nat pure-ip-packet drop

Function

The nat pure-ip-packet drop command enables the system to discard the IP packets that are not NATed after being distributed to the service board.

The undo nat pure-ip-packet drop command restores the default configuration.

By default, the IP packets that are not NATed after being distributed to the service board are transparently transmitted over the public network.

This command is supported only on the NetEngine 8000 F1A.

Format

nat pure-ip-packet drop

undo nat pure-ip-packet drop

Parameters

None

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nat write

Usage Guidelines

Usage Scenario

When IPv4 packets are distributed to the service board based on an ACL policy, some IPv4 packets that match the NAT traffic policy fail to be NATed and are by default transparently transmitted over the public network. Such IPv4 packets may affect normal traffic forwarding on the public network. To address this problem, run the nat pure-ip-packet drop command to enable the system to discard the IP packets that are not NATed after being distributed to the service board.

Precautions

After the nat pure-ip-packet drop command is run, all the user packets, except TCP, UDP, ICMP, and GRE packets, are discarded after being distributed to the service board.

Example

# Enable the system to discard the IP packets that are not NATed after being distributed to the service board.
<HUAWEI> system-view
[~HUAWEI] nat pure-ip-packet drop
Parent Topic: NAT Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >