|
使用华为路由器上做路由控制的实验,也跟小帆模拟器上做的差不多。基本相同,但华为的实现这个功能不需要扩展的acl只需要基本的访问控制即可,不同的部分如下:
创建访问控制列表
1.核心部分:
Acl 2000
rule permit source 192.168.3.0 0.0.0.255(定义规则)
int s1 进入要去往的那个接口,
Nat outbound 2000 interface 在此接口上用此规则
Acl 2001
rule permit source 192.168.3.0 0.0.0.255
Int s0
Nat outbound 2001 inter
2.此路由器上的配置:
[R3]acl 2000
[R3-acl-2000]permit ?
Incorrect command
[R3-acl-2000]rule permit ?
source IP address of source host
[R3-acl-2000]rule permit source ?
X.X.X.X IP address of source host
any Any source host
[R3-acl-2000]rule permit source 192.168.3.0 0.0.0.255 ?
www.luyouqiwang.com/14944 <cr>
[R3-acl-2000]rule permit source 192.168.3.0 0.0.0.255
Rule has been added to normal packet-filtering rules
[R3-acl-2000]int s0
[R3-Serial0]nat ?
outbound Config nat address translation
reset Reset All active NAT table
server Configure Nat server in private network
[R3-Serial0]nat outbound ?
<2000-3999> ACL number
[R3-Serial0]nat outbound 2000 int?
interface Use Interface's IP address
[R3-Serial0]nat outbound 2000 inter
have existed in nat access table! | 
