Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-STUN commands | 65.61 KB |
STUN commands
display stun client info
Use display stun client info to display packet statistics and NAT information on the STUN client.
Syntax
display stun client info
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display packet statistics and NAT information on the STUN client.
<Sysname> display stun client info
Totally 1 STUN clients
Local IP/port : 1.1.1.24/6666
Local VPN : -
NAT IP/port : 66.1.1.1/6666
NAT type : Full Cone NAT
STUN refresh times : 5657
STUN request timeouts : 2
Basic requests sent : 11324
Behavior requests sent : 5517
Filter requests sent : 5518
Received response to basic requests : 11315
Received response to behavior requests : 5517
Received response to filter requests : 5517
Transaction ID errors in received responses : 0
Table 1 Command output
|
Field |
Description |
|
Local IP/port |
IP address and port number that the STUN client uses for detection. |
|
Local VPN |
VPN instance to which the tunnel interface on the STUN client belongs. |
|
NAT IP/port |
Public IP address and port number |
|
NAT type |
NAT type: · Full Cone NAT. · Restricted Cone NAT. · Port Restricted Cone NAT. · Symmetric NAT. · NO NAT—No NAT device exists. · -—Unknown type. |
|
STUN refresh times |
Number of times the STUN client refreshes the detection result. |
|
STUN request timeouts |
Number of detection timeouts. |
|
Basic requests sent |
Number of Basic requests sent. A Basic request is used to detect the public IP address and port number assigned by a NAT device. |
|
Behavior requests sent |
Number of Behavior requests sent. A Behavior request is used to detect the NAT mapping type. |
|
Filter requests sent |
Number of Filtering requests sent. A Filtering request is used to detect the NAT filtering method. |
Related commands
reset stun client statistics
display stun server packet-statistics
Use display stun server packet-statistics to display packet statistics on the STUN server.
Syntax
display stun server packet-statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display packet statistics on the STUN client.
<Sysname> display stun server packet-statistics
STUN success/error requests received : 22386/0
STUN success/error responses sent : 22386/0
STUN requests dropped : 0
STUN packets received : 22386
STUN unknown packets received : 0
Table 2 Command output
|
Field |
Description |
|
STUN success/error requests received |
Number of success/error requests received by the STUN server. |
|
STUN success/error responses sent |
Number of success/error responses sent by the STUN server. |
|
STUN requests dropped |
Number of requests dropped by the STUN server. |
|
STUN packets received |
Number of packets received by the STUN server. |
|
STUN unknown packets received |
Number of unknown packets received by the STUN server. |
Related commands
reset stun server packet-statistics
reset stun client statistics
Use reset stun client statistics to clear packet statistics on all STUN clients.
Syntax
reset stun client statistics
Views
Any view
Predefined user roles
network-admin
Usage guidelines
This command clears packet statistics on all STUN clients. Please use command with caution.
Examples
# Clear packet statistics on all STUN clients.
<Sysname> reset stun client statistics
Related commands
display stun client info
reset stun server packet-statistics
Use reset stun server packet-statistics to clear packet statistics on all STUN servers.
Syntax
reset stun server packet-statistics
Views
Any view
Predefined user roles
network-admin
Examples
# Clear packet statistics on all STUN servers.
<Sysname> reset stun server packet-statistics
Related commands
display stun server packet-statistics
stun client
Use stun client to enable the STUN client on an interface and specify the IP address and port number of the STUN server.
Use undo stun client to disable the STUN client on an interface.
Syntax
stun client destination-ip ip-address [ destination-port port-number ]
undo stun client destination-ip
Default
The STUN client is disabled.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
destination-ip ip-address: Specifies the IP address of the STUN server.
destination-port port-number: Specifies the port number of the STUN server, in the range of 1024 to 65535. The default is 3478.
Usage guidelines
For the STUN client to establish a connection with the STUN server, do not specify the alternate IP address of the STUN server in this command.
To change the IP address and port number of the STUN server specified in this command, you must execute the undo stun client command and then specify a new IP address and port number by using the stun client command.
For STUN detection to work correctly, make sure the STUN client can reach both the IP address and alternate IP address of the STUN server.
Examples
# Enable the STUN client on SDWAN tunnel interface Tunnel1 and specify the IP address and port number of the STUN server.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] stun client destination-ip 122.225.128.143 destination-port 1025
stun server
Use stun server to enable the STUN server and configure an IP address and port number for the STUN server.
Use undo stun server to disable the STUN server.
Syntax
stun server ip ip-address [ port port-number ] [ alternative-ip ip-address [ alternative-port port-number ] ] [ vpn-instance vpn-instance-name ][ global-ip global-ip-address [ global-port port-number ] [ global-alternative-ip ip-address [ global-alternative-port port-number ] ] ]
undo stun server ip ip-address [ port port-number ] [ vpn-instance vpn-instance-name ]
Default
The STUN server is disabled.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies an IP address for the STUN server.
port port-number: Specifies a port number for the STUN server, in the range of 1024 to 65535. The default is 3478.
alternative-ip ip-address: Specifies an alternate IP address for the STUN server. If you do not specify this option for a STUN server that is deployed in the public network, the STUN client cannot determine the NAT type.
alternative-port port-number: Specifies an alternate port number for the STUN server, in the range of 1024 to 65535. The default is 3479.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the STUN server belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the STUN server belongs to the public network, do not specify this option.
global-ip ip-address: Specifies the public IP address for the STUN server after NAT.
global-port port-number: Specifies the public port number for the STUN server after NAT, in the range of 1024 to 65535.
global-alternative-ip ip-address: Specifies the alternate public IP address for the STUN server after NAT. If you do not specify this option for a STUN server that is deployed in a private network, the STUN client cannot determine the NAT type.
global-alternative-port port-number: Specifies the alternate public port number for the STUN server after NAT, in the range of 1024 to 65535.
Usage guidelines
Typically deployed on the public network, the STUN server is an entity that receives STUN requests and sends STUN responses. The STUN server and STUN client exchange STUN packets to detect the IP address and port number assigned by a NAT device and the NAT type.
If a STUN server is deployed in a private network and communicates with the public network through a NAT device configured with a one-to-one NAT mapping rule, the STUN server uses its private address as the IP address in Binding responses. When receiving a subsequent Binding request, the STUN server-side NAT device will not translate the private address in the request to a public address, which leads to STUN detection failure.
To solve the problem, specify the global-ip global-ip-address and global-alternative-ip ip-address parameters. The STUN server will uses the specified public address in Binding responses it sends. The specified public addresses must match the public IP addresses on the NAT device.
In a multi-egress environment, you can execute this command multiple times to configure multiple STUN servers.
For STUN detection to work correctly, make sure the STUN client can reach both the IP address and alternate IP address of the STUN server.
To change the IP address and port number of the STUN server configured in this command, you must execute the undo stun server command and then configure a new IP address and port number by using the stun server command.
In the public network or in the same VPN instance:
· Any two IP addresses of a STUN server must be different. Any IP address of a STUN server cannot be the same as any IP address of another STUN server.
· The port number and alternate port number of the same STUN server cannot be the same. The public port number or alternate public port number of a STUN server cannot be the same as the public port number or alternate public port number of another STUN server.
Examples
# Enable the STUN server and configure an IP address and port number and an alternate IP address and port number for the STUN server.
<Sysname> system-view
[Sysname] stun server ip 10.1.1.1 port 4396 alternative-ip 20.1.1.1 alternative-port 4397
