R0106-HP MSR Router Series Layer 3 - IP Services Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

171

172

173

174

175

176

177

178

179

180

161

An address group cannot be used by both the nat inbound and nat outbound commands. It cannot be

used by the nat inbound command in both PAT and NO-PAT modes.

An ACL can be used by only one inbound dynamic NAT rule an interface.

You can configure multiple inbound dynamic NAT rules on an interface.

Examples

# Configure ACL 2001, and create a rule to permit packets only from segment 10.110.10.0/24 in VPN

vpn10 to pass through.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit vpn-instance vpn10 source 10.110.10.0 0.0.0.255

[Sysname-acl-basic-2001] rule deny

[Sysname-acl-basic-2001] quit

# Configure the VPN instance named vpn10.

[Sysname] ip vpn-instance vpn10

[Sysname-vpn-instance-vpn10] route-distinguisher 100:001

[Sysname-vpn-instance-vpn10] vpn-target 100:1 export-extcommunity

[Sysname-vpn-instance-vpn10] vpn-target 100:1 import-extcommunity

[Sysname-vpn-instance-vpn10] quit

# Create address group 1 and add members to the group.

[Sysname] nat address-group 1

[Sysname-nat-address-group-1] address 202.110.10.10 202.110.10.12

# Configure an inbound NO-PAT rule on interface GigabitEthernet 2/1/1. NAT translates the source

addresses of incoming packets into the addresses in address group 1, and adds a route for translated

packets automatically.

[Sysname] interface gigabitethernet 2/1/1

[Sysname-GigabitEthernet2/1/1] nat inbound 2001 address-group 1 vpn-instance vpn10 no-pat

add-route

Related commands

• display nat all

• display nat inbound

• display nat no-pat

nat log alarm

Use nat log alarm to enable NAT444 alarm logging.

Use undo nat log alarm to disable NAT444 alarm logging.

Syntax

nat log alarm

undo nat log alarm

Default

NAT alarm logging is disabled.

Views

System view