# huawei--流策略+NAT+单臂路由
huawei--流策略+NAT+单臂路由
项目要求:
公司内部有两个网段,分别为192.168.1.0/24和192.168.2.0/24,使用路由器R1实现单臂路由,并配置流策略,使192.168.1.0/24的网段访问ISP1,192.168.2.0/24的网段访问ISP2。公司要访问internet公网,需要配置NAT实现私网地址转换公网地址,ISP1的地址范围为202.100.1.3~202.100.1.9;ISP2的地址范围为104.114.128.3~104.114.128.9。
IP地址规划表:
| 设备 | 端口 | IP地址/端口绑定的vlan |
|---|---|---|
| ISP1 | GE0/0/1 | 202.100.1.1/24 |
| ISP2 | GE0/0/2 | 104.114.128.1/24 |
| R1 | GE0/0/0.1 | 192.168.1.1/24 |
| R1 | GE0/0/0.2 | 192.168.2.1/24 |
| R1 | GE0/0/1 | 202.100.1.2/24 |
| R1 | GE0/0/2 | 104.114.128.2/24 |
| SW1 | GE0/0/1 | trunk vlan10 vlan20 |
| SW1 | eth0/0/1 | vlan10 |
| SW1 | eth0/0/2 | vlan20 |
| PC1 | eth0/0/1 | 192.168.1.2/24 |
| PC2 | eth0/0/1 | 192.168.2.1/24 |
配置步骤:
- 1、配置各设备的IP地址
- 2、配置单臂路由
- 3、R1创建并配置ACL3000,3001,3002
- 4、R1配置流分类
- 5、R1配置流行为
- 6、R1配置流策略
- 7、R1应用流策略
- 8、R1配置nat地址转换
- 9、R1应用nat
项目实施:
1、配置各设备的IP地址
ISP1
[ISP1]interface GigabitEthernet 0/0/1
[ISP1-GigabitEthernet0/0/1]ip address 202.100.1.1 255.255.255.0
ISP2
[ISP2]interface GigabitEthernet 0/0/2
[ISP2-GigabitEthernet0/0/2]ip address 104.114.128.1 255.255.255.0
R1
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 202.100.1.2 255.255.255.0
[R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip address 104.114.128.2 255.255.255.0
PC1
PC2
2、配置单臂路由
2-1、创建并放行vlan
SW1
[SW1]vlan batch 10 20
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[SW1-GigabitEthernet0/0/1]quit
[SW1]interface Ethernet0/0/1
[SW1-Ethernet0/0/1]port link-type access
[SW1-Ethernet0/0/1]port default vlan 10
[SW1-Ethernet0/0/1]quit
[SW1]interface Ethernet0/0/2
[SW1-Ethernet0/0/2]port link-type access
[SW1-Ethernet0/0/2]port default vlan 20
[SW1-Ethernet0/0/2]quit
2-2、配置路由子接口:
R1
[R1]interface GigabitEthernet 0/0/0.1
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 10
[R1-GigabitEthernet0/0/0.1]ip address 192.168.1.1 255.255.255.0
[R1-GigabitEthernet0/0/0.1]arp broadcast enable
[R1-GigabitEthernet0/0/0.1]quit
[R1]interface GigabitEthernet 0/0/0.2
[R1-GigabitEthernet0/0/0.2]dot1q termination vid 10
[R1-GigabitEthernet0/0/0.2]ip address 192.168.2.1 255.255.255.0
[R1-GigabitEthernet0/0/0.2]arp broadcast enable
[R1-GigabitEthernet0/0/0.2]quit
3、R1创建并配置ACL3000,3001,3002
[R1]acl 3000
[R1-acl-adv-3000]rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
[R1-acl-adv-3000]rule 10 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
[R1-acl-adv-3000]quit
[R1]acl 3001
[R1-acl-adv-3001]rule 5 permit ip source 192.168.1.0 0.0.0.255
[R1-acl-adv-3001]quit
[R1]acl 3002
[R1-acl-adv-3002]rule 5 permit ip source 192.168.2.0 0.0.0.255
[R1-acl-adv-3002]quit
4、R1配置流分类
[R1]traffic classifier c0
[R1-classifier-c0]if-match acl 3000
[R1-classifier-c0]quit
[R1]traffic classifier c1
[R1-classifier-c1]if-match acl 3001
[R1-classifier-c1]quit
[R1]traffic classifier c2
[R1-classifier-c2]if-match acl 3002
[R1-classifier-c2]quit
5、R1配置流行为
[R1]traffic behavior b0
[R1-behavior-b0]permit
[R1-behavior-b0]quit
[R1]traffic behavior b1
[R1-behavior-b1]redirect ip-nexthop 202.100.1.1
[R1-behavior-b1]quit
[R1]traffic behavior b2
[R1-behavior-b2]redirect ip-nexthop 104.114.128.1
[R1-behavior-b2]quit
6、R1配置流策略
[R1]traffic policy p1
[R1-trafficpolicy-p1]classifier c0 behavior b0
[R1-trafficpolicy-p1]classifier c1 behavior b1
[R1-trafficpolicy-p1]classifier c2 behavior b2
7、R1应用流策略
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]traffic-policy p1 inbound
8、R1配置nat地址转换
8-1、配置nat地址池
[R1]nat address-group 0 202.100.1.3 202.100.1.9
[R1]nat address-group 1 104.114.128.3 104.114.128.9
8-2、配置nat黑洞
[R1]ip route-static 202.100.1.3 32 NULL 0
[R1]ip route-static 202.100.1.4 32 NULL 0
[R1]ip route-static 202.100.1.5 32 NULL 0
[R1]ip route-static 202.100.1.6 32 NULL 0
[R1]ip route-static 202.100.1.7 32 NULL 0
[R1]ip route-static 202.100.1.8 32 NULL 0
[R1]ip route-static 202.100.1.9 32 NULL 0
[R1]ip route-static 104.114.128.3 32 NULL 0
[R1]ip route-static 104.114.128.4 32 NULL 0
[R1]ip route-static 104.114.128.5 32 NULL 0
[R1]ip route-static 104.114.128.6 32 NULL 0
[R1]ip route-static 104.114.128.7 32 NULL 0
[R1]ip route-static 104.114.128.8 32 NULL 0
[R1]ip route-static 104.114.128.9 32 NULL 0
9、R1应用nat
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 3001 address-group 0 no-pat
[R1-GigabitEthernet0/0/1]quit
[R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]nat outbound 3002 address-group 1 no-pat
[R1-GigabitEthernet0/0/2]quit
PC1访问ISP1
PC2访问ISP2
最新文章
- [.NET] C# 知识回顾 - 委托 delegate (续)
- 原生js写的贪吃蛇网页版游戏特效
- 使用clusterprofile做聚类分析
- oracle中分组排序函数用法 - 转
- Could not find a transformer to transform "SimpleDataType{type=org.mule.transport.NullPayload
- hdu1051 Wooden Sticks
- Storm系列(十六)架构分析之Executor-Bolt
- [Data Structure] 红黑树( Red-Black Tree ) - 笔记
- JDBC事务和JTA事务的区别
- textFiled输入字数的控制问题之—把带输入的拼音也判断了
- 关于Springboot整合mybatis启动的问题
- 每周.NET前沿技术文章摘要(2017-05-24)
- bootstrap 导航栏鼠标悬停显示下拉菜单
- 如何限制用户仅通过HTTPS方式访问OSS?
- ibatis项目应用
- SQLI DUMB SERIES-20
- 【转】10 个很有用的 jQuery 弹出层提示插件
- x64 assembler fun-facts(转载)
- redis的key越来越多,对速度是否有影响
- 标准库 time