Static NAT444 configuration example
Network requirements
As shown in Figure 67, configure static NAT444 to allow users at private IP addresses 10.110.10.1 to 10.110.10.10 to use public IP address 202.38.1.100 for accessing the Internet. Configure the port range as 10001 to 15000, and set the port block size to 500.
Figure 67: Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Create NAT port block group 1.
<Router> system-view [Router] nat port-block-group 1
# Add the private IP addresses from 10.110.10.1 to 10.110.10.10 to the port block group.
[Router-port-block-group-1] local-ip-address 10.110.10.1 10.110.10.10
# Add the public IP address 202.38.1.100 to the port block group.
[Router-port-block-group-1] global-ip-pool 202.38.1.100 202.38.1.100
# Set the port block size to 500.
[Router-port-block-group-1] block-size 500
# Configure the port range as 10001 to 15000.
[Router-port-block-group-1] port-range 10001 15000 [Router-port-block-group-1] quit
# Apply the port block group 1 to the outbound direction of GigabitEthernet 1/0/2.
[Router] interface gigabitethernet 1/0/2 [Router-GigabitEthernet1/0/2] nat outbound port-block-group 1 [Router-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify that users at the private IP addresses can access the Internet. (Details not shown.)
# Display all NAT configuration and statistics.
[Router] display nat all NAT logging: Log enable : Disabled Flow-begin : Disabled Flow-end : Disabled Flow-active : Disabled Port-block-assign : Disabled Port-block-withdraw : Disabled Alarm : Disabled NAT mapping behavior: Mapping mode : Address and Port-Dependent ACL : --- Config status: Active NAT ALG: DNS : Enabled FTP : Enabled H323 : Enabled ICMP-ERROR : Enabled ILS : Enabled MGCP : Enabled NBT : Enabled PPTP : Enabled RSH : Enabled RTSP : Enabled SCCP : Enabled SIP : Enabled SQLNET : Enabled TFTP : Enabled XDMCP : Enabled NAT port block group information: Totally 1 NAT port block groups. Port block group 1: Port range: 10001-15000 Block size: 500 Local IP address information: Start address End address VPN instance 10.110.10.1 10.110.10.10 --- Global IP pool information: Start address End address 202.38.1.100 202.38.1.100 NAT outbound port block group information: Totally 1 outbound port block group items. Interface: GigabitEthernet1/0/2 Port block group: 1 Config status : Active
# Display static NAT444 mappings.
[Router] display nat port-block static Static port-block mapping tables: Local VPN Local IP Global IP Port block Connections --- 10.110.10.1 202.38.1.100 10001-10500 2 --- 10.110.10.2 202.38.1.100 10501-11000 0 --- 10.110.10.3 202.38.1.100 11001-11500 0 --- 10.110.10.4 202.38.1.100 11501-12000 0 --- 10.110.10.5 202.38.1.100 12001-12500 1 --- 10.110.10.6 202.38.1.100 12501-13000 0 --- 10.110.10.7 202.38.1.100 13001-13500 0 --- 10.110.10.8 202.38.1.100 13501-14000 0 --- 10.110.10.9 202.38.1.100 14001-14500 0 --- 10.110.10.10 202.38.1.100 14501-15000 0