NAT
Network Switching Technology
Introduction
Nat is a network address translation technology. To put it bluntly, it is because IPv4 addresses are not enough. Nat technology emerged to solve this problem. Nat is mainly used to allow the internal network to access the external network, because when a private network address such as 192.168.1.1 accesses a public network address, the data cannot return after reaching the public network address.
1. Static NAT
Features:
- Each private address has a corresponding and fixed public address, and the corresponding relationship between private addresses and public addresses is 1:1 mapping.
- Supports two-way mutual access. After the private address access is transformed through the routing device NAT, the source IP address of the data will be converted into the mapped public address. At the same time, when the data returns to the private address from the public address, when the data passes through the routing device, the corresponding The public address of the mapping relationship is then converted into the private address of the mapping relationship.
In short, static NAT is a 1:1 mapping relationship between public network addresses and private network addresses.
case:
The IP address in the figure shall prevail.
- Set the IP address and mask of each interface.
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip ad 12.0.0.99 24
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip ad 12.0.0.100 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip ad 200.1.1.254 24
- Add default route and static Nat on R1
[R1]ip route-static 0.0.0.0 0 12.0.0.100
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat static global 12.0.0.1 inside 192.168.1.1
- Note that the default route must be added to allow the network data of the private network to find the correct exit. When nat is configured, do not configure the public network address on the interface, and it can be configured on the interface, or directly
nat static global 公网ip inside 私网ip
in Configure in the system view, but it needs to be enabled on the interfacenat static enable
, so it is better to configure directly on the interface.
At this time, 192.168.1.1 of PC1 can ping 200.1.1.1 of the public network address.
nat static global 公网ip inside 私网ip
nat static enable
2. Dynamic NAT
Static NAT is to map the public network IP and private network IP 1: 1. However, if the mapping configuration is performed every time, it is too cumbersome, so you can directly use a public network address pool, and each time the private network needs to access the public network , A public network IP is allocated from the address pool to use when going out from the routing device, so that there is no need for tedious configuration.
- First create an address pool
nat address-group 地址池编号 公网ip起始地址 公网ip终止地址
, such asnat address-group 1 12.1.2.1 12.1.2.10
means to create a nat address pool numbered 1, with addresses ranging from 12.1.2.1 to 12.1.2.10, a total of 10 public network addresses. - Configure acl rules to allow private network addresses using dynamic nat.
nat number 2000
rule permit source 192.168.1.0 24
rule permit source ip地址 掩码
- Configure outbound no-pat on the interface
nat outbound acl-number address-group-number [no-pat]
nat outbound 2000 1 no-pat
here refers to not using port translation.
The following are examples:
[Huawei]ip route-static 0.0.0.0 0 12.0.0.100
[Huawei]nat address-group 0 12.0.0.1 12.0.0.10
[Huawei]acl number 2000
[Huawei-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 0 no-pat
The ip address is roughly the same as that in Figure 1, check it yourself. The command lists only the most important steps. The result is as follows.