华为me60翻开NAT功用装备指令

2017-04-18 14:48分类：电子技术阅读：

华为me60翻开NAT功用装备指令
翻开NAT功用
licence
active nat session-table size 14 slot 6 engin 0
active nat session-table size 14 slot 15 engin 0
1、装备service-location
service-location 1
location slot 6 engine 0 backup slot 15 engine 0 //6和15槽有NAT CGN板卡
service-location 2
location slot 15 engine 0 backup slot 6 engine 0
2、//界说效力实例，有关之前界说的效力方位，实习上的确了此效力实例运用哪一块VSU板
service-instance-group nat-pppoe-1
service-location 1
service-instance-group nat-pppoe-2
service-location 2

3、界说acl指定哪些源地址被nat
acl number 2011
rule 5 permit source 100.64.0.0 0.0.255.255
4、//界说NAT实例（效力实例能够完毕多项效力，NAT仅仅其间一项算了)，有关前面界说的效力实例
nat instance nat-pppoe-1 id 1
port-range 4096 //界说端口计划
service-instance-group nat-pppoe-1 //指定效力实例
nat address-group nat-pppoe-1 group-id 1 //界说公网地址池
section 0 x.y.76.0 mask 24
section 1 x.y.77.0 mask 24
section 2 x.y.78.0 mask 24
section 3 x.y.79.0 mask 24
section 4 x.y.80.0 mask 24
section 5 x.y.81.0 mask 24
section 6 x.y.82.0 mask 24
section 7 x.y.83.0 mask 24
nat outbound 2011 address-group nat-pppoe-1 //指定源地址为acl 2011的地址进行nat，地址池选用早年界说的nat-pppoe-1
nat alg all
nat filter mode full-cone

nat instance nat-pppoe-2 id 2
port-range 4096
service-instance-group nat-pppoe-2
nat address-group nat-pppoe-2 group-id 1
section 0 x.y.84.0 mask 24
section 1 x.y.85.0 mask 24
section 2 x.y.86.0 mask 24
section 3 x.y.87.0 mask 24
section 4 x.y.88.0 mask 24
section 5 x.y.89.0 mask 24
section 6 x.y.90.0 mask 24
section 7 x.y.91.0 mask 24
nat outbound 2011 address-group nat-pppoe-2
nat alg all
nat filter mode full-cone
5、界说nat私网地址池
ip pool nat-pppoe-pool-1 bas local
gateway 100.64.0.1 255.255.0.0
section 0 100.64.0.2 100.64.7.255
section 1 100.64.8.2 100.64.15.255
section 2 100.64.16.2 100.64.23.255
section 3 100.64.24.2 100.64.31.255
section 4 100.64.32.2 100.64.39.255
section 5 100.64.40.2 100.64.47.255
section 6 100.64.48.2 100.64.55.255
section 7 100.64.56.2 100.64.63.255
section 8 100.64.64.2 100.64.71.255
section 9 100.64.72.2 100.64.79.255
section 10 100.64.80.2 100.64.87.255
section 11 100.64.88.2 100.64.95.255
section 12 100.64.96.2 100.64.103.255
section 13 100.64.104.2 100.64.111.255
section 14 100.64.112.2 100.64.119.255
section 15 100.64.120.2 100.64.127.255
dns-server 202.103.224.68 202.103.225.68
#

6、树立域
domain nat-pppoe
ip-pool nat-pppoe-pool-1
radius-server group nat-pppoe-radius
user-group nat-pppoe-1 bind nat instance nat-pppoe-1 //这儿是要把从此域上来的用户归入特定的用户组,但这儿面为啥一同要绑定nat实例呢？后边的大局战略里边也有绑定nat实例啊？这不是重复了？假定指定了多个user-group 则是随机绑定
user-group nat-pppoe-2 bind nat instance nat-pppoe-2

7、树立ACL、流分类及活动作
acl number 7001
rule 5 permit ip source user-group nat-pppoe-1 destination user-group any
rule 10 permit ip source user-group nat-pppoe-1
#
acl number 7002
rule 5 permit ip source user-group nat-pppoe-2 destination user-group any
rule 10 permit ip source user-group nat-pppoe-2

traffic classifier pppoe-nat-1 operator or
if-match acl 7001

traffic classifier pppoe-nat-2 operator or
if-match acl 7002

traffic behavior pppoe-nat-1
remark ip-precedence 0
nat bind instance nat-pppoe-1

traffic behavior pppoe-nat-2
remark ip-precedence 0
nat bind instance nat-pppoe-2

8、在大局战略里边引证之前的流战略并有关活动作
traffic policy global-policy
classifier pppoe-nat-1 behavior pppoe-nat-1
classifier pppoe-nat-2 behavior pppoe-nat-2

#####################################
大局的装备的效果：

1、将流量引进CGN单板，而且生成用户会话表项。、

2、大局引流还有一个效果即是假定是会集式安排，例如全桂林的NAT用户的流量都经过其间1台BAS

来完毕NAT改换，这个时分引流这个操作即是有必要的了。

如今尽管咱们是散布式安排，可是也将引流这个流程独自出来是为了会集式安排的时分便当操作，所以

如今域下绑定和大局引流都是有必要的，假定其间那个配错都不可。

域下绑定实例的效果：