Cisco IOS XR Carrier Grade NAT Command Reference for the Cisco CRS Router, Release 4.2.x
Carrier Grade NAT Commands on Cisco IOS XR Software
Downloads: This chapterpdf (PDF - 1.4MB) The complete bookPDF (PDF - 1.72MB) | Feedback

Carrier Grade NAT Commands on Cisco IOS XR Software

Contents

Carrier Grade NAT Commands on Cisco IOS XR Software

This chapter describes the commands used to configure and use the Carrier Grade NAT (CGN) .

For detailed information about CGN concepts, configuration tasks, and examples, see Cisco IOS XR Software Carrier Grade NAT Configuration Guide for the Cisco CRS Router .

address (CGN NetflowV9 logging)

To enable the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table, use the address command in CGN inside VRF external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.

address address port number

no address address port number

Syntax Description

address

IPv4 address of the server.

port

Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs.

number

Port number. Range is from 1 to 65535.

Command Default

If the address command is not configured, CGN NetflowV9 logging is disabled.

Command Modes

CGN inside VRF external logging server configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.1.0

The usage guidelines was updated.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The CGN NetflowV9-based translation entry is used to create and delete the logs. This NAT44 specific command will configure the ipv4 address and port number for the netflowV9 external logging facility. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which in turn corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs. The configurations for path-mtu, refresh-rate and timeout is applicable only when the ipv4 address and port number for the logging server has been configured.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the IPv4 address and port number 45 for NetFlow logging of the NAT table entries:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 2.3.4.5 port 45

Related Commands

Command

Description

external-logging netflow(DS-Lite)

 

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

server(CGN)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.  

service cgn

Enables an instance for the CGN application.  

address(CGN static-forward)

To enable the inside IPv4 address and port number for static forwarding for a CGN instance, use the address command in CGN inside VRF static port inside configuration mode. To disable this feature, use the no form of this command.

address address port number

no address address port number

Syntax Description

address

IPv4 address of an inside host server.

port

Configures the inside port for static forwarding. The port keyword allows a specific UDP, TCP, or ICMP port on a global address to be translated to a specific port on a local address.

number

Inside port number. For TCP and UDP, range is from 1 to 65535. For ICMP, range is from and 0 to 65535.

Command Default

None

Command Modes

CGN inside VRF static port inside configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.1.0

The usage guidelines section was updated.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This NAT44 command configures the static port forwarding for an inside-ipv4 address and inside-port number combination. With this configuration, packets received inside with the configured inside-ipv4 address and inside-port number are forwarded using the displayed outside-ipv4address and outside-port number.

CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the inside IPv4 address and port for static forwarding. CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf ivrf
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# static-forward inside
RP/0/RP0/CPU0:router(config-cgn-ivrf-sport-inside)# address 10.20.30.10 port 1000

Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

static-forward inside(CGN)

Enables forwarding for the static port for an inside IPv4 address and inside port combination.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

address (DS-LITE Netflow9 Logging)

To enable the IPv4 address of the server that is used for logging the entries for a DS-Lite instance, use the address command in CGN DS-Lite external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.

address address port number

no address address port number

Syntax Description

address

IPv4 address of the server.

port

Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs.

number

Port number. Range is from 1 to 65535.

Command Default

If the address command is not configured, NetflowV9 logging is disabled.

Command Modes

CGN DS-Lite external logging server configuration

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the IPv4 address and port number 45 for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# address 2.3.4.5 port 45

address-family ipv4 (CGN)

To enter the IPv4 address family configuration mode while configuring the Carrier Grade NAT (CGN), use the address-family ipv4 command in an appropriate configuration mode. To disable support for an address family, use the no form of this command.

address-family ipv4 { interface ServiceApp | tcp mss | tos }

no address-family ipv4

Syntax Description

interface

Specifies the ServiceApp interface to be used.

ServiceApp

Specifies the SEAPP SVI interface. The number of service application interfaces to be configured ranges from 1 to 2000.

tcp

Specifies the TCP protocol.

mss

Specifies the maximum segment size for TCP in bytes. The value of maximum segment size ranges from 28 to 1500.

tos

Type of service to be set when translating IPv6 to IPv4. The value of type of service ranges from 0 to 255.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 3.9.1

This command was introduced.

Release 4.1.0

Updated the Syntax and Usage Guidelines sections.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This command configures the ipv4 address family for NAT64 stateless XLAT.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows the tcp mss for the ipv4 address family:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# tcp mss 200

address-family ipv6 (CGN)

To enter the IPv6 address family configuration mode, use the address-family ipv6 command. To disable support for an address family, use the no form of this command.

address-family ipv6{interface ServiceApp <1-2000>} { df override } { protocol | { icmp | reset-mtu } } tcp mss<28-1500>traffic-class<0-255>

no address-family ipv6

Syntax Description

interface

Indicates the ServiceApp interface to be used.

ServiceApp

SEAPP SVI Interface.

<1-2000>

Number of service application interfaces to be configured. Range is from 1 to 2000.

df-override

Override DF bit.

protocol

Select a protocol.

icmp

(Optional) ICMP protocol.

reset-mtu

(Optional) Reset maximum transmission unit when packet is too big.

tcp

TCP protocol.

mss

Maximum segment size for TCP in bytes.

<28-1500>

Maximum segment size to be used in bytes.

traffic-class

Traffic class to be set when translating from IPv4 to IPv6.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This command configures the ipv6 address family for NAT64 stateless XLAT.

Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows the traffic-class setting for the ipv6 address family:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stless-afi)# traffic-class 25

Related Commands

Command

Description

df-override (CGN)

Sets the do not fragment bit  

protocol icmp reset-mtu (CGN)

Resets the received packet size.  

service cgn

Enables an instance for the CGN application.  

traffic-class (CGN)

Configures the traffic class value to be used when translating a packet from IPv4 to IPv6  

address-family IPv6 (DS-LITE)

To enter the IPv6 address family configuration mode for a DS-Lite instance, use the address-family ipv6 command. To disable support for an address family, use the no form of this command.

address-family IPv6 interface ServiceApp <1-2000>

no address-family IPv6 interface ServiceApp <1-2000>

Syntax Description

interface

Indicates the ServiceApp interface to be used.

ServiceApp

SEAPP SVI Interface.

<1-2000>

Number of service application interfaces to be configured. Range is from 1 to 2000.

Command Default

None

Command Modes

CGN-DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
cgn

read, write

Examples

This example shows how to enter the IPv6 address family configuration mode for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-ds-lite-afi)# interface serviceApp 600
RP/0/RP0/CPU0:router(config-cgn-ds-lite-afi)#

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

aftr-tunnel-endpoint-address (DS-LITE)

To assign an IPv6 tunnel endpoint address for a ds-lite instance, use the aftr-tunnel-endpoint-address in Carrier Grade NAT (CGN) DS-Lite configuration mode. To unassign the address for the ds-lite instance, use the no form of this command.

aftr-tunnel-endpoint-address IPv6 address

no aftr-tunnel-endpoint-address IPv6 address

Syntax Description

IPv6 address

Specifies the IPv6 address of the tunnel endpoint.

Command Default

None

Command Modes

CGN DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to assign an IPv6 tunnel endpoint address for a ds-lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#aftr-tunnel-endpoint-address 10:10::2
RP/0/RP0/CPU0:router(config-cgn-ds-lite)

Related Commands

Command

Description

alg (DS-LITE)

 

bulk-port-alloc (DS-LITE)

 

map (DS-LITE)

 

path-mtu (DS-LITE)

 

port-limit (DS-LITE)

 

protocol (DS-LITE)

Enters the ICMP, TCP, and UDP protocol configuration mode.  

alg ActiveFTP (CGN)

To enable the Application-Level Gateway (ALG) of Active FTP for a Carrier Grade NAT44 instance, use the alg ActiveFTP command in NAT44 configuration mode. To disable the support of ALG for the Active FTP, use the no form of this command.

alg ActiveFTP

no alg ActiveFTP

Syntax Description

This command has no arguments or keywords.

Command Default

By default, ActiveFTP ALG is disabled.

Command Modes

NAT44 configuration mode

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.1.0

The Usage Guidelines section was updated.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This is a NAT44 service type specific command to be applied for each CGN instance.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure ALG for the active FTP connection for the CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# alg ActiveFTP

Related Commands

Command

Description

service cgn

Enables an instance for the CGN application.  

alg (DS-LITE)

To enable the support for FTP Application-Level Gateway (ALG) for a DS-Lite instance, use the alg command in CGN DS-Lite configuration mode. To disable, use the no form of this command.

alg ftp

no alg ftp

Syntax Description

ftp

Enables the FTP ALG.

Command Default

None

Command Modes

CGN DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enable support for FTP ALG:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#alg ftp
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command

Description

aftr-tunnel-endpoint-address (DS-LITE)

 

bulk-port-alloc (DS-LITE)

 

map (DS-LITE)

 

path-mtu (DS-LITE)

 

port-limit (DS-LITE)

 

protocol (DS-LITE)

Enters the ICMP, TCP, and UDP protocol configuration mode.  

alg rtsp

To enable support for the Application-Level Gateway (ALG) Real Time Streaming Protocol (RTSP), use the alg rtsp command in the CGN NAT44 configuration mode. To disable support, use the no form of this command.

alg rtsp

no alg rtsp

Syntax Description

alg

Configures the Application Level Gateway type to be used.

rtsp

Specifies the real time streaming protocol.

Command Default

By default, the alg rtsp is disabled.

Command Modes

CGN NAT44 Configuration

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The application has to be directed to identify RTSP packets. The alg rtsp configuration command allows enabling of RTSP scan.

Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows how to configure the alg rtsp command for the CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# alg rtsp

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

alg ActiveFTP (CGN)

Enables the Application-Level Gateway (ALG) of Active FTP for a CGN NAT44 instance.  

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

portlimit(CGN)

Limits the number of translation entries per source address.  

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

service-type nat44(CGN)

Enables a NAT 44 instance for the CGN application.  

refresh-direction(CGN)

Configures the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance.  

br (6rd)

To enter the Border Relay configuration mode, use the br command. To disable this feature, use the no form of this command.

br { ipv4 | ipv6-prefix | source-address | unicast }

no br

Syntax Description

ipv4

Specifies the IPv4 related configuration.

ipv6-prefix

Specifies the IPv6 prefix.

source-address

Indicates the source address for the tunnel.

unicast

Indicates the unicast address.

Command Default

None

Command Modes

TUNNEL-6RD

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows how to configure the unicast address using the br configuration level commands :

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv6-prefix 2001:db8::/32
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# source-address 10.2.2.2
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv4 prefix length 0
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv4 suffix length 0
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# unicast address 2001:db8:a02:202::1

Related Commands

Command

Description

ipv4 prefix (6rd)

Assigns a value for the ipv4 prefix of a tunnel  

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

source-address (6rd)

Assigns an ipv4 address as the tunnel source address.  

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.  

bulk-port-alloc (DS-LITE)

To pre-allocate a number of contiguous outside ports in bulk and to reduce Netflow/Syslog data volume, use the bulk-port-alloc command in CGN DS-Lite configuration mode. To undo the bulk port allocation, use the no form of this command.

bulk-port-alloc size

no bulk-port-alloc size

Syntax Description

size

Specifies the port size for allocation. The value should be greater than or equal to one fourth of the port limit and less than twice the port limit. The allowed values are 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096.

Command Default

None

Command Modes

CGN DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to allocate ports in bulk to reduce the syslog data volume:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#bulk-port-alloc size 64
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command

Description

aftr-tunnel-endpoint-address (DS-LITE)

 

alg (DS-LITE)

 

external-logging netflow(DS-Lite)

 

map(CGN)

Maps an outside VRF and address pool to an inside vrf.  

path-mtu (DS-LITE)

 

port-limit (DS-LITE)

 

protocol (DS-LITE)

Enters the ICMP, TCP, and UDP protocol configuration mode.  

clear cgn ds-lite statistics (DS-LITE)

To clear all the statistics for a ds-lite instance, use theclear cgn ds-lite statistics command in EXEC mode.

clear cgn ds-lite instance-name statistics

Syntax Description

instance-name

Specifies the name of the DS-Lite instance.

statistics

Specifies the DS-Lite statistics.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn ds-lite statistics command clears all statistics counters, use this command with caution.


Task ID

Task ID Operation

cgn

read

Related Commands

Command

Description

clear cgn nat44

Clears all translation database entries that are created dynamically for the specific CGN instance.  

clear cgn nat44 ipaddress

Clears translation database entries that are created dynamically for the specified IPv4 address.  

clear cgn nat44 port

Clears the translation database entries that are created dynamically for the specified inside port number.  

clear cgn nat44 protocol

 

clear cgn ds-lite

To clear all translation database entries that are created dynamically for the specific DS-Lite instance, use the clear cgn ds-lite command in EXEC mode.

clear cgn ds-lite instance-name

Syntax Description

instance-name

Instance name for DS-Lite.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn ds-lite command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Related Commands

Command

Description

 

 

clear cgn nat44

To clear all translation database entries that are created dynamically for the specific CGN instance, use the clear cgn nat44 command in EXEC mode.

clear cgn nat44 instance-name

Syntax Description

instance-name

Instance name for NAT44.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn nat44 command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Examples

The following example shows how to clear all the translation entries for the cgn1 instance:

RP/0/RP0/CPU0:router# show cgn nat44 nat2 statistics

Statistics summary of NAT44 instance: 'nat2'
Number of active translations: 45631
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195

RP/0/RP0/CPU0:router# clear cgn nat44 nat2

RP/0/RP0/CPU0:router# show cgn nat44 nat2 statistics

Statistics summary of NAT44 Instance: 'nat2'
Number of active translations: 0 <<<<<<<<<<<<<< All the entries are deleted and provided no new translation entires are created
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195

Related Commands

Command

Description

service cgn

Enables an instance for the CGN application.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn nat44 inside-vrf

To clear translation database entries that are created dynamically for the specified inside VRF, use the clear cgn nat44 inside-vrf command in EXEC mode.

clear cgn nat44 instance-name inside-vrf vrf-name

Syntax Description

instance-name

Instance name for NAT44.

vrf-name

Name for the inside VRF.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn nat44 inside-vrf command clears all translation database entries for the specified inside-vrf and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Examples

This example shows how to clear the translation database entries for the inside VRF named ivrf:

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 34 2356 alg 875364 65345
12.168.6.98 tcp 56 8972 static 78645 56343
12.168.2.12 tcp 21 2390 static 45638 89865
12.168.2.123 tcp 34 239 dynamic 809835 67854

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 inside-vrf insidevrf1

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn ds-lite ipaddress

To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn ds-lite ipaddress command in EXEC mode.

clear cgn ds-lite instance-name ipaddress address

Syntax Description

instance-name

Instance name for DS-Lite.

address

Specifies the IPv4 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn ds-lite ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Related Commands

Command

Description

 

 

clear cgn nat44 ipaddress

To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn nat44 ipaddress command in EXEC mode.

clear cgn nat44 instance-name ipaddress address

Syntax Description

instance-name

Instance name for NAT44.

address

Specifies the IPv4 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn nat44 ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Examples

The following example shows how to clear the translation database entries for the specified IPv4 address:

RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance  : nat1
Inside-VRF    : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 34 2356 alg 875364 65345
12.168.2.123 tcp 34 239 dynamic 809835 67854

RP/0/RP0/CPU0:router# clear cgn nat44 nat1 ipaddress 10.0.0.0

RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat1
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command

Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn ds-lite port

To clear the translation database entries that are created dynamically for the specified port number, use the clear cgn ds-lite port command in EXEC mode.

clear cgn ds-lite instance-name port number

Syntax Description

instance-name

Instance name for DS-Lite.

number

Port number. Range is from 1 to 65535.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn ds-lite port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Related Commands

Command

Description

 

 

clear cgn nat44 port

To clear the translation database entries that are created dynamically for the specified inside port number, use the clear cgn nat44 port command in EXEC mode.

clear cgn nat44 instance-name port number

Syntax Description

instance-name

Instance name for NAT44.

number

Port number. Range is from 1 to 65535.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn nat44 port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Examples

This example shows how to clear the translation database entries for port number 1231:

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1
inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 1231 2356 alg 875364 65345

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 port 1231

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command

Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn ds-lite protocol

To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn ds-lite protocol command in EXEC mode.

clear cgn ds-lite instance-name protocol { udp | tcp | icmp }

Syntax Description

instance-name

Name for the DS-Lite CGN instance.

protocol

Specifies the protocol for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn ds-lite protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Related Commands

Command

Description

 

 

clear cgn nat44 protocol

To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn nat44 protocol command in EXEC mode.

clear cgn nat44 instance-name protocol { udp | tcp | icmp }

Syntax Description

instance-name

Name for the NAT44 CGN instance.

protocol

Specifies the protocol for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Caution


Because the clear cgn nat44 protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.


Task ID

Task ID

Operations

cgn

read

Examples

The following example shows how to clear the translation database entries for the TCP protocol:

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 1231 2356 alg 875364 65345

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 protocol tcp

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command

Description

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

df-override (CGN)

To set the DF (Do not Fragment) bit to 0, use the df-override command . To restore the default behavior, use the no form of this command.

df-override

no df-override

Syntax Description

df-override

Specifies the df-override bit.

Command Default

The df-override bit is set to 1.

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the df-override command to set the DF bit to 0 when translating IPv6 packets to IPv4 packets, provided the original IPv6 packet size is less than 1280 bytes and there is no Fragment header.

Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows how to configure the df-override command for the NAT64 stateless configuration.

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# df-override

Related Commands

Command

Description

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

 

protocol icmp reset-mtu (CGN)

Resets the received packet size.  

service cgn

Enables an instance for the CGN application.  

service-type nat64 (CGN)

Creates a nat64 stateless application  

tcp mss (CGN)

Adjusts the TCP maximum segment size value for a ServiceApp interface.  

traffic-class (CGN)

Configures the traffic class value to be used when translating a packet from IPv4 to IPv6  

ds-lite

To create an instance of a Dual-Stack (DS) Lite application, use the ds-lite command in Carrier Grade NAT (CGN) configuration mode. To delete the instance, use the no form of this command.

ds-lite instance name

no ds-lite instance name

Syntax Description

instance name

Specifies the name of the ds-lite instance to be created. A maximum of 64 ds-lite instances are created under a CGN instance on an Integrated Service Module (ISM) line card.

Command Default

None

Command Modes

CGN configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure a ds-lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

dynamic port range start

To configure the dynamic port range start value for a CGN NAT 44 instance, use the dynamic port range start command in the EXEC mode. These ports include TCP, UDP, and ICMP.

dynamic port range start value

Syntax Description

value

The value ranges between 1 to 65535.

Command Default

When the value is not configured, then the dynamic translations start from 1024.

Command Modes

CGN-NAT44 Configuration

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows how to execute the dynamic port range start value as 1048 for a NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router#(config-cgn-nat44)dynamic port range start 1048

external-logging netflow(DS-Lite)

To enable the external-logging facility for a DS-Lite instance, use the external-logging netflow command in CGN-DS-Lite configuration mode. To disable external-logging, use the no form of this command.

external-logging netflow9

no external-logging netflow9

Syntax Description

netflow9

Netflow9 protocol is used for external logging.

Command Default

By default, external-logging is disabled.

Command Modes

CGN DS-Lite configuration mode

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

The keyword netflow v9 has been modified to netflow version 9 .

Release 4.2.1

This command was introduced for DS-Lite.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to enter the configuration mode for the netflow9 external-logging facility:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#external logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)#server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#address 10.2.1.10 port 65

Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

 

refresh-rate(CGN)

Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance.  

service cgn

Enables an instance for the CGN application.  

timeout(CGN)

Configures the timeout for the ICMP session for a CGN instance.  

external-logging syslog (DS-Lite)

To enable the external-logging facility for syslog data, use the external-logging syslog command in CGN-DS-Lite configuration mode. To disable external-logging, use the no form of this command.

external-logging syslog server { address |{ address port number} host-name |{ name} path-mtu{ value} }

no external-logging syslog server { address |{ address port number} host-name |{ name} path-mtu{ value} }

Syntax Description

syslog

Logs syslog information to an external server.

server

Specifies the location of the server to log the syslog information.

address

Specifies the IPv4 or IPv6 address of the server.

host-name

Specifies the host name used in syslog header.

path-mtu

Specifies the mtu of the path used for logging information.

Command Default

By default, external-logging is disabled.

Command Modes

CGN DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to log syslog information for a DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#external-logging syslog
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)#server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#address 10.2.1.10 port 65
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#

Related Commands

Command

Description

external-logging netflow(DS-Lite)

 

hw-module service cgn location

To enable a CGN service role on a specified location, use the hw-module service cgn location command in global configuration mode. To disable the CGN service role at the specified location, use the no form of this command.

hw-module service cgn location node-id

no hw-module service cgn location node-id

Syntax Description

node-id

Location of the service card for CGN that you want to configure. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

root-lr

read, write

Examples

This example shows how to configure the CGN service for location 0/2/CPU0:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# hw-module service cgn location 0/2/CPU0

Related Commands

Command

Description

 

interface ServiceInfra

Enables the infrastructure SVI interface.  

service cgn

Enables an instance for the CGN application.  

service-location (CGN)

Enables the particular instance of the CGN application on the active and standby locations.  

inside-vrf (CGN)

To enter inside VRF configuration mode for a CGN instance, use the inside-vrf command in CGN configuration mode. To disable this feature, use the no form of this command.

inside-vrf vrf-name

no inside-vrf vrf-name

Syntax Description

vrf-name

Name for the inside VRF.

Command Default

None

Command Modes

CGN configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The inside-vrf command enters CGN inside VRF configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to enter inside VRF configuration mode:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#

Related Commands

Command

Description

external-logging netflow(DS-Lite)

 

map(CGN)

Maps an outside VRF and address pool to an inside vrf.  

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

interface ServiceApp

To enable the application SVI interface, use the interface ServiceApp command in global configuration mode. To disable a particular service application interface, use the no form of this command.

interface ServiceApp value

no interface ServiceApp value

Syntax Description

value

Total number of service application interfaces to be configured. Range is from 1 to 244.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The total number of service application interfaces per multi-service PLIM card cannot exceed 889.


Note


The name of the serviceapp interfaces is serviceapp n where n can be a number between 1 to 244.


Task ID

Task ID

Operations

interface

read, write

Examples

This example shows how to configure a nat64 stateless service application interface:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)#address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)#interface ServiceApp 461

This example shows how to configure 6rd service application interface:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)#address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 46

This example shows how to configure a nat44service application interface:

RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)interface ServiceApp 1
RP/0/RP0/CPU0:router(config)service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)service type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)address-family ipv4

interface ServiceInfra

To enable the infrastructure SVI interface, use the interface ServiceInfra command in global configuration mode. To disable a particular service infrastructure interface, use the no form of this command.

interface ServiceInfra value

no interface ServiceInfra value

Syntax Description

value

Total number of service infrastructure interfaces to be configured. Range is from 1 to 2000.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Only one service infrastructure interface can be configured per ISM.


Note


The Infra SVI interface and its IPv4 address configuration are required to boot the CGSE. The IPv4 address is used as the source address of the netflow v9 logging packet.


Task ID

Task ID

Operations

interface

read, write

Examples

This example shows how to configure one service infrastructure interface:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1
RP/0/RP0/CPU0:router(config-if)#ipv4 address 3.1.1.2 255.255.255.252
RP/0/RP0/CPU0:router(config-if)#service-location 0/1/CPU0

ipv4 prefix (6rd)

To assign a value for the ipv4 prefix of the tunnel, use the ipv4 prefix command. To remove the ipv4 prefix, use the no form of this command.

ipv4 prefix length value

no ipv4 prefix length value

Syntax Description

ipv4 prefix length

Indicates the IPv4 prefix length to be used while deriving the delegated IPv6 prefix.

value

IPv4 prefix length value. The range is from 0 to 31.

Command Default

None

Command Modes

CGN-TUNNEL

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This command assigns a value for the common ipv4 prefix length to be used as part of both ends of the tunnel. This is an optional br tunnel configuration parameter. If this parameter is added or modified, the unicast address must be modified.

The sum of the ipv4 prefix length and ipv4 suffix length must not exceed 31. This value is used to calculate 6rd delegated prefix.

Once configured, the ipv4 prefix cannot be deleted individually. It must be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.

Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows how to configure the ipv4 prefix:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv6 prefix length 16

Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode  

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

source-address (6rd)

Assigns an ipv4 address as the tunnel source address.  

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.  

ipv4 suffix (6rd)

To assign a value for the ipv4 tunnel suffix, use the ipv4 suffix command. To remove the ipv4 suffix, use the no form of this command.

ipv4 suffix length value

no ipv4 suffix length value

Syntax Description

ipv4 suffix length

Specifies the IPv4 suffix length to be used while deriving the delegated IPv6 prefix.

value

Indicates the length of the IPv4 suffix. It can range from 0 to 31.

Command Default

Zero

Command Modes

CGN-TUNNEL

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This command assigns a value for the common ipv4 suffix length to be used as part of both ends of the tunnel. This is an optional br tunnel configuration parameter. If this parameter is added or modified, the unicast address should also be modified.


Note


The sum of the ipv4 prefix length and ipv4 suffix length must not exceed 31. This value is used to calculate 6rd delegated prefix.



Note


Once configured, the ipv4 suffix cannot be deleted individually. It must be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.


Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows how to configure the ipv4 suffix:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv6 suffix length 15

Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode  

ipv4 prefix (6rd)

Assigns a value for the ipv4 prefix of a tunnel  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

source-address (6rd)

Assigns an ipv4 address as the tunnel source address.  

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.  

ipv6-prefix (6rd)

To convert the ipv4 address into ipv6 address to be used in the 6rd domain, use the ipv6-prefix command. To remove the ipv6 prefix assigned for the application, use the no form of this command.

ipv6-prefix X:X::X/length IPV6 subnet mask

no ipv6-prefix X:X::X/length IPV6 subnet mask

Syntax Description

ipv6-prefix

Specifies the IPv6 prefix used to translate IPv4 address to IPv6 address.

X:X::X/length

Specifies the IPv6 address.

Command Default

None

Command Modes

TUNNEL-6RD

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The ipv6-prefix command is used in the NAT64 stateless and Border Relay (br) tunnel configurations. The ipv6-prefix command is used to generate a delegated ipv6 prefix for the Border Relay related configuration. This is a mandatory br tunnel parameter. All mandatory parameters must be added or deleted at the same time.


Note


For a given 6rd domain, there is exactly one 6rd prefix.The ipv6-prefix command is used to convert the ipv4 address into ipv6 address for use by the 6rd domain.



Note


For a 6rd tunnel, configure the ipv6-prefix, ipv4 source-address, and unicast IPv6 address in a single commit operation. Once configured, the ipv6-prefix cannot be deleted individually. It must be deleted along with all the br tunnel configuration parameters.


The same ipv6-prefix can be used for multiple NAT64 stateless instances under multiple CGNs for load balancing. For NAT64 Stateless, the ipv6-prefix command is used for converting the ipv6 addresses into ipv4 addresses and ipv4 addresses into ipv6 addresses.

Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows how to enter the ipv6-prefix for the NAT64 stateless CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40

This example shows how to enter the ipv6-prefix for the 6RD CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv6-prefix 2010:db8:ff00::/40

Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode  

ipv4 prefix (6rd)

Assigns a value for the ipv4 prefix of a tunnel  

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix  

service cgn

Enables an instance for the CGN application.  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

source-address (6rd)

Assigns an ipv4 address as the tunnel source address.  

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.  

map(CGN)

To map an outside VRF and address pool to an inside vrf, use the map command in CGN inside VRF NAT44 configuration submode. To remove the outside VRF and address pool mapping for the specified inside VRF of a CGN instance, use the no form of this command.

map [ outside-vrf outside-vrf-name ] address-pool address /prefix

no map [ outside-vrf outside-vrf-name ] address-pool address /prefix

Syntax Description

outside-vrf

(Optional) Maps to a given outside VRF.

outside-vrf-name

(Optional) Name of outside VRF.

address-pool

Configures the outside address pool.

address/prefix

Network address and prefix for the address pool. The prefix must not be less than 16.

Command Default

None

Command Modes

CGN inside VRF NAT44 configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The map command maps the inside VRF to an outside VRF and assigns an outside address pool for the mapping.

If the outside VRF name is not specified, the default VRF is considered.

There is only one NAT44 instance for each CGN instance. An inside-VRF can be present in only one CGN instance. One inside-VRF can be mapped to only one outside-VRF. There can be multiple non-overlapping address-pools in a particular outside-VRF. The address pools being used on a CRS box for the outside-VRFs must not overlap with each other. An outside-VRF can be present in multiple CGN instances with different address pools. If the outside-VRF name is not specified, the default VRF is enabled.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the outside VRF and to assign the outside address pool for the mapping:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map outside-vrf outsidevrf1 address-pool 100.10.0.0/16

Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

map (DS-LITE)

To map a private IPv4 source address coming over the DS-Lite tunnel to an address in a IPv4 public address pool, use the map command in CGN DS-Lite configuration mode. To undo the mapping, use the no form of this command.

map address-pool address/prefix

no map address-pool address/prefix

Syntax Description

address-pool

Specifies the IPv4 map address pool.

address/prefix

Specifies the address and prefix for the address pool.

Command Default

None

Command Modes

CGN DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to map a private IPv4 source address coming over the DS-Lite tunnel to an address in a IPv4 public address pool:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#map address-pool 10.1.1.2/2
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command

Description

aftr-tunnel-endpoint-address (DS-LITE)

 

alg (DS-LITE)

 

bulk-port-alloc (DS-LITE)

 

external-logging netflow(DS-Lite)

 

path-mtu (DS-LITE)

 

port-limit (DS-LITE)

 

protocol (DS-LITE)

Enters the ICMP, TCP, and UDP protocol configuration mode.  

mss(CGN)

To enable the TCP maximum segment size (MSS) adjustment value for an inside VRF of a specified CGN instance and to adjust the MSS value of the TCP SYN packets going through, use the mss command in CGN inside VRF NAT44 protocol configuration mode. To disable the packets to override the TCP MSS value, use the no form of this command.

mss size

no mss size

Syntax Description

size

Size, in bytes, to be applied for the MSS value. Range is from 28 to 1500.

Command Default

Default is disabled for the TCP maximum segment size (MSS) adjustment.

Command Modes

CGN inside VRF NAT44 protocol configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The MSS value, which is configured using the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.

The mss command adjusts the MSS value of the TCP SYN packets.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure TCP MSS value as 1100 for the CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# mss 1100

Examples

This example shows how to configure the mss value for a DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#mss 66

Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

path-mtu (6rd)

To configure the 6rd ipv4 tunnel MTU (Maximum Transmission Unit) size in bytes, use the path-mtu command. To reset the MTU to its default value, use the no form of this command.

path-mtu value

no path-mtu

Syntax Description

path-mtu

Indicates the IPv6 MTU value.

value

Path-MTU value, in bytes. It ranges from 1280 to 1480.

Command Default

None

Command Modes

TUNNEL-6RD

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This command configures the path MTU size, in bytes, for the ipv4 tunnel. If the size of any incoming packet is more than this path MTU, then an ICMP error is sent as a response.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the path-mtu with the value of 1280:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# path-mtu 1500

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

br (6rd)

Enters the Border Relay configuration mode  

reassembly-enable (6rd)

Reassembles the fragmented packets.  

reset-df-bit (6rd)

Enables anycast mode functionality  

service cgn

Enables an instance for the CGN application.  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

timeout(CGN logging)

Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.  

ttl (6rd)

Configures the time to live of an IPv4 tunnel.  

path-mtu(CGN)

To configure the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a CGN instance, use the path-mtu command in CGN inside VRF address family external logging server configuration mode. To revert back to the default of 1500, use the no form of this command. This command restricts the maximum size of the Netflow-version 9 logging packet

path-mtu value

no path-mtu value

Syntax Description

value

Value, in bytes, of the path-mtu for the netflowv9-based external-logging facility. Range is from 100 to 9200.

Command Default

By default, the value of the path-mtu for the netflowv9-based external-logging facility is set to 1500.

Command Modes

CGN inside VRF address family external logging server configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This NAT44 specific command configures the value of the path-mtu for the netflowv9 based external logging facility for an inside-VRF of CGN instance.

This command restricts the maximum size of the Netflow-v9 logging packet. The path-mtu value ranges from 100 to 9200. The netflowv9-based external-logging facility is exported by using the NAT table entries.


Note


Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.


Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the path-mtu with the value of 2900 for the netflowv9-based external-logging facility:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# path-mtu 2900

Related Commands

Command

Description

external-logging netflow(DS-Lite)

 

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

server(CGN)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.  

service cgn

Enables an instance for the CGN application.  

path-mtu (DS-LITE)

To assign the path Maximum Transmission Unit (MTU) for the tunnel between routers for every ds-lite instance, use the path-mtu command in CGN DS-Lite configuration mode. To delete the mtu value, use the no form of this command.

path-mtu value

no path-mtu value

Syntax Description

value

Specifies the MTU value of the tunnel in bytes. The range is from 1280 to 9216. The default value is 1280, which is the minimum IPv6 path MTU.

Command Default

None

Command Modes

CGN DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to assign the path mtu for the tunnel between routers:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#path-mtu 1282
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command

Description

aftr-tunnel-endpoint-address (DS-LITE)

 

alg (DS-LITE)

 

bulk-port-alloc (DS-LITE)

 

external-logging netflow(DS-Lite)

 

map(CGN)

Maps an outside VRF and address pool to an inside vrf.  

port-limit (DS-LITE)

 

protocol (DS-LITE)

Enters the ICMP, TCP, and UDP protocol configuration mode.  

path-mtu (DS-LITE Netflow9 Logging)

To set the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information of a DS-Lite instance, use the path-mtu command in CGN-DS-Lite external logging server configuration mode. To return to the default behavior, use the no form of this command.

path-mtu value

no path-mtu value

Syntax Description

value

Specifies the path mtu value in bytes. The range is from 100 to 2000.

Command Default

None

Command Modes

CGN-DS-Lite external logging server configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to set the path-mtu value for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# path-mtu 200

portlimit(CGN)

To limit the number of translation entries per source address, use the portlimit command in CGN configuration mode. To revert back to the default value of 100, use the no form of this command.

portlimit value

no portlimit value

Syntax Description

value

Value for the port limit. Range is from 1 to 65535.

Command Default

If the port limit is not configured, the default value is 100 per CGN instance.

Command Modes

CGN configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This is a NAT44 service type specific command to be applied for each CGN instance.

The portlimit command configures the port limit per subscriber for the system, including TCP, UDP, and ICMP. In addition, the portlimit command restricts the number of ports that is used by an IPv4 address; for example, it limits the number of CNAT entries per IPv4 address in the CNAT table.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how the port-limit needs can increased from the default value of 100 to a higher value of 500:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# portlimit 500

Related Commands

Command

Description

service cgn

Enables an instance for the CGN application.  

port-limit (DS-LITE)

To restrict the number of entries per private IPv4 address on a given ds-lite instance, use the port-limit command in CGN DS-Lite configuration mode. To delete the port-limit values, use the no form of this command.

port-limit value

no port-limit value

Syntax Description

value

Specifies the value of the port-limit. The range is from 1 to 65535. The default value is 100.

Command Default

None

Command Modes

CGN DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to restrict the number of entries per address on a given DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#port-limit 500
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command

Description

aftr-tunnel-endpoint-address (DS-LITE)

 

alg (DS-LITE)

 

bulk-port-alloc (DS-LITE)

 

external-logging netflow(DS-Lite)

 

map(CGN)

Maps an outside VRF and address pool to an inside vrf.  

path-mtu (DS-LITE)

 

protocol (DS-LITE)

Enters the ICMP, TCP, and UDP protocol configuration mode.  

protocol(CGN)

To enter ICMP, TCP, and UDP protocol configuration mode for a given CGN instance, use the protocol command in the appropriate configuration mode. To remove all the features that are enabled under the protocol configuration mode, use the no form of this command.

protocol { icmp | tcp | udp } { mss | <28-1500> } { static-forward inside address | <A.B.C.D> | port | <1-65535> }

no protocol { icmp | tcp | udp }

Syntax Description

icmp

Enters ICMP protocol configuration mode.

tcp

Enters TCP protocol configuration mode.

udp

Enters UDP protocol configuration mode.

<28-1500>

Maximum segment size to be used in bytes.

static-forward

Configures a static port.

inside

Specifies inside network configuration..

address

Specifies the inside address for static-forward.

<A.B.C.D>

Specifies the inside IP address.

address

Specifies the port number for static-forward.

Command Default

None

Command Modes

CGN inside VRF NAT44 configuration mode

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The protocol command enters the appropriate CGN NAT44 configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the ICMP protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-invrf-icmp)# static-forward inside address 192.0.2.1 port 650

Related Commands

Command

Description

service cgn

Enables an instance for the CGN application.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

protocol (DS-LITE)

To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.

protocol { icmp | tcp | udp } { session | active | initial } {timeout value}

no protocol { icmp | tcp | udp }

Syntax Description

icmp

Enters the ICMP protocol configuration mode.

tcp

Enters the TCP protocol configuration mode.

udp

Enters the UDP protocol configuration mode.

session

Session related configuration.

active

Active session timeout

initial

Initial session timeout

timeout

Session timeout

value

Timeout in seconds. The range is from 1 to 65535.

Command Default

None

Command Modes

CGN-DS-Lite

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The protocol command enters the appropriate CGN AFI configuration mode.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the ICMP protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol icmp timeout 120

This example shows how to configure the UDP protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp session initial timeout 120
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp session active timeout 180

This example shows how to configure the TCP protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp session active timeout 180

Examples

This example shows how to configure TCP protocol for a DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)# session active timeout 56
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)# 

Examples

This example shows how to configure static forwarding in a TCP session for a DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#static-forward inside address
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto-addr)#
tunnel-source 10:2::2/22 host 10.1.1.2 port 64
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto-addr)# 

protocol icmp reset-mtu (CGN)

To reset the received packet size to 1280 when the received ipv4 ICMP packet size is less than 1280 bytes, use the protocol icmp reset-mtu command . To copy the received icmp packet size when translating ipv4 to ipv6 packets, use the no form of this command.

protocol icmp reset-mtu

no protocol icmp reset-mtu

Syntax Description

This command has no keywords or arguments.

Command Default

Received packet size will be copied when translating ipv4 to ipv6 for icmp packets.

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

When the icmp reset-mtu protocol is enabled, the ICMP packet size is reset to 1280.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the icmp reset-mtu protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-icmp)# reset-mtu

Related Commands

Command

Description

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type nat64 (CGN)

Creates a nat64 stateless application  

traceroute (CGN)

Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received.  

ubit-reserved (CGN)

Reserves the bits 64 to 71 for the IPv6 addresses.  

reassembly-enable (6rd)

To reassemble fragmented packets, use the reassembly-enablecommand. To avoid the fragmented packets from getting reassembled, use the no form of this command.

reassembly-enable

no reassembly-enable

Syntax Description

This command has no keywords or arguments.

Command Default

By default, reassembly is not allowed.

Command Modes

TUNNEL-6RD

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to apply the reassembly-enable command for a 6rd tunnel

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# reassembly-enable

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

br (6rd)

Enters the Border Relay configuration mode  

reset-df-bit (6rd)

Enables anycast mode functionality  

service cgn

Enables an instance for the CGN application.  

timeout(CGN logging)

Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.  

ttl (6rd)

Configures the time to live of an IPv4 tunnel.  

refresh-direction(CGN)

To configure the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance, use the refresh-direction command in NAT44 configuration mode. To revert back to the default value of the bidirection, use the no form of this command.

refresh-direction Outbound

no refresh-direction Outbound

Syntax Description

Outbound

Configures only the refresh direction for outbound.

Command Default

If the NAT refresh direction is not configured, the default is bidirectional.

Command Modes

NAT44 configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This is a NAT44 service type specific command to be applied for each CGN instance.

Translation entries that do not have traffic flowing for specific time period are timed out and deleted to prevent unnecessary usage of system resources. Any traffic for a particular translation entry refreshes the entry and prevents it getting timed out. Usually, the refresh is based on packets coming from both inside and outside. This is referred to as bi-directional refresh mechanism. However, bidirectional refresh can lead to denial of service (DoS) attacks because someone from the outside can periodically refresh the entries even though there is no inside traffic.

When NAT refresh direction is configured as Outbound, the translation entries are refreshed only by traffic flowing from inside to outside and prevent DoS attacks.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the mapping refresh direction for outbound:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# refresh-direction outbound

Related Commands

Command

Description

service cgn

Enables an instance for the CGN application.  

refresh-rate(CGN)

To configure the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance, use the refresh-rate command in CGN inside VRF external logging server configuration mode. To revert back to the default value of 500 packets, use the no form of this command.

refresh-rate value

no refresh-rate value

Syntax Description

value

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

value : 500

Command Modes

CGN inside VRF external logging server configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The netflowv9-based logging facility requires that a logging template be sent to the server periodically. The refresh-rate value implies that after sending that number of packets to the server, the template is resent. The timeout value implies that after that number of minutes have elapsed since the template was last sent, the template is resent to the logging server. The refresh-rate and timeout values are mutually exclusive; that is, the one that expires first, is the one taken into consideration for resending the template.


Note


Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.


Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the refresh rate value of 50 for NetFlow logging for the NAT table entries:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# refresh-rate 50

Related Commands

Command

Description

external-logging netflow(DS-Lite)

 

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

server(CGN)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 statistics

Displays the contents of the NAT44 CGN instance statistics.  

refresh rate (DS-LITE Netflow9 Logging)

To configure the refresh rate to log NetFlow-based external logging information of a DS-Lite instance, use the refresh-rate command in CGN DS-Lite external logging server configuration mode. To return to the default value, use the no form of this command.

refresh-rate value

no refresh-rate value

Syntax Description

value

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

value : 500

Command Modes

CGN DS-Lite external logging server configuration

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Note


Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.


Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the refresh rate value of 50 for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# refresh-rate 50

reset-df-bit (6rd)

Use the reset-df-bit command to enable anycast mode functionality. To disable anycast mode functionality, use the no form of this command.

reset-df-bit

no reset-df-bit

Syntax Description

This command has no keywords or arguments.

Command Default

Anycast mode is disabled.

Command Modes

TUNNEL-6RD

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

Example

This example shows how to configure the reset-df-bit:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# reset-df-bit

Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode  

service cgn

Enables an instance for the CGN application.  

timeout(CGN logging)

Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.  

reassembly-enable (6rd)

Reassembles the fragmented packets.  

server(CGN)

To enable the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility, use the server command in CGN inside-VRF external logging configuration mode. To disable this feature, use the no form of this command. External logging of NAT Entries gets disabled.

server

no server

Syntax Description

This command has no arguments or keywords.

Command Modes

CGN inside VRF external logging configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The server command enters CGN inside VRF address family external logging server configuration mode.

The NAT44 server command configures the ipv4 address and portno for the server to be used for netflowv9 based external logging facility for an inside-VRF of a CGN instance.


Note


Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.


Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the logging information for the IPv4 address and server:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50

Related Commands

Command

Description

address (CGN NetflowV9 logging)

Enables the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table.  

external-logging netflow(DS-Lite)

 

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

 

refresh-rate(CGN)

Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 statistics

Displays the contents of the NAT44 CGN instance statistics.  

timeout(CGN logging)

Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.  

service cgn

To enable an instance for the CGN application, use the service cgn command in global configuration mode. To disable the instance of the CGN application, use the no form of this command.

service cgn instance-name

no service cgn instance-name

Syntax Description

instance-name

Name of the CGN instance that is configured.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The service cgn command enters CGN configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the instance named cgn1 for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# 

service-location (CGN)

To enable the particular instance of the CGN application on the active and standby locations, use the service-location command in CGN configuration mode. To disable the instance that runs at the location of the CGN application, use the no form of this command.

service-location preferred-active node-id [ preferred-standby node-id ]

no service-location preferred-active node-id [ preferred-standby node-id ]

Syntax Description

preferred-active node-id

Specifies the location in which the active CGN application starts. The node-id argument is entered in the rack/slot/module notation.

preferred-standby node-id

(Optional) Specifies the location in which the standby CGN application starts. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

CGN configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to specify active and standby locations for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn-nat44)# service-location preferred-active 0/1/CPU0 preferred-standby 0/4/CPU0

Related Commands

Command

Description

hw-module service cgn location

Enables a CGN service role on a specified location.  

 

interface ServiceInfra

Enables the infrastructure SVI interface.  

service cgn

Enables an instance for the CGN application.  

service-location (interface)

To configure the location of the CGN service for the infrastructure service virtual interface (SVI), use the service-location command in interface configuration mode. To disable this feature, use the no form of this command.

service-location node-id

no service-location node-id

Syntax Description

node-id

Specifies the ID of the node. The node-id argument is entered in the rack/slot/module notation.

Command Modes

Interface configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the service location for 0/1/CPU0:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1
RP/0/RP0/CPU0:router(config-if)# service-location 0/1/CPU0

service redundancy failover service-type

To initiate failover services to the preferred standby location, use the service redundancy failover service-type command in EXEC mode.

service redundancy failover service-type secgn preferred-active node-id

Syntax Description

secgn

Specifies the CGN service.

preferred-active node-id

Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.0.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to initiate the failover services for the preferred standby location:

RP/0/RP0/CPU0:router# service redundancy failover service-type secgn preferred-active 0/1/cpu0
RP/0/RP0/CPU0:router# 

service redundancy revert service-type

To revert failed over services back to their preferred active location, use the service redundancy revert service-type command in EXEC mode.

service redundancy revert service-type secgn preferred-active node-id

Syntax Description

secgn

Specifies the CGN service.

preferred-active node-id

Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.0.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to revert the failed over services for the preferred active location:

RP/0/RP0/CPU0:router# service redundancy revert service-type secgn preferred-active 0/1/cpu0
RP/0/RP0/CPU0:router# 

service-type ds-lite

To enable a DS-Lite instance for the CGN application, use the service-type ds-lite command in CGN submode. To disable the DS-Lite instance of the CGN application, use the no form of this command.

service-type ds-lite instance-name [ address-family | aftr-tunnel-endpoint-address | alg | bulk-port-alloc | external-logging | ipv4-aftr-address | map | path-mtu | port-limit | protocol ]

no service-type ds-lite instance-name

Syntax Description

instance-name

Specifies the name of the ds-lite instance that is configured.

address-family

Configures the address family related information.

aftr-tunnel-endpoint-address

Specifies the IPv6 address of the tunnel endpoint.

alg

Configures the Application Level Gateway type to be used.

bulk-port-alloc

Allocates ports in bulk to reduce Netflow/Syslog data volume.

external-logging

Enables external logging.

ipv4-aftr-address

IPv4 address for ICMP messages.

map

IPv4 map address pool for inside addresses.

path-mtu

IPv6 mtu value.

port-limit

Limits the number of entries per address.

protocol

Specifies the transport protocol used.

Command Default

None

Command Modes

CGN submode (CONFIG-CGN)

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the ds-lite instance for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1

service-type nat44(CGN)

To enable a NAT 44 instance for the CGN application, use the service-type nat44 command in CGN submode. To disable the NAT44 instance of the CGN application, use the no form of this command.

service-type nat44 instance-name [ alg | inside-vrf | portlimit | protocol | refresh-direction ]

no service-type nat44 instance-name

Syntax Description

instance-name

Name of the NAT44 instance that is configured.

alg

Configures the Application Level Gateway type to be used.

inside-vrf

Configures inside VRF.

portlimit

Limits the number of entries per address.

protocol

Specifies the Transport protocol.

refresh-direction

NAT refresh direction to be used.

Command Default

None

Command Modes

CGN submode (CONFIG-CGN)

Command History

Release

Modification

Release 4.0.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The NAT44 instance name must be unique across all CGN NAT44 and NAT64 stateless instance names.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the NAT44 instance named nat1 for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1

service-type nat64 (CGN)

Use the service-type nat64 command to create a nat64 stateless application. To delete the nat64 stateless application, use the no form of this command.

service-type nat64 stateless instance [ address-family | traceroute | ipv6-prefix | ubit-reserved ]

no service-type nat64 statelessinstance

Syntax Description

stateless

Specifies the IPv4 to IPv6 Stateless translation.

instance

Indicates the name of the NAT64 stateless instance.

address-family

Specifies the address-family related configuration.

traceroute

Indicates the traceroute related configuration.

ipv6-prefix

Specifies the IPv6 prefix to be used to translate IPv4 address to IPv6 address.

ubit-reserved

Enables reserving ubits in IPv6 address.

Command Default

None

Command Modes

CONFIG-CGN

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The NAT64 stateless instance name must be unique across all the CGN NAT44 and NAT64 stateless instance names. There can only be 64 service-type NAT64 configurations per Roddick line card or chassis spanning over different cards.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the nat64 stateless instance named xlat1for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type nat44(CGN)

Enables a NAT 44 instance for the CGN application.  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

traceroute (CGN)

Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received.  

ubit-reserved (CGN)

Reserves the bits 64 to 71 for the IPv6 addresses.  

service-type tunnel (CGN)

To create a v6rd tunnel application, use the service-type tunnel command. To delete this instance of the v6rd tunnel application, use the no form of this command.

service-type tunnel v6rd instanceaddress-family | br | path-mtu | reassembly-enable | reset-df-bit | tos | ttl

no service-type tunnel v6rd instance

Syntax Description

v6rd

Specifies the 6rd configuration.

instance

Indicates the name of the 6rd instance.

address-family

Specifies the address-family related configuration.

br

Specifies the border relay related configuration.

path-mtu

Specifies the IPv6 MTU value.

reassembly-enable

Enables the reassembly operation.

reset-df-bit

Enables resetting of DF bit.

tos

Specifies the type of service to be used for IPv4 tunnel.

ttl

Specifies the time to live value to be used for IPv4 tunnel.

Command Default

None

Command Modes

CONFIG-CGN

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The 6rd instance name must be unique across all instance names like CGN instance name, NAT44 instance, and NAT64 stateless instance names. There can only be 64 service-type v6rd tunnel configurations for each line card or chassis spanning over different cards.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the tunnel instance named nat64 for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)#

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

br (6rd)

Enters the Border Relay configuration mode  

reassembly-enable (6rd)

Reassembles the fragmented packets.  

reset-df-bit (6rd)

Enables anycast mode functionality  

service cgn

Enables an instance for the CGN application.  

service-type nat44(CGN)

Enables a NAT 44 instance for the CGN application.  

service-type nat64 (CGN)

Creates a nat64 stateless application  

timeout(CGN logging)

Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.  

ttl (6rd)

Configures the time to live of an IPv4 tunnel.  

session(CGN)

To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in CGN NAT44 protocol configuration mode. To revert back to the default value for the TCP or UDP session timeouts, use the no form of this command.

session { active | initial } timeout seconds

no session { active | initial } timeout seconds

Syntax Description

active

Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds.

initial

Configures the initial session timeout.

timeout

Configures the timeout for either active or initial sessions.

seconds

Timeout for either active or initial sessions. Range is from 1 to 65535.

Command Default

If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.

If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.

If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.

If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).

Command Modes

CGN NAT44 protocol configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

If the no form of this command is specified, the following guidelines apply:

  • UDP initial session timeout value reverts back to the default value of 30.
  • UDP active session timeout value reverts back to the default value of 120.
  • TCP initial session timeout value reverts back to the default value of 120.
  • TCP active session timeout value reverts back to the default value of 1800.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the initial session timeout value as 90 for TCP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for TCP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

This example shows how to configure the initial timeout value as 90 for UDP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for UDP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

Related Commands

Command

Description

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

timeout(CGN)

Configures the timeout for the ICMP session for a CGN instance.  

session (DS-LITE)

To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in CGN DS-Lite protocol configuration mode. To return to the default value for the session timeouts, use the no form of this command.

session { active | init } timeout seconds

no session { active | init } timeout seconds

Syntax Description

active

Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds.

init

Configures the initial session timeout.

timeout

Configures the timeout for either active or initial sessions.

seconds

Timeout for either active or initial sessions. Range is from 1 to 65535.

Command Default

If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.

If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.

If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.

If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).

Command Modes

CGN DS-Lite protocol configuration

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

If the no form of this command is specified, the following guidelines apply:

  • UDP initial session timeout value reverts back to the default value of 30.
  • UDP active session timeout value reverts back to the default value of 120.
  • TCP initial session timeout value reverts back to the default value of 120.
  • TCP active session timeout value reverts back to the default value of 1800.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the initial session timeout value as 90 for TCP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for TCP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

This example shows how to configure the initial timeout value as 90 for UDP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for UDP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

Related Commands

Command

Description

protocol (DS-LITE)

Enters the ICMP, TCP, and UDP protocol configuration mode.  

show cgn ds-lite inside-translation

To display the translation table entries for an inside-address to outside-address for a specified DS-Lite CGN instance, use the show cgn ds-lite inside-translation command in EXEC mode.

show cgn ds-lite instance-name inside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | static } ] | tunnel-v6-source-address IPv6 address inside-address IPv4 address port start number end number

Syntax Description

instance-name

Name of the DS- lite instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

tunnel-v6-source-addressIPv6 address

(Optional) Displays information for the IPv6 address family.

inside-addressaddress

Displays the inside address.

port

Displays the range of the port numbers.

start number

The start port from which the translation table entries should be displayed.

end number

The end port till which the translation table entries should be displayed.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read

Examples

This example displays the translation table entries for a particular DS-Lite instance:

-----------------------------------------------------------------------------------------------------------------------
DSLite  instance : dslite1,   Tunnel-Source-Address : 2001 :db8 ::1, Inside Source Address 10.1.1.1
-----------------------------------------------------------------------------------------------------------------------
Outside		          Protocol   Inside    Outside     Translation      Inside         Outside
Address																							Source    Source      Type              to             to
                    										Port	     Port                         Outside        Inside
                                                                     Packets        Packets
------------------------------------------------------------------------------------------------------

132.16.6.65	      tcp	        314	     5554	         dyn             875364          5345
132.16.6.65       udp         11333    43337         dyn             334333          873334

Related Commands

Command

Description

 

 

show cgn nat44 inside-translation

To display the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance, use the show cgn nat44 inside-translation command in EXEC mode.

show cgn nat44 instance-name { inside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | static } ] inside-vrf vrf-name | tunnel-v6-source-address { source tunnel address | | inside-address | address port | | start | | number | end | | number }

Syntax Description

instance-name

Name of the NAT44 instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

ipv4

(Optional) Displays information for the IPv4 address family.

inside-vrf

Displays the information for the inside VPN routing and forwarding (VRF) for the necessary translation details.

vrf-name

Name of the inside VRF.

inside-address

Displays the inside address for the inside VRF.

address

Inside address.

port

Displays the range of the port numbers.

start number

The start port from which the translation table entries should be displayed.

end number

The end port till which the translation table entries should be displayed.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included to the command.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The show cgn nat44 inside-translation command displays the translation for entries that are based on the inside-vrf, inside IPv4 address, and the pool of the inside ports. The inside-address keyword must have a /32 address. Each entry is displayed with a field that informs whether it is static, ALG, or dynamic translation.

If the value of the translation type is not specified, all types of entries are displayed.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows sample output from the show cgn inside-translation command:

RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port-range 23 56

Inside-translation details 
-----------------------------------
NAT44 instance : nat1
Inside-VRF     : insidevrf1 
--------------------------------------------------------------------------------------
Outside        Protocol  Inside   Outside     Translation      Inside       Outside
Address                  Source   Source      Type             to           to
                         Port     Port                         Outside      Inside
                                                               Packets      Packets
--------------------------------------------------------------------------------------
12.168.6.231   tcp       34       2356        alg              875364       65345
12.168.6.98    tcp       56       8972        static           78645        56343
12.168.2.12    tcp       21       2390        static           45638        89865
12.168.2.123   tcp       34       239         dynamic          809835       67854
.
.
.
.
.
12.168.2.123   tcp       34       3899         dynamic          9835       6785

This table describes the significant fields shown in the display.



Table 1 show cgn inside-translation Field Descriptions

Field

Description

CGN instance

Name of the CGN instance configured

Inside-VRF

Name of the inside-vrf configured

Outside Address

Outside IPv4 address

Inside Source Port

Inside Source Port Number

Outside Source Port

Translated Source Port Number

Translation Type

Type of Translation (Static/Dynamic/ALG/ Static+ALG).

Inside to Outside Packets

Outbound Packets.

Outside to Inside Packets

Inbound Packets.

Related Commands

Command

Description

clear cgn nat44 inside-vrf

Clears translation database entries that are created dynamically for the specified inside VRF.  

clear cgn nat44 port

Clears the translation database entries that are created dynamically for the specified inside port number.  

clear cgn nat44 protocol

 

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

show cgn ds-lite outside-translation

To display the outside-address to inside-address translation details for a specified NAT44 instance, use the show cgn nat44 outside-translation command in EXEC mode.

show cgn nat44 instance-name outside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | static } ] outside-address address port start number end number

Syntax Description

instance-name

Name of the NAT44 instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

outside-address

Displays the outside address for the inside VRF.

address

Outside address.

port

Displays the range of the port numbers.

start number

Displays the start of the port number.

end number

Displays the end of the port number.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read

Examples

Example

This example displays the translation table entries for an outside address for a particular DS-Lite instance:

-----------------------------------------------------------------------------------------------------------------------
DSLite  instance : dslite1, Tunnel-Source-Address : 2001 :db8 ::1, Outside Source Address 100.1.1.1
-----------------------------------------------------------------------------------------------------------------------
Inside		Protocol   Inside    Outside     Translation    Inside            Outside
Address		          Source    Source      Type              to                to
                   Port	     Port                       Outside           Inside
                                                        Packets           Packets
------------------------------------------------------------------------------------------------------

10.16.6.65	tcp	    314	     5554	         dyn           875364            5345
10.16.6.65 udp     11333    43337         dyn           334333            873334

Related Commands

Command

Description

 

 

show cgn nat44 outside-translation

To display the outside-address to inside-address translation details for a specified NAT44 instance, use the show cgn nat44 outside-translation command in EXEC mode.

show cgn nat44 instance-name outside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | static } ] outside-address address port start number end number

Syntax Description

instance-name

Name of the NAT44 instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

outside-address

Displays the outside address for the inside VRF.

address

Outside address.

port

Displays the range of the port numbers.

start number

Displays the start of the port number.

end number

Displays the end of the port number.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

The NAT44 instance was included to the command. The address-family keyword was removed.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

If you want to display the entries for a single port, the value for the end port must be equal to that of the start port. Each entry is displayed with a field that informs whether it is static, ALG, or dynamic translation.

If no VRF is specified, the entries are displayed for the default VRF.

If the value of the translation type is not specified, all types of entries are displayed.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows sample output from the show cgn outside-translation command:

RP/0/RP0/CPU0:router# show cgn nat44 nat1 outside-translation protocol tcp outside-vrf
outsidevrf1 outside-address 10.64.23.45 port start 23 end 5

Outside-translation details 
---------------------------------
NAT44 instance : nat1
Outside-VRF    : outsidevrf1 
------------------------------------------------------------------------------------------
Outside      Protocol    Outside     Inside        Translation   Inside     Outside
Address                  Destination Destination   Type          to         to
                         Port        Port                        Outside    Inside
                                                                 Packets    Packets
------------------------------------------------------------------------------------------
13.16.6.23   tcp         314         56            dynamic       8753       5345
13.16.6.23   tcp         819         329           alg           8901       890
13.16.6.23   tcp         40          178           alg           97654      4532
13.16.6.23   tcp         503         761           static        43215      8765
13.16.6.23   tcp         52          610           dynamic       7645       876
.
.
.
.
.

13.16.6.23   tcp         390          621           static       67532       1234

This table describes the significant fields shown in the display.



Table 2 show cgn outside-translation Field Descriptions

Field

Description

NAT44 instance

Name of the NAT44 instance configured

Outside-VRF

Name of the Outside VRF configured

Outside Address

Outside IPv4 address

Protocol

Protocol Type (TCP/UDP/ICMP)

Outside Destination Port

Outside Destination Port

Inside Destination Port

Inside Destination Port

Translation Type

Type of Translation ( Static/Dynamic/ALG/ Static+ALG)

Inside to Outside Packets

Outbound Packets

Outside to Inside Packets

Inbound Packets

Related Commands

Command

Description

clear cgn nat44 inside-vrf

Clears translation database entries that are created dynamically for the specified inside VRF.  

clear cgn nat44 port

Clears the translation database entries that are created dynamically for the specified inside port number.  

clear cgn nat44 protocol

 

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

map(CGN)

Maps an outside VRF and address pool to an inside vrf.  

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn ds-lite pool utilization

To display the outside address pool utilization details for a specified DS-Lite instance, use the show cgn ds-lite pool-utilization command in EXEC mode.

show cgn ds-lite instance-name pool-utilization address-range start-address end-address

Syntax Description

ds-liteinstance-name

Name of the ds-lite instance that is configured.

address-range

Displays the range for the outside address.

start-address

Range for the start address of the outside address pool. The range of the IPv4 addresses cannot be more than 255 consecutive IPv4 addresses.

end-address

Range for the end address of the outside address pool.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read

Examples

This example displays the utilization of the outside address pool for a DS-Lite instance:

-------------------------------------------------------------------------
DS-Lite  instance	: dslite1
-------------------------------------------------------------------------
Outside						Number			    Number
Address						of 							   of
													Free ports		 Used ports	
-------------------------------------------------------------------------
17.16.6.23		 123			     		64388			
17.16.6.120		58321			   		6190
17.16.6.98		 98			      		64413
17.16.6.2		  1234			    		60123

Related Commands

Command

Description

 

 

show cgn nat44 pool-utilization

To display the outside address pool utilization details for a specified NAT44 instance, use the show cgn nat44 pool-utilization command in EXEC mode. The range of the IPv4 addresses must not be more than 255 consecutive IPv4 addresses. Any range beyond the specified limit may hog the CGSE processors resulting in unresponsive CGN commands and Health monitoring test failures which causes subsequent CGSE reload, if auto reload is not disabled.

show cgn nat44 instance-name pool-utilization inside-vrf vrf-name address-range start-address end-address

Syntax Description

nat44instance-name

Name of the NAT44 instance that is configured.

inside-vrf

Displays the contents for the inside VRF.

vrf-name

Name for the inside VRF.

address-range

Displays the range for the outside address.

start-address

Range for the start address of the outside address pool. The range of the IPv4 addresses cannot be more than 255 consecutive IPv4 addresses.

end-address

Range for the end address of the outside address pool.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

The NAT44 instance was included to the command syntax.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The show cgn nat44 pool-utilization command displays the utilization of the outside address pool. In addition, this command displays the number of free and used ports per IPv4 address in the specified range.

Task ID

Task ID

Operations

cgn

read

Examples

The following sample output shows the number of free and used global addresses and port numbers:

RP/0/RP0/CPU0:router# show cgn nat44 nat1 pool-utilization inside-vrf insidevrf4 address-range 17.16.6.23 20.12.23.1

Public-address-pool-utilization details
-------------------------------------------------------------------------
NAT44 instance: nat1 
VRF           : insidevrf4
-------------------------------------------------------------------------
Outside             Number            Number
Address             of                of
                    Free ports        Used ports
-------------------------------------------------------------------------
17.16.6.23          123               64388
17.16.6.120         58321             6190
17.16.6.98          98                64413
17.16.6.2           1234              60123
.
.
.
.
.
.
.
.
.
18.12.6.12          678               52789

This table describes the significant fields shown in the display.



Table 3 show cgn pool-utilization Field Descriptions

Field

Description

NAT44 instance

Name of the NAT44 instance configured

VRF

Name of the Inside VRF configured

Outside Address

Outside IPv4 address.

Number of Free Ports

Total number of Free ports available for the given Outside IPv4 address

Number of Used Ports

Total number of Used ports for the given Outside IPv4 address

Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

map(CGN)

Maps an outside VRF and address pool to an inside vrf.  

show cgn ds-lite statistics

show cgn ds-lite instance-name statistics

Syntax Description

instance-name

Name of the configured DS-Lite instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read

Examples

This command displays the statistics corresponding to DS-Lite instances:

Statistics summary of cgn: 'cgn1'
Number of active translations: 45631
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195
Pool address used: 23

Related Commands

Command

Description

 

 

show cgn nat44 statistics

To display the contents of the NAT44 CGN instance statistics, use the show cgn nat44 statistics command in EXEC mode.

show cgn nat44 instance-name statistics

Syntax Description

instance-name

Name of the configured NAT44 instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

The summary keyword was removed.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Statistics provides the total number of active translation for a given NAT44 instance and other parameters. In addition, the outside IPv4 addresses, along with the current number of ports in use, are used for translation.

Task ID

Task ID

Operations

cgn

read

Examples

This output shows the statistics entries:

RP/0/RP0/CPU0:router# show cgn nat44 nat1 statistics

Statistics summary of NAT44 instance: 'nat1'
Number of active translations: 34
Translations create rate: 0
Translations delete rate: 0
Inside to outside forward rate: 3
Outside to inside forward rate: 3
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
Outside to inside drops no translation entry: 9692754
Pool address totally free: 62
Pool address used: 2
Pool address usage:
-------------------------------------------------
External Address Ports Used 
-------------------------------------------------
24.114.18.53 4
24.114.18.55 30
-------------------------------------------------

show cgn tunnel v6rd statistics

To display the V6rd tunnel statistics information for a CGN instance, use the show cgn tunnel v6rd statistics command in the EXEC mode.

show cgn tunnel v6rd 6rd-instance statistics

Syntax Description

tunnel

Indicates the tunnel type.

v6rd

Specifies the 6rd information.

6rd-instance

Specifies the CGN instance name.

statistics

Specifies the statistics details for 6rd.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read

Examples

This sample output shows the summary of the statistics entries:

RP/0/RP0/CPU0:router# show cgn tunnel v6rd 6rd1 statistics

Tunnel 6rd configuration
=========================
Tunnel 6rd name: 6rd1
IPv6 Prefix/Length: 2001:db8::/32
Source address: 9.1.1.1
BR Unicast address: 2001:db8:901:101::1
IPv4 Prefix length: 0
IPv4 Suffix length: 0
TOS: 0, TTL: 255, Path MTU: 1280
Tunnel 6rd statistics
======================
IPv4 to IPv6
=============
Incoming packet count : 2296951183
Incoming tunneled packets count : 2296951183
Decapsulated packets : 0
ICMP translation count : 0
Insufficient IPv4 payload drop count : 0
Security check failure drops : 0
No DB entry drop count : 0
Unsupported protocol drop count : 0
Invalid IPv6 source prefix drop count : 2296951183
IPv6 to IPv4
=============
Incoming packet count : 0
Encapsulated packets count : 0
No DB drop count : 0
Unsupported protocol drop count : 0
IPv4 ICMP
==========
Incoming packets count : 0
Reply packets count : 0
Throttled packet count : 0
Nontranslatable drops : 0
Unsupported icmp type drop count : 0
IPv6 ICMP
==========
Incoming packets count : 0
Reply packets count : 0
Packet Too Big generated packets count : 0
Packet Too Big not generated packets count : 0
NA generated packets count : 0
TTL expiry generated packets count : 0
Unsupported icmp type drop count : 0
Throttled packet count : 0
IPv4 to IPv6 Fragments
=======================
Incoming fragments count : 0
Reassembled packet count : 0
Reassembed fragments count : 0
ICMP incoming fragments count : 0
Total fragment drop count : 0
Fragments dropped due to timeout : 0
Reassembly throttled drop count : 0
Duplicate fragments drop count : 0
Reassembly disabled drop count : 0
No DB entry fragments drop count : 0
Fragments dropped due to security check failure : 0
Insufficient IPv4 payload fragment drop count : 0
Unsupported protocol fragment drops : 0
Invalid IPv6 prefix fragment drop count : 0
IPv6 to IPv4 Fragments
=======================
Incoming ICMP fragment count : 0
RP/0/RP1/CPU0:#
=================================================================================

Related Commands

Command

Description

show cgn nat44 statistics

Displays the contents of the NAT44 CGN instance statistics.  

show services redundancy (CGN)

To display the current active and standby CGSE in a intrachassis redundancy setup, use the show services redundancy command in EXEC mode.

show services redundancy { brief | detail | summary } locationnode-id

Syntax Description

brief

Displays a brief view of redundant nodes of CGN instances.

detail

Displays a detailed view of redundant nodes of CGN instances.

summary

Displays a summary of redundant nodes of CGN instances.

locationnode-id

Specifies the location. The node-id argument is entered in the rack/slot/module notation.

Command Default

No default behavior or values

Command Modes

EXEC

Command History

Release Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read

Examples

Example

This example shows the sample output of show services redundancy command when the configured preferred active node 0/0/CPU0 is in Active state:

RP/0/RP0/CPU0:routershow services redundancy

Service type     Name                    Pref. Active        Pref. Standby      
--------------------------------------------------------------------------------
ServiceInfra     ServiceInfra1           0/0/CPU0 Active    
ServiceInfra     ServiceInfra2           0/2/CPU0 Active    
ServiceCgn       cgn1                    0/0/CPU0 Active     0/2/CPU0 Standby   

This example shows the sample output of show services redundancy command when the configured preferred standby node 0/2/CPU0 is in Active state:

RP/0/RP0/CPU0:routershow services redundancy

Service type     Name                    Pref. Active        Pref. Standby      
--------------------------------------------------------------------------------
ServiceInfra     ServiceInfra1           0/0/CPU0 Active    
ServiceInfra     ServiceInfra2           0/2/CPU0 Active    
ServiceCgn       cgn1                    0/0/CPU0 Standby     0/2/CPU0 Active    

source-address (6rd)

Use the source-address command to assign an ipv4 address as the tunnel source address. To remove the source address assigned to the tunnel, use the no form of this command.

source-address <A.B.C.D>

Syntax Description

A.B.C.D

Indicates the Source IP address.

Command Default

None

Command Modes

TUNNEL-6RD

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Note


For a 6rd tunnel, configure the ipv6-prefix, ipv4 source-address and unicast IPv6 address in a single commit operation. Once configured, the source-address cannot be deleted individually. It must be deleted along with all br tunnel configuration parameters.


Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the v6rd tunnel source-address:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# source-address 10.2.2.1

Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode  

ipv4 prefix (6rd)

Assigns a value for the ipv4 prefix of a tunnel  

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.  

static-forward inside(CGN)

To enable forwarding for the static port for an inside IPv4 address and inside port combination, use the static-forward inside command in CGN inside VRF NAT44 protocol configuration mode. To disable static forwarding, use the no form of this command.

static-forward inside

no static-forward inside

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

CGN inside VRF NAT44 protocol configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The static-forward inside command enters CGN inside VRF static port inside configuration mode.

If the static-forward inside command is executed successfully along with the inside IPv4 address and port information, CGN can dynamically allocate one free outside IPv4 address and outside port number from the outside address pool. Common use for static PAT is to allow Internet users from the public network to access a server located in the private network.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure forwarding for the static port:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# static-forward inside
RP/0/RP0/CPU0:router(config-cgn-ivrf-sport-inside)# 

Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 statistics

Displays the contents of the NAT44 CGN instance statistics.  

tcp mss (CGN)

Use the tcp mss command to adjust the TCP maximum segment size (MSS) value for a ServiceApp interface. To disable a particular service application interface, use the no form of this command.

tcp mss<28-1500>

no tcp mss

Syntax Description

<28-1500>

Maximum segment size to be used in bytes.

Command Default

tcp mss value is disabled by default.

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

If this configuration does not exist, TCP determines the maximum segment size based on the settings specified by the application process, interface maximum transfer unit (MTU), or MTU received from Path MTU Discovery. This is a NAT64 stateless translation command to be applied for each NAT64 stateless CGN instance. This command enables rewriting of the tcp mss value in the translated IPv4 packet (getting translated from IPv6 to IPv4), if the incoming tcp mss value is greater than the value configured by this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure TCP MSS value as 1000 for a NAT64 stateless ServiceApp interface:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# interface ServiceApp 2
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# tcp mss 1000

Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

protocol(CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.  

service cgn

Enables an instance for the CGN application.  

timeout(CGN)

To configure the timeout for the ICMP session for a CGN instance, use the timeout command in CGN NAT44 protocol configuration mode. To revert back to default value of 60 seconds, use the no form of this command.

timeout seconds

no timeout seconds

Syntax Description

seconds

Timeout value. Range is from 1 to 65535.

Command Default

The default ICMP timeout value is 60.

Command Modes

CGN NAT44 protocol configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

This is a NAT44 service type specific command to be applied for each CGN instance. This command configures the initial and active timeout value in seconds for TCP or UDP sessions for a CGN instance. For ICMP, the user can configure only the timeout value.


Note


The destination port/destination address timeout configuration is not supported for ICMP.


For TCP and UDP, the per port active timeout session is prioritized according to these criteria, higher to lower precedence:
  1. A destination address and port combination
  2. A destination address
  3. A destination port
  4. Default protocol timeout

Enter up to 1000 timer entries (inclusive of port only, ip only or port/ip combo).

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the timeout value as 908 for the ICMP session:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-proto)# timeout 908

This example shows how to configure the destination address value as 600 for the tcp session:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf red
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# address 40.1.1.2 timeout 600

This example shows how to configure the destination port value as 600 for the tcp session:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf red
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# port 80 timeout 600

timeout(CGN logging)

To configure the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server, use the timeout command in CGN inside-VRF external logging server configuration mode.

To revert back to the default value of 30 minutes, use the no form of this command.

timeout value

no timeout value

Syntax Description

value

Value, in minutes, for the timeout. Range is from 1 to 3600.

Command Default

value : 30

Command Modes

CGN inside VRF external logging server configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

After a certain amount of minutes has elapsed since the template was last sent, the timeout value is resent to the logging server.

The netflowv9 based logging requires that a logging template be sent to the server periodically. The timeout value implies that after that number of minutes has elapsed since the template was last sent, the template will be resent to the logging server. The refresh-rate value implies that after sending that number of packets to the server, the template will be resent. The timeout and refresh-rate values are mutually exclusive; that is, the one that expires first is the one considered for resending the template.


Note


Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.


Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the timeout value as 50 for the NetFlow logging information for the NAT table entries:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# timeout 50

Related Commands

Command

Description

external-logging netflow(DS-Lite)

 

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.  

server(CGN)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.  

service cgn

Enables an instance for the CGN application.  

show cgn nat44 statistics

Displays the contents of the NAT44 CGN instance statistics.  

timeout (DS-LITE Netflow9 Logging)

To configure the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance, use the timeout command in CGN DS-Lite external logging server configuration mode.

To return to the default value of 30 minutes, use the no form of this command.

timeout value

no timeout value

Syntax Description

value

Value, in minutes, for the timeout. Range is from 1 to 3600.

Command Default

value : 30

Command Modes

CGN DS-Lite external logging server configuration

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the timeout value as 50 for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# timeout 50

tos (CGN)

To configure the IPv4 tunnel type of service, use the tos command in the NAT64 or tunnel 6rd configuration mode. To disable the type of service, use the no form of this command.

tos value

no tos value

Syntax Description

value

Indicates the value of the type of service to be set. It ranges from 0 to 255.

Command Default

None

Command Modes

CG-NAT64

TUNNEL-6RD

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the NAT64 ipv4 tunnel type of service:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# tos 255

This example shows how to configure the 6rd tunnel type of service:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# tos 25

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

df-override (CGN)

Sets the do not fragment bit  

ipv4 prefix (6rd)

Assigns a value for the ipv4 prefix of a tunnel  

service cgn

Enables an instance for the CGN application.  

service-type nat64 (CGN)

Creates a nat64 stateless application  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

tcp mss (CGN)

Adjusts the TCP maximum segment size value for a ServiceApp interface.  

ttl (6rd)

Configures the time to live of an IPv4 tunnel.  

traceroute (CGN)

To configure a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received, use the traceroute command. To remove the pool of IPv4 addresses used for mapping the non-translatable IPv6 source addresses, use the no form of this command.

traceroute translation address-pool <A.B.C.D/prefix IP subnet mask>algorithm | hash | random | ttl

no traceroute translation

Syntax Description

translation

Specifies the configuration related to translating traceroute addresses.

address-pool

Specifies the IPv4 address pool for traceroute addresses.

A.B.C.D/ prefix IP subnet

Indicates the start address and prefix for the address pool.

algorithm

Indicates the algorithm to translate IPv6 address to IPv4 address.

hash

Indicates the hashing algorithm.

random

Randomly generated algorithm.

ttl

Specifies time to live algorithm.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

These IPv4 addresses are not allowed to be configured through this command:

  1. 127.0.01
  2. 224.0.0.0 onwards
  3. All zero addresses
  4. Broadcast address

The value for prefix can range from 1 to 32. There is only one such map per instance of stateless ipv4 to ipv6 service-type. When there is no pool of IPv4 addresses to translate the non-translatable IPv6 source address, packets coming with non-translatable IPv6 source addresses are dropped.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the address-pool:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# traceroute translation address-pool 121.1.2.0/24

This example shows how to configure the random algorithm:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# traceroute translation algorithm Random

This example shows how to configure the hash algorithm:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# traceroute translation algorithm Hash

This example shows how to configure the TTL algorithm:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# traceroute translation algorithm TTL

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type nat64 (CGN)

Creates a nat64 stateless application  

ubit-reserved (CGN)

Reserves the bits 64 to 71 for the IPv6 addresses.  

traffic-class (CGN)

Use the traffic-class command to configure the traffic class value to be used when translating a packet from IPv4 to IPv6. To copy the traffic-class value from ipv4 packet, use the no form of this command.

traffic-class value

no traffic-class value

Syntax Description

value

The value of traffic class to be set. It ranges from 0 to 255.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the CGN-NAT64 traffic class value:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# interface ServiceApp 461
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# traffic-class 20

Related Commands

Command

Description

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

df-override (CGN)

Sets the do not fragment bit  

service cgn

Enables an instance for the CGN application.  

service-type nat64 (CGN)

Creates a nat64 stateless application  

ttl (6rd)

To configure the ipv4 tunnel time to live, use the ttl command. To disable the time to live, use the no form of this command.

ttl value

no ttl value

Syntax Description

value

Specifies the Time To Live value to be used for IPv4 tunnel. Valid values are from 1 to 255.

Command Default

None

Command Modes

TUNNEL-6RD

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the 6rd tunnel time to live value:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ttl 25

Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode  

path-mtu (6rd)

Configures the 6rd ipv4 tunnel MTU (Maximum Transmission Unit) size.  

reassembly-enable (6rd)

Reassembles the fragmented packets.  

reset-df-bit (6rd)

Enables anycast mode functionality  

service cgn

Enables an instance for the CGN application.  

ubit-reserved (CGN)

To reserve the bits 64 to 71 in the IPv6 addresses, use the ubit-reserved command. To cancel the IPv6 addresses from getting reserved to bits 64 to 71, use the no form of this command. They may be used to store IPv4 address octets as part of translation.

ubit-reserved

no ubit-reserved

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This is a NAT64 stateless translation command to be applied for each instance of NAT64 stateless of a CGN instance. When this configuration is enabled bits 64 to 71 in the IPv6 addresses are reserved for purposes including U-Bit. These are not used for translation purposes.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the nat64 stateless ubit-reserved option:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ubit-reserved

Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type nat64 (CGN)

Creates a nat64 stateless application  

traceroute (CGN)

Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received.  

unicast address (6rd)

Use the unicast address command to assign an IPv6 address to be used for a 6rd Border Relay unicast configuration. To remove the assigned unicast address, use the no form of this command.

unicast address <X:X::X>

no unicast address <X:X::X>

Syntax Description

<X:X::X>

Specifies the IPv6 address to be used for unicast from IPv6 network.

Command Default

None

Command Modes

6RD-BR

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Note


For a 6rd tunnel, configure the br with ipv6-prefix, ipv4 source-address and unicast IPv6 address in a single commit operation. Once configured, the unicast address cannot be deleted individually. It must be deleted along with all br tunnel configuration parameters.

The ipv6 unicast address is derived from these: ipv6 prefix, ipv6 prefix length, ipv4 prefix length and ipv4 suffix length, and tunnel source address.



Note


ipv6 unicast address = <ipv6-prefix> + (remove ipv4 prefix length bits from starting and ipv4 suffix length bits from ending of tunnel source address) :: <number>


Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the v6rd tunnel unicast address:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# unicast address 2010:db8:ff00::

Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode  

ipv4 prefix (6rd)

Assigns a value for the ipv4 prefix of a tunnel  

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix  

ipv6-prefix (6rd)

Converts the IPv4 address into IPv6 address for use by the 6rd domain  

service cgn

Enables an instance for the CGN application.  

service-type tunnel (CGN)

Creates a v6rd tunnel application.  

source-address (6rd)

Assigns an ipv4 address as the tunnel source address.  

vrf (cgn)

Use the vrf command to configure a VPN routing and forwarding (VRF) instance. To disable the VRF, use the no form of this command.

vrf vrf-name

no vrf vrf-name

Syntax Description

vrf-name

The CGN application uses inside vrfs and outside vrfs exclusively. These names cannot be used: all, default, and global.

Command Default

None

Command Modes

CONFIG-IF

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Note


The number of supported VRFs is platform specific. For the CGN application, use only these vrf-names: insidevrf1 and outsidevrf1. The CGN application uses inside vrfs and outside vrfs exclusively, and the user needs to name and use them accordingly.


Task ID

Task ID Operation

ip services

read, write

Examples

This example shows how to create an inside and outside VRF using the vrf command:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# vrf insidevrf1
RP/0/RP0/CPU0:router(config-vrf)# vrf outsidevrf1
RP/0/RP0/CPU0:router(config-vrf)# exit

Related Commands

Command

Description

hw-module service cgn location

Enables a CGN service role on a specified location.  

 

interface ServiceInfra

Enables the infrastructure SVI interface.  

service cgn

Enables an instance for the CGN application.  

service-type nat44(CGN)

Enables a NAT 44 instance for the CGN application.