3.2.23. cg-nat¶
Note
requires a CG-NAT Application License.
CG-NAT configuration.
vsr running config# vrf <vrf> cg-nat
enabled¶
Enable/disable CG-NAT in this VRF.
vsr running config# vrf <vrf> cg-nat
vsr running cg-nat# enabled true|false
- Default value
true
alg¶
Application-Level Gateway.
vsr running config# vrf <vrf> cg-nat
vsr running cg-nat# alg ALG
|
Description |
|---|---|
|
ALG for File Transfer Protocol. |
|
ALG for H.225.0 Call Signaling Protocol. |
|
ALG for H.225.0 Registration, Admission and Status Protocol. |
|
ALG for Point-to-Point Tunneling Protocol. |
|
ALG for Real Time Streaming Protocol. |
|
ALG for Session Initiation Protocol over TCP. |
|
ALG for Session Initiation Protocol over UDP. |
|
ALG for Trivial File Transfer Protocol. |
|
ALG for Domain Name System. |
pool¶
Pools of IP addresses for the CG-NAT rules.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56}
|
Pool name. |
address (mandatory)¶
IPv4 addresses in the pool.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56}
vsr running pool <string>{1,56}# address ADDRESS
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
|
An IPv4 address range, in the form addr4-addr4. |
block-allocation-mode¶
Algorithm used to associate blocks to user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56}
vsr running pool <string>{1,56}# block-allocation-mode BLOCK-ALLOCATION-MODE
|
Description |
|---|---|
|
Blocks are allocated dynamically to any user. |
|
Blocks are allocated deterministically. It means the same block is always allocated to the same user. |
block-size¶
Number of ports that will be assigned to a given user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56}
vsr running pool <string>{1,56}# block-size <1-65535>
allocation-mode¶
Set the way to allocate IP resources.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode
dynamic-block¶
Blocks are allocated dynamically to any user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-block
block-size (mandatory)¶
Number of ports that will be assigned to a given user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-block
vsr running dynamic-block# block-size <1-65535>
deterministic-block¶
Blocks are allocated deterministically. It means the same block is always allocated to the same user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode deterministic-block
block-size¶
Number of ports that will be assigned to a given user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode deterministic-block
vsr running deterministic-block# block-size <1-65535>
dynamic-port¶
Ports are allocated dynamically to any user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port
vsr running dynamic-port# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
rule¶
List of CG-NAT rules.
vsr running config# vrf <vrf> cg-nat rule <uint16>
|
Id and priority of the rule. Higher number means lower priority. |
deterministic-snat44¶
Deterministic source NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match source
ipv4-address (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
ds-lite¶
Enable Dual Stack Lite. It uses IPv4-in-IPv6 tunneling, with the tunnel endpoints (softwire address) for the NAT mapping, allowing overlap of the IPv4 source address spaces. An ipip tunnel interface with the option ‘ds-lite-aftr’ enabled is necessary.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match ds-lite
softwire-address (mandatory)¶
Match on softwire address.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match ds-lite
vsr running ds-lite# softwire-address SOFTWIRE-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# pool-name <leafref>
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
deterministic-snat64¶
Deterministic source NAT64 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 match source
ipv6-address (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# pool-name <leafref>
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
destination-prefix¶
NAT64 destination prefix.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
dynamic-snat44¶
Dynamic source NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match source
ipv4-address (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
ds-lite¶
Enable Dual Stack Lite. It uses IPv4-in-IPv6 tunneling, with the tunnel endpoints (softwire address) for the NAT mapping, allowing overlap of the IPv4 source address spaces. An ipip tunnel interface with the option ‘ds-lite-aftr’ enabled is necessary.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match ds-lite
softwire-address¶
Match on softwire address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match ds-lite
vsr running ds-lite# softwire-address SOFTWIRE-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# pool-name <leafref>
max-blocks-per-user¶
Maximum number of port blocks assigned to a user.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# max-blocks-per-user <1-65535>
active-block-timeout¶
unit: seconds
Interval during which the the current block is used to allocate sessions. When set to 0, the current block is always used.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# active-block-timeout <uint16>
user-timeout¶
unit: seconds
Interval during which the current user remains active after all user flows have expired.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# user-timeout <1-65535>
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
dynamic-port-snat44¶
Dynamic source NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 match source
ipv4-address (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
ds-lite¶
Enable Dual Stack Lite. It uses IPv4-in-IPv6 tunneling, with the tunnel endpoints (softwire address) for the NAT mapping, allowing overlap of the IPv4 source address spaces. An ipip tunnel interface with the option ‘ds-lite-aftr’ enabled is necessary.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 match ds-lite
softwire-address¶
Match on softwire address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 match ds-lite
vsr running ds-lite# softwire-address SOFTWIRE-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 translate-to
vsr running translate-to# pool-name <leafref>
user-timeout¶
unit: seconds
Interval during which the current user remains active after all user flows have expired.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 translate-to
vsr running translate-to# user-timeout <1-65535>
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat44 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
dynamic-snat64¶
Dynamic source NAT64 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 match source
ipv6-address (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# pool-name <leafref>
max-blocks-per-user¶
Maximum number of port blocks assigned to a user.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# max-blocks-per-user <1-65535>
active-block-timeout¶
unit: seconds
Interval during which the the current block is used to allocate sessions. When set to 0, the current block is always used.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# active-block-timeout <uint16>
user-timeout¶
unit: seconds
Interval during which the current user remains active after all user flows have expired.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# user-timeout <1-65535>
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
destination-prefix¶
NAT64 destination prefix.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
dynamic-port-snat64¶
Dynamic source NAT64 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 match source
ipv6-address (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
vsr running translate-to# pool-name <leafref>
user-timeout¶
unit: seconds
Interval during which the current user remains active after all user flows have expired.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
vsr running translate-to# user-timeout <1-65535>
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
destination-prefix¶
NAT64 destination prefix.
vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-port-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
static-dnat44¶
Static destination NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match
inbound-interface (mandatory)¶
Interface to match on inbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match
vsr running match# inbound-interface INBOUND-INTERFACE
|
An interface name. |
destination¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match destination
ipv4-address (deprecated)¶
Attention
ipv4-rangeMatch on destination address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match destination
vsr running destination# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
ipv4-range¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match destination
vsr running destination# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 translate-to
ipv4-address (deprecated)¶
Attention
ipv4-rangeTranslate to an address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 translate-to
vsr running translate-to# ipv4-address IPV4-ADDRESS
|
An IPv4 address. |
ipv4-range¶
Translate to an address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 translate-to
vsr running translate-to# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
static-dnat46¶
Static destination NAT46 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match
inbound-interface (mandatory)¶
Interface to match on inbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match
vsr running match# inbound-interface INBOUND-INTERFACE
|
An interface name. |
destination¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match destination
ipv4-address (deprecated)¶
Attention
ipv4-rangeMatch on destination address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match destination
vsr running destination# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
ipv4-range¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match destination
vsr running destination# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 translate-to
ipv6-address (deprecated)¶
Attention
ipv6-rangeTranslated Address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 translate-to
vsr running translate-to# ipv6-address IPV6-ADDRESS
|
An IPv6 address. |
ipv6-range¶
Translated Address or Address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 translate-to
vsr running translate-to# ipv6-range IPV6-RANGE
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 address range, in the form addr6-addr6. |
source-prefix¶
NAT46 source prefix.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 translate-to
vsr running translate-to# source-prefix SOURCE-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
static-snat44¶
Static source NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match source
ipv4-address (deprecated)¶
Attention
ipv4-rangeMatch on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
ipv4-range¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match source
vsr running source# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 translate-to
ipv4-address (deprecated)¶
Attention
ipv4-rangeTranslate to an address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 translate-to
vsr running translate-to# ipv4-address IPV4-ADDRESS
|
An IPv4 address. |
ipv4-range¶
Translate to an address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 translate-to
vsr running translate-to# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
static-snat64¶
Static source NAT64 translation.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match source
ipv6-address (deprecated)¶
Attention
ipv6-rangeMatch on source address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
ipv6-range¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match source
vsr running source# ipv6-range IPV6-RANGE
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 address range, in the form addr6-addr6. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 translate-to
ipv4-address (deprecated)¶
Attention
ipv4-rangeTranslate to an address.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 translate-to
vsr running translate-to# ipv4-address IPV4-ADDRESS
|
An IPv4 address. |
ipv4-range¶
Translate to an address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 translate-to
vsr running translate-to# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
destination-prefix¶
NAT64 destination prefix.
vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
conntrack¶
Conntrack options.
vsr running config# vrf <vrf> cg-nat conntrack
behavior¶
Specific TCP options.
vsr running config# vrf <vrf> cg-nat conntrack
vsr running conntrack# behavior <behavior> enabled true|false
|
Description |
|---|---|
|
TCP window check. |
|
TCP rst strict order. |
timeouts¶
Timeouts for the different events/protocols.
vsr running config# vrf <vrf> cg-nat conntrack timeouts
icmp¶
Conntrack options for ICMP.
vsr running config# vrf <vrf> cg-nat conntrack timeouts
vsr running timeouts# icmp <icmp> <uint32>
|
Description |
|---|---|
|
State NEW. |
|
State ESTABLISHED. |
|
State CLOSED. |
udp¶
Conntrack options for UDP.
vsr running config# vrf <vrf> cg-nat conntrack timeouts
vsr running timeouts# udp <udp> <uint32>
|
Description |
|---|---|
|
State NEW. |
|
State ESTABLISHED. |
|
State CLOSED. |
gre-pptp¶
Conntrack options for GRE-PPTP.
vsr running config# vrf <vrf> cg-nat conntrack timeouts
vsr running timeouts# gre-pptp <gre-pptp> <uint32>
|
Description |
|---|---|
|
State NEW. |
|
State ESTABLISHED. |
|
State CLOSED. |
tcp¶
Conntrack options for TCP.
vsr running config# vrf <vrf> cg-nat conntrack timeouts
vsr running timeouts# tcp <tcp> <uint32>
|
Description |
|---|---|
|
State SYN-SENT. |
|
State SIMSYN-SENT. |
|
State SYN-RECEIVED. |
|
State ESTABLISHED. |
|
State FIN-SENT. |
|
State FIN-RECEIVED. |
|
State CLOSED. |
|
State CLOSE-WAIT. |
|
State FIN-WAIT. |
|
State LAST-ACK. |
|
State TIME-WAIT. |
nat64¶
NAT64 conntrack options.
vsr running config# vrf <vrf> cg-nat conntrack nat64
option¶
Specific NAT64 options.
vsr running config# vrf <vrf> cg-nat conntrack nat64
vsr running nat64# option <option> true|false
|
Description |
|---|---|
|
Enable/Disable TCP MSS update. |
|
Enable/Disable UDP null checksum packet drops. |
|
Fragment IPv4 packets (with DF flag) if the MTU is too small. |
|
Fragment IPv6 packets if the MTU is too small. |
logging¶
CG-NAT log configuration.
vsr running config# vrf <vrf> cg-nat logging
enabled¶
Enable log.
vsr running config# vrf <vrf> cg-nat logging
vsr running logging# enabled true|false
- Default value
true
local¶
Generate log locally.
vsr running config# vrf <vrf> cg-nat logging
vsr running logging# local true|false
event¶
Events to log.
vsr running config# vrf <vrf> cg-nat logging
vsr running logging# event EVENT
|
Description |
|---|---|
|
Log conntrack allocation and destroy event. |
|
Log deterministic configuration event. |
|
Log port-block allocation and destroy event. |
- Default value
deterministic-conf port-block
framing-method¶
Framing method to use to split logs.
vsr running config# vrf <vrf> cg-nat logging
vsr running logging# framing-method FRAMING-METHOD
|
Description |
|---|---|
|
Use non-transparent-framing method to split log. |
|
Use octet-counting method to split log. |
rsyslog-server¶
Remote log server list.
vsr running config# vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server>
|
Description |
|---|---|
|
The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format |
|
The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007. |
|
The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890. |
port¶
Sets the destination port number for syslog TCP messages to the server.
vsr running config# vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server>
vsr running rsyslog-server <rsyslog-server># port PORT
|
A 16-bit port number used by a transport protocol such as TCP or UDP. |
- Default value
514
vrf¶
The VRF from which to access the remote server.
vsr running config# vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server>
vsr running rsyslog-server <rsyslog-server># vrf <leafref>
source¶
The IPv4/IPv6 source address used to reach the logging server.
vsr running config# vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server>
vsr running rsyslog-server <rsyslog-server># source SOURCE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv6 address. |
connection-status (state only)¶
Connection status.
vsr> show state vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server> connection-status
statistics (state only)¶
The statistics for this server.
transmit (state only)¶
The number of logs transmitted to this server.
vsr> show state vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server> statistics transmit
transmit-error (state only)¶
The number of logs that have not been transmitted to this server.
vsr> show state vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server> statistics transmit-error
build-error (state only)¶
The number of logs that have not been built to this server.
vsr> show state vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server> statistics build-error