system-view
[S3528] vlan 2
[S3528-vlan2] port ethernet0/1 to ethernet0/2
[S3528-vlan2] quit
[S3528] interface vlan-interface 2
[S3528-vlan-interface2] ip address 192.168.1.1 255.255.255.0
2) On the end of the connection to Quidway S6506R, create VLAN3 and interface, and configure the IP address.
[S3528] vlan 3
[S3528-vlan3] port ethernet0/24
[S3528-vlan3] quit
[S3528] interface vlan-interface 3
[S3528-vlan-interface3] ip address 192.168.2.1 255.255.255.0
2. Configure Quidway S6506R
1) On the end of the connection to Quidway S3528, create VLAN3 and interface, and configure the IP address.
[S6506R] vlan 3
[S6506R-vlan3] port ethernet1/0/1
[S6506R-vlan3] quit
[S6506R] interface vlan-interface 3
[S6506R-vlan-interface3] ip address 192.168.2.2 255.255.255.0
2) On the end connected to the Internet, create VLAN10 and interface and configure the IP address.
[S6506R] vlan 10
[S6506R-vlan10] port ethernet3/0/1
[S6506R-vlan10] quit
[S6506R] interface vlan-interface 10
[S6506R-vlan-interface10] ip address 200.18.2.2 255.255.255.0
3) Configure ACL rules.
[S6506R] acl number 2000
[S6506R-acl-basic-2000] rule 0 permit source any
4) Configure the NAT address pool with the ID 0.
[S6506R] nat address-group 0 200.18.2.3 200.18.2.5
5) Associate the ACL with the address pool.
[S6506R] interface vlan-interface 10
[S6506R -vlan-interface10] nat outbound 2000 address-group 0 slot 7
4. Key points of configuration:
1. The configuration of NAT function must be performed after the VRP version number is 3040 (inclusive);
2. The NAT function needs to be supported by VSNP single board (generally called L3+ board). The main control boards that support VSNP boards are Salience III and Salience III Plus.
3. nat outbound acl-number address-group group-number [no-pat ] slot slot-numbe
Select no-pat: only convert the IP address of the data packet without converting the port, that is, only implement one-to-one network address conversion;
No-pat is not selected: NAPT function is enabled to convert the IP address and port of the data packet to realize many-to-one network address conversion.
[S3528] vlan 2
[S3528-vlan2] port ethernet0/1 to ethernet0/2
[S3528-vlan2] quit
[S3528] interface vlan-interface 2
[S3528-vlan-interface2] ip address 192.168.1.1 255.255.255.0
2) On the end of the connection to Quidway S6506R, create VLAN3 and interface, and configure the IP address.
[S3528] vlan 3
[S3528-vlan3] port ethernet0/24
[S3528-vlan3] quit
[S3528] interface vlan-interface 3
[S3528-vlan-interface3] ip address 192.168.2.1 255.255.255.0
2. Configure Quidway S6506R
1) On the end of the connection to Quidway S3528, create VLAN3 and interface, and configure the IP address.
[S6506R] vlan 3
[S6506R-vlan3] port ethernet1/0/1
[S6506R-vlan3] quit
[S6506R] interface vlan-interface 3
[S6506R-vlan-interface3] ip address 192.168.2.2 255.255.255.0
2) On the end connected to the Internet, create VLAN10 and interface and configure the IP address.
[S6506R] vlan 10
[S6506R-vlan10] port ethernet3/0/1
[S6506R-vlan10] quit
[S6506R] interface vlan-interface 10
[S6506R-vlan-interface10] ip address 200.18.2.2 255.255.255.0
3) Configure ACL rules.
[S6506R] acl number 2000
[S6506R-acl-basic-2000] rule 0 permit source any
4) Configure the NAT address pool with the ID 0.
[S6506R] nat address-group 0 200.18.2.3 200.18.2.5
5) Associate the ACL with the address pool.
[S6506R] interface vlan-interface 10
[S6506R -vlan-interface10] nat outbound 2000 address-group 0 slot 7
4. Key points of configuration:
1. The configuration of NAT function must be performed after the VRP version number is 3040 (inclusive);
2. The NAT function needs to be supported by VSNP single board (generally called L3+ board). The main control boards that support VSNP boards are Salience III and Salience III Plus.
3. nat outbound acl-number address-group group-number [no-pat ] slot slot-numbe
Select no-pat: only convert the IP address of the data packet without converting the port, that is, only implement one-to-one network address conversion;
No-pat is not selected: NAPT function is enabled to convert the IP address and port of the data packet to realize many-to-one network address conversion.