Huawei dynamic NAT configuration [command details, code explanation]

topology

configuration

Configure border router AR1

Configure the interface IP address

int g0/0/0
ip add 192.168.0.254 24
int g/0/0/1
ip add 100.100.12.1 24

Configure a dynamic address pool

nat address-group 1 100.100.12.100 100.100.12.110

Command explanation: Create a dynamic nat address pool numbered 1, from 100.100.12.100 to 100.100.12.110.

Configure ACL matching

acl 2000
rule 5 permit source 192.168.0.0 0.0.0.255

Command explanation:
ACL is a matching tool,
the first command: create an ACL numbered 2000, the
second command: create a rule numbered 5 (rule 5), allowing the source IP address segment to be 192.168.0.0 subnet mask The packet with code 24 passes (permit source 192.168.0.0 0.0.0.255)

Configure dynamic NAT translation

int g0/0/1
nat outbound 2000 address-group 1 no-pat
command explanation: convert the source address of the outbound (outbound) data packet that meets ACL2000 to the public network address in address-group 1, and add the last no -pat.

Configure the external network device AR2

Configure the interface IP address

int g0/0/0
ip add 100.100.12.2 24

configure routing

ip route-static 192.168.0.0 24 100.100.12.1

Because AR2 is not in the same network segment as the internal terminal device, a route needs to be configured. However, AR1 does not need to configure routes, because AR1 is directly connected to internal terminal devices and AR2, and it will generate direct routes by itself.

Configure internal terminal device IP

How to configure how to configure!
But to configure it in the network segment of 192.168.0.0, it needs to be in the same network segment as the gateway device.
I use the interface DHCP, it is very simple, configure on AR1:
dhcp enable
int g0/0/0
dhcp select interface

detection

ping detection

Address Translation Detection

Enable packet capture on the g0/0/1 interface of AR1, and then ping 100.100.12.2, the following packets will be displayed.
Five links are made, each with a different address translation.

NPT

If no-pat in the nat outbound 2000 address-group 1 no-pat command is removed, the NAPT port is converted.

Have you seen the packet with IP between 100.100.12.100 and 100.100.12.110 (100.100.12.103), if you see it, the NAPT conversion is successful.

Summarize

The main configuration difference between dynamic NAT and static NAT is:
static only needs one nat static global command;
dynamic has three steps, need to configure ACL matching tool, need to create address pool, and perform dynamic address translation.
The configuration difference between dynamic NAT and NAPT is no-pat.
If they are in different network segments, routing configuration is also required.