04-Layer 3-IP Services Configuration Guide

HomeSupportResource CenterConfigure & DeployConfiguration GuidesH3C S5130S-EI[HI][SI]&S5120V2-SI&S3100V3-EI&E100C&E500C[D] Configuration Guides-R63xx-6W10304-Layer 3-IP Services Configuration Guide
13-NAT configuration
Title Size Download
13-NAT configuration 96.45 KB

NAT overview

Network Address Translation (NAT) translates an IP address in the IP packet header to another IP address. Typically, NAT is configured on gateways to enable private hosts to access external networks and external hosts to access private network resources such as a Web server.

Basic NAT concepts

The following describes basic NAT concepts:

·     NAT deviceA device configured with NAT. Typically, NAT is configured on the edge device that connects the internal and external networks.

·     NAT interface—An interface configured with NAT.

·     NAT address—A public IP address used for address translation, and this address is reachable from the external network.

·     NAT entry—Stores the mapping between a private IP address and a public IP address.

Basic NAT operating mechanism

Figure 1 shows the basic NAT operating mechanism.

1.     Upon receiving a request from the host to the server, NAT translates the private source address to the public address and forwards the NATed packet. NAT adds a mapping for the two addresses to its NAT table.

2.     Upon receiving a response from the server, NAT translates the destination public address to the private address, and forwards the packet to the host.

The NAT operation is transparent to the terminals (the host and the server). NAT hides the private network from the external users and shows that the IP address of the internal host is

Figure 1 Basic NAT operation


Restrictions: Software version compatibility with NAT

The NAT feature is supported only in Release 6328 and later.

Configuring outbound one-to-one static NAT

About this task

Static NAT creates a fixed mapping between a private address and a public address. It supports connections initiated from internal users to the external network and from external users to the internal network. Static NAT applies to regular communications.

For address translation from a private IP address to a public IP address, configure outbound one-to-one static NAT on the interface connected to the external network.

·     When the source IP address of an outgoing packet matches the local-ip, the source IP address is translated into the global-ip.

·     When the destination IP address of an incoming packet matches the global-ip, the destination IP address is translated into the local-ip.


1.     Enter system view.


2.     Configure a one-to-one mapping for outbound static NAT.

nat static outbound local-ip global-ip

3.     Enter interface view.

interface interface-type interface-number

4.     Enable static NAT on the interface.

nat static enable

By default, static NAT is disabled.

Display and maintenance commands for NAT

Execute display commands in any view and reset commands in user view.




Display NAT sessions.

display nat session [ { source-ip source-ip | destination-ip destination-ip } * ] [ slot slot-number ] [ verbose ]

Display static NAT mappings.

display nat static

Clear NAT sessions.

reset nat session


NAT configuration examples

Example: Configuring outbound one-to-one static NAT

Network configuration

Configure static NAT to allow the host at to access the Internet.

Figure 2 Network diagram



# Specify IP addresses for the interfaces on the device. (Details not shown.)

# Configure a one-to-one static NAT mapping between the private address and the public address

<Device> system-view

[Device] nat static outbound

# Enable static NAT on VLAN-interface 200.

[Device] interface vlan-interface 200

[Device-Vlan-interface200] nat static enable

[Device-Vlan-interface200] quit

Verifying the configuration

# Verify that the host at can access the server on the Internet. (Details not shown.)

# Display static NAT configuration.

[Device] display nat static

Static NAT mappings:

  Totally 1 outbound static NAT mappings.


    Local IP     :

    Global IP    :

    Config status: Active


Interfaces enabled with static NAT:

  Totally 1 interfaces enabled with static NAT.

  Interface: Vlan-interface200

    Service card : ---

    Config status: Active

# Display NAT session information.

[Device] display nat session verbose


  Source      IP/port:

  Destination IP/port:

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/VLL ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: Vlan-interface100


  Source      IP/port:

  Destination IP/port:

  DS-Lite tunnel peer: -

  VPN instance/VLAN ID/VLL ID: -/-/-

  Protocol: ICMP(1)

  Inbound interface: Vlan-interface200


Application: INVALID

Start time: 2021-04-13 09:30:49  TTL: 27s

Initiator->Responder:            5 packets        420 bytes

Responder->Initiator:            5 packets        420 bytes


Total sessions found: 1


  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us