Manualshelf

R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
141142143144145146147148149150
132
Dynamic NAT configuration example 1
Network requirements
As shown in Figure 58, a company has three public IP addresses in the range of 202.38.1.1/24 to
202.38.1.3/24, and an internal network address of 10.110.0.0/16. Specifically, the company has the
following requirements:
The internal users in subnet 10.110.10.0/24 can access the Internet using public IP addresses
202.38.1.2 and 202.38.1.3, but users in other network segments cannot.
Configure the upper and lower limits of connections (sourced from 10.110.10.100) limited by
destination addresses as 1000 and 200. The number of connections initiated from the internal user
to external servers cannot be greater than 1000 or less than 200.
Figure 58 Network diagram
Configuration procedure
# As shown in Figure 58, configure IP addresses for the interfaces. (Details not shown.)
# Configure address pool 1.
<Router> system-view
[Router] nat address-group 1 202.38.1.2 202.38.1.3
# Configure ACL 2001, permitting only users from network segment 10.110.10.0/24 to access the
Internet.
[Router] acl number 2001
[Router-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Router-acl-basic-2001] rule deny
[Router-acl-basic-2001] quit
# Associate address pool 1 and ACL 2001 with the outbound interface GigabitEthernet 1/2, and
implement NAPT.
[Router] interface gigabitethernet 1/2
[Router-GigabitEthernet1/2] nat outbound 2001 address-group 1
[Router-GigabitEthernet1/2] quit
# Configure connection limit policy 1, limiting user connections sourced from 10.110.10.100 by
destination address. Set the upper and lower limits of user connections to 1000 and 200.
[Router] acl number 2002
[Router-acl-basic-2002] rule permit source 10.110.10.100 0.0.0.0
[Router-acl-basic-2002] rule deny
[Router-acl-basic-2002] quit