公司有一条联通专线,有6个可用外网IP,MSR 通过一个Wan口链接运营商设备,LAN口接交换机,现在有6台电脑想要通过不同的外网IP访问互联网,请问该如何配置?试过配置多个一对一映射,配置后出现ARP冲突问题,同时在内网配置多个vlan,每个vlan if接口配置不同网段地址,出现只有一个vlan if网段可访问互联网,以前都是用web配置路由器,现在还在学习阶段,希望有高手帮忙看下是什么问题
(0)
最佳答案
您好,请知:
1、由于申请了多个外网IP地址,无需进行一对一的转换,使用basic NAT的方式,创建NAT地址池,让内网的业务IP进行动态的转换就可以了,这样又可以实现不同内网IP使用不同的外网地址去访问外网资源。
2、以下是basic NAT的典型组网配置案例链接,请参考:
https://zhiliao.h3c.com/theme/details/101783
3、以下是MSR2600的用户手册链接,请参考:
https://www.h3c.com/cn/Service/Document_Software/Document_Center/Routers/Catalog/MSR/MSR_2600/
4、另外如果让内网的所有网段都访问外网,需要设置ACL允许所有通过,与nat outbound address-group就行绑定即可。
(0)
请问我的拓扑和2,basic nat的典型组网配置不一样,我是在g5/0口下接一台交换机,然后把几台内网pc接到交换机上,请问需要怎么配置?
您好,是路由器的G5/0口直接接的交换机吗?这要看网关是哪里。如果网关在路由器上,路由器与交换机走trunk,交换机上创建VLAN,并将VLAN划分到端口;如果网关在交换机上,则交换机与路由器走三层互联及相互的路由指向或发布。
网关在路由器上,我在路由器的出口接口G0/0上配置命令nat noubound 2000 address-group 1 no-pat后内网PC无法上网了
您好,具体的ACL、NAT的配置是怎么样的呢?另外是否有配置默认路由往外网丢?
<H3C>dis cur # version 7.1.064, Release 0707P16 # sysname H3C # telnet server enable # dialer-group 1 rule ip permit dialer-group 2 rule ip permit # nat address-group 1 address 221.4.12.66 221.4.12.68 # dhcp enable dhcp server always-broadcast # dns proxy enable # password-recovery enable # vlan 1 # vlan 2 # dhcp server ip-pool lan1 gateway-list 192.168.14.1 network 192.168.14.0 mask 255.255.255.0 address range 192.168.14.230 192.168.14.240 dns-list 221.5.88.88 # policy-based-route aaa permit node 30 # controller Cellular0/0 # interface Aux0 # interface Dialer0 bandwidth 1000000 ppp chap password cipher $c$3$Abzea8ltnYjngXDafuqq7VDbe+7r/Xsb+Uvu ppp chap user ADSL000000 ppp ipcp dns admit-any ppp ipcp dns request ppp pap local-user 02006871836 password cipher $c$3$uAFpNLcrLXTQQc/rv6LroyTgB87b/1K48dFS dialer bundle enable dialer-group 1 dialer timer idle 0 dialer timer autodial 5 ip address ppp-negotiate nat outbound # interface Dialer1 bandwidth 1000000 ppp chap password cipher $c$3$4nMHOVqt0qyJSom2FH9QeCWGtfDeyVa6ULtZ ppp chap user ADSL000000 ppp ipcp dns admit-any ppp ipcp dns request ppp pap local-user 0203201857031 password cipher $c$3$57yGrmyHwyDQdWEk2douzdKcVkWP4/YU2wLW dialer bundle enable dialer-group 2 dialer timer idle 0 dialer timer autodial 5 ip address ppp-negotiate nat outbound # interface NULL0 # interface Vlan-interface1 ip address 192.168.14.1 255.255.255.0 tcp mss 1280 ip policy-based-route aaa # interface Vlan-interface2 ip address 192.168.15.1 255.255.255.0 # interface GigabitEthernet0/0 port link-mode route description Multiple_Line bandwidth 1000000 ip address 221.4.12.66 255.255.255.248 dns server 210.21.4.130 dns server 221.5.88.88 nat outbound nat outbound 2000 address-group 1 no-pat # interface GigabitEthernet0/1 port link-mode route description Multiple_Line pppoe-client dial-bundle-number 1 # interface GigabitEthernet0/2 port link-mode route description Multiple_Line pppoe-client dial-bundle-number 0 # interface GigabitEthernet0/3 port link-mode route # interface GigabitEthernet0/4 port link-mode route # interface GigabitEthernet0/5 port link-mode route # interface GigabitEthernet0/6 port link-mode bridge port link-type hybrid port hybrid vlan 1 untagged # interface GigabitEthernet0/7 port link-mode bridge # interface GigabitEthernet0/8 port link-mode bridge # interface GigabitEthernet0/9 port link-mode bridge # scheduler logfile size 16 # line class aux user-role network-admin # line class tty user-role network-operator # line class usb user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-operator # ip route-static 0.0.0.0 0 Dialer0 ip route-static 0.0.0.0 0 Dialer1 ip route-static 0.0.0.0 0 GigabitEthernet0/0 221.4.12.65 # acl basic 2000 rule 0 permit # acl advanced 3000 rule 0 permit ip source 192.168.15.0 0.0.0.255 # acl advanced 3001 rule 0 permit ip source 192.168.14.0 0.0.0.255 # acl advanced 3002 # password-control enable undo password-control aging enable undo password-control history enable password-control length 6 password-control login-attempt 3 exceed lock-time 10 password-control update-interval 0 password-control login idle-time 0 password-control complexity user-name check # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage service-type telnet http authorization-attribute user-role network-admin # ip http enable # wlan global-configuration # wlan ap-group default-group vlan 1 # cloud-management server domain oasis.h3c.com # 现在的配置是这样的,外网有3条线路,2条ADSL,一条专线,路由器G0/6连接H3C S5120交换,交换机没做任何配置,内网需要划分几个不同的子网,例如:192.168.14.0/24、192.168.3.0/24、192.168.8.0/24,请问要怎么配置,才能是内网不同网段通过不同的线路访问外网,14段有几台电脑是需要单独配置固定的外网地址的
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
<H3C>dis cur # version 7.1.064, Release 0707P16 # sysname H3C # telnet server enable # dialer-group 1 rule ip permit dialer-group 2 rule ip permit # nat address-group 1 address 221.4.12.66 221.4.12.68 # dhcp enable dhcp server always-broadcast # dns proxy enable # password-recovery enable # vlan 1 # vlan 2 # dhcp server ip-pool lan1 gateway-list 192.168.14.1 network 192.168.14.0 mask 255.255.255.0 address range 192.168.14.230 192.168.14.240 dns-list 221.5.88.88 # policy-based-route aaa permit node 30 # controller Cellular0/0 # interface Aux0 # interface Dialer0 bandwidth 1000000 ppp chap password cipher $c$3$Abzea8ltnYjngXDafuqq7VDbe+7r/Xsb+Uvu ppp chap user ADSL000000 ppp ipcp dns admit-any ppp ipcp dns request ppp pap local-user 02006871836 password cipher $c$3$uAFpNLcrLXTQQc/rv6LroyTgB87b/1K48dFS dialer bundle enable dialer-group 1 dialer timer idle 0 dialer timer autodial 5 ip address ppp-negotiate nat outbound # interface Dialer1 bandwidth 1000000 ppp chap password cipher $c$3$4nMHOVqt0qyJSom2FH9QeCWGtfDeyVa6ULtZ ppp chap user ADSL000000 ppp ipcp dns admit-any ppp ipcp dns request ppp pap local-user 0203201857031 password cipher $c$3$57yGrmyHwyDQdWEk2douzdKcVkWP4/YU2wLW dialer bundle enable dialer-group 2 dialer timer idle 0 dialer timer autodial 5 ip address ppp-negotiate nat outbound # interface NULL0 # interface Vlan-interface1 ip address 192.168.14.1 255.255.255.0 tcp mss 1280 ip policy-based-route aaa # interface Vlan-interface2 ip address 192.168.15.1 255.255.255.0 # interface GigabitEthernet0/0 port link-mode route description Multiple_Line bandwidth 1000000 ip address 221.4.12.66 255.255.255.248 dns server 210.21.4.130 dns server 221.5.88.88 nat outbound nat outbound 2000 address-group 1 no-pat # interface GigabitEthernet0/1 port link-mode route description Multiple_Line pppoe-client dial-bundle-number 1 # interface GigabitEthernet0/2 port link-mode route description Multiple_Line pppoe-client dial-bundle-number 0 # interface GigabitEthernet0/3 port link-mode route # interface GigabitEthernet0/4 port link-mode route # interface GigabitEthernet0/5 port link-mode route # interface GigabitEthernet0/6 port link-mode bridge port link-type hybrid port hybrid vlan 1 untagged # interface GigabitEthernet0/7 port link-mode bridge # interface GigabitEthernet0/8 port link-mode bridge # interface GigabitEthernet0/9 port link-mode bridge # scheduler logfile size 16 # line class aux user-role network-admin # line class tty user-role network-operator # line class usb user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-operator # ip route-static 0.0.0.0 0 Dialer0 ip route-static 0.0.0.0 0 Dialer1 ip route-static 0.0.0.0 0 GigabitEthernet0/0 221.4.12.65 # acl basic 2000 rule 0 permit # acl advanced 3000 rule 0 permit ip source 192.168.15.0 0.0.0.255 # acl advanced 3001 rule 0 permit ip source 192.168.14.0 0.0.0.255 # acl advanced 3002 # password-control enable undo password-control aging enable undo password-control history enable password-control length 6 password-control login-attempt 3 exceed lock-time 10 password-control update-interval 0 password-control login idle-time 0 password-control complexity user-name check # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage service-type telnet http authorization-attribute user-role network-admin # ip http enable # wlan global-configuration # wlan ap-group default-group vlan 1 # cloud-management server domain oasis.h3c.com # 现在的配置是这样的,外网有3条线路,2条ADSL,一条专线,路由器G0/6连接H3C S5120交换,交换机没做任何配置,内网需要划分几个不同的子网,例如:192.168.14.0/24、192.168.3.0/24、192.168.8.0/24,请问要怎么配置,才能是内网不同网段通过不同的线路访问外网,14段有几台电脑是需要单独配置固定的外网地址的