Configuration procedure, Dynamic nat configuration example, Network requirements – H3C Technologies H3C S12500 Series Switches User Manual
Page 124
110
Configuration procedure
# Specify IP addresses for the interfaces, as shown in
. (Details not shown.)
# Configure an one-to-one static NAT mapping.
<Device> system-view
[Device] nat static 10.110.10.8 202.38.1.100
# Enable static NAT on VLAN-interface 20.
[Device] interface Vlan-interface 20
[Device-Vlan-interface20] nat outbound static
[Device-Vlan-interface20] quit
Dynamic NAT configuration example
Network requirements
As shown in
, a company has three public IP addresses in the range of 202.38.1.1/24 to
202.38.1.3/24, and an internal network address of 10.110.0.0/16. The company has the following
requirements:
•
The internal users in subnet 10.110.10.0/24 can access the Internet using public IP addresses
202.38.1.2 and 202.38.1.3, but users in other network segments cannot.
•
Configure the upper and lower limits of connections sourced from 10.110.10.100 as 1000 and 200
respectively.
Figure 50 Network diagram
Configuration procedure
# Specify IP addresses for the interfaces, as shown in
. (Details not shown.)
# Configure address pool 1.
<Device> system-view
[Device] nat address-group 1 202.38.1.2 202.38.1.3
# Configure ACL 2001, and create a rule to permit only users from network segment 10.110.10.0/24 to
access the Internet.
[Device] acl number 2001
[Device-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Device-acl-basic-2001] rule deny
[Device-acl-basic-2001] quit
# Associate address pool 1 and ACL 2001 with the outbound interface VLAN-interface 20.