redirect ip-nexthop (NAT instance view)

Function

The redirect ip-nexthop command sets the IP address of a next hop to which packets are redirected.

The undo redirect command deletes the IP address of a next hop to which packets are redirected.

By default, no IP address of a next hop to which packets are redirected is set.

This command is supported only on the NetEngine 8000 F1A.

Format

redirect ip-nexthop ip-address { inbound | outbound } redirect-id [ tcp | udp | protocol-id ] [ [ source-ip ip-address { ip-mask | mask-length } [ vpn-instance vpn-name ] ] [ source-port port-number ] | [ destination-ip ip-address { ip-mask | mask-length } [ vpn-instance vpn-name ] ] [ destination-port port-number ] ] *

undo redirect ip-nexthop ip-address { inbound | outbound } redirect-id [ tcp | udp | protocol-id ] [ [ source-ip ip-address { ip-mask | mask-length } [ vpn-instance vpn-name ] ] [ source-port port-number ] | [ destination-ip ip-address { ip-mask | mask-length } [ vpn-instance vpn-name ] ] [ destination-port port-number ] ] *

Parameters

Parameter Description Value
inbound

Indicates redirection to a next hop for public network-to-private network traffic.

-
outbound

Indicates redirection to a next hop for private network-to-public network traffic.

-
redirect-id

Specifies a redirection ID.

The value is an integer ranging from 1 to 16.

A smaller redirect-id value indicates a higher priority.
tcp

Indicates the TCP protocol.

-
udp

Indicates the UDP protocol.

-
protocol-id

Specifies a protocol number.

The value is an integer ranging from 1 to 255.
source-ip ip-address

Specifies a source IP address.

The value is in dotted decimal notation.
ip-mask

Specifies the mask of a specified IP address.

The value is in dotted decimal notation.
mask-length

Specifies the mask length of a specified IP address.

The value is an integer ranging from 1 to 32.
vpn-instance vpn-name

Specifies the name of a VPN instance.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
source-port port-number

Specifies a source port number.

The value is an integer ranging from 0 to 65535.
destination-ip ip-address

Specifies a destination IP address.

The value is in dotted decimal notation.
destination-port port-number

Specifies a destination port number.

The value is an integer ranging from 0 to 65535.
ip-nexthop ip-address

Specifies the IPv4 address of a next hop to which packets are re-directed.

The value is in dotted decimal notation.

Views

NAT instance view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nat write

Usage Guidelines

Usage Scenario

To change the IP address of a next hop to which packets are redirected, run the redirect ip-nexthop command. This command is used when the next-hop IP address NAT traffic is the same as that used in PBR redirection.

Precautions

Perform either of the following operations to configure NAT redirection:

  • To redirect all user traffic, run the redirect ip-nexthop command to specify a next-hop IP address to which user traffic is redirected. A singe redirect ip-nexthop command instance can be run for either public network-to-private network (inbound) or private network-to-public network (outbound) packets in each NAT instance.
  • To redirect traffic of a specified user, run the redirect ip-nexthop command to specify a next hop to which packets are redirected.

    In this situation, a maximum of 16 redirect ip-nexthop command instances can be run for public network-to-private network (inbound) packets, private network-to-public network (outbound) packets, or packets in both directions in each NAT instance. The parameter is set to identify each command instance.

    When the outbound parameter is specified to redirect the private network-to-public network traffic, the destination VPN name configured in this command must be the same as the VPN name of the public address pool in the NAT instance. When the inbound parameter is specified to redirect public network-to-private network traffic, the source VPN name configured in this command must be the same as the VPN name of the public address pool in the NAT instance.If the VPN names are different, the redirection rule does not take effect, and packets are forwarded based on the destination address in the packets.

Example

# Set the IP address of a next hop to which packets are redirected to 192.168.1.1 in a NAT instance named cpe1.
<HUAWEI> system-view
[~HUAWEI] nat instance cpe1 id 1
[*HUAWEI-nat-instance-cpe1] redirect ip-nexthop 192.168.1.1 outbound
# Set the IP address of a next hop to which packets are redirected to 192.168.1.1, the protocol type of redirected user traffic to TCP, the source IP address to 10.1.1.1/24, the source port number to 1001, the destination IP address to 2.1.1.1/24, and the destination port number to 1002 in a NAT instance named cpe2.
<HUAWEI> system-view
[~HUAWEI] nat instance cpe2 id 2
[*HUAWEI-nat-instance-cpe2] redirect ip-nexthop 192.168.1.1 outbound 1 tcp source-ip 10.1.1.1 24 source-port 1001 destination-ip 2.1.1.1 24 destination-port 1002
Parent Topic: NAT Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >