How to configure dual uplink interfaces on an AR functioning as the NAT server


A Huawei AR router functioning as a NAT server supports dual outbound interfaces. For the network diagram, see the right side of the page. The web server uses internal IP address and port 8080 to provide services. The IP address of GE2/0/0 (outbound interface) on the AR is, and the IP address of GE3/0/0 is The configuration process is as follows:

1. Configure IP addresses of interfaces on the router.
[Huawei] interface Ethernet0/0/0
[Huawei-Ethernet0/0/0] ip address 24
[Huawei-Ethernet0/0/0] quit
[Huawei] interface GigabitEthernet2/0/0
[Huawei-GigabitEthernet2/0/0] ip address 24
[Huawei-GigabitEthernet2/0/0] quit
[Huawei] interface GigabitEthernet3/0/0
[Huawei-GigabitEthernet3/0/0] ip address 24
[Huawei-GigabitEthernet3/0/0] quit

2. Configure outbound NAT on GE2/0/0 and GE3/0/0 in NAT server and Easy IP mode.
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule 5 permit source
[Huawei-acl-basic-2000] quit
[Huawei] interface GigabitEthernet2/0/0
[Huawei-GigabitEthernet2/0/0] nat server protocol tcp global www inside 8080
[Huawei-GigabitEthernet2/0/0] quit
[Huawei] interface GigabitEthernet3/0/0
[Huawei-GigabitEthernet3/0/0] nat server protocol tcp global www inside 8080
[Huawei-GigabitEthernet3/0/0] nat outbound 2000
[Huawei-GigabitEthernet3/0/0] quit

Other related questions:
Does an AR support dual uplinks in active and standby mode
An AR with dual WAN interfaces configured can support two uplink interfaces in active and standby mode. 1. Configure two static routes with different priorities. Generally, the data flow is sent out through the active link with a high priority. It is sent out through the backup link with a low priority only after a fault occurs on the active link. 2. Configure policy-based routing. Generally, the data flow is sent out through the active link through on policy-based routing. It is sent out through the standby link based on the default route in the routing table after a fault occurs on the active link.

After an AR is configured with multiple outbound interfaces, the website cannot be accessed
This condition generally occurs on the networking of equal-cost static route with two outbound interfaces. - In V200R003, the web page cannot be opened when online banking services with high security requirements are accessed. - In V200R005 and later versions, run the ip load-balance hash { src-ip | dst-ip | src-dst-ip } command to solve the problem that packets sent and received through different paths.

Backup configuration of dual uplinks
The AR router has two uplinks. If the two uplinks use PPPoE dialup, routing is used to implement backup of the two uplinks. For example, there are two dialup interfaces: Dialer1 and Dialer2. You can configure priorities of static routes to distinguish the primary and backup uplinks. When PPPoE dialup fails, authentication fails, or an IP address fails to be obtained, the AR router needs to switch services to the backup route. The backup route takes effect only when Dialer1 becomes Down. The dialer interface is a virtual logical interface and is Snoofing Up. Even if PPPoE dialup fails, the dialer interface cannot become Down. The following configuration can be performed to solve this problem: [Huawei] acl 3000 //Create an ACL. [Huawei-acl-adv-3000] rule permit ip //Generally, all users are allowed. You can also limit user access according to actual networking. [Huawei-acl-adv-3000] quit [Huawei] interface dialer 1 //Create a dialer interface. [Huawei-Dialer1] link-protocol ppp [Huawei-Dialer1] ppp chap user 123456 //Configure the CHAP authentication user name. [Huawei-Dialer1] ppp chap password cipher huawei@123 //Configure the CHAP authentication password. [Huawei-Dialer1] ppp pap local-user 123456 password cipher huawei@123 //Configure the PAP authentication user name and password. [Huawei-Dialer1] ip address ppp-negotiate //Configure PPP negotiation for obtaining an IP address. [Huawei-Dialer1] dialer user user1 [Huawei-Dialer1] dialer bundle 1 //Specify dialer bundle 1. [Huawei-Dialer1] dialer number 1 autodial //The dialer interface becomes Down when PPPoE dialup fails. [Huawei-Dialer1] dialer-group 1 [Huawei-Dialer1] nat outbound 3000 //Configure outbound NAT. [Huawei-Dialer1] quit [Huawei] dialer-rule [Huawei-dialer-rule] dialer-rule 1 ip permit [Huawei-dialer-rule] quit [Huawei] interface gigabitethernet 0/0/0 //Enter the view of the interface connected to the ISP network. [Huawei-GigabitEthernet0/0/0] pppoe-client dial-bundle-number 1 //Enable the PPPoE client function and bind the PPPoE client to the dialer interface. [Huawei-GigabitEthernet0/0/0] quit [Huawei] ip route-static dialer 1 preference 60 //Create the default route pointing to the dialer interface. When the primary uplink is normal, services are transmitted to the external network through dialer1 preferentially. [Huawei] ip route-static dialer 2 preference 100 //When the primary uplink is abnormal, services

Configuring hot standby in load balancing mode on the USG2000
Search for "Connecting to the Internet through multi-ISPs (hot standby)" in the USG2000/5000 product documentation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top