Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
NAPT on AR2204xe

NAPT on AR2204xe

Created: Jun 5, 2019 03:17:10Latest reply: Jun 11, 2019 02:31:51 2043 13 0 0 0
  Rewarded HiCoins: 2 (problem resolved)
View the author 1#

Hello,


I need some help for the configuration the NAPT in my router AR2204xe. I need translate IP's from one vlan to one public IP. In resume I need to do a NAPT with the case:

VLAN 11 (128.0.8.0/23) private net -> 266.13.59.2/28 public IP

is possible do this with the commands of the CLI ?


(This is the topology of the cluster)

003351yzzhwmw2589we920.png?net.png


Thanks !

NAPTNATAR2204xe

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Q in q config support
Next: How to use iUpgrade tool for NE router upgrade.
Featured Answers

Recommended answer

(0) (0)
chenhui
Admin Created Jun 6, 2019 07:46:59

Posted by Juan_Tintor at 2019-06-06 07:25Yes, I have the same default route configured, but still not working. Thanks !
Hi!

Please follow the steps below:

1. check if you can ping google.cl (182.217.8.99) with the source IP 146.83.95.1.

2. enable the ARP broadcast under the sub-interface view.
View more
  • x
  • convention:
All Answers
(0) (0)
2#
chenhui
chenhui Admin Created Jun 5, 2019 03:47:37

@Juan_Tintor hi,
yes, you can configure nat outbound under the interface view, if you only got one public ip address, you can configure the nat outbound without specify the address-group, in this situation, the interface ip address will be used as the nat address, which is called easy ip feature.
for example:
acl 2001
rule 5 per sourc 128.0.8.0 0.0.1.255
int g0/0/1
nat outbound 2001

and here is an example: https://support.huawei.com/hedex/hdx.do?docid=EDOC1000163385&id=dc_cfg_NAT_0033_1&text=Example%252520for%252520Configuring%252520Dynamic%252520NAT&lang=en
View more
  • x
  • convention:
(0) (0)
3#
Juan_Tintor
Juan_Tintor Created Jun 5, 2019 04:21:26

Posted by chenhui at 2019-06-05 03:47 @Juan_Tintor hi,yes, you can configure nat outbound under the interface view, if you only got one pu ...

Hi !

Thanks for the answer ! But I did this configuration in past and not work. I did this:

´´´
Basic ACL 2011, 1 rule
nat-vms
Acl's step is 5
rule 5 permit source 128.0.8.0 0.0.1.255

#
interface XGigabitEthernet0/0/1.4
dot1q termination vid 30
ip address 146.83.95.1 255.255.255.240
nat outbound 2011
#
´´´

and when I do a traceroute to google.cl i get this:

´´´

root@chi2ad-cgs1:~# traceroute google.cl
traceroute to google.cl (172.217.8.99), 30 hops max, 60 byte packets
1  128.0.8.1 (128.0.8.1)  0.796 ms  0.760 ms  0.799 ms
2  * * *
3  * * *
4  * * *

´´´

The IP 128.0.8.1 is the gateway in the router.

Do you have any idea what it could be?

Thanks again !

View more
  • x
  • convention:
(0) (0)
4#
Popeye_Wang
Popeye_Wang Admin Created Jun 5, 2019 13:32:35

Posted by Juan_Tintor at 2019-06-05 04:21 Hi ! Thanks for the answer ! But I did this configuration in past and not work. I did this: ´´´ ...
Have you configured the default route?
ip route-static 0.0.0.0 0 146.83.95.X
View more
  • x
  • convention:
(0) (0)
5#
Juan_Tintor
Juan_Tintor Created Jun 6, 2019 07:25:01

Yes, I have the same default route configured, but still not working. Thanks !
View more
  • x
  • convention:
(0) (0)
6#
chenhui
chenhui Admin Created Jun 6, 2019 07:31:28

hi,
can you try to ping the google.cl(182.217.8.99)with source ip 146.83.95.1
View more
  • x
  • convention:
(0) (0)
7#
chenhui
chenhui Admin Created Jun 6, 2019 07:46:59

Posted by Juan_Tintor at 2019-06-06 07:25Yes, I have the same default route configured, but still not working. Thanks !
Hi!

Please follow the steps below:

1. check if you can ping google.cl (182.217.8.99) with the source IP 146.83.95.1.

2. enable the ARP broadcast under the sub-interface view.
View more
  • x
  • convention:
(0) (0)
8#
Juan_Tintor
Juan_Tintor Created Jun 6, 2019 19:12:19

Posted by chenhui at 2019-06-06 07:46 hi,please follow the step below:1. check if you can ping google.cl(182.217.8.99)with source ip 1 ...

Hi !

I got this:

-------------------------------------------------------------------------------------------
[chi2ad-ar-01-XGigabitEthernet0/0/1.4]arp broadcast enable
Info: This interface has already been configured with ARP broadcast.
[chi2ad-ar-01-XGigabitEthernet0/0/1.4]ping 182.217.8.99
  PING 182.217.8.99: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out

  --- 182.217.8.9****** statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss

[chi2ad-ar-01-XGigabitEthernet0/0/1.4]dis this
[V200R009C00SPC500]
#
interface XGigabitEthernet0/0/1.4
 description Plan REUNA VLAN 30
 dot1q termination vid 30
 ip address 146.83.95.1 255.255.255.240
 ip verify source-address
 dhcp select interface
 dhcp server gateway-list 146.83.95.1
 dhcp server dns-list 128.0.8.162 146.83.95.4
 dhcp server domain-name chi2ad.local
#
return
[chi2ad-ar-01-XGigabitEthernet0/0/1.4]
-------------------------------------------------------------------------------------------

Thanks !
View more
  • x
  • convention:
(0) (0)
9#
Juan_Tintor
Juan_Tintor Created Jun 7, 2019 17:19:00

Hi,

I have new background about the configuration. The actual topology is:
https://temphfarias.s3.amazonaws.com/net.jpeg


The router AR2204xe is connected to the Router Cisco ASR. I only can modified the AR2204xe, I don't have access to the Cisco ASR. The public network (to internet) is the 146.83.95.0/28 defined in the AR2204xe, not in the ISP router (Cisco ASR).

The problem is create a NAPT for the private net 128.0.8.0/23. For the moment I  configurated the net in the ACL 200, but my idea is bouding this private network (128.0.8.0/23) to the public IP 146.83.95.1 (This IP is defining in the interface 10GE1.4).


But we have a problem, when I do a traceroute in the host connected in the net 128.0.8.0/23, I got this:
-------------------------------------------------------------------------------------
root@chi2ad-vo:~# traceroute google.cl
traceroute to google.cl (172.217.0.163), 30 hops max, 60 byte packets
 1  128.0.8.1 (128.0.8.1)  0.896 ms  0.879 ms  0.886 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
-------------------------------------------------------------------------------------

and when I did a tracert in the AR2204xe I got this:
-------------------------------------------------------------------------------------
[chi2ad-ar-01]tracert 172.217.0.163
 traceroute to  172.217.0.163(172.217.0.163), max hops: 30 ,packet length: 40,press CTRL_C to break
 1 10.10.95.1 1 ms  1 ms  1 ms
 2  *
-------------------------------------------------------------------------------------

So the problem is,  I can't get internet in the router AR2204xe because the public net (146.83.95.0/28) is defined inside of them, and not in the router of the ISP (Cisco ASR).

Cheers,
View more
  • x
  • convention:
(0) (0)
10#
chenhui
chenhui Admin Created Jun 8, 2019 08:13:42

Posted by Juan_Tintor at 2019-06-07 17:19 Hi, I have new background about the configuration. The actual topology is:
I'm really confused with the topology,
the AR2204 connect to the private network, but configured with a public ip address, I'm not sure what the goal of configuring the 10GE1.4 with a public ip address.
View more
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.