H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – NAT, Netstream, Policy Routing
H3C S7500 Series Ethernet Switches Chapter 1
NAT Configuration
1-12
Caution:
z Each command that is used to modify blacklist-related configuration and is not
source IP address-specific must be coupled with the reset nat session command.
z Although each blacklist-enabled LPU in the switch independently maintains its own
blacklist information, blacklist-related configuration commands executed on the
switch apply to all LPUs.
1.3.7 Configuring NAT Connection Aging Time
You can use the nat aging-time command to set the NAT connection aging time for
CPU processed ALG (application layer gateway) NAT mapping entries or the NAT
connection aging time for network processor (NP) processed NAT mapping entries. A
mapping entry is removed from the NAT mapping table when the corresponding aging
timer expires.
Follow these steps to configure the aging time of NAT connections:
To do… Use the command… Remarks
Enter system view
system-view
—
Configure the aging
time of NAT
connections
nat aging-time { alg
time-value | np slow }
slot slot-number
Optional
By default, the aging time for ALG
NAT mapping entries is 120
seconds. An NP uses fast aging
timer with aging time of 120
seconds.
1.3.8 Configuring NAT Security Logging
Security logging is used to record the detailed procedure information of the NAT
process.
Security logging will record the following information:
z Source IP address and port number before translation
z Destination IP address and port number before translation
z Source IP address and port number after translation
z Start time and end time of the NAT process
I. Enabling NAT logging
Follow these steps to enable NAT logging: