搭建实验环境如下(其中AR4为外网):
二丶配置缺省路由(AR3为边界路由器)及接口IP
边界路由AR3
[AR3]rip 1
[AR3-rip-1]version 2
[AR3-rip-1]default-route originate
[AR3-rip-1]
Sep 30 2019 22:02:28-08:00 AR3 %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEther
net0/0/2 has turned into UP state.
[AR3-rip-1]q
[AR3]ip route-static 0.0.0.0 0 GigabitEthernet 0/0/2
[AR3]interface g0/0/2
[AR3-GigabitEthernet0/0/2]ip address 100.1.1.1 24
[AR3-GigabitEthernet0/0/2]q
外网
[AR4]interface g0/0/0
[AR4-GigabitEthernet0/0/0]ip address 100.1.1.2 24
[AR4-GigabitEthernet0/0/0]q
三丶定义地址池
[AR3]nat address-group 1 100.1.1.3 100.1.1.10
[AR3]acl 2000 //抓取流量
[AR3-acl-basic-2000]rule permit source any //若要使用部分则写需要反掩码
[AR3-acl-basic-2000]q
[AR3]interface g0/0/2
[AR3-GigabitEthernet0/0/2]nat outbound 2000 address-group 1 no-pat
1.通过PC1访问外网成功
2.外网登录内网
设置远程登录
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4]authentication-mode password
Please configure the login password (maximum length 16):huawei
地址映射
[AR3]interface g0/0/2
[AR3-GigabitEthernet0/0/2]nat static global 100.1.1.11 inside 12.1.1.1
[AR3-GigabitEthernet0/0/2]q
结果如下:
