由去公网
-
- [ROUter]interface GigabitEthernet 0/0/0 //配置公网的IP地址
- [ROUter-GigabitEthernet0/0/0]ip address 192.169.1.1 24
- [ROUter-GigabitEthernet0/0/0]quit
-
- [ROUter]acl 2000 //建基本ACL2000
- [ROUter-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255 //允许192.168.X.X的网段
- [ROUter-acl-basic-2000]quit
-
- [ROUter]interface GigabitEthernet 0/0/0 //进入外网接口,调用acl2000
- [ROUter-GigabitEthernet0/0/0]nat outbound 2000 //nat引用
- [ROUter-GigabitEthernet0/0/0]quit
-
-
- [ROUter]display nat session all //这里我们可以看到NAT会话
- NAT Session Table Information:
-
- Protocol : ICMP(1)
- SrcAddr Vpn : 192.168.2.253
- DestAddr Vpn : 192.169.1.2
- Type Code IcmpId : 0 8 890
- NAT-Info
- New SrcAddr : 192.169.1.1
- New DestAddr : ----
- New IcmpId : 10259
-
- Protocol : ICMP(1)
- SrcAddr Vpn : 192.168.2.253
- DestAddr Vpn : 192.169.1.2
- Type Code IcmpId : 0 8 888
- NAT-Info
- New SrcAddr : 192.169.1.1
- New DestAddr : ----
- New IcmpId : 10257
-
- Protocol : ICMP(1)
- SrcAddr Vpn : 192.168.2.253
- DestAddr Vpn : 192.169.1.2
- Type Code IcmpId : 0 8 889
- NAT-Info
- New SrcAddr : 192.169.1.1
- New DestAddr : ----
- New IcmpId : 10258
-
- Protocol : ICMP(1)
- SrcAddr Vpn : 192.168.2.253
- DestAddr Vpn : 192.169.1.2
- Type Code IcmpId : 0 8 887
- NAT-Info
- New SrcAddr : 192.169.1.1
- New DestAddr : ----
- New IcmpId : 10256
-
- Protocol : ICMP(1)
- SrcAddr Vpn : 192.168.2.253
- DestAddr Vpn : 192.169.1.2
- Type Code IcmpId : 0 8 886
- NAT-Info
- New SrcAddr : 192.169.1.1
- New DestAddr : ----
- New IcmpId : 10255
公网路由器
- <Huawei>sy
- <Huawei>system-view //我们给它设置一个测试用的IP地址
- [Huawei]interface GigabitEthernet 0/0/0
- [Huawei-GigabitEthernet0/0/0]ip add 192.169.1.2 24
- [Huawei-GigabitEthernet0/0/0]quit
- [Huawei]ping 192.169.1.1 //测试和公司公网IP的连通性
- PING 192.169.1.1: 56 data bytes, press CTRL_C to break
- Reply from 192.169.1.1: bytes=56 Sequence=1 ttl=255 time=90 ms
- Reply from 192.169.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
- Reply from 192.169.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
- Reply from 192.169.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
- Reply from 192.169.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
-
- --- 192.169.1.1 ping statistics ---
- 5 packet(s) transmitted
- 5 packet(s) received
- 0.00% packet loss
- round-trip min/avg/max = 20/38/90 ms
-
- [Huawei]
测试
我们使用PC1和PC2分别ping公网地址,如下图所示
会话信息
超简单啊,有木有~
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/空白诗007/article/detail/774844
推荐阅读
相关标签
