Feedback
Contents
Carrier Grade NAT Commands on Cisco IOS XR Software
- address (CGN NetflowV9 logging)
- address (CGN static-forward)
- alg ActiveFTP (CGN)
- clear cgn nat44
- clear cgn nat44 inside-vrf
- clear cgn nat44 ipaddress
- clear cgn nat44 port
- clear cgn nat44 protocol
- external-logging (CGN)
- hw-module service cgn location
- inside-vrf (CGN)
- interface ServiceApp
- interface ServiceInfra
- map (CGN)
- mss (CGN)
- path-mtu (CGN)
- portlimit (CGN)
- protocol (CGN)
- refresh-direction (CGN)
- refresh-rate (CGN)
- server (CGN)
- service cgn
- service-location (CGN)
- service-location (interface)
- service redundancy failover service-type
- service redundancy revert service-type
- service-type nat44
- session (CGN)
- show cgn nat44 inside-translation
- show cgn nat44 outside-translation
- show cgn nat44 pool-utilization
- show cgn nat44 statistics
- static-forward inside (CGN)
- timeout (CGN)
- timeout (CGN logging)
address (CGN NetflowV9 logging)
To enable the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table, use the address command in CGN inside VRF external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.
Syntax Description
address
IPv4 address of the server.
port
Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs.
number
Port number. Range is from 1 to 65535.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The CGN NetflowV9-based translation entry is used to create and delete the logs.
Task ID
Examples
The following example shows how to configure the IPv4 address and port number 45 for NetFlow logging of the NAT table entries:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0//CPU0:router(config-cgn-invrf-af-extlog)# server RP/0//CPU0:router(config-cgn-invrf-af-extlog-server)# address 2.3.4.5 port 45Related Commands
Command
Description
Enables the external-logging facility for an inside VRF of a CGN instance.
Enters inside VRF configuration mode for a CGN instance.
Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.
Enables an instance for the CGN application.
address (CGN static-forward)
To enable the inside IPv4 address and port number for static forwarding for a CGN instance, use the address command in CGN inside VRF static port inside configuration mode. To disable this feature, use the no form of this command.
Syntax Description
address
IPv4 address of an inside host server.
port
Configures the inside port for static forwarding. The port keyword allows a specific UDP, TCP, or ICMP port on a global address to be translated to a specific port on a local address.
number
Inside port number. For TCP and UDP, range is from 1 to 65535. For ICMP, range is from and 0 to 65535.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
Examples
The following example shows how to configure the inside IPv4 address and port for static forwarding. CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf ivrf RP/0//CPU0:router(config-cgn-invrf)# protocol tcp RP/0//CPU0:router(config-cgn-invrf-proto)# static-forward inside RP/0//CPU0:router(config-cgn-ivrf-sport-inside)# address 10.20.30.10 port 1000Related Commands
Command
Description
Enters inside VRF configuration mode for a CGN instance.
Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.
Enables an instance for the CGN application.
Enables forwarding for the static port for an inside IPv4 address and inside port combination.
Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
alg ActiveFTP (CGN)
To enable the Application-Level Gateway (ALG) of Active FTP for a CGN NAT44 instance, use the alg ActiveFTP command in NAT44 configuration mode. To disable the support of ALG for the Active FTP, use the no form of this command.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
clear cgn nat44
To clear all translation database entries that are created dynamically for the specific CGN instance, use the clear cgn nat44 command in EXEC mode.
Syntax Description
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
NAT44 instance was included in the command syntax.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Caution
Because the clear cgn nat44 command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.
Task ID
Examples
The following example shows how to clear all the translation entries for the cgn1 instance:
RP/0//CPU0:router# show cgn nat44 nat2 statistics Statistics summary of NAT44 instance: 'nat2' Number of active translations: 45631 Translations create rate: 5678 Translations delete rate: 6755 Inside to outside forward rate: 977 Outside to inside forward rate: 456 Inside to outside drops port limit exceeded: 0 Inside to outside drops system limit reached: 0 Inside to outside drops resorce depletion: 0 Outside to inside drops no translation entry: 0 Pool address totally free: 195 RP/0//CPU0:router# clear cgn nat44 nat2 RP/0//CPU0:router# show cgn nat44 nat2 statistics Statistics summary of NAT44 Instance: 'nat2' Number of active translations: 0 <<<<<<<<<<<<<< All the entries are deleted and provided no new translation entires are created Translations create rate: 5678 Translations delete rate: 6755 Inside to outside forward rate: 977 Outside to inside forward rate: 456 Inside to outside drops port limit exceeded: 0 Inside to outside drops system limit reached: 0 Inside to outside drops resorce depletion: 0 Outside to inside drops no translation entry: 0 Pool address totally free: 195clear cgn nat44 inside-vrf
To clear translation database entries that are created dynamically for the specified inside VRF, use the clear cgn nat44 inside-vrf command in EXEC mode.
Syntax Description
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
NAT44 instance was included in the command syntax.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Caution
Because the clear cgn nat44 inside-vrf command clears all translation database entries for the specified inside-vrf and impacts the traffic on those translation entries, use this command with caution.
Task ID
Examples
The following example shows how to clear the translation database entries for the inside VRF named ivrf:
RP/0//CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 12.168.6.231 tcp 34 2356 alg 875364 65345 12.168.6.98 tcp 56 8972 static 78645 56343 12.168.2.12 tcp 21 2390 static 45638 89865 12.168.2.123 tcp 34 239 dynamic 809835 67854 RP/0//CPU0:router# clear cgn nat44 nat2 inside-vrf insidevrf1 RP/0//CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------Related Commands
Command
Description
Enters inside VRF configuration mode for a CGN instance.
Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
Displays the outside-address to inside-address translation details for a specified NAT44 instance.
clear cgn nat44 ipaddress
To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn nat44 ipaddress command in EXEC mode.
Syntax Description
instance-name
Instance name for NAT44.
address
Specifies the IPv4 address for which the translation entries must be cleared.
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
NAT44 instance was included in the command syntax.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Caution
Because the clear cgn nat44 ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution.
Task ID
Examples
The following example shows how to clear the translation database entries for the specified IPv4 address:
RP/0//CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56 Inside-translation details ----------------------------------- NAT44 instance : nat1 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 12.168.6.231 tcp 34 2356 alg 875364 65345 12.168.2.123 tcp 34 239 dynamic 809835 67854 RP/0//CPU0:router# clear cgn nat44 nat1 ipaddress 10.0.0.0 RP/0//CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56 Inside-translation details ----------------------------------- NAT44 instance : nat1 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------clear cgn nat44 port
To clear the translation database entries that are created dynamically for the specified inside port number, use the clear cgn nat44 port command in EXEC mode.
Syntax Description
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
NAT44 instance was included in the command syntax.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Caution
Because the clear cgn nat44 port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.
Task ID
Examples
The following example shows how to clear the translation database entries for port number 1231:
RP/0//CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 12.168.6.231 tcp 1231 2356 alg 875364 65345 RP/0//CPU0:router# clear cgn nat44 nat2 port 1231 RP/0//CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------clear cgn nat44 protocol
To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn nat44 protocol command in EXEC mode.
Syntax Description
instance-name
Name for the NAT44 CGN instance.
protocol
Specifies the protocol for which the translation entries must be cleared.
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
NAT44 instance was included in the command syntax.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Caution
Because the clear cgn nat44 protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.
Task ID
Examples
The following example shows how to clear the translation database entries for the TCP protocol:
RP/0//CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 12.168.6.231 tcp 1231 2356 alg 875364 65345 RP/0//CPU0:router# clear cgn nat44 nat2 protocol tcp RP/0//CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------Related Commands
Command
Description
Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.
Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
Displays the outside-address to inside-address translation details for a specified NAT44 instance.
external-logging (CGN)
To enable the external-logging facility for an inside VRF of a CGN instance, use the external-logging command in CGN inside VRF NAT44 configuration mode. To disable external-logging, use the no form of this command.
Syntax Description
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
The keyword netflow v9 has been modified to netflow version 9 .
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The external-logging command enters CGN inside VRF address family external logging configuration mode.
You can use NetFlow to export NAT table entries.
The external-logging facility supports only netflow version 9.
Task ID
Examples
The following example shows how to enter the configuration mode for the netflowv9 external-logging facility:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0//CPU0:router(config-cgn-invrf-af-extlog)#Related Commands
Command
Description
Enters inside VRF configuration mode for a CGN instance.
Configures the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a CGN instance.
Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance.
Enables an instance for the CGN application.
Configures the timeout for the ICMP session for a CGN instance.
hw-module service cgn location
To enable a CGN service role on a specified location, use the hw-module service cgn location command in global configuration mode. To disable the CGN service role at the specified location, use the no form of this command.
Syntax Description
node-id
Location of the service card for CGN that you want to configure. The node-id argument is entered in the rack/slot/module notation.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
Examples
The following example shows how to configure the CGN service for location 0/2/CPU0:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# hw-module service cgn location 0/2/CPU0inside-vrf (CGN)
To enter inside VRF configuration mode for a CGN instance, use the inside-vrf command in CGN configuration mode. To disable this feature, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The inside-vrf command enters CGN inside VRF configuration mode.
Task ID
Examples
The following example shows how to enter inside VRF configuration mode:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)#Related Commands
Command
Description
Enables the external-logging facility for an inside VRF of a CGN instance.
Maps an outside VRF and address pool to an inside vrf.
Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.
Enables an instance for the CGN application.
Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
Displays the outside-address to inside-address translation details for a specified NAT44 instance.
interface ServiceApp
To enable the application SVI interface, use the interface ServiceApp command in global configuration mode. To disable a particular service application interface, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The total number of service application interfaces per multi-service PLIM card cannot exceed 889.
Task ID
Examples
The following example shows how to configure one service application interface:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# interface ServiceApp 1 RP/0//CPU0:router(config-if)#interface ServiceInfra
To enable the infrastructure SVI interface, use the interface ServiceInfra command in global configuration mode. To disable a particular service infrastructure interface, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Only one service infrastructure interface can be configured per multi-service PLIM card.
Task ID
Examples
The following example shows how to configure one service infrastructure interface:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# interface ServiceInfra 1 RP/0//CPU0:router(config-if)#map (CGN)
To map an outside VRF and address pool to an inside vrf, use the map command in CGN inside VRF NAT44 configuration submode. To remove the outside VRF and address pool mapping for the specified inside VRF of a CGN instance, use the no form of this command.
map [ outside-vrf outside-vrf-name ] address-pool address / prefix
no map [ outside-vrf outside-vrf-name ] address-pool address / prefix
Syntax Description
outside-vrf
(Optional) Maps to a given outside VRF.
outside-vrf-name
(Optional) Name of outside VRF.
address-pool
Configures the outside address pool.
address/prefix
Network address and prefix for the address pool. The prefix must not be less than 16.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The map command maps the inside VRF to an outside VRF and assigns an outside address pool for the mapping.
If the outside VRF name is not specified, the default VRF is considered.
Task ID
Examples
The following example shows how to configure the outside VRF and to assign the outside address pool for the mapping:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# map outside-vrf outsidevrf1 address-pool 100.10.0.0/16Related Commands
Command
Description
Enters inside VRF configuration mode for a CGN instance.
Enables an instance for the CGN application.
Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
Displays the outside-address to inside-address translation details for a specified NAT44 instance.
mss (CGN)
To enable the TCP maximum segment size (MSS) adjustment value for an inside VRF of a specified CGN instance and to adjust the MSS value of the TCP SYN packets going through, use the mss command in CGN inside VRF NAT44 protocol configuration mode. To disable the packets to override the TCP MSS value, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The MSS value, which is configured using the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.
The mss command adjusts the MSS value of the TCP SYN packets.
Task ID
Examples
The following example shows how to configure TCP MSS value as 1100 for the CGN instance:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# protocol tcp RP/0//CPU0:router(config-cgn-invrf-proto)# mss 1100path-mtu (CGN)
To configure the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a CGN instance, use the path-mtu command in CGN inside VRF address family external logging server configuration mode. To revert back to the default of 1500, use the no form of this command. This command restricts the maximum size of the Netflow-version 9 logging packet
Syntax Description
value
Value, in bytes, of the path-mtu for the netflowv9-based external-logging facility. Range is from 100 to 9200.
Command Default
By default, the value of the path-mtu for the netflowv9-based external-logging facility is set to 1500.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The netflowv9-based external-logging facility can be exported by using the NAT table entries.
Task ID
Examples
The following example shows how to configure the path-mtu with the value of 2900 for the netflowv9-based external-logging facility:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0//CPU0:router(config-cgn-invrf-af-extlog)# server RP/0//CPU0:router(config-cgn-invrf-af-extlog-server)# path-mtu 2900Related Commands
Command
Description
Enables the external-logging facility for an inside VRF of a CGN instance.
Enters inside VRF configuration mode for a CGN instance.
Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.
Enables an instance for the CGN application.
portlimit (CGN)
To limit the number of translation entries per source address, use the portlimit command in CGN configuration mode. To revert back to the default value of 100, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The portlimit command configures the port limit per subscriber for the system, including TCP, UDP, and ICMP. In addition, the portlimit command restricts the number of ports that is used by an IPv4 address; for example, it limits the number of CNAT entries per IPv4 address in the CNAT table.
Task ID
Examples
This example shows how the port-limit needs can increased from the default value of 100 to a higher value of 500:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# portlimit 500protocol (CGN)
To enter ICMP, TCP, and UDP protocol configuration mode for a given CGN instance, use the protocol command in the appropriate configuration mode. To remove all the features that are enabled under the protocol configuration mode, use the no form of this command.
Syntax Description
icmp
Enters ICMP protocol configuration mode.
tcp
Enters TCP protocol configuration mode.
udp
Enters UDP protocol configuration mode.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The protocol command enters the appropriate CGN NAT44 configuration mode.
Task ID
Examples
The following example shows how to configure the ICMP protocol for a CGN instance:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# protocol icmp RP/0//CPU0:router(config-cgn-proto)#refresh-direction (CGN)
To configure the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance, use the refresh-direction command in NAT44 configuration mode. To revert back to the default value of the bidirection, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Translation entries that do not have traffic flowing for specific time period are timed out and deleted to prevent unnecessary usage of system resources. Any traffic for a particular translation entry refreshes the entry and prevents it getting timed out. Usually, the refresh is based on packets coming from both inside and outside. This is referred to as bi-directional refresh mechanism. However, bidirectional refresh can lead to denial of service (DoS) attacks because someone from the outside can periodically refresh the entries even though there is no inside traffic.
When NAT refresh direction is configured as Outbound, the translation entries are refreshed only by traffic flowing from inside to outside and prevent DoS attacks.
Task ID
refresh-rate (CGN)
To configure the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance, use the refresh-rate command in CGN inside VRF external logging server configuration mode. To revert back to the default value of 500 packets, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The netflowv9-based logging facility requires that a logging template be sent to the server periodically. After sending many packets to the server, the template is resent.
Task ID
Examples
The following example shows how to configure the refresh rate value of 50 for NetFlow logging for the NAT table entries:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0//CPU0:router(config-cgn-invrf-af-extlog)# server RP/0//CPU0:router(config-cgn-invrf-af-extlog-server)# refresh-rate 50Related Commands
Command
Description
Enables the external-logging facility for an inside VRF of a CGN instance.
Enters inside VRF configuration mode for a CGN instance.
Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.
Enables an instance for the CGN application.
Displays the contents of the NAT44 CGN instance statistics.
server (CGN)
To enable the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility, use the server command in CGN inside VRF external logging configuration mode. To disable this feature, use the no form of this command. External logging of NAT Entries gets disabled.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The server command enters CGN inside VRF address family external logging server configuration mode.
Task ID
Examples
The following example shows how to configure the logging information for the IPv4 address and server:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0//CPU0:router(config-cgn-invrf-af-extlog)# server RP/0//CPU0:router(config-cgn-invrf-af-extlog-server)#Related Commands
Command
Description
Enables the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table.
Enables the external-logging facility for an inside VRF of a CGN instance.
Enters inside VRF configuration mode for a CGN instance.
Configures the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a CGN instance.
Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance.
Enables an instance for the CGN application.
Displays the contents of the NAT44 CGN instance statistics.
Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.
service cgn
To enable an instance for the CGN application, use the service cgn command in global configuration mode. To disable the instance of the CGN application, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The service cgn command enters CGN configuration mode.
Task ID
service-location (CGN)
To enable the particular instance of the CGN application on the active and standby locations, use the service-location command in CGN configuration mode. To disable the instance that runs at the location of the CGN application, use the no form of this command.
service-location preferred-active node-id [ preferred-standby node-id ]
no service-location preferred-active node-id [ preferred-standby node-id ]
Syntax Description
preferred-active node-id
Specifies the location in which the active CGN application starts. The node-id argument is entered in the rack/slot/module notation.
preferred-standby node-id
(Optional) Specifies the location in which the standby CGN application starts. The node-id argument is entered in the rack/slot/module notation.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
Examples
The following example shows how to specify active and standby locations for the CGN application:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# service-location preferred-active 0/1/CPU0 preferred-standby 0/4/CPU0service-location (interface)
To configure the location of the CGN service for the infrastructure service virtual interface (SVI), use the service-location command in interface configuration mode. To disable this feature, use the no form of this command.
Syntax Description
node-id
Specifies the ID of the node. The node-id argument is entered in the rack/slot/module notation.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
service redundancy failover service-type
To initiate failover services to the preferred standby location, use the service redundancy failover service-type command in EXEC mode.
Syntax Description
secgn
Specifies the CGN service.
preferred-active node-id
Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
service redundancy revert service-type
To revert failed over services back to their preferred active location, use the service redundancy revert service-type command in EXEC mode.
Syntax Description
secgn
Specifies the CGN service.
preferred-active node-id
Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
service-type nat44
To enable a NAT 44 instance for the CGN application, use the service-type nat44 command in CGN submode. To disable the NAT44 instance of the CGN application, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
session (CGN)
To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in CGN NAT44 protocol configuration mode. To revert back to the default value for the TCP or UDP session timeouts, use the no form of this command.
Syntax Description
active
Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds.
initial
Configures the initial session timeout.
timeout
Configures the timeout for either active or initial sessions.
seconds
Timeout for either active or initial sessions. Range is from 1 to 65535.
Command Default
If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.
If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.
If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.
If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.
If the no form of this command is specified, the following guidelines apply:
- UDP initial session timeout value reverts back to the default value of 30.
- UDP active session timeout value reverts back to the default value of 120.
- TCP initial session timeout value reverts back to the default value of 120.
- TCP active session timeout value reverts back to the default value of 1800.
Task ID
Examples
The following example shows how to configure the initial session timeout value as 90 for TCP:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# protocol tcp RP/0//CPU0:router(config-cgn-proto)# session initial timeout 90The following example shows how to configure the active timeout value as 90 for TCP:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# protocol tcp RP/0//CPU0:router(config-cgn-proto)# session active timeout 90The following example shows how to configure the initial timeout value as 90 for UDP:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# protocol udp RP/0//CPU0:router(config-cgn-proto)# session initial timeout 90The following example shows how to configure the active timeout value as 90 for UDP:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# protocol udp RP/0//CPU0:router(config-cgn-proto)# session active timeout 90Related Commands
Command
Description
Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.
Enables an instance for the CGN application.
Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
Displays the outside-address to inside-address translation details for a specified NAT44 instance.
Configures the timeout for the ICMP session for a CGN instance.
show cgn nat44 inside-translation
To display the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance, use the show cgn nat44 inside-translation command in EXEC mode.
show cgn nat44 instance-name inside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | static } ] inside-vrf vrf-name inside-address address port start number end number
Syntax Description
instance-name
Name of the NAT44 instance that is configured.
protocol
Displays the name of the protocols.
icmp
Displays the ICMP protocol.
tcp
Displays the TCP protocol.
udp
Displays the UDP protocol.
translation-type
(Optional) Displays the translation type.
alg
(Optional) Displays only the ALG translation entries.
all
(Optional) Displays all the translation entries, for example, alg, dynamic, and static.
dynamic
(Optional) Displays only the dynamic translation entries.
static
(Optional) Displays only the static translation entries.
ipv4
(Optional) Displays information for the IPv4 address family.
inside-vrf
Displays the information for the inside VPN routing and forwarding (VRF) for the necessary translation details.
vrf-name
Name of the inside VRF.
inside-address
Displays the inside address for the inside VRF.
address
Inside address.
port
Displays the range of the port numbers.
start number
The start port from which the translation table entries should be displayed.
end number
The end port till which the translation table entries should be displayed.
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
NAT44 instance was included to the command.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The show cgn nat44 inside-translation command displays the translation for entries that are based on the inside-vrf, inside IPv4 address, and the pool of the inside ports. The inside-address keyword must have a /32 address. Each entry is displayed with a field that informs whether it is static, ALG, or dynamic translation.
If the value of the translation type is not specified, all types of entries are displayed.
Task ID
Examples
The following shows sample output from the show cgn inside-translation command:
RP/0//CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port-range 23 56 Inside-translation details ----------------------------------- NAT44 instance : nat1 Inside-VRF : insidevrf1 -------------------------------------------------------------------------------------- Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets -------------------------------------------------------------------------------------- 12.168.6.231 tcp 34 2356 alg 875364 65345 12.168.6.98 tcp 56 8972 static 78645 56343 12.168.2.12 tcp 21 2390 static 45638 89865 12.168.2.123 tcp 34 239 dynamic 809835 67854 . . . . . 12.168.2.123 tcp 34 3899 dynamic 9835 6785Table 1 describes the significant fields shown in the display.
Table 1 show cgn inside-translation Field Descriptions Field
Description
CGN instance
Name of the CGN instance configured
Inside-VRF
Name of the inside-vrf configured
Outside Address
Outside IPv4 address
Inside Source Port
Inside Source Port Number
Outside Source Port
Translated Source Port Number
Translation Type
Type of Translation (Static/Dynamic/ALG/ Static+ALG).
Inside to Outside Packets
Outbound Packets.
Outside to Inside Packets
Inbound Packets.
Related Commands
Command
Description
Clears translation database entries that are created dynamically for the specified inside VRF.
Clears the translation database entries that are created dynamically for the specified inside port number.
Clears translation database entries that are created dynamically for the specified protocol.
Enters inside VRF configuration mode for a CGN instance.
Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.
Enables an instance for the CGN application.
Displays the outside-address to inside-address translation details for a specified NAT44 instance.
show cgn nat44 outside-translation
To display the outside-address to inside-address translation details for a specified NAT44 instance, use the show cgn nat44 outside-translation command in EXEC mode.
show cgn nat44 instance-name outside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | static } ] [ outside-vrf vrf-name ] outside-address address port start number end number
Syntax Description
instance-name
Name of the NAT44 instance that is configured.
protocol
Displays the name of the protocols.
icmp
Displays the ICMP protocol.
tcp
Displays the TCP protocol.
udp
Displays the UDP protocol.
translation-type
(Optional) Displays the translation type.
alg
(Optional) Displays only the ALG translation entries.
all
(Optional) Displays all the translation entries, for example, alg, dynamic, and static.
dynamic
(Optional) Displays only the dynamic translation entries.
static
(Optional) Displays only the static translation entries.
outside-vrf
(Optional) Displays the information for the outside VPN routing and forwarding (VRF) for the necessary translation details.
vrf-name
Name of the outside VRF.
outside-address
Displays the outside address for the inside VRF.
address
Outside address.
port
Displays the range of the port numbers.
start number
Displays the start of the port number.
end number
Displays the end of the port number.
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
The NAT44 instance was included to the command. The address-family keyword was removed.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
If you want to display the entries for a single port, the value for the end port must be equal to that of the start port. Each entry is displayed with a field that informs whether it is static, ALG, or dynamic translation.
If no VRF is specified, the entries are displayed for the default VRF.
If the value of the translation type is not specified, all types of entries are displayed.
Task ID
Examples
The following shows sample output from the show cgn outside-translation command:
RP/0//CPU0:router# show cgn nat44 nat1 outside-translation protocol tcp outside-vrf outsidevrf1 outside-address 10.64.23.45 port start 23 end 5 Outside-translation details --------------------------------- NAT44 instance : nat1 Outside-VRF : outsidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Outside Inside Translation Inside Outside Address Destination Destination Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 13.16.6.23 tcp 314 56 dynamic 8753 5345 13.16.6.23 tcp 819 329 alg 8901 890 13.16.6.23 tcp 40 178 alg 97654 4532 13.16.6.23 tcp 503 761 static 43215 8765 13.16.6.23 tcp 52 610 dynamic 7645 876 . . . . . 13.16.6.23 tcp 390 621 static 67532 1234Table 1 describes the significant fields shown in the display.
Table 2 show cgn outside-translation Field Descriptions Field
Description
NAT44 instance
Name of the NAT44 instance configured
Outside-VRF
Name of the Outside VRF configured
Outside Address
Outside IPv4 address
Protocol
Protocol Type (TCP/UDP/ICMP)
Outside Destination Port
Outside Destination Port
Inside Destination Port
Inside Destination Port
Translation Type
Type of Translation ( Static/Dynamic/ALG/ Static+ALG)
Inside to Outside Packets
Outbound Packets
Outside to Inside Packets
Inbound Packets
Related Commands
Command
Description
Clears translation database entries that are created dynamically for the specified inside VRF.
Clears the translation database entries that are created dynamically for the specified inside port number.
Clears translation database entries that are created dynamically for the specified protocol.
Enters inside VRF configuration mode for a CGN instance.
Maps an outside VRF and address pool to an inside vrf.
Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.
Enables an instance for the CGN application.
Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
show cgn nat44 pool-utilization
To display the outside address pool utilization details for a specified NAT44 instance, use the show cgn nat44 pool-utilization command in EXEC mode.
show cgn nat44 instance-name pool-utilization inside-vrf vrf-name address-range start-address end-address
Syntax Description
instance-name
Name of the NAT44 instance that is configured.
inside-vrf
Displays the contents for the inside VRF.
vrf-name
Name for the inside VRF.
address-range
Displays the range for the outside address.
start-address
Range for the start address of the outside address pool. The range of the IPv4 addresses cannot be more than 255 consecutive IPv4 addresses.
end-address
Range for the end address of the outside address pool.
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
The NAT44 instance was included to the command syntax.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The show cgn nat44 pool-utilization command displays the utilization of the outside address pool. In addition, this command displays the number of free and used ports per IPv4 address in the specified range.
Task ID
Examples
The following sample output shows the number of free and used global addresses and port numbers:
RP/0//CPU0:router# show cgn nat44 nat1 pool-utilization inside-vrf insidevrf4 address-range 17.16.6.23 20.12.23.1 Public-address-pool-utilization details ------------------------------------------------------------------------- NAT44 instance: nat1 VRF : insidevrf4 ------------------------------------------------------------------------- Outside Number Number Address of of Free ports Used ports ------------------------------------------------------------------------- 17.16.6.23 123 64388 17.16.6.120 58321 6190 17.16.6.98 98 64413 17.16.6.2 1234 60123 . . . . . . . . . 18.12.6.12 678 52789Table 1 describes the significant fields shown in the display.
Table 3 show cgn pool-utilization Field Descriptions Field
Description
NAT44 instance
Name of the NAT44 instance configured
VRF
Name of the Inside VRF configured
Outside Address
Outside IPv4 address.
Number of Free Ports
Total number of Free ports available for the given Outside IPv4 address
Number of Used Ports
Total number of Used ports for the given Outside IPv4 address
show cgn nat44 statistics
To display the contents of the NAT44 CGN instance statistics, use the show cgn nat44 statistics command in EXEC mode.
Syntax Description
Command History
Release
Modification
Release 3.9.1
This command was introduced.
Release 4.0.0
The summary keyword was removed.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Statistics provides the total number of active translation for a given NAT44 instance and other parameters. In addition, the outside IPv4 addresses, along with the current number of ports in use, are used for translation.
Task ID
Examples
The following sample output shows the statistics entries:
RP/0//CPU0:router# show cgn nat44 nat1 statistics Statistics summary of NAT44 instance: 'nat1' Number of active translations: 34 Translations create rate: 0 Translations delete rate: 0 Inside to outside forward rate: 3 Outside to inside forward rate: 3 Inside to outside drops port limit exceeded: 0 Inside to outside drops system limit reached: 0 Inside to outside drops resorce depletion: 0 Outside to inside drops no translation entry: 9692754 Pool address totally free: 62 Pool address used: 2 Pool address usage: ------------------------------------------------- External Address Ports Used ------------------------------------------------- 24.114.18.53 4 24.114.18.55 30 -------------------------------------------------static-forward inside (CGN)
To enable forwarding for the static port for an inside IPv4 address and inside port combination, use the static-forward inside command in CGN inside VRF NAT44 protocol configuration mode. To disable static forwarding, use the no form of this command.
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The static-forward inside command enters CGN inside VRF static port inside configuration mode.
If the static-forward inside command is executed successfully along with the inside IPv4 address and port information, CGN can dynamically allocate one free outside IPv4 address and outside port number from the outside address pool. Common use for static PAT is to allow Internet users from the public network to access a server located in the private network.
Task ID
Examples
The following example shows how to configure forwarding for the static port:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# protocol tcp RP/0//CPU0:router(config-cgn-invrf-proto)# static-forward inside RP/0//CPU0:router(config-cgn-ivrf-sport-inside)#timeout (CGN)
To configure the timeout for the ICMP session for a CGN instance, use the timeout command in CGN NAT44 protocol configuration mode. To revert back to default value of 60 seconds, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.
Task ID
Examples
The following example shows how to configure the timeout value as 908 for the ICMP session:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# protocol icmp RP/0//CPU0:router(config-cgn-proto)# timeout 908timeout (CGN logging)
To configure the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server, use the timeout command in CGN inside VRF external logging server configuration mode.
To revert back to the default value of 30 minutes, use the no form of this command.
Syntax Description
Command History
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
After a certain amount of minutes has elasped since the template was last sent, the timeout value is resent to the logging server.
Task ID
Examples
The following example shows how to configure the timeout value as 50 for the NetFlow logging information for the NAT table entries:
RP/0//CPU0:router# configure RP/0//CPU0:router(config)# service cgn cgn1 RP/0//CPU0:router(config-cgn)# service-type nat44 nat1 RP/0//CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0//CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0//CPU0:router(config-cgn-invrf-af-extlog)# server RP/0//CPU0:router(config-cgn-invrf-af-extlog-server)# timeout 50Related Commands
Command
Description
Enables the external-logging facility for an inside VRF of a CGN instance.
Enters inside VRF configuration mode for a CGN instance.
Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.
Enables an instance for the CGN application.
Displays the contents of the NAT44 CGN instance statistics.
