Topology
1. Establish a local area network
AR1, LSW1, PC1, PC2, and PC3 are connected in order to form a local area network.
Configure the terminal IP address
In addition to configuring the IP address and subnet mask, configure the gateway 192.168.1.254. In this practice, the gateways of all terminals under the same gateway router are the same, 192.168.1.254.
Configure router IP address
system-view
interface g0/0/4
ip address 192.168.1.254 255.255.255.0
2. Set up a simulated Internet
AR2 and PC4 are connected to form a simulated Internet.
Configure the terminal IP address
PC4 simulates the Baidu server, configure the IP address as 122.80.248.76 and the subnet mask as 255.255.255.0, and also configure the gateway as 112.80.248.254.
Configure router IP address
system-view
interface g0/0/1
ip address 112.80.248.254 255.255.255.0
3. Connection
AR1 is connected to AR2
Manually add routes
ip route-static 112.80.248.0 255.255.255.0 100.1.1.10
Command explanation:
ip route-static is a fixed format;
112.80.248.0 is the network segment of the target IP address;
255.255.255.0 is the subnet mask of the target IP address;
100.1.1.10 is the IP of the interface connecting the gateway to which the target IP belongs and the LAN gateway .
view routing table
display ip routing-table 112.80.248.76
LAN access simulates the Internet successfully! ! !
Connect AR1 by AR2
Precautions
The public network cannot be connected to the private network like the private network is connected to the public network, that is, the above method of connecting the private network to the public network cannot be used.
The public network uses NAT technology to connect to the private network
NAT: Network Address Translation (NAT, Network Address Translation) technology, as one of the effective solutions to the problem of address shortage, realizes the function of private network accessing public network by converting private IP addresses into public IP addresses.
create acl
acl 2000
rule permit source 192.168.1.0 0.0.0.255
Command explanation:
acl 2000: create an acl numbered 2000;
rule permit source: fixed format, select the data packet whose source address is 192.168.1.0;
192.168.1.0: the network segment to which the LAN terminal device belongs;
0.0.0.255: the LAN terminal device The opposite of the subnet mask, I call it the anti-mask, maybe people have their own names.
Transfer public network IP
nat address-group 1 100.1.1.2 100.1.1.6
Command explanation:
nat address-group: fixed format, translation address group;
1: number of translation address group;
100.1.1.2 100.1.1.6: specific members of translation address group. It contains five public IPs from .2 to .6.
Write interface rules for AR1
interface g0/0/1
nat outbound 2000 address-group 1
Command explanation:
interface g0/0/1: enter the interface g0/0/1 of AR1
nat outbound 2000 address-group 1: convert the data packets of acl2000 to the public network address of address-group 1.
check connection status
Enter the command line ping 112.80.1248.76 on PC2 
to connect successfully! ! !