No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
NE20E-S V800R011C10 Configuration Guide - IPv6 Transition 02
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the Internal Server Through 1:1 NAT (On-board Scenario)

Example for Configuring the Internal Server Through 1:1 NAT (On-board Scenario)

This section provides an example for configuring the internal server through 1:1 NAT. By specifying an internal NAT server and configuring the mapping entries between the internal server's private IP address/port and public IP address/port, an external host can access the internal server.

Networking Requirements

On the network shown in Figure 2-5, the NE20E performs the NAT function to help PCs within the enterprise network access the Internet. The NE20E uses GE 0/2/0 to connect to an internal network and GE 0/2/1 to connect to the Internet.

The internal network address of the enterprise network is 192.168.0.0/16. The internal server address is 192.168.10.10/24. Only PCs on the network segment of 192.168.10.0/24 can access the Internet. External PCs can access the internal server. The enterprise has five valid IP addresses ranging from 11.11.11.101/24 to 11.11.11.105/24. The internal server of the enterprise has an independent public address 11.11.11.100. The internal server can be accessed from the external network address 13.13.13.2 through 1:1 NAT.

Figure 2-5 Networking of the NAT internal server

The configurations in this example are mainly performed on NAT A and Device B.

Interfaces 1 through 3 in this example represent GE 0/2/0, GE 0/2/1, and GE 0/3/0, respectively.


Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure basic functions of NAT.
  2. Configure a NAT traffic policy.
  3. Configure an internal NAT server.

Data Preparation

To complete the configuration, you need the following data:

  • service-location backup group index: 1

  • service-instance-group service instance group name: group1

  • NAT instance name: nat1; NAT instance index: 1

  • NAT address pool name for NAT A: address-group1; NAT address pool ID: 1; IP address segment: 11.11.11.101 to 11.11.11.105

  • ACL number: 3001

  • Traffic classifier name: classifier1

  • Traffic behavior name: behavior1

  • Traffic policy name: policy1

  • Number and IP address of the interface that applies the NAT traffic policy: 0/2/0, 192.168.10.1/24

  • Private IP address of the internal NAT server: 192.168.10.10; public IP address of the internal NAT server: 11.11.11.100

Procedure

  1. Configure basic functions of NAT.
    1. Create a NAT instance named nat1 and bind it to the service board.

      <HUAWEI> system-view
      [~HUAWEI] sysname NATA
      [*HUAWEI] commit
      [~NATA] service-location 1
      [*NATA-service-location-1] location follow-forwarding-mode
      [*NATA-service-location-1] commit
      [~NATA-service-location-1] quit
      [~NATA] service-instance-group group1
      [*NATA-service-instance-group-group1] service-location 1
      [*NATA-service-instance-group-group1] commit
      [~NATA-service-instance-group-group1] quit
      [~NATA] nat instance nat1 id 1
      [*NATA-nat-instance-nat1] service-instance-group group1
      [*NATA-nat-instance-nat1] commit
      [~NATA-nat-instance-nat1] quit

    2. Configure a NAT address pool with IP addresses ranging from 11.11.11.101 to 11.11.11.105.

      [~NATA] nat instance nat1
      [~NATA-nat-instance-nat1] nat address-group address-group1 group-id 1 11.11.11.101 11.11.11.105
      [*NATA-nat-instance-nat1] commit
      [~NATA-nat-instance-nat1] quit

  2. Configure a NAT traffic policy.
    1. Configure traffic classification rules based on ACL 3001.

      Rule 1: Only PCs with the internal network segment address as 192.168.10.0/24 can access the Internet.

      [~NATA] acl 3001
      [*NATA-acl4-advance-3001] rule 1 permit ip source 192.168.10.0 0.0.0.255
      [*NATA-acl4-advance-3001] commit
      [~NATA-acl4-advance-3001] quit

    2. Configure a traffic classifier named classifier1 and define an ACL-based matching rule.

      [~NATA] traffic classifier classifier1
      [*NATA-classifier-classifier1] if-match acl 3001
      [*NATA-classifier-classifier1] commit
      [~NATA-classifier-classifier1] quit

    3. Configure a traffic behavior named behavior1 and bind it to the NAT instance.

      [~NATA] traffic behavior behavior1
      [*NATA-behavior-behavior1] nat bind instance nat1
      [*NATA-behavior-behavior1] commit
      [~NATA-behavior-behavior1] quit

    4. Define a NAT traffic policy named policy1 to associate the ACL rule with the traffic behavior.

      [~NATA] traffic policy policy1
      [*NATA-trafficpolicy-policy1] classifier classifier1 behavior behavior1
      [*NATA-trafficpolicy-policy1] commit
      [~NATA-trafficpolicy-policy1] quit

    5. Apply the NAT traffic policy in the interface view.

      [~NATA] interface gigabitEthernet 0/2/0
      [~NATA-GigabitEthernet0/2/0] ip address 192.168.10.1 24
      [*NATA-GigabitEthernet0/2/0] traffic-policy policy1 inbound
      [*NATA-GigabitEthernet0/2/0] commit
      [~NATA-GigabitEthernet0/2/0] quit

    6. Configure the IP address of GE0/2/1.

      [~NATA] interface gigabitEthernet 0/2/1
      [*NATA-GigabitEthernet0/2/1] ip address 12.12.12.1 24
      [*NATA-GigabitEthernet0/2/1] commit
      [~NATA-GigabitEthernet0/2/1] quit

  3. Define the internal server address as 192.168.10.10 and external address as 11.11.11.100. Use the address-level mode to ensure 1:1 relationship between the public and private IP addresses.

    [~NATA] nat instance nat1
    [~NATA-nat-instance-nat1] nat server global 11.11.11.100 inside 192.168.10.10
    [*NATA-nat-instance-nat1] commit
    [~NATA-nat-instance-nat1] quit

  4. Verify the configuration.

    # View server-map entries of all users.

    <NATA> display nat server-map
    This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 9 
Total number:  2.
  NAT Instance: nat1                                                                                                                  
  Protocol:ANY, VPN:--->-                                                                                                           
  Server:192.168.10.10[11.11.11.100]->ANY                                                                                                  
  Tag:0x0, TTL:-, Left-Time:-                                                                                                       
  CPE IP:192.168.10.10                                                                                                                  
                                                                                                                                    
  NAT Instance: nat1                                                                                                                  
  Protocol:ANY, VPN:--->-                                                                                                           
  Server reverse:ANY->11.11.11.100[192.168.10.10]                                                                                          
  Tag:0x0, TTL:-, Left-Time:-                                                                                                       
  CPE IP:192.168.10.10

Configuration Files

  • NAT A configuration file

    #
 sysname NATA
#
service-location 1
 location follow-forwarding-mode
#
service-instance-group group1
 service-location 1
#
nat instance nat1 id 1
 service-instance-group group1
 nat address-group address-group1 group-id 1 11.11.11.101 11.11.11.105 
 nat server global 11.11.11.100 inside 192.168.10.10
#
acl number 3001
 rule 1 permit ip source 192.168.10.0 0.0.0.255
#
traffic classifier classifier1 operator or
 if-match acl 3001
#
traffic behavior behavior1
 nat bind instance nat1
#
traffic policy policy1
 classifier classifier1 behavior behavior1 precedence 1
#
interface GigabitEthernet 0/2/0
 undo shutdown
 ip address 192.168.10.1 255.255.255.0
 traffic-policy policy1 inbound
#
interface GigabitEthernet 0/2/1
 undo shutdown
 ip address 12.12.12.1 255.255.255.0
#
ospf 1
 area 0.0.0.0
  network 12.12.12.0 0.0.0.255
#
 return

  • Device B configuration file

    #
 sysname DeviceB
#
interface GigabitEthernet 0/2/0
 undo shutdown
 ip address 13.13.13.1 255.255.255.0
#
interface GigabitEthernet 0/3/0
 undo shutdown
 ip address 12.12.12.2 255.255.255.0
#
ospf 1
 area 0.0.0.0
  network 12.12.12.0 0.0.0.255
  network 13.13.13.0 0.0.0.255
#
 return
Download
Updated: 2020-02-07

Document ID: EDOC1100125510

Views: 29338

Downloads: 18

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :