所选语种没有对应资源,请选择:

本站点使用Cookies,继续浏览表示您同意我们使用Cookies。Cookies和隐私政策>

提示

尊敬的用户,您的IE浏览器版本过低,为获取更好的浏览体验,请升级您的IE浏览器。

升级

NE40E V800R010C00 配置指南 - NAT与IPv6过渡技术 01

评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置分布式NAT444场景静态PCP服务器地址示例

配置分布式NAT444场景静态PCP服务器地址示例

介绍分布式NAT444场景静态PCP服务器地址的配置示例,实现家庭用户私网地址和外部公网地址进行多对多的转换,家庭用户通过NAT转换后可以访问Internet并建立PCP链接,结合配置组网图来理解业务的配置过程。配置示例包括组网需求、思路准备、操作步骤和配置文件。

组网需求

图4-1所示,私网IPv4用户经过BRAS设备做NAT转换后连接到Internet,要求在CGN设备上配置静态PCP服务器地址,使私网用户可以建立PCP连接。

通过配置要达到以下要求:
  • 内部私网IPv4家庭用户可以通过城域网访问IPv4 Internet。
  • 实现内部私网IPv4家庭用户和公网地址进行多对多的转换。
图4-1   配置NAT444场景静态PCP服务器地址组网图
说明:

本例中的interface1分别代表GE1/0/0



配置思路

采用如下思路配置分布式NAT444场景静态PCP服务器地址:

  1. 配置NAT基本功能。
  2. 配置NAT用户信息。
  3. 配置NAT引流策略。
  4. 配置NAT转换策略。
  5. 配置NAT444实例的PCP静态服务器。
  6. 检查配置结果。

数据准备

为完成此配置例,需准备如下数据:

  • NAT实例的名称。
  • NAT地址池的编号,起始和结束的IP地址。
  • 用户组名。
  • ACL、UCL编号。
  • NAT引流策略的信息。
  • 静态PCP服务器地址。
    说明:

    PCP静态服务器的地址不能与设备的物理接口地址、Loopback接口地址或NAT444实例下地址池地址相同。

操作步骤

  1. 配置1号业务板的会话表资源为6M。

    <HUAWEI> system-view
    [~HUAWEI] sysname BRAS_NAT
    [*HUAWEI] commit
    [~BRAS_NAT] license
    [~BRAS_NAT-license] active nat session-table size 6 slot 1 card 0
    [*BRAS_NAT-license] active pcp vsuf slot 1 card 0
    [*BRAS_NAT-license] commit
    [~BRAS_NAT-license] quit
    • 创建NAT实例nat1,ID为1,并将业务板绑定到NAT实例:

      [~BRAS_NAT] service-location 1
      [*BRAS_NAT-service-location-1] location slot 1 card 0
      [*BRAS_NAT-service-location-1] commit
      [~BRAS_NAT-service-location-1] quit
      [~BRAS_NAT] service-instance-group group1
      [*BRAS_NAT-service-instance-group-group1] service-location 1
      [*BRAS_NAT-service-instance-group-group1] commit
      [~BRAS_NAT-service-instance-group-group1] quit
      [~BRAS_NAT] nat instance nat1 id 1
      [*BRAS_NAT-nat-instance-nat1] service-instance-group group1
      [*BRAS_NAT-nat-instance-nat1] commit
      [~BRAS_NAT-nat-instance-nat1] quit
    • 配置地址池,该地址池地址从10.34.160.101到10.34.160.105。

      [~BRAS_NAT] nat instance nat1
      [~BRAS_NAT-nat-instance-nat1] nat address-group address-group1 group-id 1 10.34.160.101 10.34.160.105
      [*BRAS_NAT-nat-instance-nat1] commit
      [~BRAS_NAT-nat-instance-nat1] quit

  2. 配置NAT用户信息。
    1. 配置设备的BRAS业务功能,使用户能够上线。配置步骤详见《HUAWEI NE40E配置指南-用户接入》。

      [~BRAS_NAT] aaa
      [~BRAS_NAT-aaa] authentication-scheme auth1
      [*BRAS_NAT-aaa-authen-auth1] authentication-mode radius
      [*BRAS_NAT-aaa-authen-auth1] commit
      [~BRAS_NAT-aaa-authen-auth1] quit
      [~BRAS_NAT-aaa] accounting-scheme acct1
      [*BRAS_NAT-aaa-accounting-acct1] accounting-mode radius
      [~BRAS_NAT-aaa-accounting-acct1] commit
      [~BRAS_NAT-aaa-accounting-acct1] quit
      [~BRAS_NAT-aaa] domain isp1
      [*BRAS_NAT-aaa-domain-isp1] authentication-scheme auth1
      [*BRAS_NAT-aaa-domain-isp1] accounting-scheme acct1
      [*BRAS_NAT-aaa-domain-isp1] radius-server group rd1
      [*BRAS_NAT-aaa-domain-isp1] ip-pool pool1
      [*BRAS_NAT-aaa-domain-isp1] commit
      [~BRAS_NAT-aaa-domain-isp1] quit
      [~BRAS_NAT-aaa] quit

    2. 配置用户组group1、group2。

      [~BRAS_NAT] user-group group1
      [~BRAS_NAT] commit

    3. 指定用户所属的域。

      [~BRAS_NAT] aaa
      [~BRAS_NAT-aaa] domain isp1
      [*BRAS_NAT-aaa-domain-isp1] user-group group1 bind nat instance nat1
      [*BRAS_NAT-aaa-domain-isp1] commit
      [~BRAS_NAT-aaa-domain-isp1] quit
      [~BRAS_NAT-aaa] quit

  3. 配置NAT引流策略。

    1. 配置基于ACL流分类规则,地址访问控制列表号为6001,ACL规则的编号为1。
      [~BRAS_NAT] acl 6001
      [*BRAS_NAT-ucl-6001] rule 1 permit ip source user-group group1
      [*BRAS_NAT-ucl-6001] commit
      [~BRAS_NAT-ucl-6001] quit
    2. 配置基于ACL流分类规则,地址访问控制列表号为6001,ACL规则的编号为1,只有内部网段地址为192.168.10.0/24的主机可以访问Internet。
      [~BRAS_NAT] acl 3001
      [*BRAS_NAT-acl4-advance-3001] rule 1 permit ip source 192.168.10.0 0.0.0.255
      [*BRAS_NAT-acl4-advance-3001] commit
      [~BRAS_NAT-acl4-advance-3001] quit
    3. 配置流分类。
      [~BRAS_NAT] traffic classifier classifier1
      [*BRAS_NAT-classifier-classifier1] if-match acl 6001
      [*BRAS_NAT-classifier-classifier1] commit
      [~BRAS_NAT-classifier-classifier1] quit
    4. 定义流行为behavior1,配置流量动作为绑定NAT实例nat1。
      [~BRAS_NAT] traffic behavior behavior1
      [*BRAS_NAT-behavior-behavior1] nat bind instance nat1
      [*BRAS_NAT-behavior-behavior1] commit
      [~BRAS_NAT-behavior-behavior1] quit
    5. 定义NAT策略policy1,将所有应用的ACL规则和动作进行关联。
      [~BRAS_NAT] traffic policy policy1
      [*BRAS_NAT-trafficpolicy-policy1] classifier classifier1 behavior behavior1
      [*BRAS_NAT-trafficpolicy-policy1] commit
      [~BRAS_NAT-trafficpolicy-policy1] quit
    6. 在系统视图下应用NAT引流策略。
      [~BRAS_NAT] traffic-policy policy1 inbound
      [*BRAS_NAT] commit
      [~BRAS_NAT] quit

  4. 配置NAT444转换策略。

    [~BRAS_NAT] nat instance nat1
    [~BRAS_NAT-nat-instance-nat1] nat outbound 3001 address-group address-group1

  5. 配置NAT444实例的PCP静态服务器。

    [*BRAS_NAT-nat-instance-nat1] pcp server ipv4 10.1.1.1 255.255.255.255
    [*BRAS_NAT-nat-instance-nat1] commit
    [~BRAS_NAT-nat-instance-nat1] quit

  6. 检查配置结果。

    [~BRAS_NAT] display nat instance nat1
    nat instance nat1 id 1
     service-instance-group 1
     nat address-group address-group1 group-id 1 10.34.160.101 10.34.160.105
     nat outbound 3001 address-group address-group1
     pcp server ipv4 10.1.1.1 255.255.255.255

配置文件

BRAS_NAT的配置文件。

#
sysname BRAS_NAT
#
radius-server group rd1
 radius-server authentication 192.168.7.249 1645 weight 0
 radius-server accounting 192.168.7.249 1646 weight 0
 radius-server shared-key itellin
 radius-server type plus11
 radius-server traffic-unit kbyte
#
interface Virtual-Template1
 ppp authentication-mode auto
#
interface GigabitEthernet1/0/0.1
 user-vlan 1
 pppoe-server bind Virtual-Template 1
 bas
  access-type layer2-subscriber default-domain authentication isp1
  authentication-method ppp
#
interface GigabitEthernet1/0/0.2
 user-vlan 2
 pppoe-server bind Virtual-Template 1
 bas
  access-type layer2-subscriber default-domain authentication isp2
  authentication-method ppp
#
ip pool pool1 bas local
 gateway 10.110.10.101 255.255.255.0
 section 1 10.110.10.1 10.110.10.100
 dns-server  192.168.7.252
#
ip pool pool2 bas local
 gateway 10.110.12.101 255.255.255.0
 section 2 10.110.12.1 10.110.12.100
 dns-server  192.168.7.252
#
license
 active nat session-table size 6 slot 1 card 0
 active pcp vsuf slot 1 card 0
#
service-location 1
 location slot 1 card 0
#
service-instance-group group1
 service-location 1
#
nat instance nat1 id 1
 service-instance-group group1
 nat address-group group1 group-id 1 10.34.160.101 10.34.160.105
 nat outbound 3001 address-group group1
 pcp server ipv4 10.1.1.1 255.255.255.255
#
user-group group1
#
acl 3001
 rule 10 permit ip source 10.110.10.0 0.0.0.255
#
acl 6001
 rule 1 permit ip source user-group group1
#
traffic classifier classifier1
 if-match acl 6001
#
traffic behavior behavior1
 nat bind instance nat1
#
traffic policy policy1
 classifier classifier1 behavior behavior1
#
traffic-policy policy1 inbound
#
aaa
 authentication-scheme auth1
  authentication-mode RADIUS
#
 accounting-scheme acct1
  accounting-mode RADIUS
#
 domain isp1
  authentication-scheme auth1
  accounting-scheme acct1
  radius-server group rd1
  ip-pool pool1
  user-group group1 bind nat instance nat1
#
ip route-static 10.34.160.0 24 null 0
#
ospf 1
 import-route static
#
 return
下载文档
更新时间:2018-07-12

文档编号:EDOC1100028549

浏览量:19939

下载量:204

平均得分:
本文档适用于这些产品
相关文档
相关版本
Share
上一页 下一页