Configuring Nat Log; Introduction To Nat Log; Enabling Nat Log Function - H3C S9500 Series Operation Manual

Operation Manual – L3+NAT
H3C S9500 Series Routing Switches
Caution:
Once bound to the NAT virtual interface, a VLAN interface can no longer serve as
the outbound interface of QoS redirection. This is because the packets that pass
through the VLAN interface have been redirected to the L3+NAT board, causing the
QoS redirection function ineffective.
After removing a NAT-enabled VLAN virtual interface or the binding of an
NAT-enabled VLAN interface with a NAT service interface, you need to execute the
reset nat session command to purge all NAT entries if you want the NATed public
network address to be reassigned.

1.6 Configuring NAT Log

1.6.1 Introduction to NAT Log

NAT log is a type of system information generated by the NAT gateway during the IP
address translation. NAT log contains such information as the packet's source IP
address, source port address, destination IP address, destination port address,
translated source IP address, translated source port address and other user operations.
The log only traces operations of private network users in accessing an external
network, not those in the opposite direction.
As multiple private users share one public IP address when accessing an external
network through a NAT gateway, it is hard to identify each of the users. The log function,
however, can enhance network security (for supervising purpose) by keeping records
of the private network users that access the external network.

1.6.2 Enabling NAT Log Function

Follow these steps to enable NAT log function:
Enter system view
Enable log function
Generate NAT log when
establishing a NAT
session
To do...
system-view
nat log enable [ acl
acl-number ]
nat log flow-begin
Use the command...
1-12
Chapter 1 NAT Configuration
Remarks
—
Required
Disabled by default
Required
By default, no log is
generated when
establishing NAT session.