ENSP华为路由器出口NAT实验

1:实验需求

公司拥有多个部门且位于不同网段，各部门均有访问Internet的需求。现要求用户通过二层交换机和路由器访问外部网络，且要求路由器作为用户的网关。

我们按照图示的IP地址进行配置，最终的结果是PC1和PC2可以ping通公网地址192.169.1.2.

2:网络拓补图

这里多说一句哈，华为的ENSP模拟器有的路由器NAT配置了不生效，我在这里使用的是AR1220系列。

3：实验过程

CORE

sy
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]sysname CORE
[CORE]vlan batch 2 3 100 //创建vlan 2 3 100备用
Info: This operation may take a few seconds. Please wait for a moment...done.

[CORE]dhcp enable //全局使能DHCP
Info: The operation may take a few seconds. Please wait for a moment.done.

[CORE]interface Vlanif 2 //进入vlanif接口配置IP，DHCP的方式是基于接口
[CORE-Vlanif2]ip address  192.168.2.254 24
[CORE-Vlanif2]dhcp select interface 
[CORE-Vlanif2]quit 

[CORE]interface Vlanif 3
[CORE-Vlanif3]ip add 192.168.3.254 24	
[CORE-Vlanif3]dhcp select interface 	
[CORE-Vlanif3]quit 

[CORE]interface Vlanif 100
[CORE-Vlanif100]ip add 192.168.100.2 24
[CORE-Vlanif100]quit 

[CORE]interface GigabitEthernet 0/0/1	//设置终端链路类型access
[CORE-GigabitEthernet0/0/1]port link-type access 	
[CORE-GigabitEthernet0/0/1]port default vlan 2	
[CORE-GigabitEthernet0/0/1]quit 

[CORE]interface GigabitEthernet 0/0/2
[CORE-GigabitEthernet0/0/2]port link-type access 
[CORE-GigabitEthernet0/0/2]port default vlan 3
[CORE-GigabitEthernet0/0/2]quit 

[CORE]interface GigabitEthernet 0/0/3	//设置链路终端类型，设置为access,路由器才能识别，或者trunk端口设置PVID。
[CORE-GigabitEthernet0/0/3]port link-type access 	
[CORE-GigabitEthernet0/0/3]port default vlan 100
[CORE-GigabitEthernet0/0/3]quit 

[CORE]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1 //写一条默认路由，下一跳地址是对端的路由器

ROUTER

sy	
system-view 
Enter system view, return user view with Ctrl+Z.	
[Huawei]undo  info-center enable 
Info: Information center is disabled.
[Huawei]sysname ROUter

[ROUter]interface GigabitEthernet 0/0/1	 //我们配置内网的IP接口
[ROUter-GigabitEthernet0/0/1]ip add 192.168.100.1 24
[ROUter-GigabitEthernet0/0/1]quit 

[ROUter]ip route-static 192.168.0.0 16 192.168.100.2 //我们配置到内网的回程路由，即192.168.X.X均可以匹配
[ROUter]ip route-static 0.0.0.0 0.0.0.0 192.169.1.2 //设置一条默认路由去公网

[ROUter]interface GigabitEthernet 0/0/0	//配置公网的IP地址
[ROUter-GigabitEthernet0/0/0]ip address 192.169.1.1 24	
[ROUter-GigabitEthernet0/0/0]quit 

[ROUter]acl 2000	//建基本ACL2000
[ROUter-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255 //允许192.168.X.X的网段
[ROUter-acl-basic-2000]quit 

[ROUter]interface GigabitEthernet 0/0/0 //进入外网接口，调用acl2000
[ROUter-GigabitEthernet0/0/0]nat outbound 2000	//nat引用
[ROUter-GigabitEthernet0/0/0]quit 


[ROUter]display nat session all //这里我们可以看到NAT会话
  NAT Session Table Information:

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 192.168.2.253                                  
     DestAddr  Vpn     : 192.169.1.2                                    
     Type Code IcmpId  : 0   8   890  
     NAT-Info
       New SrcAddr     : 192.169.1.1    
       New DestAddr    : ----
       New IcmpId      : 10259

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 192.168.2.253                                  
     DestAddr  Vpn     : 192.169.1.2                                    
     Type Code IcmpId  : 0   8   888  
     NAT-Info
       New SrcAddr     : 192.169.1.1    
       New DestAddr    : ----
       New IcmpId      : 10257

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 192.168.2.253                                  
     DestAddr  Vpn     : 192.169.1.2                                    
     Type Code IcmpId  : 0   8   889  
     NAT-Info
       New SrcAddr     : 192.169.1.1    
       New DestAddr    : ----
       New IcmpId      : 10258

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 192.168.2.253                                  
     DestAddr  Vpn     : 192.169.1.2                                    
     Type Code IcmpId  : 0   8   887  
     NAT-Info
       New SrcAddr     : 192.169.1.1    
       New DestAddr    : ----
       New IcmpId      : 10256

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 192.168.2.253                                  
     DestAddr  Vpn     : 192.169.1.2                                    
     Type Code IcmpId  : 0   8   886  
     NAT-Info
       New SrcAddr     : 192.169.1.1    
       New DestAddr    : ----
       New IcmpId      : 10255

公网路由器

sy	
system-view //我们给它设置一个测试用的IP地址
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.169.1.2 24	
[Huawei-GigabitEthernet0/0/0]quit 
[Huawei]ping 192.169.1.1 //测试和公司公网IP的连通性
  PING 192.169.1.1: 56  data bytes, press CTRL_C to break
    Reply from 192.169.1.1: bytes=56 Sequence=1 ttl=255 time=90 ms
    Reply from 192.169.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 192.169.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 192.169.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
    Reply from 192.169.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 192.169.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/38/90 ms

[Huawei]

测试

我们使用PC1和PC2分别ping公网地址，如下图所示

会话信息

超简单啊，有木有~