188
--- 10.110.10.2 202.38.1.100 10501-11000 0
--- 10.110.10.3 202.38.1.100 11001-11500 0
--- 10.110.10.4 202.38.1.100 11501-12000 0
--- 10.110.10.5 202.38.1.100 12001-12500 1
--- 10.110.10.6 202.38.1.100 12501-13000 0
--- 10.110.10.7 202.38.1.100 13001-13500 0
--- 10.110.10.8 202.38.1.100 13501-14000 0
--- 10.110.10.9 202.38.1.100 14001-14500 0
--- 10.110.10.10 202.38.1.100 14501-15000 0
Dynamic NAT444 configuration example
Network requirements
As shown in Figure 75, a company uses private IP address on network 192.168.0.0/16 and public IP
addresses 202.38.1.2 and 202.38.1.3. Configure dynamic NAT444 to the following requirements:
• Only users on subnet 192.168.1.0/24 can use public IP addresses 202.38.1.2 and 202.38.1.3 to
access the Internet.
• The port range for the public IP addresses is 1024 to 65535.
• The port block size is 300.
• If the ports in the assigned port block are all used, extend another port block for users.
Figure 75 Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Create public address group 0.
<Router> system-view
[Router] nat address-group 0
# Add the public IP addresses 202.38.1.2 and 202.38.1.3 to the NAT address group.
[Router-address-group-0] address 202.38.1.2 202.38.1.3
# Configure the port range as 1024 to 65535.
[Router-address-group-0] port-range 1024 65535
# Set the port block size to 300 and the extended port block number to 1.
[Router-address-group-0] port-block block-size 300 extended-block-number 1
[Router-address-group-0] quit
# Configure an ACL to identify packets from subnet 192.168.1.0/24.
To Next Page
Loading...
