How to configure an Ethernet interface to access the external network

26

Service interfaces fall into two types:
1. LAN interface (Layer 2 interface): is used by an AR to exchange data with network devices on a LAN.
2. WAN interface (Layer 3 interface): is used by an AR to exchange data with external network devices.
You can run the portswitch command to switch a Layer 2 interface to a Layer 3 interface, to implement data exchange with the external network.

Other related questions:
Configure an internal user to access the network using Easy IP on the AR router
A Huawei AR router allows internal users to access external servers using Easy IP. The IP address of GE0/0/1 (outbound interface) on the router is 200.100.1.2/24, and the IP address of Eth0/0/1 is 192.168.0.1/24. The remote IP address of GE0/0/1 is 200.100.1.1/24. Internal users use Easy IP to access the Internet through GE0/0/1. The configuration is as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface ethernet 0/0/1 [Huawei-Ethernet0/0/1] ip address 192.168.0.1 24 [Huawei-Ethernet0/0/1] quit [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] ip address 200.100.1.2 24 [Huawei-GigabitEthernet0/0/1] quit 2. Configure a default route to ensure that the outbound interface has a reachable route to the remote end. [Huawei] ip route-static 0.0.0.0 0.0.0.0 200.100.1.1 3. Configure NAT on an internal address segment 192.168.0.0/24. Implement NAT on GE0/0/1 in Easy IP mode. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] nat outbound 2000 [Huawei-GigabitEthernet0/0/1] quit

Configure VRRP on an AR router and connect the router to a firewall for external network access
The roadmap of configuring VRRP on an AR router and connecting the router to a firewall for external network access is as follows: 1. Configure VRRP on an AR router to implement two-node backup, and configure a virtual IP address. 2. Add the Layer 2 interface of a firewall on the intranet side to the same VLAN, and configure a VLANIF address. 3. Add the physical interface and VLANIF interface of the firewall to a security zone, and configure an inter-zone policy. 4. Configure the next hop for the route from the firewall to the intranet as a VRRP virtual IP address so that a normal link can be switched over to if an active link is interrupted. For details about the configuration, see the URL: Example for Connecting the AR to the Firewall Through VRRP.

How are NAT services not interrupted when external interfaces on the AR router used as the NAT server dynamically obtain IP addresses
When the AR router functions as the NAT server and the external interface changes continuously, the dialer interface needs to be configured to ensure nonstop NAT services.

Configure NAT on the AR to permit Internet access and allow external users to access internal servers
Huawei AR routers support outbound NAT and NAT server to allow the intranet users to access the Internet and external users to access internal servers. The figure on the right page shows the networking diagram. Eth2/0/0 on the router connects to the internal network and its intranet IP address is 192.168.20.1/24. GE3/0/0 on the router connects to the external network and its extranet IP address is 202.169.10.1/24. The internal server has an internal IP address 192.168.20.2/24 and an external IP address 202.169.10.5. The internal host with the IP address 192.168.20.3/24 wants to access the internal server. The configuration details are as follows: 1. Configure IP addresses for interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168.20.1 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 202.169.10.1 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route with next-hop address 202.169.10.2 on the router. [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 3. Configure outbound NAT in Easy IP mode to allow internal users to access external networks. [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.20.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 4. Configure the NAT server to allow external users to access the internal servers. [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.5 www inside 192.168.20.2 8080 [Huawei-GigabitEthernet3/0/0] quit Note: The command that configures the NAT server function takes effect on Layer 3 interfaces, excluding Loopback and NULL interfaces.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top