华为多出⼝路由器NAT配置
华为多出⼝路由器NAT配置
NAT负载分担配置多出⼝
```
[Router] interface gigabitethernet 0/0/1
[Router-GigabitEthernet0/0/1] undo portswitch //有些⼆层接⼝需要切换成三层接⼝后,才可以配置静态IP地址
[Router-GigabitEthernet0/0/1] ip address 172.16.1.1 24 //运营商1分配给链路1接⼝的IP地址
[Router-GigabitEthernet0/0/1] quit
```
在链路2接⼝GE0/0/2上配置静态IP地址,使备链路可以通过静态IP⽅式接⼊运营商2。
```
[Router] interface gigabitethernet 0/0/2
[Router-GigabitEthernet0/0/2] undo portswitch
[Router-GigabitEthernet0/0/2] ip address 10.1.1.1 24 //运营商2分配给链路2接⼝的IP地址
[Router-GigabitEthernet0/0/2] quit
[Router] interface gigabitethernet 0/0/3
[Router-GigabitEthernet0/0/3] undo portswitch
[Router-GigabitEthernet0/0/3] ip address 192.168.1.1 24 //配置路由器下⾏连接内⽹接⼝的IP地址
[Router-GigabitEthernet0/0/3] quit
```
在两个上⾏接⼝配置Easy IP⽅式的NAT Outbound,使企业内⽹⽤户可以访问Internet。
```
[Router] acl number 3002
[Router-acl-adv-3002] rule 5 permit ip source 192.168.1.0 0.0.0.255 //只允许192.168.1.0⽹段的⽤户访问Internet
[Router-acl-adv-3002] quit
[Router] interface gigabitethernet 0/0/1
[Router-GigabitEthernet0/0/1] nat outbound 3002
[Router-GigabitEthernet0/0/1] quit
[Router] interface gigabitethernet 0/0/2
[Router-GigabitEthernet0/0/2] nat outbound 3002
[Router-GigabitEthernet0/0/2] quit
```
配置两条等价默认路由,通过多条等价路由来实现负载分担,并配置基于源IP地址⽅式进⾏负载分担。
```
[Router] ip route-static 0.0.0.0 0 172.16.1.2 //链路1的路由优先级为默认值60
[Router] ip route-static 0.0.0.0 0 10.1.1.2 //链路2的路由优先级也为默认值60,链路1和链路2为两条等价默认路由
[Router] ip load-balance hash src-ip //基于源IP地址⽅式进⾏负载分担
[Router] quit
```
验证配置结果。
在Router上执⾏命令display ip routing-table protocol static,查看配置的静态路由表信息,路由表内有两条等价默认路由分别到运营商1和运营商2。
```
display ip routing-table protocol static
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Public routing table : Static
Destinations : 1 Routes : 2 Configured Routes : 2
Static routing table status :
Destinations : 0 Routes : 0
Static routing table status :
Destinations : 1 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 172.16.1.2 Unknown
0.0.0.0/0 Static 60 0 10.1.1.2 Unknown
```
在内⽹主机HostA上执⾏ping命令,Ping对端运营商⽹关的IP地址,模拟内⽹主机访问Internet。HostA能同时Ping通运营商1⽹关的IP地址和运营商2⽹关的IP地址,两条链路可以同时转发流量,实现负载分担。