NAT -- network address translation

Posted by MCP on Sat, 18 Dec 2021 03:16:10 +0100

1, Introduction to NAT?

1. What is NAT?

NAT (Network Address Translation) was proposed in 1994. When some hosts in the private network have been assigned local IP addresses (i.e. private addresses only used in the private network), but want to communicate with hosts on the Internet (encryption is not required), NAT method can be used.
This method requires the installation of NAT software on the router connecting the private network (private IP) to the Internet (public IP). The router equipped with NAT software is called NAT router, which has at least one valid external global IP address (public IP address). In this way, all use local addresses When a host (private IP address) communicates with the outside world, it must convert its local address into a global IP address on the NAT router before it can connect to the Internet.
In addition, this way of using a small number of global IP addresses (public IP addresses) to represent more private IP addresses will help to slow down the depletion of available IP address space.

2. Role of NAT

Converts an internal (private) address to an external (public) address

3.NAT conversion source (internal) address range

Class A address: 10.0 0.0–10.255. 255.255 /8

Class B address: 172.16 0.0–172.31. 255.255 /12

Class C address: 192.168 0.0–192.168. 255.255 /16

4. Why is NAT commonly used?

(1) There are not enough public IP connections to the Internet

(2) When the ISP is replaced, it needs to be re addressed

(3) Merge two internal networks using overlapping address spaces

(4) Use a single IP address to support basic load sharing

5. Advantages of NAT

(1) Saves public IP address

(2) It can handle the overlapping of addressing schemes

(3) When the network changes, it does not need to be re addressed

(4) The real IP address is hidden

6. Four modes of Huawei NAT

Static NAT (one intranet address to one public address)
Dynamic NAT (PAT multiple intranet addresses to multiple public network addresses)
Easyip (multiple intranet addresses to one interface)
Static PAT (one-to-one, but the IP and service of the external network port map the IP and service of the internal network server)


2, Topology experiment

SW1

[ ]vlan bat 10 20 30   //Create multiple VLANs
[ ]inter e0/0/1   //Enter interface e/0/0/1
[ ]port link-type access   //The interface link type is access
[ ]port default vlan 10   //Divide into vlan10
[ ]inter e0/0/2   //Enter interface e/0/0/2
[ ]port link-type access  //The interface link type is access
[ ]port default vlan 20   //Divide into VLAN 20
[ ]inter e0/0/3   //Enter interface e/0/0/2
[ ]port link-type access  //The interface link type is access
[ ]port default vlan 30   //Divide into vlan30
[ ]inter g0/0/1     //Enter interface g/0/0/1
[ ]port link-type trunk    //The interface link type is trunk
[ ]port trunk allow-pass vlan all    //Set the white list and release all VLANs

R1

[ ]inter g0/0/0  //Enter interface g0/0/0
[ ]undo shutdown    //Open physical interface
[ ]inter g0/0/0.1  //Enter sub interface 1
[ ]dot1q termination vid 10   //The packaging format is 802.1q, and the interface is divided into VLAN 10
[ ]ip add 192.168.1.1 24   //Set the IP address and subnet mask length	
[ ]arp broadcast enable   //Enable arp broadcast function 
[ ]inter g0/0/0.2    //Enter sub interface 2
[ ]dot1q termination vid 20   //The packaging format is 802.1q, and the interface is divided into VLAN 20
[ ]ip add 192.168.2.1 24   //Set the IP address and subnet mask length		
[ ]arp broadcast enable    //Enable arp broadcast function 
[ ]inter g0/0/0.3    //Enter sub interface 3
[ ]dot1q termination vid 30   //The packaging format is 802.1q, and the interface is divided into VLAN 30
[ ]ip add 192.168.3.1 24   //Set the IP address and subnet mask length
[ ]arp broadcast enable   //Enable arp broadcast function 
[ ]inter g0/0/1   //Enter interface g0/0/1
[ ]undo shutdown   //Open physical interface
[ ]ip add 222.111.5.1 24  //Set the IP address and subnet mask length
[ ]acl 2000  //Create a standard access control list with the list number of 2000
[ ]rule permit source 192.168.0.0 0.0.255.255   //Release 192.168 0.0 network segment
[ ]inter g0/0/1	//Enter interface g0/0/1
[ ]nat outbound 2000  //Call acl2000 under interface
[ ] inter g0/0/1	//Enter interface g0/0/1	
[ ]nat server protocol tcp global 15.0.0.10 21 inside 192.168.2.100 21  
    //Under the external network interface, set the nat server protocol as tcp, and set the public network address ftp/21 inside to the destination IP address 192.168 2.100 ftp/21
[ ]ip route-static 0.0.0.0 0 222.111.5.2    //Add a static default route pointing to all network segments, subnet mask length 0, and next hop access port 222.111 five point two

R2

[ ]inter g0/0/0    //Enter interface g0/0/0 	
[ ]undo shutdown      //Open physical interface 
[ ]ip add 222.111.5.2 24   //Set the IP address and subnet mask length
[ ]ip route-static 15.0.0.10 32 222.111.5.1   //Add static route pointing to 15.0 0.10, subnet mask length 32, next hop access port 222.111 five point one
[ ]nat alg ftp enable    //Enable ftp server function

summary

Understand the definition of NAT and the scenarios in which the four methods are used

Topics: Operation & Maintenance NAT