R3303-HP HSR6800 Routers Layer 3 - IP Services Command Reference
Table Of Contents
- Title Page
- Contents
- ARP configuration commands
- Gratuitous ARP configuration commands
- Proxy ARP configuration commands
- ARP snooping configuration commands
- IP addressing configuration commands
- DHCP server configuration commands
- bims-server
- bootfile-name
- dhcp enable (for DHCP server)
- dhcp server apply ip-pool
- dhcp select server global-pool
- dhcp server client-detect enable
- dhcp server detect
- dhcp server forbidden-ip
- dhcp server ip-pool
- dhcp server ping packets
- dhcp server ping timeout
- dhcp server relay information enable
- dhcp server threshold
- dhcp update arp (for DHCP server)
- display dhcp server conflict
- display dhcp server expired
- display dhcp server free-ip
- display dhcp server forbidden-ip
- display dhcp server ip-in-use
- display dhcp server statistics
- display dhcp server tree
- dns-list
- domain-name
- expired
- forbidden-ip
- gateway-list
- nbns-list
- netbios-type
- network
- network ip range
- network mask
- next-server
- option
- reset dhcp server conflict
- reset dhcp server ip-in-use
- reset dhcp server statistics
- static-bind client-identifier
- static-bind ip-address
- static-bind mac-address
- tftp-server domain-name
- tftp-server ip-address
- vendor-class-identifier
- voice-config
- DHCP relay agent configuration commands
- dhcp enable (for DHCP relay agent)
- dhcp relay address-check enable
- dhcp relay check mac-address
- dhcp relay client-detect enable
- dhcp relay information circuit-id format-type
- dhcp relay information circuit-id string
- dhcp relay information enable
- dhcp relay information format
- dhcp relay information remote-id format-type
- dhcp relay information remote-id string
- dhcp relay information strategy
- dhcp relay release ip
- dhcp relay security static
- dhcp relay security refresh enable
- dhcp relay security tracker
- dhcp relay server-detect
- dhcp relay server-group
- dhcp relay server-select
- dhcp select relay
- dhcp update arp (for DHCP relay agent)
- display dhcp relay
- display dhcp relay information
- display dhcp relay security
- display dhcp relay security statistics
- display dhcp relay security tracker
- display dhcp relay server-group
- display dhcp relay statistics
- reset dhcp relay statistics
- DHCP client configuration commands
- DHCP snooping configuration commands
- dhcp-snooping
- dhcp-snooping binding database filename
- dhcp-snooping binding database update interval
- dhcp-snooping binding database update now
- dhcp-snooping check mac-address
- dhcp-snooping check request-message
- dhcp-snooping information circuit-id format-type
- dhcp-snooping information circuit-id string
- dhcp-snooping information enable
- dhcp-snooping information format
- dhcp-snooping information remote-id format-type
- dhcp-snooping information remote-id string
- dhcp-snooping information strategy
- dhcp-snooping information sub-option
- dhcp-snooping trust
- display dhcp-snooping
- display dhcp-snooping binding database
- display dhcp-snooping information
- display dhcp-snooping packet statistics
- display dhcp-snooping trust
- reset dhcp-snooping
- reset dhcp-snooping packet statistics
- IPv4 DNS configuration commands
- NAT configuration commands
- address
- display nat address-group
- display nat all
- display nat bound
- display nat dns-map
- display nat server
- display nat server-group
- display nat session
- display nat static
- display nat statistics
- display userlog export
- inside ip
- nat address-group
- nat dns-map
- nat outbound
- nat outbound static
- nat server (for extended NAT server)
- nat server (for normal NAT server)
- nat server-group
- nat static
- nat static net-to-net
- IP forwarding basics commands
- Load sharing commands
- Flow classification configuration commands
- Adjacency table configuration commands
- IP performance optimization commands
- display icmp statistics
- display ip socket
- display ip statistics
- display ip virtual-reassembly
- display tcp statistics
- display udp statistics
- ip forward-broadcast (interface view)
- ip forward-broadcast (system view)
- ip icmp-extensions
- ip redirects enable
- ip ttl-expires enable
- ip unreachables enable
- ip virtual-reassembly
- reset ip statistics
- reset tcp statistics
- reset udp statistics
- tcp mss
- tcp path-mtu-discovery
- tcp timer fin-timeout
- tcp timer syn-timeout
- tcp window
- UDP helper configuration commands
- IPv6 basics configuration commands
- display ipv6 fib
- display ipv6 fib ipv6-address
- display ipv6 interface
- display ipv6 neighbors
- display ipv6 neighbors count
- display ipv6 neighbors vpn-instance
- display ipv6 pathmtu
- display ipv6 socket
- display ipv6 statistics
- display tcp ipv6 statistics
- display tcp ipv6 status
- display udp ipv6 statistics
- ipv6
- ipv6 address
- ipv6 address anycast
- ipv6 address auto link-local
- ipv6 address eui-64
- ipv6 address link-local
- ipv6 hoplimit-expires enable
- ipv6 icmp-error
- ipv6 icmpv6 multicast-echo-reply enable
- ipv6 mtu
- ipv6 nd autoconfig managed-address-flag
- ipv6 nd autoconfig other-flag
- ipv6 nd dad attempts
- ipv6 nd hop-limit
- ipv6 nd ns retrans-timer
- ipv6 nd nud reachable-time
- ipv6 nd ra halt
- ipv6 nd ra interval
- ipv6 nd ra no-advlinkmtu
- ipv6 nd ra prefix
- ipv6 nd ra router-lifetime
- ipv6 neighbor
- ipv6 neighbor stale-aging
- ipv6 neighbors max-learning-num
- ipv6 option drop enable
- ipv6 pathmtu
- ipv6 pathmtu age
- ipv6 redirects enable
- ipv6 unreachables enable
- local-proxy-nd enable
- reset ipv6 neighbors
- reset ipv6 pathmtu
- reset ipv6 statistics
- reset tcp ipv6 statistics
- reset udp ipv6 statistics
- tcp ipv6 timer fin-timeout
- tcp ipv6 timer syn-timeout
- tcp ipv6 window
- DHCPv6 configuration commands
- DHCPv6 common configuration commands
- DHCPv6 server configuration commands
- display ipv6 dhcp pool
- display ipv6 dhcp prefix-pool
- display ipv6 dhcp server
- display ipv6 dhcp server conflict
- display ipv6 dhcp server expired
- display ipv6 dhcp server ip-in-use
- display ipv6 dhcp server pd-in-use
- display ipv6 dhcp server statistics
- dns-server
- domain-name
- ds-lite address
- network
- ipv6 dhcp pool
- ipv6 dhcp prefix-pool
- ipv6 dhcp server
- ipv6 dhcp server enable
- prefix-pool
- reset ipv6 dhcp server conflict
- reset ipv6 dhcp server ip-in-use
- reset ipv6 dhcp server pd-in-use
- reset ipv6 dhcp server statistics
- sip-server
- static-bind address
- static-bind prefix
- DHCPv6 relay agent configuration commands
- IPv6 DNS configuration commands
- NAT-PT configuration commands
- display natpt address-group
- display natpt address-mapping
- display natpt all
- display natpt statistics
- natpt address-group
- natpt enable
- natpt prefix
- natpt turn-off tos
- natpt turn-off traffic-class
- natpt v4bound dynamic
- natpt v4bound static
- natpt v4bound static v6server
- natpt v6bound dynamic
- natpt v6bound static
- reset natpt statistics
- AFT configuration commands
- Tunneling configuration commands
- GRE configuration commands
- DVPN configuration commands
- Support and other resources
- Index
131
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the addresses of the address pool
belong. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. With this option,
inter-VPN access through NAT is supported. Without this option, the addresses in the address pool do
not belong to any VPN.
no-pat: Indicates that no many-to-many NAT is implemented. If this keyword is not configured,
many-to-one NAT is implemented using the TCP/UDP port information.
track vrrp virtual-router-id: Associates address translation on a specific outbound interface with a VRRP
group. The virtual-router-id argument indicates the number of the VRRP group in the range of 1 to 255.
Without this argument specified, no VRRP group is associated.
Usage guidelines
You can configure multiple associations or use the undo command to remove an association on an
interface that serves as the egress of an internal network to the external network.
When an ACL rule is not operative, no new NAT session entry depending on the rule can be created.
However, existing connections are still available for communication.
You can bind an ACL to only one address pool on an interface. An address pool can be bound to
multiple ACLs.
In stateful failover networking, make sure you associate each address pool configured on an interface
with one VRRP group only. Otherwise, the system associates the address pool with the VRRP group
having the highest group ID.
For some devices, the ACL rules referenced by the same interface cannot conflict. That is, the source IP
address, destination IP address and VPN instance information in any two ACL rules cannot be the same.
For basic ACLs (numbered from 2000 to 2999), if the source IP address and VPN instance information
in any two ACL rules are the same, a conflict occurs.
Examples
# Configure NAT for hosts on subnet 10.110.10.0/24. The NAT address pool contains addresses
202.110.10.10 through 202.110.10.12. Assume that interface Serial 2/1/0 is connected to the Internet.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Sysname-acl-basic-2001] rule deny
[Sysname-acl-basic-2001] quit
[Sysname] nat address-group 1 202.110.10.10 202.110.10.12
# Configure address pool 1.
[Sysname] nat address-group 1 202.110.10.10 202.110.10.12
# Use addresses in address pool 1 as translated addresses and TCP/UDP port information.
[Sysname] interface serial 2/1/0
[Sysname-Serial2/1/0] nat outbound 2001 address-group 1
# Use addresses in address pool 1 as translated addresses without using TCP/UDP port information.
<Sysname> system-view
[Sysname] interface serial 2/1/0
[Sysname-Serial2/1/0] nat outbound 2001 address-group 1 no-pat
# Use the IP address of interface Serial 2/1/0 as translated address.
<Sysname> system-view
[Sysname] interface serial 2/1/0