H3C NAT配置实验
H3C NAT配置实验
实验拓扑
实验需求
- 按照图示配置 IP 地址
- 私网 A 通过 R1 接入到互联网,私网 B 通过 R3 接入到互联网
- 私网 A 内部存在 Vlan10 和 Vlan20,通过 R1 上单臂路由访问外部网络
- 私网 A 通过 NAPT 使 Vlan10 和 Vlan20 都能够使用 R1 的公网地址访问互联网
- 私网 B 通过在 R3 上配置 EASY IP 访问互联网
- 私网 A 配置 NAT SERVER 把 FTPA 的 FTP 服务发布到公网,使 PCB 可以访问
实验步骤
设备IP配置(略)
FTP-A配置
#
local-user admin class manage
password simple Test123456
service-type ftp
authorization-attribute user-role level-15
#
ftp server enable
私网A 配置单臂路由
R1配置
#
interface GigabitEthernet0/0.1
ip address 192.168.1.254 255.255.255.0
vlan-type dot1q vid 10
#
interface GigabitEthernet0/0.2
ip address 192.168.2.254 255.255.255.0
vlan-type dot1q vid 20
SWA配置
#
vlan 10
#
vlan 20
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 10
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 20
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
私网A 配置NAPT
#
acl basic 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 5 permit source 192.168.2.0 0.0.0.255
#
nat address-group 1
address 100.1.1.1 100.1.1.1
#
interface GigabitEthernet0/1
nat outbound 2000 address-group 1
私网B 配置EASY IP
#
acl basic 2000
rule 0 permit source 192.168.1.0 0.0.0.255
#
interface GigabitEthernet0/0
nat outbound 2000
私网A 配置NAT SERVER
#
interface GigabitEthernet0/1
nat server protocol tcp global 100.1.1.1 20 21 inside 192.168.1.1 20 21
实验验证
私网 A 通过 NAPT 使 Vlan10 和 Vlan20 都能够使用 R1 的公网地址访问互联网
<PCA>ping 100.1.1.2 Ping 100.1.1.2 (100.1.1.2): 56 data bytes, press CTRL+C to break 56 bytes from 100.1.1.2: icmp_seq=0 ttl=254 time=1.000 ms 56 bytes from 100.1.1.2: icmp_seq=1 ttl=254 time=1.000 ms 56 bytes from 100.1.1.2: icmp_seq=2 ttl=254 time=1.000 ms 56 bytes from 100.1.1.2: icmp_seq=3 ttl=254 time=1.000 ms 56 bytes from 100.1.1.2: icmp_seq=4 ttl=254 time=1.000 ms--- Ping statistics for 100.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.000/1.000/0.000 ms
<PCA>%Feb 3 16:06:01:385 2024 PCA PING/6/PING_STATISTICS: Ping statistics for 100.1.1.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/1.000/1.000/0.000 ms.
[R1]dis nat session
Slot 0:
Initiator:
Source IP/port: 192.168.2.1/10971
Destination IP/port: 100.1.1.2/2048
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: ICMP(1)
Inbound interface: GigabitEthernet0/0.2
私网 B 通过在 R3 上配置 EASY IP 访问互联网
<PCB>ping 100.2.2.2 Ping 100.2.2.2 (100.2.2.2): 56 data bytes, press CTRL+C to break 56 bytes from 100.2.2.2: icmp_seq=0 ttl=254 time=1.000 ms 56 bytes from 100.2.2.2: icmp_seq=1 ttl=254 time=0.000 ms 56 bytes from 100.2.2.2: icmp_seq=2 ttl=254 time=1.000 ms 56 bytes from 100.2.2.2: icmp_seq=3 ttl=254 time=1.000 ms 56 bytes from 100.2.2.2: icmp_seq=4 ttl=254 time=0.000 ms--- Ping statistics for 100.2.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms
<PCB>%Feb 3 16:07:10:820 2024 PCB PING/6/PING_STATISTICS: Ping statistics for 100.2.2.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms.
[R3]dis nat session
Slot 0:
Initiator:
Source IP/port: 192.168.1.1/10974
Destination IP/port: 100.2.2.2/2048
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: ICMP(1)
Inbound interface: GigabitEthernet0/1
私网 A 配置 NAT SERVER 把 FTPA 的 FTP 服务发布到公网,使 PCB 可以访问
<PCB>ftp 100.1.1.1 Press CTRL+C to abort. Connected to 100.1.1.1 (100.1.1.1). 220 FTP service ready. User (100.1.1.1:(none)): admin 331 Password required for admin. Password: 230 User logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ftp> dir 227 Entering Passive Mode (100,1,1,1,56,167) 150 Accepted data connection drwxrwxrwx 2 0 0 4096 Feb 3 15:23 diagfile -rwxrwxrwx 1 0 0 252 Feb 3 15:38 ifindex.dat -rwxrwxrwx 1 0 0 43136 Feb 3 15:23 licbackup -rwxrwxrwx 1 0 0 43136 Feb 3 15:23 licnormal drwxrwxrwx 2 0 0 4096 Feb 3 15:23 logfile -rwxrwxrwx 1 0 0 0 Feb 3 15:23 msr36-cmw710-boot-r0424p22.bin -rwxrwxrwx 1 0 0 0 Feb 3 15:23 msr36-cmw710-system-r0424p22.bin drwxrwxrwx 2 0 0 4096 Feb 3 15:23 seclog -rwxrwxrwx 1 0 0 2220 Feb 3 15:38 startup.cfg -rwxrwxrwx 1 0 0 42421 Feb 3 15:38 startup.mdb[R1]dis nat session
Slot 0:
Initiator:
Source IP/port: 100.2.2.3/1026
Destination IP/port: 100.1.1.1/21
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet0/1
Total sessions found: 1
实验附件
本文来自博客园,作者:M建,转载请注明原文链接:https://www.cnblogs.com/caomojian/p/18007692/h3c-nat-configuration-experiment-zaolo
浙公网安备 33010602011771号