1、网络拓扑图

动态NAT配置_NAT

2、配置核心内容

1)创建NAT地址池

nat address-group 1 100.1.1.10 100.1.1.100 //1为地址组索引号0-7

2)筛选感应兴趣流

acl number 2000

rule 5 permit source 10.1.1.0 0.0.0.255//0.0.0.255是反掩码

rule 10 deny source any

3)NAT调用地址组

nat outbound 2000 address-group 1 no-pat //no-pat表示不做端口转换

4)添加对外的缺省路由

IP route-static 0.0.0.0 0 100.1.1.2//下一跳

3、具体配置内容

<r2>display current-configuration  

[V200R003C00]

#

sysname r2

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load portalpage.zip

#

drop illegal-mac alarm

#

set cpu-usage threshold 80 restore 75

#

dhcp enable

#

acl number 2000  //第二步

rule 5 permit source 10.1.1.0 0.0.0.255  

#

ip pool dhcpvlan10

gateway-list 10.1.1.1  

network 10.1.1.0 mask 255.255.255.0  

lease day 10 hour 0 minute 0  

dns-list 8.8.8.8  

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

nat address-group 1 100.1.1.10 100.1.1.100//第一步

#

interface GigabitEthernet0/0/0

ip address 10.1.1.2 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip address 100.1.1.1 255.255.255.0  

nat outbound 2000 address-group 1  //第三步

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 100.1.1.2 //第四步

#

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

<r2>

4、结果

动态NAT配置_网络拓扑_02