動態(tài)地址轉換（Dynamic NAT）是一種網(wǎng)絡地址轉換技術，它能夠?qū)?nèi)部網(wǎng)絡的私有IP地址動態(tài)映射到公網(wǎng)IP地址，從而實現(xiàn)內(nèi)部網(wǎng)絡主機訪問外部網(wǎng)絡的功能。在華為路由器上配置動態(tài)地址轉換可以幫助您更好地管理內(nèi)部網(wǎng)絡主機的訪問權限，并提高網(wǎng)絡安全性。本文將為您詳細介紹如何在華為路由器上配置動態(tài)地址轉換，希望能夠?qū)Υ烁信d趣的友友們有所幫助。

實驗要求：

某公司研發(fā)部和銷售部通過公司兩條專線（移動和電信）與互聯(lián)網(wǎng)相連，路由器上接口GigabitEthe.NET0/0/0的公網(wǎng)地址為2.2.2.2/24，對端運營商側地址為2.2.2.1/24，研發(fā)部用戶希望使用移動專線公網(wǎng)地址池中的地址（2.2.2.100～2.2.2.200）采用NAT方式替換內(nèi)部的主機地址（網(wǎng)段為192.168.1.0/24），訪問因特網(wǎng)。銷售部用戶希望使用電信專線的公網(wǎng)IP地址地址池（2.2.2.20～2.2.2.50）采用NAT方式替換內(nèi)部的主機地址（網(wǎng)段為192.168.2.0/24），訪問因特網(wǎng)。

實驗拓撲：

配置思路：

配置接口的IP地址、默認路由和在WAN接口下設置NAT出站，以實現(xiàn)各部門內(nèi)部主機所在的專線，訪問外部網(wǎng)絡服務的功能。

具體過程：

1、登錄路由器

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info	
[Huawei]undo info-center en	
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]
[Huawei]

2、創(chuàng)建vlan

[Huawei]vlan batch 100 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]

3、給vlan 設置ip，并將相關接口加入到vlan中

[Huawei]interface Vlanif 100
[Huawei-Vlanif100]
[Huawei-Vlanif100]ip add	
[Huawei-Vlanif100]ip address 192.168.1.1 24
[Huawei-Vlanif100]
[Huawei-Vlanif100]q
[Huawei]int	
[Huawei]interface vlan	
[Huawei]interface Vlanif 200
[Huawei-Vlanif200]ip add	
[Huawei-Vlanif200]ip address 192.168.2.1 24
[Huawei-Vlanif200]
[Huawei-Vlanif200]q
[Huawei]
Huawei]interface Ethernet 0/0/0
[Huawei-Ethernet0/0/0]port link	
[Huawei-Ethernet0/0/0]port link-type ac	
[Huawei-Ethernet0/0/0]port link-type access 
[Huawei-Ethernet0/0/0]port def	
[Huawei-Ethernet0/0/0]port default vlan 100
[Huawei-Ethernet0/0/0]q
[Huawei]interf	
[Huawei]interface 
[Huawei]interface ethe	
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link	
[Huawei-Ethernet0/0/1]port link-type acc	
[Huawei-Ethernet0/0/1]port link-type access 
[Huawei-Ethernet0/0/1]port def	
[Huawei-Ethernet0/0/1]port default vlan 200
[Huawei-Ethernet0/0/1]q
[Huawei]

4、給連接外網(wǎng)的接口設置ip

[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip ad	
[Huawei-GigabitEthernet0/0/0]ip address 2.2.2.2 24
[Huawei-GigabitEthernet0/0/0]
[Huawei-GigabitEthernet0/0/0]
[Huawei-GigabitEthernet0/0/0]q

5、添加靜態(tài)路由

[Huawei]
[Huawei]ip route-static 0.0.0.0 0.0.0.0 2.2.2.1

6、創(chuàng)建acl 規(guī)則，并設置nat 轉換，應用到出接口

Huawei]nat address-group 1 2.2.2.100 2.2.2.200
[Huawei]nat address-group 2 2.2.2.20 2.2.2.50
[Huawei]
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2000]q
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule 5 permit source 192.168.2.0 0.0.0.255
[Huawei-acl-basic-2001]q
[Huawei]
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat 
[Huawei-GigabitEthernet0/0/0]nat outbound 2001 address-group 2
[Huawei-GigabitEthernet0/0/0]q
[Huawei]
[Huawei]

7、查看

Huawei]dis nat outbound 
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 GigabitEthernet0/0/0         2000                              1    no-pat
 GigabitEthernet0/0/0         2001                              2       pat
 --------------------------------------------------------------------------
  Total : 2
[Huawei]

8、測試

1）路由器上進行測試

[Huawei]ping -a 192.168.1.1 2.2.2.2
  PING 2.2.2.2: 56  data bytes, press CTRL_C to break
    Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms
    Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms
    Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=1 ms
    Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms

  --- 2.2.2.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/1/1 ms

[Huawei]

2）通過PC測試