Shulou(Shulou.com)06/01 Report--

NAT (network address translation) network address translation.

The function of NAT technology: to convert illegal private network addresses into legitimate public network addresses.

The advantages of NAT technology: saving public legal addresses, dealing with address overlap, enhancing flexibility and security.

NAT Technical Classification:

V static NAT: one-to-one translation. One private network address corresponds to one public network address.

V dynamic NAT: many-to-many translation, with multiple private network addresses corresponding to multiple public network addresses.

V PAT: Port multiplexing, many-to-one translation, multiple private network addresses corresponding to one public network address.

Cisco NAT related commands:

The idea of NAT transformation:

V determine the border router

V specify internal and external interfaces

V what kind of NAT will be implemented?

V for NAT conversion

Specify internal and external interfaces

Command

Description

(config-if) # ip nat inside

Specify inner interface

(config-if) # ip nat outside

Specify external interfac

Static NAT technology

(config) # ip nat inside source static 192.168.1.1 (private address) 202.96.134.1 (public address)

Dynamic NAT technology

(config) # access-list 1 permit 192.168.1.0 0.0.0.255

Specify an address range with ACL

(config) # ip nat pool a (pool name) 202.96.134.1 (start address) 202.96.134.10 (end address) netmask 255.255.255.0

Create a public network address pool

(config) # ip nat inside source list 1 pool a

Dynamic NAT conversion

PAT technology

(config) # access-list 1 permit 192.168.1.0 0.0.0.255

Specify an address range with ACL

(config) # ip nat inside source list 1 interface f0ap0 (public network interface) overload

PAT conversion

# show ip nat translations

View address translation

# clear ip nat translation *

Clear address translation entry

Huawei H3C related NAT commands:

Static NAT technology

Nat static protocol tcp global 202.96.134.1 www (public network address + protocol) inside 192.168.1.1 8080 (private network address + port)

Dynamic NAT technology

[huawei] acl 2000

Create ACL

[huawei-acl-basic-2000] rule 1 permit source 192.168.1.0 0.0.0.255

Define the range of private network addresses

[huawei] nat address-group 1 202.96.134.1 (start address) 202.96.134.10 (end address)

Create a public network address pool

[huawei-gigabitethernet0/0/3] nat outbound 2000 address-group 1 no-pat

Dynamic NAT conversion

PAT technology

[huawei] acl 2000

Create ACL

[huawei-acl-basic-2000] rule 1 permit source 192.168.1.0 0.0.0.255

Define the range of private network addresses

[huawei] nat address-group 1 202.96.134.1 (start address) 202.96.134.10 (end address)

Create a public network address pool

[huawei-gigabitethernet0/0/3] nat outbound 2000 address-group 1

PAT conversion

[huawei] dispaly nat outbound

View address translation

The function of NAT ALG is to do NAT conversion for some special protocols at the application level, in order to prevent NAT errors in normal NAT.

The protocols targeted by the NAT ALG function are DNS,FTP,RTSP,SIP and so on.

Command

Description

[huawei] nat alg all or dns or ftp enable

Enable the NAT ALG function

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.