Shulou(Shulou.com)06/02 Report--

Experiment name: Huawei pat address translation and intranet web server release

Experimental topology diagram:

3. Experimental purpose:

1. Convert the internal network to the external network through pat.

two。 Use static pat to do port mapping and publish web server

3. Configure the switch for remote login

4. Address planning

Client 1--web: 192.168.1.2 / 24

Gateway 192.168.1.254

Client 2: 192.168.1.1 / 24

Gateway 192.168..1.254

Lsw1 Management IP: 192.168.1.3 / 24

AR3- Gateway: 192.168.1.254

Public network: g0Compact 0: 100.1.1.1Accord24

AR4: g0/0/0: 100.1.1.2 g0/0/1: 100.1.2.254

Client client4 of public network: 100.1.2.1 / 24

5. Configuration idea: as far as I know, in reality, general configuration, first configure border devices, and finally configure each terminal, so today my thinking has also changed.

# first configure the IP address of the AR3 gateway device, the IP address of the AR4, as well as the management IP address of the switch, and finally the IP address of each terminal, and then do the PAT translation to make the internal network accessible to the external network, and finally publish the internal network web server to make the external network accessible, and then configure the telnet function of the switch.

6. Operation steps:

First configure the IP address of the gateway device AR3

Intface 0/0/1

Ip address 192.168.1.254 255.255.255.0

Undo shutdown

Interace 0/0/0

Ip address 100.1.1.1 255.255.255.0

Undo shutdown

# configure the IP address of AR4

Interface g0/0/0

Ip address 100.1.1.2 255.255.255.0

Undo shutdown

Interface g0/0/1

Ip address 100.1.2.254 255.255.255.0

Undo shutdown

# configure the ip address of the public network client

Ip address 100.1.2.1 255.255.255.0

Undo shutdown

# configure the management ip address of switch lsw1

Interface van 1

Ip address 192.168.1.3 255.255.255.0 / Huawei default interface cannot be configured with ip address, it can only be configured to virtual port

# configure the ip address of the web server and the ip address of client2

Ip address 192.168.1.1 255.255.255.0

Configuration on gateway 192.168.1.254 / / client2

Ip address 192.168.1.2 255.255.255.0

Gateway 192.168.1.254 / / ip address of the web server

# all ip addresses have been allocated

# next, configure pat address translation on the gateway device AR3, so that the internal network can access the external network

# acl 2000

Rule 5 permit source 192.168.1.0 0.0.0.255 / / create acl, address pool that is allowed to be translated

Interface g0/0/0

Nat outbund 2000

# then configure the default route to the 100.1.2.0 network segment on the gateway device

Ip route 0.0.0.0 0.0.0.0 100.1.1.2 / / nat conversion. When you go out, check the routing edge first, and then check the nat table. When you come back, it is just the opposite.

Ip route 0.0.0.0 0.0.0.0 192.168.1.254 / / because Huawei switch cannot configure gateway by default, Cisco can. If you want to manage remotely, you must configure a route to the external network.

# Test with the command display nat session all, as shown in the following figure

# the figure above shows that nat has translated the private network address

# next configure static pat, publish private network web server, and remote private network core switch lsw1

Interface g 0/0/0

Nat server protocol tcp global current-interface 8080 inside 192.168.1.2 80

Nat server protocol tcp global current-interface 8888 inside 192.168.1.3 23

Verify and test, enter from the external network client:

Http: / / 100.1.1.1virtual 8080 test: as shown in the following figure

# next configure the remote login feature of the switch

# user-interface vty 0 4

Set authentication password simple / cipher 123 / / simple: plaintext, cipher: ciphertext

Protocol inbound telnet / / turns on the telnet function of the switch, which is turned off by default and the router is turned on by default

User privilege level 15 / / highest level is 15

# remotely log in to LSW1 on the gateway device, as shown in the following figure

Telnet 192.168.1.3

# next, remotely log in to lsw1 on AR4: telnet 100.1.1.1 8888, as shown below:

# the above illustration shows that it has been successful

Summary: in fact, the most commonly used in reality is the dynamic address translation of pat and the static release of pat intranet servers (that is, port mapping), while others should not be used much.

_ _ _ end

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.