0
点赞
收藏
分享

微信扫一扫

# huawei--流策略+NAT+单臂路由

热爱生活的我一雷广琴 2023-03-03 阅读 55
EthernetIPNATJavaScript前端开发

huawei--流策略+NAT+单臂路由

# huawei--流策略+NAT+单臂路由_Ethernet

项目要求:

公司内部有两个网段,分别为192.168.1.0/24和192.168.2.0/24,使用路由器R1实现单臂路由,并配置流策略,使192.168.1.0/24的网段访问ISP1,192.168.2.0/24的网段访问ISP2。公司要访问internet公网,需要配置NAT实现私网地址转换公网地址,ISP1的地址范围为202.100.1.3~202.100.1.9;ISP2的地址范围为104.114.128.3~104.114.128.9。

IP地址规划表:

设备

端口

IP地址/端口绑定的vlan

ISP1

GE0/0/1

202.100.1.1/24

ISP2

GE0/0/2

104.114.128.1/24

R1

GE0/0/0.1

192.168.1.1/24

R1

GE0/0/0.2

192.168.2.1/24

R1

GE0/0/1

202.100.1.2/24

R1

GE0/0/2

104.114.128.2/24

SW1

GE0/0/1

trunk vlan10 vlan20

SW1

eth0/0/1

vlan10

SW1

eth0/0/2

vlan20

PC1

eth0/0/1

192.168.1.2/24

PC2

eth0/0/1

192.168.2.1/24

配置步骤:

  • 1、配置各设备的IP地址
  • 2、配置单臂路由
  • 3、R1创建并配置ACL3000,3001,3002
  • 4、R1配置流分类
  • 5、R1配置流行为
  • 6、R1配置流策略
  • 7、R1应用流策略
  • 8、R1配置nat地址转换
  • 9、R1应用nat

项目实施:

1、配置各设备的IP地址

ISP1

[ISP1]interface GigabitEthernet 0/0/1

[ISP1-GigabitEthernet0/0/1]ip address 202.100.1.1 255.255.255.0

ISP2

[ISP2]interface GigabitEthernet 0/0/2

[ISP2-GigabitEthernet0/0/2]ip address 104.114.128.1 255.255.255.0

R1

[R1]interface GigabitEthernet 0/0/1

[R1-GigabitEthernet0/0/1]ip address 202.100.1.2 255.255.255.0

[R1]interface GigabitEthernet 0/0/2

[R1-GigabitEthernet0/0/2]ip address 104.114.128.2 255.255.255.0

PC1

# huawei--流策略+NAT+单臂路由_NAT_02

PC2

# huawei--流策略+NAT+单臂路由_Ethernet_03

2、配置单臂路由

2-1、创建并放行vlan

SW1

[SW1]vlan batch 10 20

[SW1]interface GigabitEthernet 0/0/1

[SW1-GigabitEthernet0/0/1]port link-type trunk

[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20

[SW1-GigabitEthernet0/0/1]quit

[SW1]interface Ethernet0/0/1

[SW1-Ethernet0/0/1]port link-type access

[SW1-Ethernet0/0/1]port default vlan 10

[SW1-Ethernet0/0/1]quit

[SW1]interface Ethernet0/0/2

[SW1-Ethernet0/0/2]port link-type access

[SW1-Ethernet0/0/2]port default vlan 20

[SW1-Ethernet0/0/2]quit

2-2、配置路由子接口:

R1

[R1]interface GigabitEthernet 0/0/0.1

[R1-GigabitEthernet0/0/0.1]dot1q termination vid 10

[R1-GigabitEthernet0/0/0.1]ip address 192.168.1.1 255.255.255.0

[R1-GigabitEthernet0/0/0.1]arp broadcast enable

[R1-GigabitEthernet0/0/0.1]quit

[R1]interface GigabitEthernet 0/0/0.2

[R1-GigabitEthernet0/0/0.2]dot1q termination vid 10

[R1-GigabitEthernet0/0/0.2]ip address 192.168.2.1 255.255.255.0

[R1-GigabitEthernet0/0/0.2]arp broadcast enable

[R1-GigabitEthernet0/0/0.2]quit

3、R1创建并配置ACL3000,3001,3002

[R1]acl 3000

[R1-acl-adv-3000]rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255

[R1-acl-adv-3000]rule 10 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255

[R1-acl-adv-3000]quit

[R1]acl 3001

[R1-acl-adv-3001]rule 5 permit ip source 192.168.1.0 0.0.0.255

[R1-acl-adv-3001]quit

[R1]acl 3002

[R1-acl-adv-3002]rule 5 permit ip source 192.168.2.0 0.0.0.255

[R1-acl-adv-3002]quit

4、R1配置流分类

[R1]traffic classifier c0

[R1-classifier-c0]if-match acl 3000

[R1-classifier-c0]quit

[R1]traffic classifier c1

[R1-classifier-c1]if-match acl 3001

[R1-classifier-c1]quit

[R1]traffic classifier c2

[R1-classifier-c2]if-match acl 3002

[R1-classifier-c2]quit

5、R1配置流行为

[R1]traffic behavior b0

[R1-behavior-b0]permit

[R1-behavior-b0]quit

[R1]traffic behavior b1

[R1-behavior-b1]redirect ip-nexthop 202.100.1.1

[R1-behavior-b1]quit

[R1]traffic behavior b2

[R1-behavior-b2]redirect ip-nexthop 104.114.128.1

[R1-behavior-b2]quit

6、R1配置流策略

[R1]traffic policy p1

[R1-trafficpolicy-p1]classifier c0 behavior b0

[R1-trafficpolicy-p1]classifier c1 behavior b1

[R1-trafficpolicy-p1]classifier c2 behavior b2

7、R1应用流策略

[R1]interface GigabitEthernet 0/0/0

[R1-GigabitEthernet0/0/0]traffic-policy p1 inbound

8、R1配置nat地址转换

8-1、配置nat地址池

[R1]nat address-group 0 202.100.1.3 202.100.1.9

[R1]nat address-group 1 104.114.128.3 104.114.128.9

8-2、配置nat黑洞

[R1]ip route-static 202.100.1.3 32 NULL 0

[R1]ip route-static 202.100.1.4 32 NULL 0

[R1]ip route-static 202.100.1.5 32 NULL 0

[R1]ip route-static 202.100.1.6 32 NULL 0

[R1]ip route-static 202.100.1.7 32 NULL 0

[R1]ip route-static 202.100.1.8 32 NULL 0

[R1]ip route-static 202.100.1.9 32 NULL 0

[R1]ip route-static 104.114.128.3 32 NULL 0

[R1]ip route-static 104.114.128.4 32 NULL 0

[R1]ip route-static 104.114.128.5 32 NULL 0

[R1]ip route-static 104.114.128.6 32 NULL 0

[R1]ip route-static 104.114.128.7 32 NULL 0

[R1]ip route-static 104.114.128.8 32 NULL 0

[R1]ip route-static 104.114.128.9 32 NULL 0

9、R1应用nat

[R1]interface GigabitEthernet 0/0/1

[R1-GigabitEthernet0/0/1]nat outbound 3001 address-group 0 no-pat

[R1-GigabitEthernet0/0/1]quit

[R1]interface GigabitEthernet 0/0/2

[R1-GigabitEthernet0/0/2]nat outbound 3002 address-group 1 no-pat

[R1-GigabitEthernet0/0/2]quit

PC1访问ISP1

# huawei--流策略+NAT+单臂路由_IP_04

PC2访问ISP2

# huawei--流策略+NAT+单臂路由_NAT_05



举报

相关推荐

【HUAWEI】单臂路由

自然语言处理爬虫分类

HUAWEI-基于流策略实现策略路由+NAT44

HUAWEI网络技术IP链路NATPython后端开发

单臂路由实验演示(Huawei路由器设备配置)

单点故障单臂路由华为路由器路由交换网络/安全

HuaWei ❉ 路由策略

华为

单臂路由

链路d3封装单臂路由网络工程师路由交换网络/安全yyds干货盘点

eNSP单臂路由

c#网络华为网络协议

浅谈单臂路由

php开发语言

什么是单臂路由器?如何配置单臂路由?

请求报文单点故障mac地址路由交换网络/安全

单臂路由实验

网络http网络协议

华为-单臂路由

kubernetesceph分布式k8s云原生运维容器
0 条评论