华为NAT地址转换(静态、动态)及端口映射
2024-04-26 13:55:15
华为静态、动态地址转换及端口映射
1、静态NAT地址转换
eNSP中拓扑:
sw1配置
<Huawei>sys
[Huawei]sysname SW1
[SW1]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int vlanif10
[SW1-Vlanif10]ip add 192.168.10.1 24
[SW1-Vlanif10]int vlanif20
[SW1-Vlanif20]ip add 192.168.20.1 24
[SW1-Vlanif20]int vlanif30
[SW1-Vlanif30]ip add 192.168.30.1 24
[SW1-Vlanif30]int vlanif40
[SW1-Vlanif40]ip add 11.0.0.2 24
[SW1-Vlanif40]q
[SW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 5
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 6
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.10.1/24 down down
Vlanif20 192.168.20.1/24 down down
Vlanif30 192.168.30.1/24 down down
Vlanif40 11.0.0.2/24 down down
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 30
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 20
[SW1-GigabitEthernet0/0/4]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5]port default vlan 40
[SW1-GigabitEthernet0/0/5]dis vlan
The total number of vlans is : 5
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common UT:GE0/0/1(U)
20 common UT:GE0/0/2(U) GE0/0/4(U)
30 common UT:GE0/0/3(U)
40 common UT:GE0/0/5(U) VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
40 enable default enable disable VLAN 0040
[SW1-GigabitEthernet0/0/5]q
[SW1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned down down
Vlanif10 192.168.10.1/24 up up
Vlanif20 192.168.20.1/24 up up
Vlanif30 192.168.30.1/24 up up
Vlanif40 11.0.0.2/24 up up
//此时端口全部配置结束并开启
[SW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1R1配置
<Huawei>sys
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
[R1-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/0]q
[R1]ping 11.0.0.2PING 11.0.0.2: 56 data bytes, press CTRL_C to breakReply from 11.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 msReply from 11.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 msReply from 11.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 msReply from 11.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 msReply from 11.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms--- 11.0.0.2 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 20/28/50 ms
[R1]int g0/0/01
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[R1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R1-GigabitEthernet0/0/1]nat static enable
[R1-GigabitEthernet0/0/1]q
[R1]nat static global 8.8.8.8 inside 192.168.10.10
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
[R1]ip route-static 192.168.10.0 24 11.0.0.2
[R1]ip route-static 192.168.20.0 24 11.0.0.2
[R1]ip route-static 192.168.30.0 24 11.0.0.2
————————————————R2配置
<Huawei>sys
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[R2-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R2-GigabitEthernet0/0/0]ping 12.0.0.1PING 12.0.0.1: 56 data bytes, press CTRL_C to breakReply from 12.0.0.1: bytes=56 Sequence=1 ttl=255 time=110 msReply from 12.0.0.1: bytes=56 Sequence=2 ttl=255 time=30 msReply from 12.0.0.1: bytes=56 Sequence=3 ttl=255 time=20 msReply from 12.0.0.1: bytes=56 Sequence=4 ttl=255 time=20 msReply from 12.0.0.1: bytes=56 Sequence=5 ttl=255 time=10 ms--- 12.0.0.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 10/38/110 ms
[R2-GigabitEthernet0/0/0]q
[R2]int loopBack0
[R2-LoopBack0]ip add 114.114.114.114 32
[R2-LoopBack0]q
[R2]ip route-static 8.8.8.8 32 12.0.0.1
验证:在PC4中ping:114.114.114.114
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=47 ms
--- 114.114.114.114 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 31/40/47 ms动态NAT转换
R1配置:在这里插入代码片
[R1]nat address-group 1 212.0.0.100 212.0.0.200
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[R1-acl-basic-2000]rule permit source 11.0.0.0 0.0.0.255
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/1ip address 12.0.0.1 255.255.255.0 nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255
#
return
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
[R1-GigabitEthernet0/0/1]qR2配置
[R2]ip route-static 212.0.0.0 24 12.0.0.1
在PC2中ping:114.114.114.114:
PC>ping 114.114.114.11
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=47 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=62 ms
--- 114.114.114.114 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 31/46/62 msEasyip多个私网IP地址对应外网口公网IP地址(12.0.0.1)
R1 的配置
[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/1ip address 12.0.0.1 255.255.255.0 nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255nat outbound 2000 address-group 1 no-pat
#
return
[R1-GigabitEthernet0/0/1]nat outbound 3000在PC3中ping:114.114.114.114:
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=2 ttl=253 time=78 ms
From 114.114.114.114: bytes=32 seq=3 ttl=253 time=31 ms
From 114.114.114.114: bytes=32 seq=4 ttl=253 time=16 ms
From 114.114.114.114: bytes=32 seq=5 ttl=253 time=31 ms
--- 114.114.114.114 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 16/37/78 ms华为NAT地址转换(静态、动态)及端口映射相关推荐
- 理论+实操 :华为NAT地址转换
前言: nat地址转换可以让私有地址转换成公网地址,解决上网问题 华为的三层交换机内不可以配ip地址,需要配vlanif 在企业当中,数据流量业务比较多时,用好一点的路由器 多个私网地址对应外网口ip ...
- 华为NAT地址转换配置
禁止转载 一. 静态NAT地址转换 1.[Huawei]ip route-static 0.0.0.0 0.0.0.0 202.19.18.2 //写默认路由 2.[Huawei-GigabitEth ...
- linux如何实现端口复用nat,NAT地址转换和端口复用PAT
什么是端口复用动态地址转换(PAT) 介绍配置实例 端口多路复用(Port address Translation,PAT)是指改变外出数据包的源端口并进行端口转 换,即端口地址转换(PAT,Port ...
- 华为eNSP防火墙NAT地址转换之NAT-NOPAT
防火墙NAT地址转换 NAT-NOPAT(一对一) NAT No-PAT 只转换报文的IP 地址,不转换端口,需要上网的私网用户数量省,公网IP地址数量与同时上网的最大私网用户数量基本相同,在NAT ...
- 动态NAT地址转换配置实验(中兴)
动态NAT地址转换配置实验 一.实验目的 二.实验内容 三.实验流程 四.查看和验证 五.实验总结 一.实验目的 1.掌握中兴动态NAT技术的基本原理和作用,及其数据的转发过程: 2.掌握动态NAT技 ...
- 华为防火墙nat地址转换实现可以访问互联网
如下拓扑图: 首先,我们设置云如下,让他与本机互通 我们开始配置 首先初始化防火墙:第一次登录的时候会让你修改密码,默认的账号为admin密码:Admin@123 输入账号密码后选择Y然后修改密码 设 ...
- 华为pat地址转换,以及内网web服务器发布
实验名称:华为pat地址转换,以及内网web服务器发布 实验拓扑图: 3. 实验目的 : 1.使内网通过pat转化出去上外网 2.使用静态pat做端口映射,发布web服务器 3.配置交换机远程登录 4 ...
- NAT地址转换(又称为网络地址转换,用于实现私有网络和共有网络之间的互相访问)
目录 地址类型 NAT地址转换工作过程: NAT的好处: 静态NAT: NAT配置命令 动态nat配置: ACL: 应用规则 地址类型 私有地址和公有地址: 公有网络地址(以下简称公网地址)是指在互联 ...
- ccna设备的NAT地址转换
NAT NAT设备将地址分成本地和全局 本地地址是内部世界的设备所能看到的地址. 全局地址是外部世界的设备所能看到的地址. 内部本地地址(IL) 分配给内部设备的地址.这些地址不能被通告给外部网络 ...
最新文章
- 为取消大小周而欢呼?字节员工可不那么想...
- dataframe获取指定列
- CompletableFuture API用法介绍(二)
- java plt_matplotlib 画动态图以及plt.ion()和plt.ioff()的使用详解
- javascript file cached in server side
- linux笔记-硬链接和符号链接
- 梯度下降法快速教程 | 第三章:学习率衰减因子(decay)的原理与Python实现
- 1011.log4cplus移植记录
- 孤荷凌寒自学python第八十天开始写Python的第一个爬虫10
- AD2016 交互式网表 InteractiveHtmlBomForAD插件安装教程
- matlab编运行的程序吗,matlab2020怎么运行-matlab运行程序的方法步骤
- 小米手环6NFc支持Android,小米手环6支持nfc吗 小米手环6有没有nfc功能
- SaaS到底是什么?如何做?
- Udacity机器学习入门笔记——数据集与问题
- 5分绩点转4分_gpa5分制换算4分制(5分绩点转4分)
- python和易语言哪个容易胖_碳水化合物和脂肪哪个更容易让身体发胖?
- linux驱动之字符设备
- PaddleClas预训练模型ResNet50_vd_ssld精度突破84%
- 一文弄懂量化交易 怎样躺着赚钱?
- C# 各类文件扩展名