Manualshelf

R0106-HP MSR Router Series Layer 3 - IP Services Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
181182183184185186187188189190
169
An address group cannot be used by both the nat inbound and nat outbound commands. It cannot be
used by the nat outbound command in both PAT and NO-PAT modes.
An ACL can be used by only one outbound dynamic NAT rule an interface.
You can configure multiple outbound dynamic NAT rules on an interface.
Outbound dynamic NAT rules with ACLs configured on an interface takes precedence over those without
ACLs. An outbound dynamic NAT rule with a high ACL number takes effect over that with a low ACL
number.
With a port range and port block parameters specified in the NAT address group, packets matching the
ACL permit rule are processed by dynamic NAT444.
The port-preserved keyword does not take effect on dynamic NAT444.
Examples
# Configure ACL 2001, and create a rule to permit packets only from segment 10.110.10.0/24 to pass
through.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Sysname-acl-basic-2001] rule deny
[Sysname-acl-basic-2001] quit
# Configure address pool 1 and add members to the group.
[Sysname] nat address-group 1
[Sysname-nat-address-group-1] address 202.110.10.10 202.110.10.12
# Configure an outbound dynamic PAT rule on interface GigabitEthernet 2/1/1 to translate the source
addresses of outgoing packets permitted by ACL 2001 into the addresses in address group 1.
[Sysname] interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1] nat outbound 2001 address-group 1
Or
# Configure an outbound NO-PAT rule on interface GigabitEthernet 2/1/1 to translate the source
addresses of outgoing packets permitted by ACL 2001 into the addresses in address pool 1.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1] nat outbound 2001 address-group 1 no-pat
Or
# Enable Easy IP to use the IP address of GigabitEthernet 2/1/1 as translated address.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1] nat outbound 2001
Or
# Enable reverse address translation and use addresses in address pool 1 as NAT addresses.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1] nat outbound 2001 address-group 1 no-pat reversible
Related commands
display nat eim