H3C S7500 Series Operation Manual page 965

Operation Manual – NAT, Netstream, Policy Routing
H3C S7500 Series Ethernet Switches
You can use the nat outbound command to associate an ACL with an address pool or
interface address. Different NAT modes need different configurations.
I. Configuring one-to-one NAT
Follow these steps to configure one-to-one NAT:
Enter system view
Enter VLAN interface view
Configure one-to-one
NAT
The no-pat keyword indicates that only the source IP addresses in packets are
translated while the TCP/UDP port numbers remains unchanged. That is, NAT is based
on the one-to-one mapping between internal and external IP addresses.
II. Configuring NAPT
Follow these steps to configure NAPT:
Enter system view
Enter VLAN interface view
Configure NAPT
Let's compare the above two tables:
In the first table, the configuration command uses the no-pat keyword. Only the IP
addresses of data packets will be translated while the port numbers remains
unchanged, that is, one-to-one NAT is implemented.
In the second table, the configuration command does not use the no-pat keyword,
and so NAPT is enabled. Both IP addresses and port numbers of data packets will
be translated, that is, many-to-one NAT is implemented.
Caution:
An address pool used for NAPT cannot contain more than three addresses.
To do...
system-view
interface Vlan-interface vlan-id
nat outbound acl-number
address-group group-number no-pat
slot slot-number
To do...
system-view
interface Vlan-interface vlan-id
nat outbound acl-number
address-group group-number slot
slot-number
Use the command...
Use the command...
1-7
Chapter 1 NAT Configuration
Remarks
—
—
Required
Remarks
—
—
Required