R3303-HP HSR6800 Routers Layer 3 - IP Services Command Reference
Table Of Contents
- Title Page
- Contents
- ARP configuration commands
- Gratuitous ARP configuration commands
- Proxy ARP configuration commands
- ARP snooping configuration commands
- IP addressing configuration commands
- DHCP server configuration commands
- bims-server
- bootfile-name
- dhcp enable (for DHCP server)
- dhcp server apply ip-pool
- dhcp select server global-pool
- dhcp server client-detect enable
- dhcp server detect
- dhcp server forbidden-ip
- dhcp server ip-pool
- dhcp server ping packets
- dhcp server ping timeout
- dhcp server relay information enable
- dhcp server threshold
- dhcp update arp (for DHCP server)
- display dhcp server conflict
- display dhcp server expired
- display dhcp server free-ip
- display dhcp server forbidden-ip
- display dhcp server ip-in-use
- display dhcp server statistics
- display dhcp server tree
- dns-list
- domain-name
- expired
- forbidden-ip
- gateway-list
- nbns-list
- netbios-type
- network
- network ip range
- network mask
- next-server
- option
- reset dhcp server conflict
- reset dhcp server ip-in-use
- reset dhcp server statistics
- static-bind client-identifier
- static-bind ip-address
- static-bind mac-address
- tftp-server domain-name
- tftp-server ip-address
- vendor-class-identifier
- voice-config
- DHCP relay agent configuration commands
- dhcp enable (for DHCP relay agent)
- dhcp relay address-check enable
- dhcp relay check mac-address
- dhcp relay client-detect enable
- dhcp relay information circuit-id format-type
- dhcp relay information circuit-id string
- dhcp relay information enable
- dhcp relay information format
- dhcp relay information remote-id format-type
- dhcp relay information remote-id string
- dhcp relay information strategy
- dhcp relay release ip
- dhcp relay security static
- dhcp relay security refresh enable
- dhcp relay security tracker
- dhcp relay server-detect
- dhcp relay server-group
- dhcp relay server-select
- dhcp select relay
- dhcp update arp (for DHCP relay agent)
- display dhcp relay
- display dhcp relay information
- display dhcp relay security
- display dhcp relay security statistics
- display dhcp relay security tracker
- display dhcp relay server-group
- display dhcp relay statistics
- reset dhcp relay statistics
- DHCP client configuration commands
- DHCP snooping configuration commands
- dhcp-snooping
- dhcp-snooping binding database filename
- dhcp-snooping binding database update interval
- dhcp-snooping binding database update now
- dhcp-snooping check mac-address
- dhcp-snooping check request-message
- dhcp-snooping information circuit-id format-type
- dhcp-snooping information circuit-id string
- dhcp-snooping information enable
- dhcp-snooping information format
- dhcp-snooping information remote-id format-type
- dhcp-snooping information remote-id string
- dhcp-snooping information strategy
- dhcp-snooping information sub-option
- dhcp-snooping trust
- display dhcp-snooping
- display dhcp-snooping binding database
- display dhcp-snooping information
- display dhcp-snooping packet statistics
- display dhcp-snooping trust
- reset dhcp-snooping
- reset dhcp-snooping packet statistics
- IPv4 DNS configuration commands
- NAT configuration commands
- address
- display nat address-group
- display nat all
- display nat bound
- display nat dns-map
- display nat server
- display nat server-group
- display nat session
- display nat static
- display nat statistics
- display userlog export
- inside ip
- nat address-group
- nat dns-map
- nat outbound
- nat outbound static
- nat server (for extended NAT server)
- nat server (for normal NAT server)
- nat server-group
- nat static
- nat static net-to-net
- IP forwarding basics commands
- Load sharing commands
- Flow classification configuration commands
- Adjacency table configuration commands
- IP performance optimization commands
- display icmp statistics
- display ip socket
- display ip statistics
- display ip virtual-reassembly
- display tcp statistics
- display udp statistics
- ip forward-broadcast (interface view)
- ip forward-broadcast (system view)
- ip icmp-extensions
- ip redirects enable
- ip ttl-expires enable
- ip unreachables enable
- ip virtual-reassembly
- reset ip statistics
- reset tcp statistics
- reset udp statistics
- tcp mss
- tcp path-mtu-discovery
- tcp timer fin-timeout
- tcp timer syn-timeout
- tcp window
- UDP helper configuration commands
- IPv6 basics configuration commands
- display ipv6 fib
- display ipv6 fib ipv6-address
- display ipv6 interface
- display ipv6 neighbors
- display ipv6 neighbors count
- display ipv6 neighbors vpn-instance
- display ipv6 pathmtu
- display ipv6 socket
- display ipv6 statistics
- display tcp ipv6 statistics
- display tcp ipv6 status
- display udp ipv6 statistics
- ipv6
- ipv6 address
- ipv6 address anycast
- ipv6 address auto link-local
- ipv6 address eui-64
- ipv6 address link-local
- ipv6 hoplimit-expires enable
- ipv6 icmp-error
- ipv6 icmpv6 multicast-echo-reply enable
- ipv6 mtu
- ipv6 nd autoconfig managed-address-flag
- ipv6 nd autoconfig other-flag
- ipv6 nd dad attempts
- ipv6 nd hop-limit
- ipv6 nd ns retrans-timer
- ipv6 nd nud reachable-time
- ipv6 nd ra halt
- ipv6 nd ra interval
- ipv6 nd ra no-advlinkmtu
- ipv6 nd ra prefix
- ipv6 nd ra router-lifetime
- ipv6 neighbor
- ipv6 neighbor stale-aging
- ipv6 neighbors max-learning-num
- ipv6 option drop enable
- ipv6 pathmtu
- ipv6 pathmtu age
- ipv6 redirects enable
- ipv6 unreachables enable
- local-proxy-nd enable
- reset ipv6 neighbors
- reset ipv6 pathmtu
- reset ipv6 statistics
- reset tcp ipv6 statistics
- reset udp ipv6 statistics
- tcp ipv6 timer fin-timeout
- tcp ipv6 timer syn-timeout
- tcp ipv6 window
- DHCPv6 configuration commands
- DHCPv6 common configuration commands
- DHCPv6 server configuration commands
- display ipv6 dhcp pool
- display ipv6 dhcp prefix-pool
- display ipv6 dhcp server
- display ipv6 dhcp server conflict
- display ipv6 dhcp server expired
- display ipv6 dhcp server ip-in-use
- display ipv6 dhcp server pd-in-use
- display ipv6 dhcp server statistics
- dns-server
- domain-name
- ds-lite address
- network
- ipv6 dhcp pool
- ipv6 dhcp prefix-pool
- ipv6 dhcp server
- ipv6 dhcp server enable
- prefix-pool
- reset ipv6 dhcp server conflict
- reset ipv6 dhcp server ip-in-use
- reset ipv6 dhcp server pd-in-use
- reset ipv6 dhcp server statistics
- sip-server
- static-bind address
- static-bind prefix
- DHCPv6 relay agent configuration commands
- IPv6 DNS configuration commands
- NAT-PT configuration commands
- display natpt address-group
- display natpt address-mapping
- display natpt all
- display natpt statistics
- natpt address-group
- natpt enable
- natpt prefix
- natpt turn-off tos
- natpt turn-off traffic-class
- natpt v4bound dynamic
- natpt v4bound static
- natpt v4bound static v6server
- natpt v6bound dynamic
- natpt v6bound static
- reset natpt statistics
- AFT configuration commands
- Tunneling configuration commands
- GRE configuration commands
- DVPN configuration commands
- Support and other resources
- Index
133
Default command level
2: System level
Parameters
protocol pro-type: Specifies a protocol type, TCP or UDP.
global-address: Specifies the public IP address for the internal server.
current-interface: Uses the current interface's address as the public IP address of the internal server.
interface interface-type interface-number: Uses the specified interface's address as the external IP
address of the internal server, the Easy IP feature. The interface is specified by its type and number. Only
loopback interfaces are supported and the specified loopback interface must exist. Otherwise, the
configuration is invalid.
global-port: Specifies the public port number for the internal server, in the range of 0 to 65535.
• You can use service names to represent well-known port numbers. For example, you can use www
to represent port number 80, ftp to represent port number 21, and so on.
• You can use the keyword any to represent port number 0, which means all types of services are
supported. This has the same effect as a static translation between the global-address and
host-address.
vpn-instance global-name: Specifies the MPLS L3VPN to which the advertised external IP address
belongs. The global-name argument is a case-sensitive string of 1 to 31 characters. Without this option,
the advertised external IP address does not belong to any VPN.
inside server-group group-number: Internal server group to which the internal server belongs. The
group-number argument specifies the internal server group number in the range of 0 to 31.
vpn-instance local-name: Specifies the MPLS L3VPN to which the internal server belongs. The local-name
argument is a case-sensitive string of 1 to 31 characters. Without this option, the internal server does not
belong to any VPN.
Usage guidelines
Using this command, you can configure internal servers (such as Web, FTP, Telnet, POP3, and DNS
servers) to provide services for external users.
An internal server can reside in an internal network or an MPLS VPN. This command supports inter-VPN
access through NAT.
The number of load sharing internal servers supported on an interface and the number of internal servers
supported by the system depends on the device model.
In general, this command is configured on an interface that serves as the egress of an internal network
and connects to the ISP.
Examples
# Allow external users to access the internal Web server 10.110.10.10 on the LAN through
http://202.110.10.10:8080. Assume that interface Serial 2/1/0 is connected to the external network.
<Sysname> system-view
[Sysname] nat server-group 1
[Sysname-nat-server-group-1] inside ip 10.110.10.10 port 30
[Sysname-nat-server-group-1] quit
[Sysname] interface serial 2/1/0
[Sysname-Serial2/1/0] nat server protocol tcp global 202.110.10.10 8080 vpn vrf10 inside
server-group 1