Login
- Table of Contents
-
- 04-Layer 3—IP Services Command Reference
- 00-Preface
- 01-ARP commands
- 02-IP addressing commands
- 03-DHCP commands
- 04-DNS commands
- 05-IP forwarding basics commands
- 06-Fast forwarding commands
- 07-IP performance optimization commands
- 08-UDP helper commands
- 09-IPv6 basics commands
- 10-DHCPv6 commands
- 11-IPv6 fast forwarding commands
- 12-HTTP redirect commands
- 13-NAT commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-NAT commands | 61.22 KB |
Contents
NAT commands
NAT is supported only in Release 6328 and later.
display nat session
Use display nat session to display NAT sessions.
Syntax
display nat session [ { source-ip source-ip | destination-ip destination-ip } * ] [ slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
source-ip source-ip: Displays NAT sessions for the source IP address specified by the source-ip argument. The IP address must be the source IP address of the packet that triggers the session establishment.
destination-ip destination-ip: Displays NAT sessions for the destination IP address specified by the destination-ip argument. The IP address must be the destination IP address of the packet that triggers the session establishment.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays NAT sessions for all member devices.
verbose: Displays detailed information about NAT sessions. If you do not specify this keyword, this command displays brief information about initiators of NAT sessions.
Usage guidelines
If you do not specify any parameters, this command displays detailed information about initiators of all NAT sessions.
Examples
# Display detailed information about NAT session initiators for the specified slot.
<Sysname> display nat session
Slot 1:
Initiator:
Source IP/port: 5.5.5.5/551
Destination IP/port: 2.2.2.2/2048
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: ICMP(1)
Inbound interface: Vlan-interface100
Total sessions found: 1
# Display detailed information about NAT sessions for the specified slot.
<Sysname> display nat session verbose
Slot 1:
Initiator:
Source IP/port: 5.5.5.5/546
Destination IP/port: 2.2.2.2/2048
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: ICMP(1)
Inbound interface: Vlan-interface100
Responder:
Source IP/port: 2.2.2.2/546
Destination IP/port: 2.2.2.1/0
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: ICMP(1)
Inbound interface: Vlan-interface101
State: ICMP_REPLY
Application: OTHER
Start time: 2021-04-13 10:27:23 TTL: 27s
Initiator->Responder: 0 packets 0 bytes
Responder->Initiator: 0 packets 0 bytes
Total sessions found: 1
Table 1 Command output
|
Field |
Description |
|
Source IP/port |
Source IP address and port number. |
|
Destination IP/port |
Destination IP address and port number. |
|
DS-Lite tunnel peer |
Destination address of the DS-Lite tunnel interface. If the session does not belong to any DS-Lite tunnel, this field displays a hyphen (-). |
|
VPN instance/VLAN ID/VLL ID |
The fields identify the following information: · VPN instance—MPLS L3VPN instance to which the session belongs. · VLAN ID—VLAN to which the session belongs for Layer 2 forwarding. · VLL ID—INLINE to which the session belongs for Layer 2 forwarding. If no VPN instance, VLAN ID, or VLL ID is specified, a hyphen (-) is displayed for the related field. |
|
Protocol |
Transport layer protocol type: DCCP, ICMP, Raw IP, SCTP, TCP, UDP, or UDP-Lite. |
|
Inbound interface |
Input interface. |
|
State |
NAT session state. |
|
Application |
Application layer protocol type, such as FTP and DNS. This field displays OTHER for the protocol types identified by non-well-known ports. |
|
Start time |
Time when the session starts. |
|
TTL |
Remaining NAT session lifetime in seconds. |
|
Initiator->Responder |
Number of packets and bytes from the initiator to the responder. |
|
Responder->Initiator |
Number of packets and bytes from the responder to the initiator. |
|
Total sessions found |
Total number of sessions. |
reset nat session
display nat static
Use display nat static to display static NAT mappings.
Syntax
display nat static
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display static NAT mappings.
<Sysname> display nat static
Static NAT mappings:
Totally 1 outbound static NAT mappings.
IP-to-IP:
Local IP : 4.4.4.4
Global IP : 5.5.5.5
Config status: Active
Interfaces enabled with static NAT:
Totally 1 interfaces enabled with static NAT.
Interface: Vlan-interface100
Service card : ---
Config status: Active
Table 2 Command output
|
Field |
Description |
|
Static NAT mappings |
Information about static NAT mappings. |
|
Totally n outbound static NAT mappings |
Total number of inbound static NAT mappings. |
|
IP-to-IP |
One-to-one static NAT mapping. |
|
Local IP |
Private IP address or address range. |
|
Global IP |
Public IP address or address range. |
|
Interfaces enabled with static NAT |
Interfaces that are enabled with static NAT. |
|
Totally n interfaces enabled with static NAT |
Total number of interfaces enabled with static NAT. |
|
Interface |
Interface enabled with static NAT. |
|
Service card |
Service card that processes NAT traffic. If no service card is specified on the interface, this field displays hyphens (---). |
|
Config status |
Status of the static NAT mapping configuration: Active or Inactive. |
Related commands
nat static
nat static enable
nat static enable
Use nat static enable to enable static NAT on an interface.
Use undo nat static enable to disable static NAT on an interface
Syntax
nat static enable
undo nat static enable
Default
Static NAT is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Static NAT mappings take effect on an interface only after you enable static NAT on the interface.
If you configure modular QoS configuration (MQC) on a device enabled with static NAT, packets that match an ACL rule are sent to the CPU. If the packet IP addresses match a NAT rule, the device generates NAT sessions and performs forwarding in software, which might cause packet loss of established NAT sessions.
Examples
# Configure an outbound static NAT mapping between private IP address 192.168.1.1 and public IP address 2.2.2.2, and enable static NAT on VLAN-interface 100.
<Sysname> system-view
[Sysname] nat static outbound 192.168.1.1 2.2.2.2
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] nat static enable
Related commands
display nat static
nat static outbound
nat static outbound
Use nat static outbound to configure a mapping for outbound static NAT.
Use undo nat static outbound to remove a mapping for outbound static NAT.
Syntax
nat static outbound local-ip global-ip
undo nat static outbound local-ip
Default
No NAT mappings exist.
Views
System view
Predefined user roles
network-admin
Parameters
local-ip: Specifies a private IP address.
global-ip: Specifies a public IP address.
Usage guidelines
When the source IP address of an outgoing packet matches the local-ip, the IP address is translated into the global-ip. When the destination IP address of an incoming packet matches the global-ip, the destination IP address is translated into the local-ip.
Examples
# Configure an outbound static NAT mapping between public IP address 2.2.2.2 and private IP address 192.168.1.1.
<Sysname> system-view
[Sysname] nat static outbound 192.168.1.1 2.2.2.2
Related commands
display nat session
display nat static
nat static enable
reset nat session
Use reset nat session to clear NAT sessions.
Syntax
reset nat session [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears NAT sessions for all member devices.
Examples
# Clear NAT sessions for the specified slot.
<Sysname> reset nat session slot 1
Related commands
display nat session
