No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Dynamic NAT

Example for Configuring Dynamic NAT

Networking Requirements

As shown in Figure 5-17, private network users in Area A and Area B of a company connect to the Internet. The public IP address of GigabitEthernet3/0/0 on the router is 2.2.2.1/24. The IP address of the carrier device connected to the router is 2.2.2.2/24. Users in Area A want to use addresses in the public address pool (2.2.2.100 to 2.2.2.200) to replace IP addresses (192.168.20.0/24) of hosts in Area A in NAT mode to access the Internet. Users in Area B want to use addresses in the public address pool (2.2.2.80 to 2.2.2.83) to replace IP addresses (10.0.0.0/24) of hosts in Area B to access the Internet.

Figure 5-17  Networking diagram for configuring dynamic NAT

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure IP addresses for ports, default route, and outbound NAT on the WAN interface to allow internal hosts to access external networks.

Procedure

  1. Configure an IP address for ports on the router.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] vlan 100 
    [Router-vlan100] quit
    [Router] interface vlanif 100
    [Router-Vlanif100] ip address 192.168.20.1 24 
    [Router-Vlanif100] quit
    [Router] interface ethernet 2/0/0
    [Router-Ethernet2/0/0] port link-type access  
    [Router-Ethernet2/0/0] port default vlan 100 
    [Router-Ethernet2/0/0] quit 
    [Router] vlan 200 
    [Router-vlan200] quit
    [Router] interface vlanif 200
    [Router-Vlanif200] ip address 10.0.0.1 24 
    [Router-Vlanif200] quit
    [Router] interface ethernet 2/0/1 
    [Router-Ethernet2/0/1] port link-type access 
    [Router-Ethernet2/0/1] port default vlan 200
    [Router-Ethernet2/0/1] quit 
    [Router] interface gigabitethernet 3/0/0
    [Router-GigabitEthernet3/0/0] undo portswitch
    [Router-GigabitEthernet3/0/0] ip address 2.2.2.1 24    
    [Router-GigabitEthernet3/0/0] quit

  2. Configure a default route with next hop address 2.2.2.2 on the router.

    [Router] ip route-static 0.0.0.0 0.0.0.0 2.2.2.2
    

  3. Configure outbound NAT on the router.

    [Router] nat address-group 1 2.2.2.100 2.2.2.200 
    [Router] nat address-group 2 2.2.2.80 2.2.2.83  
    [Router] acl 2000
    [Router-acl-basic-2000] rule 5 permit source 192.168.20.0 0.0.0.255
    [Router-acl-basic-2000] quit
    [Router] acl 2001
    [Router-acl-basic-2001] rule 5 permit source 10.0.0.0 0.0.0.255
    [Router-acl-basic-2001] quit
    [Router] interface gigabitethernet 3/0/0
    [Router-GigabitEthernet3/0/0] nat outbound 2000 address-group 1 no-pat
    [Router-GigabitEthernet3/0/0] nat outbound 2001 address-group 2 
    [Router-GigabitEthernet3/0/0] quit
    
    NOTE:

    To run the ping -a source-ip-address command that has a source IP address specified on the router to verify that intranet users can access the Internet, you need to run the ip soft-forward enhance enable command to enable the enhanced forwarding function for control packets generated by the device so that the private source IP addresses can be translated into public IP addresses by the NAT function. By default, the the enhanced forwarding function for control packets generated by the device is enabled. If the function has been disabled using the undo ip soft-forward enhance enable command, you need to run the ip soft-forward enhance enable command in the system view to enable the function again.

  4. Verify the configuration.

    # Run the display nat outbound command on the router to check the address translation result.

    <Router> display nat outbound
     NAT Outbound Information:
     -----------------------------------------------------------------
     Interface                Acl      Address-group/IP/Interface  Type
     -----------------------------------------------------------------
     GigabitEthernet3/0/0     2000                     1         no-pat
     GigabitEthernet3/0/0     2001                     2           pat
     -----------------------------------------------------------------
      Total : 2     

    # Run the ping command on the router to verify that users on the internal network can access the Internet.

    <Router> ping -a 192.168.20.1 2.2.2.2
      PING 2.2.2.2: 56 data bytes, press CTRL_C to break                         
        Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms                
        Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms                
        Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=1 ms                
        Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms                
        Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms                
    -- 2.2.2.2 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/1/2 ms 
    <Router> ping -a 10.0.0.1 2.2.2.2
      PING 2.2.2.2: 56 data bytes, press CTRL_C to break                         
        Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms                
        Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms                
        Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=1 ms                
        Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms                
        Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms                
    -- 2.2.2.2 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/1/2 ms 
    

Configuration Files

Configuration file of the router

#
 sysname Router
#                                                                               
vlan batch 100 200   
#                                                                               
acl number 2000                                                                 
 rule 5 permit source 192.168.20.0 0.0.0.255                                    
#                                                                               
acl number 2001                                                                 
 rule 5 permit source 10.0.0.0 0.0.0.255                                       
#                                                                                
 nat address-group 1 2.2.2.100 2.2.2.200
 nat address-group 2 2.2.2.80 2.2.2.83                      
#                                                                  
interface Vlanif100                                                             
 ip address 192.168.20.1 255.255.255.0                                          
#                                                                               
interface Vlanif200                                                             
 ip address 10.0.0.1 255.255.255.0                                          
#                                                                                
interface Ethernet2/0/0                             
 port link-type access                                                          
 port default vlan 100                                                          
#                                                                               
interface Ethernet2/0/1                
 port link-type access                                                          
 port default vlan 200                                              
#                                                                               
interface GigabitEthernet3/0/0    
 undo portswitch
 ip address 2.2.2.1 255.255.255.0                                               
 nat outbound 2000 address-group 1 no-pat                                       
 nat outbound 2001 address-group 2
#
ip route-static 0.0.0.0 0.0.0.0 2.2.2.2                          
#                                                              
return  
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034231

Views: 78588

Downloads: 51

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next