How to configure the ACL when clients connect to the Internet through the NAT function on the AR

An ACL needs to be configured to permit or deny Internet access of some users when NAT is used on the AR for Internet access. The nat outbound command is used to associate an ACL with a NAT address pool. In this manner, the addresses specified in the ACL can be translated by using the NAT address pool. This command can only be configured on the Layer 3 interface of the AR, excluding loopback and NULL interfaces.
For example, select the addresses between and in NAT address pool 1 and configure hosts on the network segment to use addresses in address pool 1 for many-to-one translation (use TCP/UDP port information).
<Huawei> system-view
[Huawei] acl number 2001
[Huawei-acl-basic-2001] rule permit source
[Huawei-acl-basic-2001] quit
[Huawei] nat address-group 1
[Huawei] interface gigabitethernet 1/0/0 
[Huawei-GigabitEthernet1/0/0] nat outbound 2001 address-group 1

Scroll to top