1、
配置IP地址池1,包括两个公网地址202.38.1.2和202.38.1.3。
2、<Router> system-view
3、[Router] nat address-group 1 202.38.1.2 202.38.1.3
4、# 配置访问控制列表2001,仅允许内部网络中10.110.10.0/24网段的用户可以访问Internet。
5、[Router] acl number 2001
6、[Router-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
7、[Router-acl-basic-2001] rule deny
8、[Router-acl-basic-2001] quit
9、# 在出接口GigabitEthernet1/2上配置ACL 2001与IP地址池1相关联。
10、[Router] interface gigabitethernet 1/2
11、[Router-GigabitEthernet1/2] ip address 202.38.1.4 24
12、[Router-GigabitEthernet1/2] nat outbound 2001 (可有可无)address-group 1
13、[Router-GigabitEthernet1/2] quit
