H3C S9500 Series Operation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S9500 Series
  6. Operation manual
H3C S9500 Series Operation Manual

H3C S9500 Series Operation Manual

L3+nat routing switches
Hide thumbs Also See for S9500 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Command Manual, Operating Manual
Operation Manual - L3+NAT
H3C S9500 Series Routing Switches
Chapter 1 NAT Configuration....................................................................................................... 1-1
1.1 NAT Overview.................................................................................................................... 1-1
1.1.1 Introduction to NAT ................................................................................................. 1-1
1.1.2 NAT Functionalities ................................................................................................. 1-3
1.2 NAT Configuration Task List.............................................................................................. 1-6
1.3 Configuring Address Translation ....................................................................................... 1-7
1.3.1 Introduction to Address Translation ........................................................................ 1-7
1.3.2 Configuring Address Translation............................................................................. 1-8
1.4 Configuring Internal Server.............................................................................................. 1-10
1.4.1 Introduction to Internal Server............................................................................... 1-10
1.4.2 Configuring an Internal Server .............................................................................. 1-10
1.5 Configuring the Binding ................................................................................................... 1-11
1.5.1 Introduction to Binding .......................................................................................... 1-11
1.5.2 Configuration Procedure ....................................................................................... 1-11
1.6 Configuring NAT Log ....................................................................................................... 1-12
1.6.1 Introduction to NAT Log ........................................................................................ 1-12
1.6.2 Enabling NAT Log Function .................................................................................. 1-12
1.6.3 Exporting NAT Logs .............................................................................................. 1-13
1.7 Configuring User Resource Limit..................................................................................... 1-15
1.7.1 Introduction to User Resource Limit...................................................................... 1-15
1.7.2 Configuring User Resource Limit .......................................................................... 1-15
1.8 Configuring Connection-limit............................................................................................ 1-16
1.8.1 Introduction to Connection-limit............................................................................. 1-16
1.8.2 Configuration Procedure ....................................................................................... 1-16
1.9 Displaying and Maintaining NAT...................................................................................... 1-18
1.10 NAT Configuration Example .......................................................................................... 1-19
1.10.1 NAT Configuration Example................................................................................ 1-19
1.10.2 Exporting NAT Logs to the Information Center ................................................... 1-21
1.10.3 Exporting NAT logs to Log Server....................................................................... 1-24
1.11 Troubleshooting NAT..................................................................................................... 1-25
1.11.1 Symptom 1: Abnormal Translation of IP Addresses ........................................... 1-25
1.11.2 Symptom 2: Internal Server Functions Abnormally............................................. 1-25

Table of Contents

i
Table of Contents

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S9500 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S9500 Series

Summary of Contents for H3C S9500 Series

  • Page 1: Table Of Contents

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 NAT Configuration....................... 1-1 1.1 NAT Overview........................1-1 1.1.1 Introduction to NAT ....................1-1 1.1.2 NAT Functionalities ....................1-3 1.2 NAT Configuration Task List....................1-6 1.3 Configuring Address Translation ..................

  • Page 2: Chapter 1 Nat Configuration

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Chapter 1 NAT Configuration When configuring NAT, go to these sections for information you are interested in: NAT Overview NAT Configuration Task List Configuring Address Translation Configuring Internal Server...
  • Page 3 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Note: Private or internal IP addresses refer to IP addresses used in an internal network whereas public or external IP addresses refer to the globally unique IP addresses used on the Internet.

  • Page 4: Nat Functionalities

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration address translation table for the mapping and replaces the original destination address with the private address 192.168.1.3. The above NAT operation is transparent to the terminals like the Host and the Server in the above figure.
  • Page 5 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Note: The number of public IP addresses an NAT gateway has is far less than the number of internal hosts, because not all internal hosts will access the external networks at the same time.
  • Page 6 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Figure 1-2 An NAPT process As illustrated in the above figure, four data packets arrive at the NAT gateway. Packets 1 and 2 have the same internal address but different source port numbers. Packets 3 and 4 have different internal addresses but the same source port number.

  • Page 7: Nat Configuration Task List

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Easy IP applies to scenarios where there is only one public network interface address or there are only a few internal host addresses. V. Support for special protocols...

  • Page 8: Configuring Address Translation

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration To do… Use the command… Remarks Configure an internal Refer to Configuring Internal Optional server Server. Optional Enabled by default Enable NAT nat alg { all | dns | ftp | ils |...

  • Page 9: Configuring Address Translation

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration The configuration for different forms of address translation varies somewhat: Easy IP This feature is implemented using the nat outbound acl-number command, without the address-group keyword specified. When address translation, the NAT gateway directly uses an interface’s public IP address as the translated IP address, and uses...
  • Page 10 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration To do… Use the command… Remarks Enter system view system-view — interface vlan-interface Enter VLAN interface view — interface-number Enable Easy IP by associating the ACL with the interface IP...

  • Page 11: Configuring Internal Server

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Note: For the ACL referenced by NAT, only the source IP address, destination IP address, and VPN instance take effect. For NO-PAT translation, if multiple NAT rules are configured on a VLAN interface, the device will determine the rule priority based on the ACL numbers bound with the NAT rules and always match the NAT rule with a greater ACL number.

  • Page 12: Configuring The Binding

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration To do… Use the command… Remarks nat server [ vpn-instance vpn-instance-name ] protocol pro-type global global-address [ global-port ] inside host-address [ host-port ] Configure an internal...

  • Page 13: Configuring Nat Log

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Caution: Once bound to the NAT virtual interface, a VLAN interface can no longer serve as the outbound interface of QoS redirection. This is because the packets that pass through the VLAN interface have been redirected to the L3+NAT board, causing the QoS redirection function ineffective.

  • Page 14: Exporting Nat Logs

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration To do... Use the command… Remarks Enable and set the Required nat log flow-active interval for logging active minutes Disabled by default flows 1.6.3 Exporting NAT Logs NAT logs can be exported in two directions, either to the information center or to the NAT log server.
  • Page 15 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Note: Exporting NAT logs to the information center occupies storage space. This approach is recommended when the volume of NAT logs is small. NAT logs exporting to the information center are prioritized as informational, meaning that they are ordinary information.

  • Page 16: Configuring User Resource Limit

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Note: The IP address of the NAT log server must be a valid unicast address. As for the UDP port number of the log server, you are recommended to use a port number greater than 1024 to avoid conflicts with the system-defined port numbers.

  • Page 17: Configuring Connection-Limit

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration 1.8 Configuring Connection-limit 1.8.1 Introduction to Connection-limit The connection-limit function allows you to limit user connections in three ways: connection number, connection rate or both. This can avoid the situation where a single user establishes too many connections in a short time as to affect other users in using the network.
  • Page 18 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration To do... Use the command… Remarks connection-limit default Optional Configure connection amount upper-limit number limits globally 200 by default max-amount Optional Set the maximum connection-limit default connection rate globally...

  • Page 19: Displaying And Maintaining Nat

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Caution: A NAT module limits user connections based on the policy bound to it. Each NAT module can be bound with one policy only. The global connection-limit configuration does not take effect until you bind the connection-limit policy with the NAT module.

  • Page 20: Nat Configuration Example

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration To do… Use the command… Remarks Display information about display nat limit { all | the resource allocation Available in any view public | vpn-instance and utilization...
  • Page 21 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Configure a connection-limit policy and bind it to the NAT module. Configure the upper limit of connections as 1000 (based on the source address) respectively, which means the number of connections initiated from internal user cannot exceed 1000.

  • Page 22: Exporting Nat Logs To The Information Center

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration [Switch-Vlan-interface10] nat server protocol tcp global 202.38.160.100 ftp inside 10.110.10.1 ftp # Configure the internal WWW server 1. [Switch-Vlan-interface10] nat server protocol tcp global 202.38.160.100 www inside 10.110.10.2 www # Configure the internal WWW server 2.
  • Page 23 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration II. Network diagram Figure 1-5 Export NAT logs to information center III. Configuration procedure Note: The following only lists configurations pertinent to NAT logs. Configurations regarding the IP addresses of the devices and NAT function are omitted here.
  • Page 24 Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration [2005/07/07 04:20:03-0000/00/00 00:00:00]; Operator 8: Data flow created %@250006%Jul 7 04:20:10:72 2005 Sysname USERLOG/7/NAT: ICMP; 192.168.1.6:768--->1.1.1.1:12288; 2.2.2.2:768; [2005/07/07 04:20:03-2005/07/07 04:20:09]; Operator 1: Normal over %@250007%Jul 7 04:20:30:72 2005 Sysname USERLOG/7/NAT: ICMP;...

  • Page 25: Exporting Nat Logs To Log Server

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration 1.10.3 Exporting NAT logs to Log Server I. Network requirements A PC in the private network accesses Device B on the public network through Device A, which is enabled with NAT.

  • Page 26: Troubleshooting Nat

    Operation Manual – L3+NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration 1.11 Troubleshooting NAT 1.11.1 Symptom 1: Abnormal Translation of IP Addresses Solution: Enable debugging for NAT. Try to locate the problem based on the debugging display. Use other commands, if necessary, to further identify the problem.

Table of Contents