Configuring AFT logging
For security auditing, you can configure AFT logging to record AFT session information. AFT
sessions refer to sessions whose source and destination addresses have been translated by AFT.
To configure AFT logging:
Step
1.
Enter system view.
2.
Enable AFT logging.
3.
Enable AFT session
establishment logging.
4.
Enable AFT session removal
logging.
Setting the ToS field to 0 for translated IPv4
packets
Step
1.
Enter system view.
2.
Set the ToS field to 0 for IPv4
packets translated from IPv6
packets.
Setting the Traffic Class field to 0 for translated
IPv6 packets
Step
1.
Enter system view.
2.
Set the Traffic Class field to 0
for IPv6 packets translated
from IPv4 packets.
Displaying and maintaining AFT
Execute display commands in any view and reset commands in user view.
Task
Display AFT configuration.
Display AFT address group information.
Command
system-view
aft log enable
aft log flow-begin
aft log flow-end
Command
system-view
aft turn-off tos
Command
system-view
aft turn-off traffic-class
Command
display aft configuration
display aft address-group [ group-id ]
416
Remarks
N/A
By default, AFT logging is
disabled.
By default, AFT session
establishment logging is disabled.
By default, AFT session removal
logging is disabled.
Remarks
N/A
By default, the ToS field value of
translated IPv4 packets is the
same as the Traffic Class field
value of original IPv6 packets.
Remarks
N/A
By default, the Traffic Class field
value of translated IPv6 packets is
the same as the ToS field value of
original IPv4 packets.