3.2.23. cg-nat¶
Note
requires a specific license: CG-NAT.
CG-NAT configuration.
vsr running config# vrf <vrf> cg-nat
enabled¶
Enable/disable CG-NAT in this VRF.
vsr running config# vrf <vrf> cg-nat
vsr running cg-nat# enabled true|false
- Default value
true
pool¶
Pools of IP addresses for the CG-NAT rules.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56}
|
Pool name. |
address (mandatory)¶
IPv4 addresses in the pool.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56}
vsr running pool <string>{1,56}# address ADDRESS
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
|
An IPv4 address range, in the form addr4-addr4. |
allocation-mode¶
Set the way to allocate IP resources.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode
dynamic-block¶
Blocks are allocated dynamically to any user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-block
block-size (mandatory)¶
Number of ports that will be assigned to a given user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-block
vsr running dynamic-block# block-size <1-65535>
deterministic-block¶
Blocks are allocated deterministically. It means the same block is always allocated to the same user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode deterministic-block
block-size¶
Number of ports that will be assigned to a given user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode deterministic-block
vsr running deterministic-block# block-size <1-65535>
dynamic-port¶
Ports are allocated dynamically to any user.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port
vsr running dynamic-port# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat pool <string>{1,56} allocation-mode dynamic-port port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
rule¶
List of CG-NAT rules.
vsr running config# vrf <vrf> cg-nat rule <uint32>
|
Id and priority of the rule. Higher number means lower priority. |
deterministic-snat44¶
Deterministic source NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 match source
ipv4-address (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
ds-lite¶
Enable Dual Stack Lite. It uses IPv4-in-IPv6 tunneling, with the tunnel endpoints (softwire address) for the NAT mapping, allowing overlap of the IPv4 source address spaces. An ipip tunnel interface with the option ‘ds-lite-aftr’ enabled is necessary.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 match ds-lite
softwire-address (mandatory)¶
Match on softwire address.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 match ds-lite
vsr running ds-lite# softwire-address SOFTWIRE-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to
vsr running translate-to# pool-name <leafref>
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to
vsr running translate-to# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat44 translate-to port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
deterministic-snat64¶
Deterministic source NAT64 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 match source
ipv6-address (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
vsr running translate-to# pool-name <leafref>
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
vsr running translate-to# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
destination-prefix¶
NAT64 destination prefix. Allowed prefix lengths are 32, 40, 48, 56, 64, and 96.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat rule <uint32> deterministic-snat64 translate-to port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
dynamic-snat44¶
Dynamic source NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match
source-application¶
The source application to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match
vsr running match# source-application SOURCE-APPLICATION
|
Description |
|---|---|
|
No description. |
|
No description. |
destination-application¶
The destination application to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match
vsr running match# destination-application DESTINATION-APPLICATION
|
Description |
|---|---|
|
No description. |
|
No description. |
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source (deprecated)¶
Attention
source-addressMatch on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match source
ipv4-address (deprecated)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
source-address¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match source-address
ADDRESS¶
The address, network, address-group or network-group to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match source-address
vsr running source-address# ADDRESS
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
|
No description. |
|
No description. |
not¶
Excluded address or network from the match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match source-address
vsr running source-address# not NOT
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
destination-address¶
Match on destination address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match destination-address
ADDRESS¶
The address, network, address-group or network-group to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match destination-address
vsr running destination-address# ADDRESS
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
|
No description. |
|
No description. |
not¶
Excluded address or network from the match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match destination-address
vsr running destination-address# not NOT
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
protocol¶
Select protocol to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol
tcp¶
Match TCP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol tcp
Source port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol tcp
vsr running tcp# source-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
Destination port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol tcp
vsr running tcp# destination-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
udp¶
Match UDP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol udp
Source port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol udp
vsr running udp# source-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
Destination port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol udp
vsr running udp# destination-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
icmp¶
Match ICMP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol icmp
Match ICMP message type.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match protocol icmp
vsr running icmp# icmp-type [not] VALUE
The ICMP message type value to match.
VALUE
|
Description |
|---|---|
|
Any ICMP type. |
|
Echo request. |
|
Echo reply. |
|
Destination unreachable. |
|
Network unreachable. |
|
Host unreachable. |
|
Protocol unreachable. |
|
Port unreachable. |
|
Fragmentation needed. |
|
Source route failed. |
|
Network unknown. |
|
Host unknown. |
|
Network prohibited. |
|
Host prohibited. |
|
TOS network unreachable. |
|
TOS host unreachable. |
|
Communication prohibited. |
|
Host precedence violation. |
|
Precedence cutoff. |
|
Source quench. |
|
Redirect. |
|
Network redirect. |
|
Host redirect. |
|
TOS network redirect. |
|
TOS host redirect. |
|
Router advertisement. |
|
Router solicitation. |
|
TTL exceeded. |
|
Time to Live exceeded in Transit. |
|
Fragment Reassembly Time Exceeded. |
|
Parameter problem. |
|
Bad IP header. |
|
Missing a Required Option. |
|
Timestamp request. |
|
Timestamp reply. |
|
Information request reply. |
|
Information response reply. |
|
Address mask request. |
|
Address mask reply. |
|
No description. |
mark¶
Match only this mark.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match
vsr running match# mark [not] VALUE
VALUE (mandatory)¶
The mark value to match.
VALUE
|
Description |
|---|---|
|
No description. |
|
No description. |
ds-lite¶
Enable Dual Stack Lite. It uses IPv4-in-IPv6 tunneling, with the tunnel endpoints (softwire address) for the NAT mapping, allowing overlap of the IPv4 source address spaces. An ipip tunnel interface with the option ‘ds-lite-aftr’ enabled is necessary.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match ds-lite
softwire-address¶
Match on softwire address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 match ds-lite
vsr running ds-lite# softwire-address SOFTWIRE-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# pool-name <leafref>
max-blocks-per-user¶
Maximum number of port blocks assigned to a user.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# max-blocks-per-user <1-65535>
active-block-timeout¶
unit: seconds
Interval during which the the current block is used to allocate sessions. When set to 0, the current block is always used.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# active-block-timeout <uint16>
user-timeout¶
unit: seconds
Interval during which the current user remains active after all user flows have expired.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# user-timeout <1-65535>
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat44 translate-to port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
dynamic-port-snat44¶
Dynamic source NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match
source-application¶
The source application to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match
vsr running match# source-application SOURCE-APPLICATION
|
Description |
|---|---|
|
No description. |
|
No description. |
destination-application¶
The destination application to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match
vsr running match# destination-application DESTINATION-APPLICATION
|
Description |
|---|---|
|
No description. |
|
No description. |
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source (deprecated)¶
Attention
source-addressMatch on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match source
ipv4-address (deprecated)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS
|
An IPv4 prefix: address and CIDR mask. |
source-address¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match source-address
ADDRESS¶
The address, network, address-group or network-group to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match source-address
vsr running source-address# ADDRESS
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
|
No description. |
|
No description. |
not¶
Excluded address or network from the match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match source-address
vsr running source-address# not NOT
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
destination-address¶
Match on destination address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match destination-address
ADDRESS¶
The address, network, address-group or network-group to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match destination-address
vsr running destination-address# ADDRESS
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
|
No description. |
|
No description. |
not¶
Excluded address or network from the match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match destination-address
vsr running destination-address# not NOT
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 prefix: address and CIDR mask. |
protocol¶
Select protocol to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol
tcp¶
Match TCP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol tcp
Source port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol tcp
vsr running tcp# source-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
Destination port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol tcp
vsr running tcp# destination-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
udp¶
Match UDP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol udp
Source port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol udp
vsr running udp# source-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
Destination port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol udp
vsr running udp# destination-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
icmp¶
Match ICMP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol icmp
Match ICMP message type.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match protocol icmp
vsr running icmp# icmp-type [not] VALUE
The ICMP message type value to match.
VALUE
|
Description |
|---|---|
|
Any ICMP type. |
|
Echo request. |
|
Echo reply. |
|
Destination unreachable. |
|
Network unreachable. |
|
Host unreachable. |
|
Protocol unreachable. |
|
Port unreachable. |
|
Fragmentation needed. |
|
Source route failed. |
|
Network unknown. |
|
Host unknown. |
|
Network prohibited. |
|
Host prohibited. |
|
TOS network unreachable. |
|
TOS host unreachable. |
|
Communication prohibited. |
|
Host precedence violation. |
|
Precedence cutoff. |
|
Source quench. |
|
Redirect. |
|
Network redirect. |
|
Host redirect. |
|
TOS network redirect. |
|
TOS host redirect. |
|
Router advertisement. |
|
Router solicitation. |
|
TTL exceeded. |
|
Time to Live exceeded in Transit. |
|
Fragment Reassembly Time Exceeded. |
|
Parameter problem. |
|
Bad IP header. |
|
Missing a Required Option. |
|
Timestamp request. |
|
Timestamp reply. |
|
Information request reply. |
|
Information response reply. |
|
Address mask request. |
|
Address mask reply. |
|
No description. |
mark¶
Match only this mark.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match
vsr running match# mark [not] VALUE
VALUE (mandatory)¶
The mark value to match.
VALUE
|
Description |
|---|---|
|
No description. |
|
No description. |
ds-lite¶
Enable Dual Stack Lite. It uses IPv4-in-IPv6 tunneling, with the tunnel endpoints (softwire address) for the NAT mapping, allowing overlap of the IPv4 source address spaces. An ipip tunnel interface with the option ‘ds-lite-aftr’ enabled is necessary.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match ds-lite
softwire-address¶
Match on softwire address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 match ds-lite
vsr running ds-lite# softwire-address SOFTWIRE-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 translate-to
vsr running translate-to# pool-name <leafref>
user-timeout¶
unit: seconds
Interval during which the current user remains active after all user flows have expired.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 translate-to
vsr running translate-to# user-timeout <1-65535>
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat44 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
dynamic-snat64¶
Dynamic source NAT64 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match
source-application¶
The source application to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match
vsr running match# source-application SOURCE-APPLICATION
|
Description |
|---|---|
|
No description. |
|
No description. |
destination-application¶
The destination application to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match
vsr running match# destination-application DESTINATION-APPLICATION
|
Description |
|---|---|
|
No description. |
|
No description. |
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source (deprecated)¶
Attention
source-addressMatch on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match source
ipv6-address (deprecated) (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
source-address¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match source-address
ADDRESS¶
The address, network, address-group or network-group to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match source-address
vsr running source-address# ADDRESS
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 prefix: address and CIDR mask. |
|
No description. |
|
No description. |
not¶
Excluded address or network from the match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match source-address
vsr running source-address# not NOT
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 prefix: address and CIDR mask. |
destination-address¶
Match on destination address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match destination-address
ADDRESS¶
The address, network, address-group or network-group to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match destination-address
vsr running destination-address# ADDRESS
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 prefix: address and CIDR mask. |
|
No description. |
|
No description. |
not¶
Excluded address or network from the match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match destination-address
vsr running destination-address# not NOT
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 prefix: address and CIDR mask. |
protocol¶
Select protocol to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol
tcp¶
Match TCP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol tcp
Source port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol tcp
vsr running tcp# source-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
Destination port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol tcp
vsr running tcp# destination-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
udp¶
Match UDP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol udp
Source port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol udp
vsr running udp# source-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
Destination port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol udp
vsr running udp# destination-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
icmpv6¶
Match ICMPv6 protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol icmpv6
Match ICMPv6 message type.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match protocol icmpv6
vsr running icmpv6# icmp-type [not] VALUE
The ICMPv6 message type value to match.
VALUE
|
Description |
|---|---|
|
Any ICMPv6 type. |
|
Echo request. |
|
Echo reply. |
|
Destination unreachable. |
|
Address unreachable. |
|
Port unreachable. |
|
No route to destination. |
|
Reject route to destination. |
|
Communication with destination administratively prohibited. |
|
Beyond scope of source address. |
|
Packet too big. |
|
Source address failed ingress/egress policy. |
|
TTL exceeded. |
|
Hop limit exceeded in transit. |
|
Fragment reassembly time exceeded. |
|
Parameter problem. |
|
Erroneous header field encountered. |
|
Unrecognized Next Header type encountered. |
|
Unrecognized IPv6 option encountered. |
|
Router solicitation. |
|
Router advertisement. |
|
Neighbor solicitation. |
|
Neighbor advertisement. |
|
Redirect message. |
|
No description. |
mark¶
Match only this mark.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match
vsr running match# mark [not] VALUE
VALUE (mandatory)¶
The mark value to match.
VALUE
|
Description |
|---|---|
|
No description. |
|
No description. |
ds-lite¶
Enable Dual Stack Lite. It uses IPv4-in-IPv6 tunneling, with the tunnel endpoints (softwire address) for the NAT mapping, allowing overlap of the IPv4 source address spaces. An ipip tunnel interface with the option ‘ds-lite-aftr’ enabled is necessary.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match ds-lite
softwire-address¶
Match on softwire address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 match ds-lite
vsr running ds-lite# softwire-address SOFTWIRE-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# pool-name <leafref>
max-blocks-per-user¶
Maximum number of port blocks assigned to a user.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# max-blocks-per-user <1-65535>
active-block-timeout¶
unit: seconds
Interval during which the the current block is used to allocate sessions. When set to 0, the current block is always used.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# active-block-timeout <uint16>
user-timeout¶
unit: seconds
Interval during which the current user remains active after all user flows have expired.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# user-timeout <1-65535>
port-algo¶
Port allocation algorithm for new mappings.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# port-algo PORT-ALGO
|
Description |
|---|---|
|
Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port. |
|
Choose port randomly. |
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
destination-prefix¶
NAT64 destination prefix. Allowed prefix lengths are 32, 40, 48, 56, 64, and 96.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
port-overloading¶
Enable configuring port overloading.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to port-overloading
unique-destination¶
Overload a port only when the destination address is unique or destination address and port pair is unique.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to port-overloading
vsr running port-overloading# unique-destination UNIQUE-DESTINATION
|
Description |
|---|---|
|
Overload a port only when the destination address is unique. |
|
Overload a port when the destination address and port pair is unique. |
protocol¶
Enable port overloading for protocol TCP, UDP or both.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to port-overloading
vsr running port-overloading# protocol PROTOCOL
|
Description |
|---|---|
|
Transmission Control Protocol. |
|
User Datagram Protocol. |
|
Transmission Control Protocol and User Datagram Protocol. |
factor¶
Select port factor multiplier. For example, with a port range of 64512 and a port factor of 2, the maximum port capacity will be 129024.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-snat64 translate-to port-overloading
vsr running port-overloading# factor FACTOR
|
Description |
|---|---|
|
Port factor of 2. |
|
Port factor of 4. |
|
Port factor of 8. |
|
Port factor of 16. |
|
Port factor of 32. |
|
Port factor of 64. |
|
Port factor of 128. |
dynamic-port-snat64¶
Dynamic source NAT64 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match
source-application¶
The source application to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match
vsr running match# source-application SOURCE-APPLICATION
|
Description |
|---|---|
|
No description. |
|
No description. |
destination-application¶
The destination application to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match
vsr running match# destination-application DESTINATION-APPLICATION
|
Description |
|---|---|
|
No description. |
|
No description. |
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source (deprecated)¶
Attention
source-addressMatch on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match source
ipv6-address (deprecated) (mandatory)¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
source-address¶
Match on source address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match source-address
ADDRESS¶
The address, network, address-group or network-group to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match source-address
vsr running source-address# ADDRESS
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 prefix: address and CIDR mask. |
|
No description. |
|
No description. |
not¶
Excluded address or network from the match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match source-address
vsr running source-address# not NOT
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 prefix: address and CIDR mask. |
destination-address¶
Match on destination address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match destination-address
ADDRESS¶
The address, network, address-group or network-group to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match destination-address
vsr running destination-address# ADDRESS
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 prefix: address and CIDR mask. |
|
No description. |
|
No description. |
not¶
Excluded address or network from the match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match destination-address
vsr running destination-address# not NOT
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 prefix: address and CIDR mask. |
protocol¶
Select protocol to match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol
tcp¶
Match TCP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol tcp
Source port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol tcp
vsr running tcp# source-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
Destination port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol tcp
vsr running tcp# destination-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
udp¶
Match UDP protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol udp
Source port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol udp
vsr running udp# source-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
Destination port match.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol udp
vsr running udp# destination-port VALUE
The ports or port ranges to match.
VALUE
|
A comma-separated list of ports or ports ranges. Examples: ‘21,22,1024-2048’. |
icmpv6¶
Match ICMPv6 protocol.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol icmpv6
Match ICMPv6 message type.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match protocol icmpv6
vsr running icmpv6# icmp-type [not] VALUE
The ICMPv6 message type value to match.
VALUE
|
Description |
|---|---|
|
Any ICMPv6 type. |
|
Echo request. |
|
Echo reply. |
|
Destination unreachable. |
|
Address unreachable. |
|
Port unreachable. |
|
No route to destination. |
|
Reject route to destination. |
|
Communication with destination administratively prohibited. |
|
Beyond scope of source address. |
|
Packet too big. |
|
Source address failed ingress/egress policy. |
|
TTL exceeded. |
|
Hop limit exceeded in transit. |
|
Fragment reassembly time exceeded. |
|
Parameter problem. |
|
Erroneous header field encountered. |
|
Unrecognized Next Header type encountered. |
|
Unrecognized IPv6 option encountered. |
|
Router solicitation. |
|
Router advertisement. |
|
Neighbor solicitation. |
|
Neighbor advertisement. |
|
Redirect message. |
|
No description. |
mark¶
Match only this mark.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match
vsr running match# mark [not] VALUE
VALUE (mandatory)¶
The mark value to match.
VALUE
|
Description |
|---|---|
|
No description. |
|
No description. |
ds-lite¶
Enable Dual Stack Lite. It uses IPv4-in-IPv6 tunneling, with the tunnel endpoints (softwire address) for the NAT mapping, allowing overlap of the IPv4 source address spaces. An ipip tunnel interface with the option ‘ds-lite-aftr’ enabled is necessary.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match ds-lite
softwire-address¶
Match on softwire address.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 match ds-lite
vsr running ds-lite# softwire-address SOFTWIRE-ADDRESS
|
An IPv6 prefix: address and CIDR mask. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
pool-name (mandatory)¶
Name of IP address pool used for translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
vsr running translate-to# pool-name <leafref>
user-timeout¶
unit: seconds
Interval during which the current user remains active after all user flows have expired.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
vsr running translate-to# user-timeout <1-65535>
max-conntracks-per-user¶
Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>
endpoint-mapping¶
NAT endpoint mapping behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING
|
Description |
|---|---|
|
Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port. |
|
Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port. |
endpoint-filtering¶
NAT endpoint filtering behavior.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING
|
Description |
|---|---|
|
Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst). |
|
Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ). |
hairpinning¶
Enable communication between two hosts on the internal network, using their mapped endpoint.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
vsr running translate-to# hairpinning true|false
address-pooling¶
CG-NAT Address Pooling mode.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING
|
Description |
|---|---|
|
In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE. |
|
In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE. |
destination-prefix¶
NAT64 destination prefix. Allowed prefix lengths are 32, 40, 48, 56, 64, and 96.
vsr running config# vrf <vrf> cg-nat rule <uint32> dynamic-port-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
static-dnat44¶
Static destination NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match
inbound-interface (mandatory)¶
Interface to match on inbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match
vsr running match# inbound-interface INBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match source
ipv4-range¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match source
vsr running source# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
destination¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match destination
ipv4-range (mandatory)¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match destination
vsr running destination# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
protocol¶
Match on protocol and source port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match protocol
tcp¶
Match TCP protocol and source ports.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match protocol tcp
Match on a source port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match protocol tcp
vsr running tcp# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
Match on a destination port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match protocol tcp
vsr running tcp# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
udp¶
Match UDP protocol and source ports.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match protocol udp
Match on a source port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match protocol udp
vsr running udp# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
Match on a destination port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 match protocol udp
vsr running udp# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 translate-to
destination-port¶
Translate to a port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 translate-to
vsr running translate-to# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
ipv4-range (mandatory)¶
Translate to an address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat44 translate-to
vsr running translate-to# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
static-dnat46¶
Static destination NAT46 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match
inbound-interface (mandatory)¶
Interface to match on inbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match
vsr running match# inbound-interface INBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match source
ipv4-range¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match source
vsr running source# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
destination¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match destination
ipv4-range (mandatory)¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match destination
vsr running destination# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
protocol¶
Match on protocol and source port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match protocol
tcp¶
Match TCP protocol and source ports.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match protocol tcp
Match on a source port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match protocol tcp
vsr running tcp# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
Match on a destination port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match protocol tcp
vsr running tcp# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
udp¶
Match UDP protocol and source ports.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match protocol udp
Match on a source port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match protocol udp
vsr running udp# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
Match on a destination port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 match protocol udp
vsr running udp# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 translate-to
ipv6-range (mandatory)¶
Translated Address or Address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 translate-to
vsr running translate-to# ipv6-range IPV6-RANGE
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 address range, in the form addr6-addr6. |
destination-port¶
Translate to a port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 translate-to
vsr running translate-to# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
source-prefix¶
NAT46 source prefix. Allowed prefix lengths are 32, 40, 48, 56, 64, and 96.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-dnat46 translate-to
vsr running translate-to# source-prefix SOURCE-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
static-snat44¶
Static source NAT44 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match source
ipv4-range (mandatory)¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match source
vsr running source# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
destination¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match destination
ipv4-range¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match destination
vsr running destination# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
protocol¶
Match on protocol and source port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match protocol
tcp¶
Match TCP protocol and source ports.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match protocol tcp
Match on a source port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match protocol tcp
vsr running tcp# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
Match on a destination port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match protocol tcp
vsr running tcp# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
udp¶
Match UDP protocol and source ports.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match protocol udp
Match on a source port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match protocol udp
vsr running udp# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
Match on a destination port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 match protocol udp
vsr running udp# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 translate-to
source-port¶
Translate to a port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 translate-to
vsr running translate-to# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
ipv4-range (mandatory)¶
Translate to an address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat44 translate-to
vsr running translate-to# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
static-snat64¶
Static source NAT64 translation.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64
match¶
Match parameters.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match
outbound-interface (mandatory)¶
Interface to match on outbound.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE
|
An interface name. |
source¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match source
ipv6-range (mandatory)¶
Match on source address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match source
vsr running source# ipv6-range IPV6-RANGE
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 address range, in the form addr6-addr6. |
destination¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match destination
ipv6-range¶
Match on destination address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match destination
vsr running destination# ipv6-range IPV6-RANGE
|
Description |
|---|---|
|
An IPv6 address. |
|
An IPv6 address range, in the form addr6-addr6. |
protocol¶
Match on protocol and source port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match protocol
tcp¶
Match TCP protocol and source ports.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match protocol tcp
Match on a source port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match protocol tcp
vsr running tcp# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
Match on a destination port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match protocol tcp
vsr running tcp# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
udp¶
Match UDP protocol and source ports.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match protocol udp
Match on a source port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match protocol udp
vsr running udp# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
Match on a destination port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 match protocol udp
vsr running udp# destination-port DESTINATION-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
translate-to¶
Translate to.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 translate-to
ipv4-range (mandatory)¶
Translate to an address or address range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 translate-to
vsr running translate-to# ipv4-range IPV4-RANGE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv4 address range, in the form addr4-addr4. |
source-port¶
Translate to a port or port range.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 translate-to
vsr running translate-to# source-port SOURCE-PORT
|
Description |
|---|---|
|
No description. |
|
A port-range. Examples: ‘1024-2048’. |
destination-prefix¶
NAT64 destination prefix. Allowed prefix lengths are 32, 40, 48, 56, 64, and 96.
vsr running config# vrf <vrf> cg-nat rule <uint32> static-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX
|
An IPv6 prefix: address and CIDR mask. |
logging¶
CG-NAT log configuration.
vsr running config# vrf <vrf> cg-nat logging
enabled¶
Enable log.
vsr running config# vrf <vrf> cg-nat logging
vsr running logging# enabled true|false
- Default value
true
local¶
Generate log locally.
vsr running config# vrf <vrf> cg-nat logging
vsr running logging# local true|false
event (deprecated)¶
Attention
ipfix events rsyslog eventsEvents to log.
vsr running config# vrf <vrf> cg-nat logging
vsr running logging# event EVENT
|
Description |
|---|---|
|
Log conntrack allocation and destroy event. |
|
Log deterministic configuration event. |
|
Log port-block allocation and destroy event. |
framing-method¶
Framing method to use to split logs.
vsr running config# vrf <vrf> cg-nat logging
vsr running logging# framing-method FRAMING-METHOD
|
Description |
|---|---|
|
Use non-transparent-framing method to split log. |
|
Use octet-counting method to split log. |
rsyslog-server¶
Remote log server list.
vsr running config# vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server>
|
Description |
|---|---|
|
The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format |
|
The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007. |
|
The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890. |
port¶
The destination port number for syslog TCP messages to the server.
vsr running config# vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server>
vsr running rsyslog-server <rsyslog-server># port <1-65535>
source¶
The IPv4/IPv6 source address used to reach the logging server.
vsr running config# vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server>
vsr running rsyslog-server <rsyslog-server># source SOURCE
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv6 address. |
vrf¶
The VRF from which to access the remote server.
vsr running config# vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server>
vsr running rsyslog-server <rsyslog-server># vrf <leafref>
connection-status (state only)¶
Connection status.
vsr> show state vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server> connection-status
statistics (state only)¶
The statistics for this server.
transmit (state only)¶
The number of logs transmitted to this server.
vsr> show state vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server> statistics transmit
transmit-error (state only)¶
The number of logs that have not been transmitted to this server.
vsr> show state vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server> statistics transmit-error
build-error (state only)¶
The number of logs that have not been built to this server.
vsr> show state vrf <vrf> cg-nat logging rsyslog-server <rsyslog-server> statistics build-error
ipfix¶
Configuration for IPFIX message logging. When multiple collector groups are configured, log messages will be duplicated to all collector groups.
vsr running config# vrf <vrf> cg-nat logging ipfix
events¶
Events to log in IPFIX format.
vsr running config# vrf <vrf> cg-nat logging ipfix
vsr running ipfix# events EVENTS
|
Description |
|---|---|
|
Log conntrack allocation and destroy event. |
|
Log port-block allocation and destroy event. |
collector-group¶
List of IPFIX collector groups that all receive duplicate logs.
vsr running config# vrf <vrf> cg-nat logging ipfix collector-group <leafref>
|
The name of the collector group defined in the global configuration. |
rsyslog¶
Configuration for rsyslog message logging. When multiple collector groups are configured, log messages will be duplicated to all collector groups.
vsr running config# vrf <vrf> cg-nat logging rsyslog
events¶
Events to log in rsyslog format.
vsr running config# vrf <vrf> cg-nat logging rsyslog
vsr running rsyslog# events EVENTS
|
Description |
|---|---|
|
Log conntrack allocation and destroy event. |
|
Log port-block allocation and destroy event. |
collector-group¶
List of rsyslog collector groups that all receive duplicate logs.
vsr running config# vrf <vrf> cg-nat logging rsyslog collector-group <leafref>
|
The name of the collector group defined in the global configuration. |