• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

MSR2600-10-X1一对一映射配置

2020-07-11提问
  • 0关注
  • 1收藏,1526浏览
粉丝:0人 关注:1人

问题描述:

公司有一条联通专线,有6个可用外网IP,MSR 通过一个Wan口链接运营商设备,LAN口接交换机,现在有6台电脑想要通过不同的外网IP访问互联网,请问该如何配置?试过配置多个一对一映射,配置后出现ARP冲突问题,同时在内网配置多个vlan,每个vlan if接口配置不同网段地址,出现只有一个vlan if网段可访问互联网,以前都是用web配置路由器,现在还在学习阶段,希望有高手帮忙看下是什么问题

组网及组网描述:

最佳答案

已采纳
粉丝:135人 关注:6人

您好,请知:

1、由于申请了多个外网IP地址,无需进行一对一的转换,使用basic NAT的方式,创建NAT地址池,让内网的业务IP进行动态的转换就可以了,这样又可以实现不同内网IP使用不同的外网地址去访问外网资源。

2、以下是basic NAT的典型组网配置案例链接,请参考:

https://zhiliao.h3c.com/theme/details/101783

3、以下是MSR2600的用户手册链接,请参考:

https://www.h3c.com/cn/Service/Document_Software/Document_Center/Routers/Catalog/MSR/MSR_2600/

4、另外如果让内网的所有网段都访问外网,需要设置ACL允许所有通过,与nat outbound address-group就行绑定即可。

<H3C>dis cur # version 7.1.064, Release 0707P16 # sysname H3C # telnet server enable # dialer-group 1 rule ip permit dialer-group 2 rule ip permit # nat address-group 1 address 221.4.12.66 221.4.12.68 # dhcp enable dhcp server always-broadcast # dns proxy enable # password-recovery enable # vlan 1 # vlan 2 # dhcp server ip-pool lan1 gateway-list 192.168.14.1 network 192.168.14.0 mask 255.255.255.0 address range 192.168.14.230 192.168.14.240 dns-list 221.5.88.88 # policy-based-route aaa permit node 30 # controller Cellular0/0 # interface Aux0 # interface Dialer0 bandwidth 1000000 ppp chap password cipher $c$3$Abzea8ltnYjngXDafuqq7VDbe+7r/Xsb+Uvu ppp chap user ADSL000000 ppp ipcp dns admit-any ppp ipcp dns request ppp pap local-user 02006871836 password cipher $c$3$uAFpNLcrLXTQQc/rv6LroyTgB87b/1K48dFS dialer bundle enable dialer-group 1 dialer timer idle 0 dialer timer autodial 5 ip address ppp-negotiate nat outbound # interface Dialer1 bandwidth 1000000 ppp chap password cipher $c$3$4nMHOVqt0qyJSom2FH9QeCWGtfDeyVa6ULtZ ppp chap user ADSL000000 ppp ipcp dns admit-any ppp ipcp dns request ppp pap local-user 0203201857031 password cipher $c$3$57yGrmyHwyDQdWEk2douzdKcVkWP4/YU2wLW dialer bundle enable dialer-group 2 dialer timer idle 0 dialer timer autodial 5 ip address ppp-negotiate nat outbound # interface NULL0 # interface Vlan-interface1 ip address 192.168.14.1 255.255.255.0 tcp mss 1280 ip policy-based-route aaa # interface Vlan-interface2 ip address 192.168.15.1 255.255.255.0 # interface GigabitEthernet0/0 port link-mode route description Multiple_Line bandwidth 1000000 ip address 221.4.12.66 255.255.255.248 dns server 210.21.4.130 dns server 221.5.88.88 nat outbound nat outbound 2000 address-group 1 no-pat # interface GigabitEthernet0/1 port link-mode route description Multiple_Line pppoe-client dial-bundle-number 1 # interface GigabitEthernet0/2 port link-mode route description Multiple_Line pppoe-client dial-bundle-number 0 # interface GigabitEthernet0/3 port link-mode route # interface GigabitEthernet0/4 port link-mode route # interface GigabitEthernet0/5 port link-mode route # interface GigabitEthernet0/6 port link-mode bridge port link-type hybrid port hybrid vlan 1 untagged # interface GigabitEthernet0/7 port link-mode bridge # interface GigabitEthernet0/8 port link-mode bridge # interface GigabitEthernet0/9 port link-mode bridge # scheduler logfile size 16 # line class aux user-role network-admin # line class tty user-role network-operator # line class usb user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-operator # ip route-static 0.0.0.0 0 Dialer0 ip route-static 0.0.0.0 0 Dialer1 ip route-static 0.0.0.0 0 GigabitEthernet0/0 221.4.12.65 # acl basic 2000 rule 0 permit # acl advanced 3000 rule 0 permit ip source 192.168.15.0 0.0.0.255 # acl advanced 3001 rule 0 permit ip source 192.168.14.0 0.0.0.255 # acl advanced 3002 # password-control enable undo password-control aging enable undo password-control history enable password-control length 6 password-control login-attempt 3 exceed lock-time 10 password-control update-interval 0 password-control login idle-time 0 password-control complexity user-name check # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage service-type telnet http authorization-attribute user-role network-admin # ip http enable # wlan global-configuration # wlan ap-group default-group vlan 1 # cloud-management server domain oasis.h3c.com # 现在的配置是这样的,外网有3条线路,2条ADSL,一条专线,路由器G0/6连接H3C S5120交换,交换机没做任何配置,内网需要划分几个不同的子网,例如:192.168.14.0/24、192.168.3.0/24、192.168.8.0/24,请问要怎么配置,才能是内网不同网段通过不同的线路访问外网,14段有几台电脑是需要单独配置固定的外网地址的

zhiliao_BvFI0W 发表时间:2020-07-12 更多>>

请问我的拓扑和2,basic nat的典型组网配置不一样,我是在g5/0口下接一台交换机,然后把几台内网pc接到交换机上,请问需要怎么配置?

zhiliao_BvFI0W 发表时间:2020-07-12

您好,是路由器的G5/0口直接接的交换机吗?这要看网关是哪里。如果网关在路由器上,路由器与交换机走trunk,交换机上创建VLAN,并将VLAN划分到端口;如果网关在交换机上,则交换机与路由器走三层互联及相互的路由指向或发布。

得闲饮茶013 发表时间:2020-07-12

网关在路由器上,我在路由器的出口接口G0/0上配置命令nat noubound 2000 address-group 1 no-pat后内网PC无法上网了

zhiliao_BvFI0W 发表时间:2020-07-12

您好,具体的ACL、NAT的配置是怎么样的呢?另外是否有配置默认路由往外网丢?

得闲饮茶013 发表时间:2020-07-12

<H3C>dis cur # version 7.1.064, Release 0707P16 # sysname H3C # telnet server enable # dialer-group 1 rule ip permit dialer-group 2 rule ip permit # nat address-group 1 address 221.4.12.66 221.4.12.68 # dhcp enable dhcp server always-broadcast # dns proxy enable # password-recovery enable # vlan 1 # vlan 2 # dhcp server ip-pool lan1 gateway-list 192.168.14.1 network 192.168.14.0 mask 255.255.255.0 address range 192.168.14.230 192.168.14.240 dns-list 221.5.88.88 # policy-based-route aaa permit node 30 # controller Cellular0/0 # interface Aux0 # interface Dialer0 bandwidth 1000000 ppp chap password cipher $c$3$Abzea8ltnYjngXDafuqq7VDbe+7r/Xsb+Uvu ppp chap user ADSL000000 ppp ipcp dns admit-any ppp ipcp dns request ppp pap local-user 02006871836 password cipher $c$3$uAFpNLcrLXTQQc/rv6LroyTgB87b/1K48dFS dialer bundle enable dialer-group 1 dialer timer idle 0 dialer timer autodial 5 ip address ppp-negotiate nat outbound # interface Dialer1 bandwidth 1000000 ppp chap password cipher $c$3$4nMHOVqt0qyJSom2FH9QeCWGtfDeyVa6ULtZ ppp chap user ADSL000000 ppp ipcp dns admit-any ppp ipcp dns request ppp pap local-user 0203201857031 password cipher $c$3$57yGrmyHwyDQdWEk2douzdKcVkWP4/YU2wLW dialer bundle enable dialer-group 2 dialer timer idle 0 dialer timer autodial 5 ip address ppp-negotiate nat outbound # interface NULL0 # interface Vlan-interface1 ip address 192.168.14.1 255.255.255.0 tcp mss 1280 ip policy-based-route aaa # interface Vlan-interface2 ip address 192.168.15.1 255.255.255.0 # interface GigabitEthernet0/0 port link-mode route description Multiple_Line bandwidth 1000000 ip address 221.4.12.66 255.255.255.248 dns server 210.21.4.130 dns server 221.5.88.88 nat outbound nat outbound 2000 address-group 1 no-pat # interface GigabitEthernet0/1 port link-mode route description Multiple_Line pppoe-client dial-bundle-number 1 # interface GigabitEthernet0/2 port link-mode route description Multiple_Line pppoe-client dial-bundle-number 0 # interface GigabitEthernet0/3 port link-mode route # interface GigabitEthernet0/4 port link-mode route # interface GigabitEthernet0/5 port link-mode route # interface GigabitEthernet0/6 port link-mode bridge port link-type hybrid port hybrid vlan 1 untagged # interface GigabitEthernet0/7 port link-mode bridge # interface GigabitEthernet0/8 port link-mode bridge # interface GigabitEthernet0/9 port link-mode bridge # scheduler logfile size 16 # line class aux user-role network-admin # line class tty user-role network-operator # line class usb user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-operator # ip route-static 0.0.0.0 0 Dialer0 ip route-static 0.0.0.0 0 Dialer1 ip route-static 0.0.0.0 0 GigabitEthernet0/0 221.4.12.65 # acl basic 2000 rule 0 permit # acl advanced 3000 rule 0 permit ip source 192.168.15.0 0.0.0.255 # acl advanced 3001 rule 0 permit ip source 192.168.14.0 0.0.0.255 # acl advanced 3002 # password-control enable undo password-control aging enable undo password-control history enable password-control length 6 password-control login-attempt 3 exceed lock-time 10 password-control update-interval 0 password-control login idle-time 0 password-control complexity user-name check # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage service-type telnet http authorization-attribute user-role network-admin # ip http enable # wlan global-configuration # wlan ap-group default-group vlan 1 # cloud-management server domain oasis.h3c.com # 现在的配置是这样的,外网有3条线路,2条ADSL,一条专线,路由器G0/6连接H3C S5120交换,交换机没做任何配置,内网需要划分几个不同的子网,例如:192.168.14.0/24、192.168.3.0/24、192.168.8.0/24,请问要怎么配置,才能是内网不同网段通过不同的线路访问外网,14段有几台电脑是需要单独配置固定的外网地址的

zhiliao_BvFI0W 发表时间:2020-07-12
1 个回答
粉丝:15人 关注:0人

设置acl和nat outbound group 结合

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明