動(dòng)態(tài)地址轉(zhuǎn)換（Dynamic NAT）是一種網(wǎng)絡(luò)地址轉(zhuǎn)換技術(shù)，它能夠?qū)?nèi)部網(wǎng)絡(luò)的私有IP地址動(dòng)態(tài)映射到公網(wǎng)IP地址，從而實(shí)現(xiàn)內(nèi)部網(wǎng)絡(luò)主機(jī)訪問外部網(wǎng)絡(luò)的功能。在華為路由器上配置動(dòng)態(tài)地址轉(zhuǎn)換可以幫助您更好地管理內(nèi)部網(wǎng)絡(luò)主機(jī)的訪問權(quán)限，并提高網(wǎng)絡(luò)安全性。本文將為您詳細(xì)介紹如何在華為路由器上配置動(dòng)態(tài)地址轉(zhuǎn)換，希望能夠?qū)Υ烁信d趣的友友們有所幫助。

實(shí)驗(yàn)要求：

某公司研發(fā)部和銷售部通過公司兩條專線（移動(dòng)和電信）與互聯(lián)網(wǎng)相連，路由器上接口GigabitEthernet0/0/0的公網(wǎng)地址為2.2.2.2/24，對(duì)端運(yùn)營(yíng)商側(cè)地址為2.2.2.1/24，研發(fā)部用戶希望使用移動(dòng)專線公網(wǎng)地址池中的地址（2.2.2.100～2.2.2.200）采用NAT方式替換內(nèi)部的主機(jī)地址（網(wǎng)段為192.168.1.0/24），訪問因特網(wǎng)。銷售部用戶希望使用電信專線的公網(wǎng)IP地址地址池（2.2.2.20～2.2.2.50）采用NAT方式替換內(nèi)部的主機(jī)地址（網(wǎng)段為192.168.2.0/24），訪問因特網(wǎng)。

實(shí)驗(yàn)拓?fù)洌?/h3>

配置思路：

配置接口的IP地址、默認(rèn)路由和在WAN接口下設(shè)置NAT出站，以實(shí)現(xiàn)各部門內(nèi)部主機(jī)所在的專線，訪問外部網(wǎng)絡(luò)服務(wù)的功能。

具體過程：

1、登錄路由器

sys Enter system view, return user view with Ctrl+Z. [Huawei]undo info [Huawei]undo info-center en [Huawei]undo info-center enable Info: Information center is disabled. [Huawei] [Huawei]

2、創(chuàng)建vlan

[Huawei]vlan batch 100 200 Info: This operation may take a few seconds. Please wait for a moment...done. [Huawei]

3、給vlan 設(shè)置ip，并將相關(guān)接口加入到vlan中

[Huawei]interface Vlanif 100 [Huawei-Vlanif100] [Huawei-Vlanif100]ip add [Huawei-Vlanif100]ip address 192.168.1.1 24 [Huawei-Vlanif100] [Huawei-Vlanif100]q [Huawei]int [Huawei]interface vlan [Huawei]interface Vlanif 200 [Huawei-Vlanif200]ip add [Huawei-Vlanif200]ip address 192.168.2.1 24 [Huawei-Vlanif200] [Huawei-Vlanif200]q [Huawei] Huawei]interface Ethernet 0/0/0 [Huawei-Ethernet0/0/0]port link [Huawei-Ethernet0/0/0]port link-type ac [Huawei-Ethernet0/0/0]port link-type access [Huawei-Ethernet0/0/0]port def [Huawei-Ethernet0/0/0]port default vlan 100 [Huawei-Ethernet0/0/0]q [Huawei]interf [Huawei]interface [Huawei]interface ethe [Huawei]interface Ethernet 0/0/1 [Huawei-Ethernet0/0/1]port link [Huawei-Ethernet0/0/1]port link-type acc [Huawei-Ethernet0/0/1]port link-type access [Huawei-Ethernet0/0/1]port def [Huawei-Ethernet0/0/1]port default vlan 200 [Huawei-Ethernet0/0/1]q [Huawei]

4、給連接外網(wǎng)的接口設(shè)置ip

[Huawei]interface GigabitEthernet 0/0/0 [Huawei-GigabitEthernet0/0/0]ip ad [Huawei-GigabitEthernet0/0/0]ip address 2.2.2.2 24 [Huawei-GigabitEthernet0/0/0] [Huawei-GigabitEthernet0/0/0] [Huawei-GigabitEthernet0/0/0]q

5、添加靜態(tài)路由

[Huawei] [Huawei]ip route-static 0.0.0.0 0.0.0.0 2.2.2.1

6、創(chuàng)建acl 規(guī)則，并設(shè)置nat 轉(zhuǎn)換，應(yīng)用到出接口

Huawei]nat address-group 1 2.2.2.100 2.2.2.200 [Huawei]nat address-group 2 2.2.2.20 2.2.2.50 [Huawei] [Huawei]acl 2000 [Huawei-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255 [Huawei-acl-basic-2000]q [Huawei]acl 2001 [Huawei-acl-basic-2001]rule 5 permit source 192.168.2.0 0.0.0.255 [Huawei-acl-basic-2001]q [Huawei] [Huawei]interface GigabitEthernet 0/0/0 [Huawei-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat [Huawei-GigabitEthernet0/0/0]nat outbound 2001 address-group 2 [Huawei-GigabitEthernet0/0/0]q [Huawei] [Huawei]

7、查看

Huawei]dis nat outbound NAT Outbound Information: -------------------------------------------------------------------------- Interface Acl Address-group/IP/Interface Type -------------------------------------------------------------------------- GigabitEthernet0/0/0 2000 1 no-pat GigabitEthernet0/0/0 2001 2 pat -------------------------------------------------------------------------- Total : 2 [Huawei]

8、測(cè)試

1）路由器上進(jìn)行測(cè)試

[Huawei]ping -a 192.168.1.1 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 2.2.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms [Huawei]

2）通過PC測(cè)試

寫在最后：

自我設(shè)限，固步自封，唯有突破極限，才能發(fā)掘潛能。以上就是本期整理的《如何在華為路由器上配置動(dòng)態(tài)地址轉(zhuǎn)換》，自己經(jīng)歷過的風(fēng)雨，所以知道你也會(huì)堅(jiān)強(qiáng)。你的【評(píng)論】+【點(diǎn)贊】+【關(guān)注】，我會(huì)自動(dòng)解讀為認(rèn)可。

作者簡(jiǎn)介：