华为多出⼝路由器NAT配置

NAT负载分担配置多出⼝

```

[Router] interface gigabitethernet 0/0/1

[Router-GigabitEthernet0/0/1] undo portswitch //有些⼆层接⼝需要切换成三层接⼝后,才可以配置静态IP地址

[Router-GigabitEthernet0/0/1] ip address 172.16.1.1 24 //运营商1分配给链路1接⼝的IP地址

[Router-GigabitEthernet0/0/1] quit

```

在链路2接⼝GE0/0/2上配置静态IP地址,使备链路可以通过静态IP⽅式接⼊运营商2。

```

[Router] interface gigabitethernet 0/0/2

[Router-GigabitEthernet0/0/2] undo portswitch

[Router-GigabitEthernet0/0/2] ip address 10.1.1.1 24 //运营商2分配给链路2接⼝的IP地址

[Router-GigabitEthernet0/0/2] quit

[Router] interface gigabitethernet 0/0/3

[Router-GigabitEthernet0/0/3] undo portswitch

[Router-GigabitEthernet0/0/3] ip address 192.168.1.1 24 //配置路由器下⾏连接内⽹接⼝的IP地址

[Router-GigabitEthernet0/0/3] quit

```

在两个上⾏接⼝配置Easy IP⽅式的NAT Outbound,使企业内⽹⽤户可以访问Internet。

```

[Router] acl number 3002

[Router-acl-adv-3002] rule 5 permit ip source 192.168.1.0 0.0.0.255 //只允许192.168.1.0⽹段的⽤户访问Internet

[Router-acl-adv-3002] quit

[Router] interface gigabitethernet 0/0/1

[Router-GigabitEthernet0/0/1] nat outbound 3002

[Router-GigabitEthernet0/0/1] quit

[Router] interface gigabitethernet 0/0/2

[Router-GigabitEthernet0/0/2] nat outbound 3002

[Router-GigabitEthernet0/0/2] quit

```

配置两条等价默认路由,通过多条等价路由来实现负载分担,并配置基于源IP地址⽅式进⾏负载分担。

```

[Router] ip route-static 0.0.0.0 0 172.16.1.2 //链路1的路由优先级为默认值60

[Router] ip route-static 0.0.0.0 0 10.1.1.2 //链路2的路由优先级也为默认值60,链路1和链路2为两条等价默认路由

[Router] ip load-balance hash src-ip //基于源IP地址⽅式进⾏负载分担

[Router] quit

```

验证配置结果。

在Router上执⾏命令display ip routing-table protocol static,查看配置的静态路由表信息,路由表内有两条等价默认路由分别到运营商1和运营商2。

```

display ip routing-table protocol static

Route Flags: R - relay, D - download to fib, T - to vpn-instance

------------------------------------------------------------------------------

Public routing table : Static

Destinations : 1 Routes : 2 Configured Routes : 2

Static routing table status :

Destinations : 0 Routes : 0

Static routing table status :

Destinations : 1 Routes : 2

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 60 0 172.16.1.2 Unknown

0.0.0.0/0 Static 60 0 10.1.1.2 Unknown

```

在内⽹主机HostA上执⾏ping命令,Ping对端运营商⽹关的IP地址,模拟内⽹主机访问Internet。HostA能同时Ping通运营商1⽹关的IP地址和运营商2⽹关的IP地址,两条链路可以同时转发流量,实现负载分担。