Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-NAT66 commands | 74.05 KB |
Contents
NAT66 commands
display nat66 all
Use display nat66 all to display all NAT66 configurations.
Syntax
display nat66 all
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display all NAT66 configurations.
<Sysname> display nat66 all
NAT66 source information:
Totally 1 source rules.
Interface(outbound): GigabitEthernet0/0/1
Original prefix/prefix-length: 11::/64
Translated prefix/prefix-length: 22::/64
NAT66 destination information:
Totally 1 destination rules.
Interface(inbound): GigabitEthernet0/0/2
Original prefix/prefix-length: FD01:203:405::/48
Translated prefix/prefix-length: 1::/48
Table 1 Command output
|
Field |
Description |
|
NAT66 source information |
Configuration information about NAT66 source address translation. |
|
NAT66 destination information |
Configuration information about NAT66 destination address translation. |
|
Totally n source rules |
Total number of source address translation rules. |
|
Totally n destination rules |
Total number of destination address translation rules. |
|
Interface(outbound) |
Interface configured with NAT66 source address translation rules. |
|
Interface(inbound) |
Interface configured with NAT66 destination address translation rules. |
|
Original prefix/prefix-length |
Prefix and prefix length before NAT66 translation. |
|
Translated prefix/prefix-length |
Prefix and prefix length after NAT66 translation. |
Related commands
nat66 prefix destination
nat66 prefix source
display nat66 session
Use display nat66 session to display NAT66 sessions.
Syntax
display nat66 session [ slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays NAT66 sessions for all cards.
verbose: Displays detailed information about NAT66 sessions. If you do not specify this keyword, the command displays brief information about NAT66 sessions.
Usage guidelines
If you do not specify any parameters, this command displays brief information about all NAT66 sessions.
Examples
# Display brief information about NAT66 sessions for the specified slot.
<Sysname> display nat66 session slot 1
Slot 1:
Initiator:
Source IP/port: FD01:203:405::1/4048
Destination IP/port: 2001:DB8:1::100/21
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet0/0/2
Total sessions found: 1
# Display detailed information about NAT66 sessions for the specified slot.
<Sysname> display nat sessionslot 1 verbose
Slot 1:
Initiator:
Source IP/port: FD01:203:405::1/4048
Destination IP/port: 2001:DB8:1::100/21
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet0/0/2
Source security zone: Trust
Responder:
Source IP/port: 2001:DB8:1::100/21
Destination IP/port: 1:0:0:309::1/4048
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet0/0/1
Source security zone: Trust
State: TCP_ESTABLISHED
Application: FTP
Rule ID: -/-/-
Rule name:
Start time: 2018-12-10 09:19:28 TTL: 3585s
Initiator->Responder: 0 packets 0 bytes
Responder->Initiator: 0 packets 0 bytes
Total sessions found: 1
Table 2 Command output
|
Field |
Description |
|
Initiator |
Session information about the initiator. |
|
Responder |
Session information about the responder. |
|
Source IP/port |
Source IPv6 address and port number. |
|
Destination IP/port |
Destination IPv6 address and port number. |
|
VPN instance/VLAN ID/Inline ID |
This field is not supported in the current software version. · VPN instance—MPLS L3VPN instance to which the session belongs. · VLAN ID—ID of the VLAN to which the session belongs for Layer 2 forwarding. · Inline ID—ID of the INLINE to which the session belongs for Layer 2 forwarding. If no settings are specified, this field displays slash-separated hyphens (-/-/-). |
|
Protocol |
Transport layer protocol type: DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, or UDP-Lite. The number after the protocol is the protocol number. |
|
Inbound interface |
Input interface. |
|
Source security zone |
Security zone to which the input interface belongs. If the input interface does not belong to any security zone, this field displays a hyphen (-). |
|
State |
NAT66 session state. |
|
Application |
Application layer protocol type, such as FTP and DNS. This field displays OTHER for the protocol types identified by non-well-known ports. |
|
Rule ID |
ID of the security policy rule. |
|
Rule name |
Name of the security policy rule. |
|
Start time |
Time when the session starts. |
|
TTL |
Remaining lifetime of the NAT66 session, in seconds. |
|
Initiator->Responder |
Number of packets and packet bytes from the initiator to the responder. |
|
Responder->Initiator |
Number of packets and packet bytes from the responder to the initiator. |
|
Total sessions found |
Total number of sessions. |
Related commands
reset nat66 session
display nat66 statistics
Use display nat66 statistics to display NAT66 statistics.
Syntax
display nat66 statistics [ summary ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
summary: Displays NAT66 statistics summary. If you do not specify this keyword, the command displays detailed NAT66 statistics.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays NAT66 statistics for all cards.
Examples
# Display detailed NAT66 statistics.
<Sysname> display nat66 statistics
Slot 1:
Total session entries: 100
Table 3 Command output
|
Field |
Description |
|
Total session entries |
Number of NAT66 session entries. |
# Display NAT66 statistics summary.
<Sysname> display nat66 statistics summary
Slot Sessions
1 100
Table 4 Command output
|
Field |
Description |
|
Sessions |
Number of NAT66 session entries. |
nat66 prefix destination
Use nat66 prefix destination to configure an IPv6 prefix mapping for IPv6 destination address translation.
Use undo nat66 prefix destination to remove an IPv6 prefix mapping for IPv6 destination address translation.
Syntax
nat66 prefix destination original-ipv6-prefix prefix-length [ protocol pro-type [ global-port ] ] translated-ipv6-prefix prefix-length [ local-port ]
undo nat66 prefix destination original-ipv6-prefix prefix-length [ protocol pro-type [ global-port ] ] translated-ipv6-prefix prefix-length [ local-port ]
Default
No IPv6 prefix mappings are configured for IPv6 destination address translation.
Views
Interface view
Predefined user roles
network-admin
Parameters
original-ipv6-prefix: Specifies the original IPv6 prefix. For IPv6 destination address translation, specify the external prefix.
protocol pro-type: Specifies a protocol type. If you do not specify a protocol type, the command applies to packets of all protocols. The protocol type format can be one of the following:
· A number in the range of 1 to 255.
· A protocol name of ipv6-icmp, tcp, or udp.
global-port: Specifies a public port number for the internal server, in the range of 1 to 65535.
translated-ipv6-prefix: Specifies the translated IPv6 prefix. For IPv6 destination address translation, specify the internal prefix.
prefix-length: Specifies a prefix length, in the range of 1 to 128.
local-port: Specifies a private port number for the internal server, in the range of 1 to 65535.
Usage guidelines
To allow external users to access internal servers (such as Web or FTP server), configure IPv6 destination prefix mappings on the interface connected to the external network.
When you configure IPv6 destination prefix mappings, follow these restrictions and guidelines:
· The prefix length before and after NAT66 must be the same.
· On one interface, the mapping between an external prefix and an internal prefix must be unique.
· On different interfaces, one external prefix cannot be mapped to different internal prefixes.
· The external IPv6 prefix of the internal server cannot be the same as the external prefix of the NAT66 device or the prefix of external hosts that access the internal server.
· The command does not support modifying an existing IPv6 prefix mapping. To modify it, first execute the undo nat66 prefix destination command to remove the mapping, and then configure the new one.
Examples
# On GigabitEthernet 0/0/1, configure an IPv6 destination prefix mapping to translate IPv6 prefix 2001::/64 to IPv6 prefix 2101::/64.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/0/1
[Sysname-GigabitEthernet0/0/1] nat66 prefix destination 2001:: 64 2101:: 64
# On GigabitEthernet 0/0/1, configure an IPv6 destination prefix mapping to translate IPv6 prefix 2001::/64 and port 64 to IPv6 prefix 2101::/64 and port 200 for packets destined for the internal FTP server.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/0/1
[Sysname-GigabitEthernet0/0/1] nat66 prefix destination 2001:: 64 protocol tcp 64 2101:: 64 200
Related commands
display nat66 all
nat66 prefix source
Use nat66 prefix source to configure an IPv6 prefix mapping for IPv6 source address translation.
Use undo nat66 prefix source to remove an IPv6 prefix mapping for IPv6 source address translation.
Syntax
nat66 prefix source original-ipv6-prefix prefix-length translated-ipv6-prefix prefix-length [ pat ]
undo nat66 prefix source original-ipv6-prefix prefix-length translated-ipv6-prefix prefix-length
Default
No IPv6 prefix mappings are configured for IPv6 source address translation.
Views
Interface view
Predefined user roles
network-admin
Parameters
original-ipv6-prefix: Specifies the original IPv6 prefix. For IPv6 source address translation, specify the internal prefix.
translated-ipv6-prefix: Specifies the translated IPv6 prefix. For IPv6 source address translation, specify the external prefix.
prefix-length: Specifies a prefix length, in the range of 1 to 128.
pat: Uses the PAT mode for address translation. In this mode, port information is translated in addtion to address translation. If you do not specify this keyword, the device does not translate port information.
Usage guidelines
NAT66 source address translation is applicable to the following scenarios:
· Single internal and external network—The NAT66 device is connected to an internal network and an external network. Hosts in the internal network uses locally routed IPv6 prefixes. When an internal host sends packets to access the external network, the NAT66 device translates the source IPv6 address prefix in the packets to a global unicast address prefix.
· Redundancy and load sharing—Multiple NAT66 devices are deployed between two IPv6 networks and they use ECMPs for load sharing. To allow any NAT66 device to process IPv6 traffic among different sites, configure the same source prefix mappings on these NAT66 devices.
· Multihoming—In a multihomed network, NAT66 devices are connected to an internal network and multiple external networks. One internal prefix is mapped to different external prefixes on the NAT66 devices, so that one internal address can be translated to multiple external addresses.
When you configure source prefix mappings, follow these restrictions and guidelines:
· Source prefix mappings are typically configured on the interface connected to the external network.
· The prefix length before and after NAT66 in a mapping must be the same if this mapping does not support port translation.
· On one interface, the mapping between an internal prefix and an external prefix must be unique.
· On different interfaces, different internal prefixes cannot be mapped to the same external prefix.
· The source IPv6 prefix after translation cannot be the same as the external prefix of the NAT66 device or the prefix of the external destination address.
· The command does not support modifying an existing prefix mapping. To modify it, first execute the undo nat66 prefix source command to remove the mapping, and then configure the new one.
Examples
# On GigabitEthernet 0/0/1, configure an IPv6 source prefix mapping to translate IPv6 prefix FD9C:58ED:7D73:2::/64 to 2101::/64.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/0/1
[Sysname-GigabitEthernet0/0/1] nat66 prefix source fd9C:58ed:7d73:2:: 64 2101:: 64
# On GigabitEthernet 0/0/1, configure an IPv6 source prefix mapping in PAT mode to translate IPv6 prefix FD9C:58ED:7D73:2::/64 to 2101::/64.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/0/1
[Sysname-GigabitEthernet0/0/1] nat66 prefix source fd9C:58ed:7d73:2:: 64 2101:: 64 pat
Related commands
display nat66 all
reset nat66 session
Use reset nat66 session to delete NAT66 sessions.
Syntax
reset nat66 session [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command deletes NAT66 sessions for all cards.
Examples
# Delete NAT66 sessions for the specified slot.
<Sysname> reset nat66 session slot 1
Related commands
display nat66 session
