1、网络拓扑图
2、配置核心内容
1)创建NAT地址池
nat address-group 1 100.1.1.10 100.1.1.100 //1为地址组索引号0-7
2)筛选感应兴趣流
acl number 2000
rule 5 permit source 10.1.1.0 0.0.0.255//0.0.0.255是反掩码
rule 10 deny source any
3)NAT调用地址组
nat outbound 2000 address-group 1 no-pat //no-pat表示不做端口转换
4)添加对外的缺省路由
IP route-static 0.0.0.0 0 100.1.1.2//下一跳
3、具体配置内容
<r2>display current-configuration
[V200R003C00]
#
sysname r2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl number 2000 //第二步
rule 5 permit source 10.1.1.0 0.0.0.255
#
ip pool dhcpvlan10
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.0
lease day 10 hour 0 minute 0
dns-list 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 1 100.1.1.10 100.1.1.100//第一步
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.1.1 255.255.255.0
nat outbound 2000 address-group 1 //第三步
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.2 //第四步
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r2>