Operation Manual – NAT, Netstream, Policy Routing
H3C S7500 Series Ethernet Switches
Caution:
Each command that is used to modify blacklist-related configuration and is not
source IP address-specific must be coupled with the reset nat session command.
Although each blacklist-enabled LPU in the switch independently maintains its own
blacklist information, blacklist-related configuration commands executed on the
switch apply to all LPUs.
1.3.7 Configuring NAT Connection Aging Time
You can use the nat aging-time command to set the NAT connection aging time for
CPU processed ALG (application layer gateway) NAT mapping entries or the NAT
connection aging time for network processor (NP) processed NAT mapping entries. A
mapping entry is removed from the NAT mapping table when the corresponding aging
timer expires.
Follow these steps to configure the aging time of NAT connections:
To do...
Enter system view
Configure the aging
time of NAT
connections
1.3.8 Configuring NAT Security Logging
Security logging is used to record the detailed procedure information of the NAT
process.
Security logging will record the following information:
Source IP address and port number before translation
Destination IP address and port number before translation
Source IP address and port number after translation
Start time and end time of the NAT process
I. Enabling NAT logging
Follow these steps to enable NAT logging:
Use the command...
system-view
nat aging-time { alg
time-value | np slow }
slot slot-number
1-12
Chapter 1 NAT Configuration
Remarks
—
Optional
By default, the aging time for ALG
NAT mapping entries is 120
seconds. An NP uses fast aging
timer with aging time of 120
seconds.