How to configure the ACL when clients connect to the Internet through the NAT function on the AR

An ACL needs to be configured to permit or deny Internet access of some users when NAT is used on the AR for Internet access. The nat outbound command is used to associate an ACL with a NAT address pool. In this manner, the addresses specified in the ACL can be translated by using the NAT address pool. This command can only be configured on the Layer 3 interface of the AR, excluding loopback and NULL interfaces.
For example, select the addresses between 202.110.10.10 and 202.110.10.12 in NAT address pool 1 and configure hosts on the network segment 10.110.10.0/24 to use addresses in address pool 1 for many-to-one translation (use TCP/UDP port information).
<Huawei> system-view
[Huawei] acl number 2001
[Huawei-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Huawei-acl-basic-2001] quit
[Huawei] nat address-group 1 202.110.10.10 202.110.10.12
[Huawei] interface gigabitethernet 1/0/0 
[Huawei-GigabitEthernet1/0/0] nat outbound 2001 address-group 1

Scroll to top