nat server protocol global unnumbered interface (NAT instance view)
Function
The nat server protocol global unnumbered interface command creates the reusing relationship between an internal NAT server and an interface address.
The undo nat server protocol global unnumbered interface command deletes the reusing relationship between an internal NAT server and an interface address.
By default, no reusing relationship exists between an internal NAT server and an interface address.
This command is supported only on the NetEngine 8000 F1A.
Format
nat server protocol { tcp | udp | protocol-number } global unnumbered interface { interface-name | interface-type interface-number } global-protocol inside host-address host-protocol [ vpn-instance vpn-instance-name ] [ extendable ]
undo nat server protocol { tcp | udp | protocol-number } global unnumbered interface { interface-name | interface-type interface-number } global-protocol inside host-address host-protocol [ vpn-instance vpn-instance-name ] [ extendable ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| tcp |
Indicates that the internal NAT server uses TCP for data communication. |
- |
| udp |
Indicates that the internal NAT server uses UDP for data communication. |
- |
| protocol-number |
Specifies the number of a protocol. |
The value is an integer ranging from 1 to 255. |
| unnumbered |
Share an address with interface. |
- |
| interface interface-name |
Specifies the name of an interface. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. |
| interface-type |
Specifies the type of an interface. |
- |
| interface-number |
Specifies the number of an interface. |
The value is a string of 1 to 63 case-sensitive characters, spaces not supported. |
| global-protocol |
Specifies the public network protocol that an internal NAT server runs. For example, the value can be pop2, pop3, or smtp. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. |
| inside host-address |
Specifies the IP address of the internal NAT server. |
The value is in dotted decimal notation. |
| host-protocol |
Specifies the private network protocol that an internal server runs. For example, the value can be pop2, pop3, or smtp. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. |
| vpn-instance vpn-instance-name |
Specifies the name of a VPN instance to which the internal NAT server belongs. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| extendable |
Indicates the extended NAT server identifier, meaning that an internal server with a private IP address and different public IP addresses can be configured. |
- |
Usage Guidelines
Usage Scenario
In enterprise network scenarios, the IP address of an internal NAT server does not overlap with an interface address, leading to insufficiency of public IP addresses. To expand public IP address for enterprise users, run the nat server protocol global unnumbered interface command to configure the reusing relationship between an internal NAT server and an interface address.
Configuration Impact
The internal server function enables a NAT device to translate the public IP address to the private IP address based on a static mapping entry that contains a private IP address, a private port number, a public IP address, and a public port number or a static mapping entry that contains a private IP address and a public IP address.
Precautions
When you configure the internal server function, note the following:
- After the extendable parameter is configured, the mapping between a pair of a private IP address and a private port number and different pairs of public IP addresses and public port numbers can be configured for an internal server in a NAT instance.
- After the extendable parameter is configured, the command and nat server-mode enable commands are mutually exclusive, and the static source tracing algorithm cannot be bound to the NAT instance.
- After the extendable parameter is configured, a public network-side user cannot access different public IP addresses of the same private network server. NAT ALG does not take effect on protocol packets that match port-level NAT internal server mappings. The primary IP address, not the secondary IP address, of an interface can be borrowed.
Example
<HUAWEI> system-view [~HUAWEI] interface GigabitEthernet0/1/1 [~HUAWEI-GigabitEthernet0/1/1] ip address 10.10.1.0 255.255.255.0 [~HUAWEI-GigabitEthernet0/1/1] commit [~HUAWEI-GigabitEthernet0/1/1] quit [~HUAWEI] nat instance cpe1 id 1 [*HUAWEI-nat-instance-cpe1] nat server protocol tcp global unnumbered interface GigabitEthernet 0/1/1 11 inside 10.10.1.1 13