The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the commands used to configure and use the Carrier Grade NAT (CGN) .
To use commands of this module, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using any command, contact your AAA administrator for assistance.
For detailed information about CGN concepts, configuration tasks, and examples, see Cisco IOS XR Software Carrier Grade NAT Configuration Guide for the Cisco CRS Router .
To enable the IPv4 address of the server that is used for logging the entries for a DS-Lite instance, use the address command in CGN DS-Lite external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.
address address port number
address |
IPv4 address of the server. |
port |
Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs. |
number |
Port number. Range is from 1 to 65535. |
If the address command is not configured, NetflowV9 logging is disabled.
CGN DS-Lite external logging server configuration
Release |
Modification |
---|---|
Release 4.2.1 | This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to configure the IPv4 address and port number 45 for a DS-Lite instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9 RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# address 2.3.4.5 port 45
Command | Description |
Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. | |
| |
Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance. |
To enable the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table, use the address command in CGN inside VRF external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.
address address port number
address |
IPv4 address of the server. |
port |
Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs. |
number |
Port number. Range is from 1 to 65535. |
If the address command is not configured, NAT44 NetflowV9 logging is disabled.
CGN inside VRF external logging server configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.1.0 |
The usage guidelines was updated. |
The CGN NetflowV9-based translation entry is used to create and delete the logs. This NAT44 specific command will configure the ipv4 address and port number for the netflowV9 external logging facility. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which in turn corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs. The configurations for path-mtu, refresh-rate and timeout is applicable only when the ipv4 address and port number for the logging server has been configured.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to configure the IPv4 address and port number 45 for NetFlow logging of the NAT table entries:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 2.3.4.5 port 45
Command | Description |
| Enables external logging of a NAT44 instance. |
| Enters inside VRF configuration mode for a NAT44 instance. |
| Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility. |
| Enables an instance for the CGN application. |
To enable the inside IPv4 address and port number for static forwarding for a NAT44 instance, use the address command in NAT44 inside VRF static port inside configuration mode. To disable this feature, use the no form of this command.
address address port number
no address address port number
address |
IPv4 address of an inside host server. |
port |
Configures the inside port for static forwarding. The port keyword allows a specific UDP, TCP, or ICMP port on a global address to be translated to a specific port on a local address. |
number |
Inside port number. For TCP and UDP, range is from 1 to 65535. For ICMP, range is from and 0 to 65535. |
None
NAT44 inside VRF static port inside configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.1.0 |
The usage guidelines section was updated. |
This NAT44 command configures the static port forwarding for an inside-ipv4 address and inside-port number combination. With this configuration, packets received inside with the configured inside-ipv4 address and inside-port number are forwarded using the displayed outside-ipv4address and outside-port number.
CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the inside IPv4 address and port for static forwarding. CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf v1 RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# static-forward inside RP/0/RP0/CPU0:router(config-cgn-invrf-sport-inside)# address 10.20.30.10 port 1000
Command | Description |
protocol (NAT44) |
|
| Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance. |
| Enables an instance for the CGN application. |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
To enable the IPv4 address of the server that is used for logging the entries for a NAT64 stateful instance, use the address command in NAT64 Stateful configuration mode. To disable the Netflow server configuration, use the no form of this command.
address address port number
address |
IPv4 address of the server. |
port |
Configures the port that is used for logging. The address corresponds to the IPv4 address of the netflow version 9 logging server port, which corresponds to the UDP port number in which the netflow version 9 logging server listens for the Netflow logs. |
number |
Port number. Range is from 1 to 65535. |
If the address command is not configured, Netflow logging is disabled.
NAT64 Stateful configuration mode
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to configure the IPv4 address and port number 45:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# address 2.3.4.5 port 45
Command | Description |
Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. | |
Configures the refresh rate to log NetFlow-based external logging information. | |
Enables session logging for a NAT64 Stateful instance. | |
Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. |
To bind an ipv4 or ipv6 ServiceApp interface to a 6rd instance, use the address-family command in 6RD configuration mode. To unbind the ServiceApp interface, use the no form of this command.
address-family { ipv4 | ipv6 } interface ServiceApp value
ipv4 |
Specifies the IPv4 address family. |
ipv6 |
Specifies the IPv6 address family. |
interface |
Specifies the ServiceApp interface to be used. |
ServiceApp |
Specifies the SVI interface. |
value |
Interface value. The range is from 1 to 2000. |
None
6RD configuration
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to bind ipv4 ServiceApp interface to a 6RD instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv4 RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 100
This example shows how to bind ipv6 ServiceApp interface to a 6RD instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 120
To enter the IPv4 address family configuration mode while configuring the Carrier Grade NAT (CGN), use the address-family ipv4 command in an appropriate configuration mode. To disable support for an address family, use the no form of this command.
address-family ipv4 { interface ServiceApp | tcp mss | tos }
interface
|
Specifies the ServiceApp interface to be used. |
ServiceApp
|
Specifies the SEAPP SVI interface. The number of service application interfaces to be configured ranges from 1 to 2000. |
tcp
|
Specifies the TCP protocol. |
mss
|
Specifies the maximum segment size for TCP in bytes. The value of maximum segment size ranges from 28 to 1500. |
tos
|
Type of service to be set when translating IPv6 to IPv4. The value of type of service ranges from 0 to 255. |
None
CGN-NAT64
Release | Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.1.0 |
Updated the Syntax and Usage Guidelines sections. |
This command configures the ipv4 address family for NAT64 stateless XLAT.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows the tcp mss for the ipv4 address family:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv4 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# tcp mss 200
To enter the IPv6 address family configuration mode for a DS-Lite instance, use the address-family ipv6 command. To disable support for an address family, use the no form of this command.
address-family IPv6 interface ServiceApp <1-244>
interface |
Indicates the ServiceApp interface to be used. |
ServiceApp |
SEAPP SVI Interface. |
<1-244> |
Number of service application interfaces to be configured. Range is from 1 to 244. |
None
CGN-DS-Lite configuration mode
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to enter the IPv6 address family configuration mode for a DS-Lite instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-ds-lite-afi)# interface serviceApp 200 RP/0/RP0/CPU0:router(config-cgn-ds-lite-afi)#
Command | Description |
| Enters the IPv4 address family configuration mode. |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
To enter the IPv6 address family configuration mode, use the address-family ipv6 command. To disable support for an address family, use the no form of this command.
address-family ipv6{interface ServiceApp <1-2000>} { df override } { protocol | { icmp | reset-mtu } } tcp mss<28-1500>traffic-class<0-255>
interface |
Indicates the ServiceApp interface to be used. |
ServiceApp |
SEAPP SVI Interface. |
<1-2000> |
Number of service application interfaces to be configured. Range is from 1 to 2000. |
df-override |
Override DF bit. |
protocol |
Select a protocol. |
icmp |
(Optional) ICMP protocol. |
reset-mtu |
(Optional) Reset maximum transmission unit when packet is too big. |
tcp |
TCP protocol. |
mss |
Maximum segment size for TCP in bytes. |
<28-1500> |
Maximum segment size to be used in bytes. |
traffic-class |
Traffic class to be set when translating from IPv4 to IPv6. |
None
CGN-NAT64
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
This command configures the ipv6 address family for NAT64 stateless XLAT.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows the traffic-class setting for the ipv6 address family:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-nat64-stless-afi)# traffic-class 25
Command | Description |
| Sets the do not fragment bit |
| Resets the received packet size. |
| Enables an instance for the CGN application. |
| Configures the traffic class value to be used when translating a packet from IPv4 to IPv6 |
To configure an IPv4 or IPv6 address for a MAP-E stateful instance, use the address-family command in MAP-E configuration mode. To undo the address configuration, use the no form of this command.
address-family { ipv4 | ipv6 } { interface | { ServiceApp value } | tcp | { mss size } }
ipv4 | Specifies the IPv4 address family. |
ipv6 | Specifies the IPv6 address family. |
interface | Specifies the ServiceApp interface to be used. |
ServiceApp | Specifies the SVI interface. |
value | Specifies the Interface value. The range is from 1 to 2000. |
tcp | Specifies the TCP protocol. |
mss | Specifies the Maximum Segment Size (MSS) for TCP in bytes. |
size | Size of the segment in bytes. The range is from 28 to 1500. |
None
MAP-E configuration
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure ipv4 address for a MAP-E instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst RP/0/RP0/CPU0:router(config-cgn-map_e)# address-family ipv4 RP/0/RP0/CPU0:router(config-cgn-map_e-afi)#interface serviceApp 65
This example shows how to configure ipv6 address for a MAP-E instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst RP/0/RP0/CPU0:router(config-cgn-map_e)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-map_e-afi)#interface serviceApp 66
Command | Description |
Configures the IPv6 address of Address Family Transition Router (AFTR). | |
Configures the number of contiguous ports for a MAP-E instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the path Maximum Transmission Unit (MTU) of the tunnel. | |
Configures the port sharing ratio. |
To configure an IPv4 or IPv6 address for a MAP-T instance, use the address-family command in the MAP-T configuration mode. To undo the address configuration, use the no form of this command.
address-family { ipv4 | ipv6 } { df-override | interface | { ServiceApp value } | tcp | { mss size } | traffic-class | { value } | tos }
ipv4 |
Specifies the IPv4 address family. |
ipv6 |
Specifies the IPv6 address family. |
df-override |
Specifies the 'df' override bit. |
interface |
Specifies the ServiceApp interface to be used. |
ServiceApp |
Specifies the SVI interface. |
value |
Specifies the Interface value. The range is from 1 to 2000. |
tcp |
Specifies the TCP protocol. |
mss |
Specifies the Maximum Segment Size (MSS) for TCP in bytes. |
size |
Size of the segment in bytes. The range is from 28 to 1500. |
traffic-class |
Specifies the traffic class value to be set when translating from IPv4 to IPv6. |
value |
Value of the traffic-class. The range is from 0 to 255. |
tos |
Specifies the type of service value to be set when translating from IPv6 to IPv4. The range is from 0 to 255. |
None
MAP-T configuration
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure ipv4 address for a MAP-T instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst RP/0/RP0/CPU0:router(config-cgn-mapt)# address-family ipv4 RP/0/RP0/CPU0:router(config-cgn-mapt-afi)#tcp mss 565
This example shows how to configure ipv6 address for a MAP-T instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst RP/0/RP0/CPU0:router(config-cgn-mapt)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-mapt-afi)#traffic-class 65
Command | Description |
| Clears the statistics of a MAP-T instance. |
| Configures the number of contiguous ports for a MAP-T instance. |
| Configures the Customer Premises Equipment (CPE ) domain parameters. |
| Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. |
| Configures the port sharing ratio. |
| Displays the MAP-T instance statistics. |
| Configures traceroute translation algorithms. |
To configure an IPv4 or IPv6 address for a NAT64 stateful instance, use the address-family command in NAT64 stateful configuration mode. To undo the address configuration, use the no form of this command.
address-family { ipv4 | ipv6 } [ df-override | interface | protocol | tcp | traffic-class | tos ]
ipv4 | Specifies the IPv4 address family. |
ipv6 | Specifies the IPv6 address family. |
df-override | Specifies the 'df' override bit. |
interface | Specifies the ServiceApp interface to be used. |
ServiceApp | Specifies the SVI interface. |
value | Specifies the Interface value. The range is from 1 to 2000. |
protocol | Specifies the protocol. |
icmp | ICMP protocol. |
reset-mtu | Resets the maximum transmission unit of the packet. |
tcp | TCP protocol. |
mss | Specifies the Maximum Segment Size (MSS) for TCP in bytes. |
size | Size of the segment in bytes. The range is from 28 to 1500. |
traffic-class | Specifies the traffic class value to be set when translating from IPv4 to IPv6. |
value | Value of the traffic-class. The range is from 0 to 255. |
tos | Specifies the type of service value to be set when translating from IPv6 to IPv4. The range is from 0 to 255. |
None
NAT64 stateful configuration
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure ipv4 address on a NAT64 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# address-family ipv4 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful-afi)#tcp mss 565
This example shows how to configure ipv6 address on a NAT64 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful-afi)#traffic-class 65
Command | Description |
Configures ports dynamically. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Converts an IPv6 address to an IPv4 address. | |
Restricts the number of ports used by an IPv6 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Specifies the outbound refresh direction. | |
Creates a NAT64 stateful instance. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
To configure the IPv6 address of Address Family Transition Router (AFTR), use the aftr-endpoint-address command in MAP-E configuration mode. To undo the configuration, use the no form of this command.
aftr-endpoint-address address
address |
Specifies the IPv6 address of the AFTR. |
None
MAP-E configuration
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the AFTR address for a MAP-E instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst RP/0/RP0/CPU0:router(config-cgn-map_e)# aftr-endpoint-address 2001:db8:100::40
Command | Description |
Configures IPv4 or IPv6 address for a MAP-E instance. | |
Configures the number of contiguous ports for a MAP-E instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the path Maximum Transmission Unit (MTU) of the tunnel. | |
Configures the port sharing ratio. |
To assign an IPv6 tunnel endpoint address for a DS-lite instance, use the aftr-tunnel-endpoint-address in DS-Lite configuration mode. To unassign the address for the ds-lite instance, use the no form of this command.
aftr-tunnel-endpoint-address IPv6 address
IPv6 address |
Specifies the IPv6 address of the tunnel endpoint. |
None
DS-Lite configuration
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to assign an IPv6 tunnel endpoint address for a ds-lite instance:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#aftr-tunnel-endpoint-address 10:10::2 RP/0/RP0/CPU0:router(config-cgn-ds-lite)
To enable the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance, use the alg ActiveFTP command in NAT44 configuration mode. To disable the support of ALG for the Active FTP, use the no form of this command.
alg ActiveFTP
This command has no arguments or keywords.
By default, ActiveFTP ALG is disabled.
NAT44 Configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.1.0 |
The Usage Guidelines section was updated. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to configure ALG for the active FTP connection for the NAT44 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# alg ActiveFTP
To enable the support for FTP Application-Level Gateway (ALG) for a DS-Lite instance, use the alg command in DS-Lite configuration mode. To disable, use the no form of this command.
alg ftp
ftp |
Enables the FTP ALG. |
None
DS-Lite configuration mode
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to enable support for FTP ALG:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#alg ftp RP/0/RP0/CPU0:router(config-cgn-ds-lite)#
To configure Point-to-Point Tunneling Protocol (PPTP) as the Application-Level Gateway (ALG) for a NAT44 instance, use the alg pptpalg command in NAT44 configuration mode. To undo the configuration, use the no form of this command.
alg pptpalg
This command has no arguments or keywords.
By default, PPTP ALG is disabled.
NAT44 configuration mode
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure ALG for the PPTP connection on NAT44 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat441 RP/0/RP0/CPU0:router(config-cgn-nat44)# alg pptpalg
Command | Description |
Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance. | |
Enables the support for Application-Level Gateway (ALG) Real Time Streaming Protocol (RTSP). |
To enable support for the Application-Level Gateway (ALG) Real Time Streaming Protocol (RTSP), use the alg rtsp command in the DS-Lite configuration mode. To disable the support, use the no form of this command.
alg rtsp
rtsp |
Specifies the real time streaming protocol. |
server-port |
Specifies the port to be used for RTSP. The range is from 1 to 65535.The default port is 554. |
By default, the alg rtsp is disabled.
DS-Lite Configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
The application has to be directed to identify RTSP packets. The alg rtsp configuration command allows enabling of RTSP scan.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the alg rtsp command for a DS-Lite instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# alg rtsp
Command | Description |
| Enters the IPv4 address family configuration mode. |
| Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance. |
| Enters inside VRF configuration mode for a NAT44 instance. |
| Limits the number of translation entries per source address. |
protocol (NAT44) |
|
| Enables an instance for the CGN application. |
| Enables a NAT44 instance for the CGN application. |
| Configures the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance. |
To configure Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG), use the alg rtsp command in the NAT44 configuration mode. To undo the configuration, use the no form of this command.
alg rtsp server-port value
server-port |
Specifies the port to be used for RTSP. |
value |
Specifies the port number. The default port is 554. The range is from 1 to 65535 |
By default, the alg rtsp is disabled.
NAT44 Configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
The application has to be directed to identify RTSP packets. The alg rtsp configuration command allows enabling of RTSP scan.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the alg rtsp command for the CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# alg rtsp server-port 666
Command | Description |
| Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance. |
To configure Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG), use the alg rtsp command in Stateful NAT64 configuration mode. To undo the configuration, use the no form of this command.
alg rtsp server-port value
server-port | Specifies the port to be used for RTSP. |
value | Port number. The default port is 554. The range is from 1 to 65535. |
By default, the alg rtsp is disabled.
Stateful NAT64
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
The application must be directed to identify RTSP packets. The alg rtsp configuration command enables RTSP scan.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the alg rtsp command for the CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat1 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# alg rtsp server-port 666
Command | Description |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
Configures ports dynamically. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Converts an IPv6 address to an IPv4 address. | |
Restricts the number of ports used by an IPv6 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Specifies the outbound refresh direction. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
To attach the port-set to the NAT inside-vrf instance, use the attach port-set command in the CGN inside VRF configuration mode. To remove the port-set from the inside-vrf instance, use the no form of this command.
attach port-set name
name |
Specifies the port-set created. |
None
CGN inside VRF configuration mode.
Release | Modification |
---|---|
Release 5.3.1 |
This command was introduced. |
Task ID | Operation |
---|---|
cgn |
read, write |
The following example shows how to attach the port-set to an inside VRF instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)#map-address pool 100.1.1.0/24 RP/0/RP0/CPU0:router(config-cgn-invrf-afi)#attach port-set set1
To enable the Border Relay(BR) configuration, use the br command in 6RD configuration mode. To disable this feature, use the no form of this command.
br { ipv4 | ipv6-prefix | source-address | unicast }
ipv4 |
Specifies the IPv4 related configuration. |
ipv6-prefix |
Specifies the IPv6 prefix. |
source-address | Specifies the source address for the tunnel. |
unicast | Specifies the IPv6 unicast address. |
None
6RD configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the unicast address using the br configuration level commands :
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv6-prefix 2001:db8::/32 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# source-address 10.2.2.2 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv4 prefix length 0 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv4 suffix length 0 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# unicast address 2001:db8:a02:202::1
Command | Description |
Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel. | |
Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel. | |
Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. | |
Assigns an ipv4 address as the tunnel source address. | |
Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. |
To configure the IPv6 address of BR, use the br-endpoint-address command in MAP-E configuration mode. To undo the configuration, use the no form of this command.
br-endpoint-address address
address |
Specifies the IPv6 address of the BR. |
None
MAP-E configuration
Release | Modification |
---|---|
Release 5.3.2 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgv6 |
read, write |
This example shows how to configure the BR address for a MAP-E instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgv6 cgv6-1 RP/0/RP0/CPU0:router(config-cgv6)# Service-inline interface TenGigE0/0/0/0 RP/0/RP0/CPU0:router(config-cgv6)# service-type-map_e map1 RP/0/RP0/CPU0:router(config-cgv6-map-e)# cpe-domain ipv4 Prefix 120.2.1.0/24 RP/0/RP0/CPU0:router(config-cgv6-map-e)# cpe-domain ipv6 prefix 9020:da8:2::/48 RP/0/RP0/CPU0:router(config-cgv6-map-e)# sharing-ratio 256 RP/0/RP0/CPU0:router(config-cgv6-map-e)# contiguous-ports 16 RP/0/RP0/CPU0:router(config-cgv6-map-e)# br-endpoint-address 9020:da8:2:ffff::1
To pre-allocate a number of contiguous outside ports in bulk and to reduce Netflow/Syslog data volume, use the bulk-port-alloc command in NAT44 configuration mode. To undo the bulk port allocation, use the no form of this command.
bulk-port-alloc size size-value
size size-value |
Specifies the port size for allocation. The value should be greater than or equal to one fourth of the port limit and less than twice the port limit. The allowed values are 8, 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096. |
None
NAT44 Inside VRF configuration
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
Release 5.2.0 |
The minimum size for bulk port allocation was reduced to 8. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to allocate ports in bulk to reduce the syslog data volume:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat441 RP/0/RP0/CPU0:router(config-cgn)#inside-vrf vrf1 RP/0/RP0/CPU0:router(config-cgn-ds-lite-invrf)#bulk-port-alloc size 64 RP/0/RP0/CPU0:router(config-cgn-ds-lite-invrf)#
Command | Description |
| Enables external logging of a NAT44 instance. |
protocol (NAT44) |
|
To pre-allocate a number of contiguous outside ports in bulk and to reduce Netflow/Syslog data volume, use the bulk-port-alloc command in DS-Lite configuration mode. To undo the bulk port allocation, use the no form of this command.
bulk-port-alloc size
size |
Specifies the port size for allocation. The value should be greater than or equal to one fourth of the port limit and less than twice the port limit. The allowed values are 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096. |
None
DS-Lite configuration
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to allocate ports in bulk to reduce the syslog data volume:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#bulk-port-alloc size 64 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#
Command | Description |
protocol (NAT44) |
|
To clear all translation database entries that are created dynamically for the specific DS-Lite instance, use the clear cgn ds-lite command in EXEC mode .
clear cgn ds-lite instance-name
instance-name |
Instance name for DS-Lite. |
None
EXEC
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
![]() Caution | Because the clear cgn ds-lite command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn ds-lite ipaddress command in EXEC mode.
clear cgn ds-lite instance-name ipaddress address
instance-name |
Instance name for DS-Lite. |
address |
Specifies the IPv4 address for which the translation entries must be cleared. |
None
EXEC
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
![]() Caution | Because the clear cgn ds-lite ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
To clear the translation database entries that are created dynamically for the specified port number, use the clear cgn ds-lite port command in EXEC mode.
clear cgn ds-lite instance-name port number
instance-name |
Instance name for DS-Lite. |
number |
Port number. Range is from 1 to 65535. |
None
EXEC
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
![]() Caution | Because the clear cgn ds-lite port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn ds-lite protocol command in EXEC mode.
clear cgn ds-lite instance-name protocol { udp | tcp | icmp }
instance-name |
Name for the DS-Lite CGN instance. |
protocol |
Specifies the protocol for which the translation entries must be cleared. |
None
EXEC
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
![]() Caution | Because the clear cgn ds-lite protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
To clear all the statistics for a ds-lite instance, use theclear cgn ds-lite statistics command in EXEC mode.
clear cgn ds-lite instance-name statistics
instance-name |
Specifies the name of the DS-Lite instance. |
statistics |
Specifies the DS-Lite statistics. |
None
Exec
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
![]() Caution | Because the clear cgn ds-lite statistics command clears all statistics counters, use this command with caution. |
Task ID | Operation |
---|---|
cgn |
read |
Command | Description |
| Clears the translation database entries that are created dynamically for the specified inside port number. |
| Clears translation database entries that are created dynamically for the specified protocol. |
To clear all statistics of a MAP-E instance, use the clear cgn map-e statistics command in EXEC mode.
clear cgn map-e instance-name statistics
instance-name |
Name of the map-e instance. |
statistics |
Specifies the map-e statistics. |
None
Exec
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
![]() Caution | Because the clear cgn map-e statistics command clears all statistics counters, use this command with caution. |
Task ID | Operation |
---|---|
cgn |
read |
This example shows how to clear the statistics entries for a MAP-E instance:
RP/0/RP0/CPU0:router# show cgn map-e m1 statistics MAP-E IPv4 to IPv6 counters: ====================================== Total Incoming Count : 0 Total Drop Count : 0 Total Output Count : 0 TCP Incoming Count : 0 TCP Output Count : 0 UDP Incoming Count : 0 UDP Output Count : 0 ICMPv4 Incoming Count : 0 ICMPv4 Output Count : 0 Invalid UIDB Drop Count : 0 NoDb Drop Count : 0 TTL Expire Drop Count : 0 Invalid IP Destination Drop Count : 0 Packet Exceeding Path MTU Drop Count : 0 Unsupported Protocol Drop Count : 0 ICMPv4 Generated for TTL Expire Count : 0 ICMPv4 Generated for Error Count : 0 ICMPv4 Packets Rate-Limited Count : 0 TCP MSS Changed Count : 0 MAP-E IPv6 to IPv4 counters: ====================================== Total Incoming Count : 0 Total Drop Count : 0 Total Output Count : 0 TCP Incoming Count : 0 TCP Output Count : 0 UDP Incoming Count : 0 UDP Output Count : 0 ICMPv4 Incoming Count : 0 ICMPv4 Output Count : 0 Invalid UIDB Drop Count : 0 NoDb Drop Count : 0 TTL Expire Drop Count : 0 Invalid IPv6 Destination Drop Count : 0 Invalid Source Prefix Drop Count : 0 Unsupported Protocol Drop Count : 0 ICMPv6 Input Count : 0 ICMPv6 Invalid UIDB Drop Count : 0 ICMPv6 NoDb Drop Count : 0 ICMPv6 TTL Expire Drop Count : 0 ICMPv6 Invalid IPv6 Destination Drop Count : 0 ICMPv6 Unsupported Type Drop Count : 0 ICMPv6 Invalid NxtHdr Drop Count: 0 ICMPv6 Frag Drop Count : 0 ICMPv6 Forus Count : 0 ICMPv6 Echo Response Received Count : 0 ICMPv6 Echo Replies Count : 0 ICMPv6 Translated to ICMPV4 Output Count : 0 ICMPv6 Generated for TTL Expire Count : 0 ICMPv6 Generated for Error Count : 0 ICMPv6 Packets Rate-Limited Count : 0 TCP MSS Changed Count: 0 MAP-E IPv4 Frag counters received from V4 cloud: ================================================== Total Input Count: 0 Total Drop Count: 0 Reassembled Output Count : 0 TCP Input Count: 0 UDP Input Count: 0 ICMPv4 Input Count: 0 Invalid UIDB Drop Count : 0 NoDb Drop Count : 0 Unsupported Protocol Drop Count : 0 Throttled Count : 0 Timeout Drop Count: 0 Duplicates Drop Count : 0 MAP-E Inner IPv4 Frag counters received from V6 cloud: ==================================================== Total Input Count : 0 Total Drop Count : 0 Total Output Count : 0 TCP Input Count : 0 UDP Input Count : 0 ICMPv4 Input Count : 0 Invalid Source Prefix Drop Count : 0 Unsupported Protocol Drop count : 0 Throttled Count : 0 Timeout Drop Count : 0 Duplicates Drop Count : 0 ICMPv6 Generated for Error Count : 0 ICMPv6 Packets Rate-Limited Count : 0 TCP MSS Changed Count : 0 The RP/0/RP0/CPU0:router# clear cgn map-e m1 statistics command clears the output shown above.
Command | Description |
Displays the MAP-E instance statistics. |
To clear all the statistics of a MAP-T instance, use the clear cgn map-t statistics command in EXEC mode.
clear cgn map-t instance-name statistics
instance-name |
Specifies the name of the map-t instance. |
statistics |
Specifies the map-t statistics. |
None
Exec
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
![]() Caution | Because the clear cgn map-t statistics command clears all statistics counters, use this command with caution. |
Task ID | Operation |
---|---|
cgn |
read |
This example shows the statistics entries for a MAP-T instance:
RP/0/RP0/CPU0:router# show cgn map-t m1 statistics MAP-T IPv6 to IPv4 counters: ====================================== TCP Incoming Count: 0 TCP NonTranslatable Drop Count: 0 TCP Invalid NextHdr Drop Count: 0 TCP NoDb Drop Count: 0 TCP Translated Count: 0 UDP Incoming Count: 0 UDP NonTranslatable Drop Count: 0 UDP Invalid Next Hdr Drop Count: 0 UDP No Db Drop Count: 0 UDP Translated Count: 0 ICMP Total Incoming Count: 0 ICMP No DB Drop Count: 0 ICMP Fragment drop count: 0 ICMP Invalid NxtHdr Drop Count: 0 ICMP Nontanslatable Drop Count: 0 ICMP Nontanslatable Fwd Count: 0 ICMP UnsupportedType Drop Count: 0 ICMP Err Translated Count: 0 ICMP Query Translated Count: 0 Subsequent Fragment Incoming Count: 0 Subsequent Fragment NonTranslateable Drop Count: 0 Invalid NextHdr Drop Count: 0 Subsequent Fragment No Db Drop Count: 0 Subsequent Fragment Translated Count: 0 Extensions/Options Incoming Count: 0 Extensions/Options Drop Count: 0 Extensions/Options Forward Count: 0 Extensions/Options No DB drop Count: 0 Unsupported Protocol Count: 0 MAP-T IPv4 to IPv6 counters: ====================================== TCP Incoming Count: 0 TCP No Db Drop Count: 0 TCP Translated Count: 0 UDP Incoming Count: 0 UDP No Db Drop Count: 0 UDP Translated Count: 0 UDP FragmentCrc Zero Drop Count: 0 UDP CrcZeroRecy Sent Count: 0 UDP CrcZeroRecy Drop Count: 0 ICMP Total Incoming Count: 0 ICMP No Db Drop Count: 0 ICMP Fragment drop count: 0 ICMP UnsupportedType Drop Count: 0 ICMP Err Translated Count: 0 ICMP Query Translated Count: 0 Subsequent Fragment Incoming Count: 0 Subsequent Fragment No Db Drop Count: 0 Subsequent Fragment Translated Count: 0 Options Incoming Count: 0 Options Drop Count: 0 Options Forward Count: 0 Options No DB drop Count: 0 Unsupported Protocol Count: 0 ICMP generated counters : ======================= IPv4 ICMP Messages generated count: 0 IPv6 ICMP Messages generated count: 0 The RP/0/RP0/CPU0:router# clear cgn map-t m1 statistics command clears the output shown above.
Command | Description |
Configures IPv4 or IPv6 address for a MAP-T instance. | |
Configures the number of contiguous ports for a MAP-T instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. | |
Configures the port sharing ratio. | |
Displays the MAP-T instance statistics. | |
Configures traceroute translation algorithms. |
To clear all translation database entries that are created dynamically for the specific CGN instance, use the clear cgn nat44 command in EXEC mode.
clear cgn nat44 instance-name
instance-name |
Instance name for NAT44. |
None
EXEC
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.0.0 |
NAT44 instance was included in the command syntax. |
![]() Caution | Because the clear cgn nat44 command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
The following example shows how to clear all the translation entries for the cgn1 instance:
RP/0/RP0/CPU0:router# show cgn nat44 nat2 statistics Statistics summary of NAT44 instance: 'nat2' Number of active translations: 45631 Translations create rate: 5678 Translations delete rate: 6755 Inside to outside forward rate: 977 Outside to inside forward rate: 456 Inside to outside drops port limit exceeded: 0 Inside to outside drops system limit reached: 0 Inside to outside drops resorce depletion: 0 Outside to inside drops no translation entry: 0 Pool address totally free: 195 RP/0/RP0/CPU0:router# clear cgn nat44 nat2 RP/0/RP0/CPU0:router# show cgn nat44 nat2 statistics Statistics summary of NAT44 Instance: 'nat2' Number of active translations: 0 <<<<<<<<<<<<<< All the entries are deleted and provided no new translation entires are created Translations create rate: 5678 Translations delete rate: 6755 Inside to outside forward rate: 977 Outside to inside forward rate: 456 Inside to outside drops port limit exceeded: 0 Inside to outside drops system limit reached: 0 Inside to outside drops resorce depletion: 0 Outside to inside drops no translation entry: 0 Pool address totally free: 195
Command | Description |
| Enables an instance for the CGN application. |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
To clear the counters for sequence-check, use the clear cgn nat44 inside-vrf counters in EXEC mode.
clear cgn nat44 instance-name inside-vrf instance-name counters
counters |
Lists the counters for TCP sequence check |
None
EXEC
Release | Modification |
---|---|
Release 5.1.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
The following example clears the counters for TCP sequence check.
RP/0/RP0/CPU0:router# clear cgn nat44 nat1 inside-vrf vrf1 counters
To clear translation database entries that are created dynamically for the specified inside VRF, use the clear cgn nat44 inside-vrf command in EXEC mode.
clear cgn nat44 instance-name inside-vrf vrf-name
instance-name |
Instance name for NAT44. |
vrf-name |
Name for the inside VRF. |
None
EXEC
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.0.0 |
NAT44 instance was included in the command syntax. |
![]() Caution | Because the clear cgn nat44 inside-vrf command clears all translation database entries for the specified inside-vrf and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
This example shows how to clear the translation database entries for the inside VRF named ivrf:
RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 12.168.6.231 tcp 34 2356 alg 875364 65345 12.168.6.98 tcp 56 8972 static 78645 56343 12.168.2.12 tcp 21 2390 static 45638 89865 12.168.2.123 tcp 34 239 dynamic 809835 67854 RP/0/RP0/CPU0:router# clear cgn nat44 nat2 inside-vrf insidevrf1 RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------
Command | Description |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn nat44 ipaddress command in EXEC mode.
clear cgn nat44 instance-name ipaddress address
instance-name |
Instance name for NAT44. |
address |
Specifies the IPv4 address for which the translation entries must be cleared. |
None
EXEC
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.0.0 |
NAT44 instance was included in the command syntax. |
![]() Caution | Because the clear cgn nat44 ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
The following example shows how to clear the translation database entries for the specified IPv4 address:
RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56 Inside-translation details ----------------------------------- NAT44 instance : nat1 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 12.168.6.231 tcp 34 2356 alg 875364 65345 12.168.2.123 tcp 34 239 dynamic 809835 67854 RP/0/RP0/CPU0:router# clear cgn nat44 nat1 ipaddress 10.0.0.0 RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56 Inside-translation details ----------------------------------- NAT44 instance : nat1 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------
Command | Description |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
To clear the translation database entries that are created dynamically for the specified inside port number, use the clear cgn nat44 port command in EXEC mode.
clear cgn nat44 instance-name port number
instance-name |
Instance name for NAT44. |
number |
Port number. Range is from 1 to 65535. |
None
EXEC
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.0.0 |
NAT44 instance was included in the command syntax. |
![]() Caution | Because the clear cgn nat44 port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
This example shows how to clear the translation database entries for port number 1231:
RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 12.168.6.231 tcp 1231 2356 alg 875364 65345 RP/0/RP0/CPU0:router# clear cgn nat44 nat2 port 1231 RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------
Command | Description |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn nat44 pptpCounters command in EXEC mode.
clear cgn nat44 instance-name pptpCounters
instance-name |
Name for the NAT44 CGN instance. |
pptpCounters |
Specifies the PPTP counters that must be cleared. |
None
EXEC
Release |
Modification |
---|---|
Release 4.3.0 | This command was introduced. |
![]() Caution | Because the clear cgn nat44 pptpCounters command clears all the PPTP counters, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn nat44 protocol command in EXEC mode.
clear cgn nat44 instance-name protocol { gre | udp | tcp | icmp }
instance-name |
Name for the NAT44 CGN instance. |
protocol |
Specifies the protocol for which the translation entries must be cleared. |
None
EXEC
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.0.0 |
NAT44 instance was included in the command syntax. |
Release 4.3.0 |
The keyword, gre was added. |
![]() Caution | Because the clear cgn nat44 protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
This example shows how to clear the translation database entries for the TCP protocol:
RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------ 12.168.6.231 tcp 1231 2356 alg 875364 65345 RP/0/RP0/CPU0:router# clear cgn nat44 nat2 protocol tcp RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231 Inside-translation details ----------------------------------- NAT44 instance : nat2 Inside-VRF : insidevrf1 ------------------------------------------------------------------------------------------ Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------
Command | Description |
protocol (NAT44) |
|
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
To clear all translation database entries that are created dynamically for the specific NAT64 stateful instance, use the clear cgn nat64 stateful command in EXEC mode.
clear cgn nat64 stateful instance-name
instance-name |
NAT64 stateful instance. |
None
EXEC
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
![]() Caution | Because the clear cgn nat64 stateful command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
Command | Description |
Clears all the counters that are created for a NAT64 stateful instance | |
Clears translation database entries that are created dynamically for the specified IPv6 address. | |
Clears the translation database entries that are created dynamically for the specified port number | |
Clears the translation database entries that are created dynamically for the specified protocol | |
Clears all the statistics for a nat64 stateful instance |
To clear all the counters created for a NAT64 stateful instance, use the clear cgn nat64 stateful counters command in EXEC mode.
clear cgn nat64 stateful instance-name counters
instance-name |
NAT64 stateful instance. |
None
EXEC
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
![]() Caution | Because the clear cgn nat64 stateful counters command clears all counters, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
Command | Description |
Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance | |
Clears translation database entries that are created dynamically for the specified IPv6 address. | |
Clears the translation database entries that are created dynamically for the specified port number | |
Clears the translation database entries that are created dynamically for the specified protocol | |
Clears all the statistics for a nat64 stateful instance |
To clear translation database entries that are created dynamically for the specified IPv6 address, use the clear cgn nat64 stateful ipaddress command in EXEC mode.
clear cgn nat64 stateful instance-name ipaddress ipv6 address [ port port number protocol [ icmp | tcp | udp ] | protocol [ icmp | tcp | udp ] port port number ]
instance-name |
Instance name for stateful NAT64. |
ipv6 address |
Specifies the IPv6 address for which the translation entries must be cleared. |
protocol |
Displays the name of the protocols. |
icmp |
Displays the ICMP protocol. |
tcp |
Displays the TCP protocol. |
udp |
Displays the UDP protocol. |
port |
Displays the range of the port numbers from 1 to 65535. |
port number |
Specifies the port number within the range. |
None
EXEC
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
![]() Caution | Because the clear cgn nat64 stateful ipaddress command clears all translation database entries for the specified IPv6 address and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
Command | Description |
Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance | |
Clears all the counters that are created for a NAT64 stateful instance | |
Clears the translation database entries that are created dynamically for the specified port number | |
Clears the translation database entries that are created dynamically for the specified protocol | |
Clears all the statistics for a nat64 stateful instance |
To clear the translation database entries that are created dynamically for the specified port number, use the clear cgn nat64 stateful port command in EXEC mode.
clear cgn nat64 stateful instance-name port port number [ ipaddress IPv6 address protocol [ icmp | tcp | udp ] | protocol [ icmp | tcp | udp ] ipaddress IPv6 address ]
instance-name |
Instance name for stateful NAT64. |
port number |
Specifies the port number within the range. |
protocol |
Displays the name of the protocols. |
icmp |
Displays the ICMP protocol. |
tcp |
Displays the TCP protocol. |
udp |
Displays the UDP protocol. |
ipv6 address |
Specifies the IPv6 address for which the translation entries must be cleared. |
None
EXEC
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
![]() Caution | Because the clear cgn nat64 stateful port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
Command | Description |
Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance | |
Clears all the counters that are created for a NAT64 stateful instance | |
Clears translation database entries that are created dynamically for the specified IPv6 address. | |
Clears the translation database entries that are created dynamically for the specified protocol | |
Clears all the statistics for a nat64 stateful instance |
To clear the translation database entries that are created dynamically for the specified protocol, use the clear cgn nat64 stateful protocol command in EXEC mode.
clear cgn nat64 stateful instance-name protocol { icmp | tcp | udp } [ [ ipaddress IPv6 address port port number ] | [ port port number ipaddress IPv6 address ] ]
instance-name |
Instance name for stateful NAT64. |
port number |
Specifies the port number within the range. |
protocol |
Displays the name of the protocols. |
icmp |
Displays the ICMP protocol. |
tcp |
Displays the TCP protocol. |
udp |
Displays the UDP protocol. |
ipv6 address |
Specifies the IPv6 address for which the translation entries must be cleared. |
None
EXEC
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
![]() Caution | Because the clear cgn nat64 stateful protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution. |
Task ID |
Operations |
---|---|
cgn |
read |
Command | Description |
Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance | |
Clears all the counters that are created for a NAT64 stateful instance | |
Clears translation database entries that are created dynamically for the specified IPv6 address. | |
Clears the translation database entries that are created dynamically for the specified port number | |
Clears all the statistics for a nat64 stateful instance |
To clear all the statistics for a nat64 stateful instance, use theclear cgn nat64 stateful statistics command in EXEC mode.
clear cgn nat64 stateful instance-name statistics
instance-name |
Specifies the name of the nat64 stateful instance. |
statistics |
Specifies the nat64 stateful statistics. |
None
Exec
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
![]() Caution | Because the clear cgn nat64 stateful statistics command clears all statistics counters, use this command with caution. |
Task ID | Operation |
---|---|
cgn |
read |
Command | Description |
Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance | |
Clears all the counters that are created for a NAT64 stateful instance | |
Clears translation database entries that are created dynamically for the specified IPv6 address. | |
Clears the translation database entries that are created dynamically for the specified port number | |
Clears the translation database entries that are created dynamically for the specified protocol |
To clear all the statistics of a IPv6 Rapid Deployment (6RD) instance, use the clear cgn tunnel v6rd statistics command in EXEC mode.
clear cgn tunnel v6rd instance-name statistics
instance-name |
Specifies the name of the 6rd instance. |
statistics |
6rd instance statistics. |
None
Exec
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
![]() Caution | Because the clear cgn tunnel v6rd statistics command clears all statistics counters, use this command with caution. |
Task ID | Operation |
---|---|
cgn |
read |
This example shows the statistics entries for a 6RD instance:
RP/0/RP0/CPU0:router# show cgn tunnel v6rd 6rd1 statistics Tunnel 6rd configuration ========================= Tunnel 6rd name: 6rd1 IPv6 Prefix/Length: 2001:db8::/32 Source address: 9.1.1.1 BR Unicast address: 2001:db8:901:101::1 IPv4 Prefix length: 0 IPv4 Suffix length: 0 TOS: 0, TTL: 255, Path MTU: 1280 Tunnel 6rd statistics ====================== IPv4 to IPv6 ============= Incoming packet count : 2296951183 Incoming tunneled packets count : 2296951183 Decapsulated packets : 0 ICMP translation count : 0 Insufficient IPv4 payload drop count : 0 Security check failure drops : 0 No DB entry drop count : 0 Unsupported protocol drop count : 0 Invalid IPv6 source prefix drop count : 2296951183 IPv6 to IPv4 ============= Incoming packet count : 0 Encapsulated packets count : 0 No DB drop count : 0 Unsupported protocol drop count : 0 IPv4 ICMP ========== Incoming packets count : 0 Reply packets count : 0 Throttled packet count : 0 Nontranslatable drops : 0 Unsupported icmp type drop count : 0 IPv6 ICMP ========== Incoming packets count : 0 Reply packets count : 0 Packet Too Big generated packets count : 0 Packet Too Big not generated packets count : 0 NA generated packets count : 0 TTL expiry generated packets count : 0 Unsupported icmp type drop count : 0 Throttled packet count : 0 IPv4 to IPv6 Fragments ======================= Incoming fragments count : 0 Reassembled packet count : 0 Reassembled fragments count : 0 ICMP incoming fragments count : 0 Total fragment drop count : 0 Fragments dropped due to timeout : 0 Reassembly throttled drop count : 0 Duplicate fragments drop count : 0 Reassembly disabled drop count : 0 No DB entry fragments drop count : 0 Fragments dropped due to security check failure : 0 Insufficient IPv4 payload fragment drop count : 0 Unsupported protocol fragment drops : 0 Invalid IPv6 prefix fragment drop count : 0 IPv6 to IPv4 Fragments ======================= Incoming ICMP fragment count : 0 RP/0/RP1/CPU0:# ================================================================================= The RP/0/RP0/CPU0:router# clear cgn tunnel v6rd 6rd1 statistics command clears the output shown above.
Command | Description |
Displays the statistics information for an IPv6 Rapid Deployment (6RD) instance. |
To clear all the statistics for a map-e instance, use theclear cgv6 map-e statistics command in EXEC mode.
clear cgv6 map-e instance-name statistics
instance-name |
Specifies the name of the MAP-E instance. |
statistics |
Specifies the MAP-E statistics. |
None
Exec
Release | Modification |
---|---|
Release 5.3.2 |
This command was introduced. |
![]() Caution | Because the clear cgv6 map-e statistics command clears all statistics counters, use this command with caution. |
Task ID | Operation |
---|---|
cgv6 |
read |
To configure the number of contiguous ports for a MAP-E instance, use the contiguous-ports command in MAP-E configuration mode. To undo the configuration, use the no form of this command.
contiguous-ports number
number |
Number of contiguous ports. The value is in powers of 2. The range is from 1 to 65535. |
None
MAP-E configuration
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the number of contiguous ports for a MAP-E instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst RP/0/RP0/CPU0:router(config-cgn-map_e)# contiguous-ports 8
Command | Description |
Configures IPv4 or IPv6 address for a MAP-E instance. | |
Configures the IPv6 address of Address Family Transition Router (AFTR). | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the path Maximum Transmission Unit (MTU) of the tunnel. | |
Configures the port sharing ratio. |
To configure the number of contiguous ports for a MAP-T instance, use the contiguous-ports command in MAP-T configuration mode. To undo the configuration, use the no form of this command.
contiguous-ports number
number |
Number of contiguous ports. The value is in powers of 2. The range is from 1 to 65535. |
None
MAP-T configuration
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the number of contiguous ports for a MAP-T instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst RP/0/RP0/CPU0:router(config-cgn-mapt)# contiguous-ports 8
Command | Description |
Configures IPv4 or IPv6 address for a MAP-T instance. | |
Clears the statistics of a MAP-T instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. | |
Configures the port sharing ratio. | |
Displays the MAP-T instance statistics. | |
Configures traceroute translation algorithms. |
To configure the Customer Premises Equipment (CPE ) domain parameters, use the cpe-domain command in MAP-E configuration mode. To undo the configuration, use the no form of this command.
cpe-domain { ipv4 | ipv6 } [ prefix address ]
ipv4 |
Specifies IPv4 parameters. |
ipv6 | Specifies IPv6 parameters. |
prefix | Specifies the CPE domain IPv4 or IPv6 prefix. |
address / length |
IPv4 or IPv6 address and subnet mask. |
None
MAP-E configuration
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the CPE domain's IPv6 prefix:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst RP/0/RP0/CPU0:router(config-cgn-map_e)# cpe-domain ipv6 prefix 10:2::24/32
This example shows how to configure the CPE domain's IPv4 prefix:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst RP/0/RP0/CPU0:router(config-cgn-map_e)# cpe-domain ipv4 prefix 202.38.102.0/24
Command | Description |
Configures IPv4 or IPv6 address for a MAP-E instance. | |
Configures the IPv6 address of Address Family Transition Router (AFTR). | |
Configures the number of contiguous ports for a MAP-E instance. | |
Configures the path Maximum Transmission Unit (MTU) of the tunnel. | |
Configures the port sharing ratio. |
To configure the Customer Premises Equipment (CPE ) domain parameters, use the cpe-domain command in MAP-T configuration mode. To undo the configuration, use the no form of this command.
cpe-domain { ipv4 | ipv6 } [ prefix address ]
ipv4 |
Specifies IPv4 parameters. |
ipv6 | Specifies IPv6 parameters. |
prefix | Specifies the CPE domain IPv4 or IPv6 prefix. |
address / length |
Specifies IPv4 or IPv6 address and subnet mask. |
None
MAP-T configuration
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the CPE domain's IPv6 prefix:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst RP/0/RP0/CPU0:router(config-cgn-mapt)# cpe-domain ipv6 prefix 10:2::24/32
This example shows how to configure the CPE domain's IPv4 prefix:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst RP/0/RP0/CPU0:router(config-cgn-mapt)# cpe-domain ipv4 prefix 202.38.102.0/24
Command | Description |
Configures IPv4 or IPv6 address for a MAP-T instance. | |
Clears the statistics of a MAP-T instance. | |
Configures the number of contiguous ports for a MAP-T instance. | |
Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. | |
Configures the port sharing ratio. | |
Displays the MAP-T instance statistics. | |
Configures traceroute translation algorithms. |
To test the integrity of the ServiceApp data path and to shut down the SVI in case of a failure, use the datapath-test command in the 6rd configuration mode. To undo the detection of the failure and shutdown, use the no form of this command.
datapath-test [ shut-down-on-failure ]
shut-down-on-failure |
(Optional) If configured, the ServiceApp Interfaces for IPv4 and IPv6 are shut down when any of these interfaces fails. Use this option only if redundant CGSEs capable of handling the traffic, when the failed ServiceApp interfaces are shutdown, are configured. |
None
6RD configuration
Release | Modification |
---|---|
Release 5.2.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to shut down the interface:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv4 RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 100 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 101 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-afi)# exit RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# datapath-test shut-down-on-failure
To set the DF (Do not Fragment) bit to 0, use the df-override command . To restore the default behavior, use the no form of this command.
df-override
df-override |
Specifies the df-override bit. |
The df-override bit is set to 1.
CGN-NAT64
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
Use the df-override command to set the DF bit to 0 when translating IPv6 packets to IPv4 packets, provided the original IPv6 packet size is less than 1280 bytes and there is no Fragment header.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the df-override command for the NAT64 stateless configuration.
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# df-override
Command | Description |
| Enters the IPv6 address family configuration mode. |
| Enables the application SVI interface. |
| Resets the received packet size. |
| Enables an instance for the CGN application. |
| Creates a nat64 stateless application |
| Adjusts the TCP maximum segment size value for a ServiceApp interface. |
| Configures the traffic class value to be used when translating a packet from IPv4 to IPv6 |
To configure ports dynamically ranging from 1 to 65535, use the dynamic-port-range command in NAT64 stateful configuration mode. To undo the configuration, use the no form of this command.
dynamic-port-range start port-number
start | Specifies the starting range of port numbers. |
value |
Specifies the port number to be dynamically configured. The range is from 1 to 65535. |
None
NAT64 stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to dynamically configure ports for a NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# dynamic-port-range start 66 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#
Command | Description |
Configures IPv4 or IPv6 address on a NAT64 instance. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Converts an IPv6 address to an IPv4 address. | |
Restricts the number of ports used by an IPv6 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Specifies the outbound refresh direction. | |
Creates a NAT64 stateful instance. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
To configure the dynamic port range start value for a CGN NAT 44 instance, use the dynamic port range start command in the EXEC mode. These ports include TCP, UDP, and ICMP.
dynamic port range start value
value |
The value ranges between 1 to 65535. |
When the value is not configured, then the dynamic translations start from 1024.
CGN-NAT44 Configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to execute the dynamic port range start value as 1048 for a NAT44 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1 RP/0/RP0/CPU0:router#(config-cgn-nat44)dynamic port range start 1048
To configure the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses, use the external-domain command in MAP-T configuration mode. To undo the configuration, use the no form of this command.
external-domain ipv6 prefix address subnet mask
ipv6 | Specifies IPv6 parameters. |
prefix | Specifies the external domain IPv6 prefix. |
address / length |
Specifies IPv4 or IPv6 address and subnet mask. |
None
MAP-T configuration
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the external domain's IPv6 prefix:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst RP/0/RP0/CPU0:router(config-cgn-mapt)# external-domain ipv6 prefix 10:2::24/64
Command | Description |
Configures IPv4 or IPv6 address for a MAP-T instance. | |
Clears the statistics of a MAP-T instance. | |
Configures the number of contiguous ports for a MAP-T instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the port sharing ratio. | |
Displays the MAP-T instance statistics. | |
Configures traceroute translation algorithms. |
To enable the external-logging facility for a DS-Lite instance, use the external-logging command in DS-Lite configuration mode. To disable external-logging, use the no form of this command.
external-logging netflow9
netflow9 |
Netflow version 9 protocol is used for external logging. |
By default, external-logging is disabled.
DS-Lite configuration mode
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
The external-logging facility supports only netflow version 9.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to externally log data for a DS-Lite instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9 RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)#
To enable the external-logging facility for a DS-Lite instance, use the external-logging command in DS-Lite configuration mode. To disable external-logging, use the no form of this command.
external-logging syslog server { address |{ address port number} host-name |{ name} path-mtu{ value} }
syslog |
Logs syslog information to an external server. |
server |
Specifies the location of the server to log the syslog information. |
address |
Specifies the IPv4 or IPv6 address of the server. |
host-name |
Specifies the host name used in syslog header. |
path-mtu |
Specifies the mtu of the path used for logging information. |
By default, external-logging is disabled.
DS-Lite configuration mode
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to log syslog information for a DS-Lite instance:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#external-logging syslog RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)#server RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#address 10.2.1.10 port 65 RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#
To enable the external-logging facility for an inside VRF of a CGN instance, use the external-logging command in CGN inside VRF NAT44 configuration mode. To disable external-logging, use the no form of this command.
external-logging netflow version 9
netflow version 9 |
Netflow version 9 protocol is used for external logging. |
By default, external-logging is disabled.
CGN Inside VRF NAT44 configuration mode
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Release 4.0.0 |
The keyword netflow v9 has been modified to netflow version 9 . |
The external-logging command enters CGN inside VRF address family external logging configuration mode.
You can use NetFlow to export NAT table entries.
The external-logging facility supports only netflow version 9.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to enter the configuration mode for the netflow version 9 external-logging facility:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50
To enable the external-logging facility for syslog data, use the external-logging command in CGN inside VRF NAT44 configuration mode. To disable external-logging, use the no form of this command.
external-logging syslog server { address |{ address port number} host-name |{ name} path-mtu value protocol protocol-type }
syslog |
Logs syslog information to an external server. |
server |
Specifies the location of the server to log the syslog information. |
address |
Specifies the IPv4 or IPv6 address of the server. |
host-name |
Specifies the host name used in syslog header. |
path-mtu |
Specifies the mtu of the path used for logging information. |
protocol |
Specifies the layer 4 protocol used for logging information. |
By default, external-logging is disabled.
CGN Inside VRF NAT44 configuration mode
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example show how to log syslog information for a NAT44 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging syslog RP/0/RP0/CPU0:router(config-cgn-invrf-syslog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# address 10.10.0.0 port 50 RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)#
To enable the external-logging facility for a NAT64 stateful instance, use the external-logging command in NAT64 Stateful configuration mode. To disable external-logging, use the no form of this command.
external-logging netflow version 9
netflow version 9 |
Netflow version 9 protocol is used for external logging. |
By default, external-logging is disabled.
NAT64 stateful configuration mode
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to enter the configuration mode for the netflow version 9 external-logging facility:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#
Command | Description |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
Configures ports dynamically. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Converts an IPv6 address to an IPv4 address. | |
Restricts the number of ports used by an IPv6 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Specifies the outbound refresh direction. | |
Creates a NAT64 stateful instance. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
filter-policy
ignore-port |
This keyword is used to ignore the checking based on port. If this keyword is not specified, then the address as well as the port are checked. |
This command is disabled by default.
NAT44 Configuration Mode
Release | Modification |
---|---|
Release 5.1.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure filter policy for a NAT44 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)#filter-policy
To configure address-dependant filter policy, use the filter-policy command in NAT64 stateful configuration mode. To undo the configuration, use the no form of this command.
filter-policy
This command has no keywords or arguments.
None
NAT64 stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure address-dependant filter policy for a NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# filter-policy RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#
To enter the firewall mode and the protocol sub-mode, use the firewall command. To exit the firewall mode, use the no firewall command.
firewall
protocol tcp |
By specifying this keyword, the TCP protocol is selected. And the TCP related configuration can be defined. |
None
NAT44 Configuration Mode
Release | Modification |
---|---|
Release 5.1.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to define TCP-related configuration for a NAT44 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)#firewall protocl tcp
To specify the time interval to store packet fragments, use the fragment-timeout command in NAT64 stateful configuration mode. To delete the time interval, use the no form of this command. The default timeout value is 2 seconds.
fragment-timeout value
value |
Specifies the timeout value in seconds. The range is from 0 to 15. |
2 seconds
NAT64 stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to specify the time interval to store packet fragments for a NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# fragment-timeout 10 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#
To enable a CGN service role on a specified location, use the hw-module service cgn location command in global configuration mode. To disable the CGN service role at the specified location, use the no form of this command.
hw-module service cgn location node-id
node-id |
Location of the service card for CGN that you want to configure. The node-id argument is entered in the rack/slot/module notation. |
None
Global configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
root-lr |
read, write |
This example shows how to configure the CGN service for location 0/2/CPU0:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# hw-module service cgn location 0/2/CPU0
Command | Description |
| Enables the application SVI interface. |
| Enables the infrastructure SVI interface. |
| Enables an instance for the CGN application. |
| Enables the particular instance of the CGN application on the active and standby locations. |
To enter inside VRF configuration mode for a NAT44 instance, use the inside-vrf command in NAT44 configuration mode. To disable this feature, use the no form of this command.
inside-vrf vrf-name
vrf-name |
Name for the inside VRF. |
None
NAT44 configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
The inside-vrf command enters NAT44 inside VRF configuration mode.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to enter inside VRF configuration mode:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)#
Command | Description |
| Enables external logging of a NAT44 instance. |
protocol (NAT44) |
|
| Enables an instance for the CGN application. |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
To enable the application SVI interface, use the interface ServiceApp command in global configuration mode. To disable a particular service application interface, use the no form of this command.
interface ServiceApp value
value |
Total number of service application interfaces to be configured. Range is from 1 to 2442000. |
None
Global configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
The total number of service application interfaces per multi-service PLIM card cannot exceed 889.
The name of the serviceapp interfaces is serviceapp n where n can be a number between 1 to 2442000.
Task ID |
Operations |
---|---|
interface |
read, write |
This example shows how to configure a nat64 stateless service application interface:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type nat64 stateless xlat1 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)#address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)#interface ServiceApp 461
This example shows how to configure 6rd service application interface:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)#address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 46
This example shows how to configure a nat44service application interface:
RP/0/RP0/CPU0:router#configure RP/0/RP0/CPU0:router(config)#interface ServiceApp 1 RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)#address-family ipv4
This example shows how to configure a DDoS TMS service application interface:
RP/0/RP0/CPU0:router#configure RP/0/RP0/CPU0:router(config)#interface ServiceApp 1 RP/0/RP0/CPU0:router(config-if)#service sesh sesh1
To enable the infrastructure SVI interface, use the interface ServiceInfra command in global configuration mode. To disable a particular service infrastructure interface, use the no form of this command.
interface ServiceInfra value
value |
Total number of service infrastructure interfaces to be configured. Range is from 1 to 2000. |
None
Global configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
Only one service infrastructure interface can be configured per ISM.
![]() Note | The Infra SVI interface and its IPv4 address configuration are required to boot the CGSE. The IPv4 address is used as the source address of the netflow v9 logging packet. |
Task ID |
Operations |
---|---|
interface |
read, write |
This example shows how to configure one service infrastructure interface:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1 RP/0/RP0/CPU0:router(config-if)#ipv4 address 3.1.1.1 255.255.255.248 RP/0/RP0/CPU0:router(config-if)#service-location 0/1/CPU0
To assign a value for the ipv4-prefix length to be used as part of both ends of tunnel, use the ipv4 prefix command in 6RD configuration mode. To remove the ipv4 prefix, use the no form of this command.
ipv4 prefix length value
length |
Indicates the IPv4 prefix length to be used while deriving the delegated IPv6 prefix. |
value |
IPv4 prefix length value. The range is from 0 to 31. |
None
6RD configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
This command assigns a value for the common ipv4 prefix length to be used as part of both ends of the tunnel. This is an optional br (Border Relay) tunnel configuration parameter. If this parameter is added or modified, the unicast address must be modified.
The sum of the ipv4 prefix length and ipv4 suffix length must not exceed 31. This value is used to calculate 6RD delegated prefix.
Once configured, the ipv4 prefix cannot be deleted individually. It must be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the ipv4 prefix length:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv4 prefix length 16
Command | Description |
Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel. | |
Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. | |
Assigns an ipv4 address as the tunnel source address. | |
Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. |
To assign a value for the ipv4-suffix length to be used as part of both ends of a tunnel, use the ipv4 suffix command in 6RD configuration mode. To remove the ipv4 suffix, use the no form of this command.
ipv4 suffix length value
ipv4 suffix length |
Specifies the IPv4 suffix length to be used while deriving the delegated IPv6 prefix. |
value |
Length of the IPv4 suffix. The range is from 0 to 31. |
None
6RD configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
This command assigns a value for the common ipv4 suffix length to be used as part of both ends of the tunnel. This is an optional br (Border Relay) tunnel configuration parameter. If this parameter is added or modified, the unicast address should also be modified.
![]() Note | The sum of the ipv4 prefix length and ipv4 suffix length must not exceed 31. This value is used to calculate 6RD delegated prefix. |
![]() Note | Once configured, the ipv4 suffix cannot be deleted individually. It must be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address. |
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the ipv4 suffix length:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv4 suffix length 15
Command | Description |
Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel. | |
Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. | |
Assigns an ipv4 address as the tunnel source address. | |
Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. |
To assign an ipv4 address pool to be used by a NAT64 stateful instance and to map an internal ipv6 address to a public ipv4 address, use the ipv4 command in NAT64 stateful configuration mode. To unassign the address pool, use the no form of this command.
The maximum number of address pools that can be assigned is 8.
ipv4 address-pool address/prefix
address-pool |
Specifies the IPv4 address pool. |
address/prefix |
Indicates the start address and prefix of the address pool |
None
NAT64 stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to assign an IPv4 address pool for a NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# ipv4 address-pool 10.2.2.24/3
Command | Description |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
Configures ports dynamically. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Converts an IPv6 address to an IPv4 address. | |
Restricts the number of ports used by an IPv6 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Specifies the outbound refresh direction. | |
Creates a NAT64 stateful instance. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
To generate the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application, use the ipv6-prefix command in 6RD configuration mode. To remove the ipv6 prefix assigned for the application, use the no form of this command.
ipv6-prefix X:X::X/length IPV6 subnet mask
X:X::X/length |
IPv6 address. |
None
6RD configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
The ipv6-prefix command is used for Border Relay (BR) tunnel configurations. It is used to generate a delegated ipv6 prefix for the BR-related configuration. This is a mandatory br tunnel parameter. All mandatory parameters must be added or deleted at the same time.
![]() Note | For a given 6RD domain, there is exactly one 6RD prefix. The ipv6-prefix command is used to convert the ipv4 address into ipv6 address for use by the 6RD domain. |
![]() Note | For a 6RD tunnel, configure the ipv6-prefix, ipv4 source-address, and unicast IPv6 address in a single commit operation. Once configured, the ipv6-prefix cannot be deleted individually. It must be deleted along with all the br tunnel configuration parameters. |
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to enter the ipv6-prefix for the 6RD CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv6-prefix 2010:db8:ff00::/40
Command | Description |
Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel. | |
Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel. | |
Assigns an ipv4 address as the tunnel source address. | |
Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. |
To convert an IPv6 address to an IPv4 address, use the ipv6-prefix command in NAT64 stateful configuration mode. To use the default prefix - 64:FF9B::/96, use the no form of this command.
ipv6-prefix ipv6 address and prefix
ipv6 address and prefix |
Specifies the IPv6 address and prefix. |
Default prefix - 64:FF9B::/96
NAT64 stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure an IPv6 prefix:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# ipv6-prefix 2001:db8::/32
Command | Description |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
Configures ports dynamically. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Restricts the number of ports used by an IPv6 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Specifies the outbound refresh direction. | |
Creates a NAT64 stateful instance. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
To map an outside VRF and address pool to an inside vrf, use the map command in CGN inside VRF NAT44 configuration submode. To explicitly pair the inside and the outside Service Application Interfaces (ServiceApps), use the outsideserviceapp option. Suppose if there are 4 or more ServiceApps configured, then there are chances that two or more inside ServiceApps get paired to the same outside ServiceApp, thus excluding other outside ServiceApps. Because of this mapping, the unpaired ServiceApps may drop traffic in the egress path. Hence the explicit pairing is required between an inside ServiceApp and an outside ServiceApp. To remove the outside VRF, explicit ServiceApp pairing, and address pool mapping for the specified inside VRF of a CGN instance, use the no form of this command.
map [ outsideserviceapp serviceapp serviceapp-number ] [ outside-vrf outside-vrf-name ] address-pool address /prefix
outsideserviceapp |
Pairs the inside and the outside ServiceApps explicitly. |
serviceapp |
Service application interfaces that need to be paired. |
serviceapp-number |
Number that indicates each ServiceApp. The range is from 1 to 2000. |
outside-vrf |
Maps to a given outside VRF. |
outside-vrf-name |
Name of outside VRF. |
number |
Number that indicates each service application. The range is from 1 to 2000. |
address-pool |
Address pool to which the inside VRF is mapped. |
address/prefix |
Network address and prefix for the address pool. The prefix must not be less than 16. |
address/prefix |
Network address and prefix for the address pool. The minimum prefix value is 30. |
None
CGN inside VRF NAT44 configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
The map command maps the inside VRF to an outside VRF and assigns an outside address pool for the mapping.
If the outside VRF name is not specified, the default VRF is considered.
There is only one NAT44 instance for each CGN instance. An inside-VRF can be present in only one CGN instance. One inside-VRF can be mapped to only one outside-VRF. There can be multiple non-overlapping address-pools in a particular outside-VRF. The address pools being used on a CRS box for the outside-VRFs must not overlap with each other. An outside-VRF can be present in multiple CGN instances with different address pools. If the outside-VRF name is not specified, the default VRF is enabled.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the outside VRF and to assign the outside address pool for the mapping:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# map outside-vrf outsidevrf1 address-pool 10.2.2.0/24
This example shows how to explicitly pair the inside and outside ServiceApps.
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# map outsideserviceapp serviceapp 2 outside-vrf ovrf1 address-pool 10.2.2.0/24
Command | Description |
| Enters inside VRF configuration mode for a NAT44 instance. |
| Enables an instance for the CGN application. |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
To map a private IPv4 source address coming over the DS-Lite tunnel to an address in a IPv4 public address pool, use the map command in CGN DS-Lite configuration mode. To undo the mapping, use the no form of this command.
map address-pool address/prefix
address-pool |
Specifies the IPv4 map address pool. |
address/prefix |
Specifies the address and prefix for the address pool. |
None
CGN DS-Lite configuration mode
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to map a private IPv4 source address coming over the DS-Lite tunnel to an address in a IPv4 public address pool:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#map address-pool 10.1.1.2/2 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#
To enable the mirroring the data packets and filter the traffic based on the set of parameters, use the mirror-packets command in CGN inside VRF external logging server configuration mode. To disable the configuration, use the no form of this command.
mirror-packets destination-ipv4-address protocol-type port source-prefix collector-ipv4-address
mirror-packets |
Configures the data traffic to be mirrored to a configured destination (host) IPv4 address. |
destination-ipv4-address |
IPv4 address of the destination (host) |
protocol type |
The protocol type used. |
port |
Configures the inside port for static forwarding. The port keyword allows a specific UDP, TCP, or ICMP port on a global address to be translated to a specific port on a private address. |
source-prefix |
Source IPv4 address. |
collector-ipv4-address |
IPv4 address of the collector. |
CGN inside VRF external logging server configuration
Release | Modification |
---|---|
Release 5.2.2 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
The following example shows how to configure mirroring the data packets with the destination IPv4 address, protocol type, port number, source-prefix, and collector IPv4 address.
service cgn cgn1 service-location preferred-active 0/1/CPU0 service-type nat44 nat1 inside-vrf BLR_BTM3 mirror-packets destination-ipv4-address 201.22.3.45 protocol-type tcp udp port 4002 source-prefix 100.1.1.252/30 ! collector-ipv4-address 187.2.4.5 ! ! ! !
To enable the TCP maximum segment size (MSS) adjustment value for a DS-Lite instance and to adjust the MSS value of the TCP SYN packets going through, use the mss command in DS-Lite configuration mode. To disable the packets to override the TCP MSS value, use the no form of this command.
mss size
size |
Size, in bytes, to be applied for the MSS value. Range is from 28 to 1500. |
By default, the TCP maximum segment size (MSS) adjustment is disabled.
DS-Lite configuration mode
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
The MSS value, which is configured using the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.
The mss command adjusts the MSS value of the TCP SYN packets.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the mss value for a DS-Lite instance:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#mss 66
To enable the TCP maximum segment size (MSS) adjustment value for an inside VRF of a specified CGN instance and to adjust the MSS value of the TCP SYN packets going through, use the mss command in CGN inside VRF NAT44 protocol configuration mode. To disable the packets to override the TCP MSS value, use the no form of this command.
mss size
size |
Size, in bytes, to be applied for the MSS value. Range is from 28 to 1500. |
Default is disabled for the TCP maximum segment size (MSS) adjustment.
CGN inside VRF NAT44 protocol configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
The MSS value, which is configured using the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.
The mss command adjusts the MSS value of the TCP SYN packets.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to configure TCP MSS value as 1100 for the CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# mss 1100
To enter the predefined mode for NAT44, use the nat-mode command. To disable this mode, use the no nat-mode command.
nat-mode { predefined }
predefined |
Maps a private IP address to a specific port range of the corresponding public IP address. This keyword is for the predefined mode. |
None
Global configuration mode
Release | Modification |
---|---|
Release 4.3.2 |
This command was introduced. |
Release 5.2.0 |
This command was modified. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
Applicable until Release 5.1.x. RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# map address-pool 198.12.0.0/24 RP/0/RP0/CPU0:router(config-cgn-invrf)# nat-mode predefined RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)#
Applicable for Release 5.2.x and above. RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)#inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)#map outside-vrf blue address-pool 100.0.0.0/24 RP/0/RP0/CPU0:router(config-cgn-invrf)#nat-mode RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)#predefined private-pool 103.1.106.0/24
To configure the ipv4 tunnel MTU (Maximum Transmission Unit) size in bytes, use the path-mtu command in 6RD configuration mode. To reset the MTU to its default value, use the no form of this command.
path-mtu value
value |
Path-MTU value, in bytes. The range is from 1280 to 1480. |
None
6RD configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
This command configures the path MTU size, in bytes, for the ipv4 tunnel. If the size of any incoming packet is more than this path MTU, then an ICMP error is sent as a response.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the path-mtu with the value of 1500:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# path-mtu 1500
To assign the path Maximum Transmission Unit (MTU) for the tunnel between routers for every ds-lite instance, use the path-mtu command in DS-Lite configuration mode. To delete the mtu value, use the no form of this command.
path-mtu value
value |
Specifies the MTU value of the tunnel in bytes. The range is from 1280 to 9216. The default value is 1280, which is the minimum IPv6 path MTU. |
None
DS-Lite configuration
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to assign the path mtu for the tunnel between routers:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#path-mtu 1282 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#
Command | Description |
protocol (NAT44) |
|
To set the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information of a DS-Lite instance, use the path-mtu command in DS-Lite external logging server configuration mode. To return to the default behavior, use the no form of this command.
path-mtu value
value |
Specifies the path mtu value in bytes. The range is from 100 to 2000. |
None
DS-Lite external logging server configuration mode
Release | Modification |
---|---|
Release 4.2.1 | This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to set the path-mtu value for a DS-Lite instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9 RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# path-mtu 200
Command | Description |
| |
| |
Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance. |
To configure the path Maximum Transmission Unit (MTU) of the tunnel, use the path-mtu command in MAP-E configuration mode. To undo the configuration, use the no form of this command.
path-mtu value
value |
Tunnel path MTU value, in bytes. The range is from 1280 to 9216. |
None
MAP-E configuration
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the tunnel path MTU value:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst RP/0/RP0/CPU0:router(config-cgn-map_e)# path-mtu 1300
Command | Description |
Configures IPv4 or IPv6 address for a MAP-E instance. | |
Configures the IPv6 address of Address Family Transition Router (AFTR). | |
Configures the number of contiguous ports for a MAP-E instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the port sharing ratio. |
To configure the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a NAT44 instance, use the path-mtu command in NAT44 inside VRF address family external logging server configuration mode. To revert back to the default of 1500, use the no form of this command. This command restricts the maximum size of the Netflow-version 9 logging packet
path-mtu value
value |
Value, in bytes, of the path-mtu for the netflowv9-based external-logging facility. Range is from 100 to 9200. |
By default, the value of the path-mtu for the netflowv9-based external-logging facility is set to 1500.
NAT44 inside VRF address family external logging server configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
This NAT44 specific command configures the value of the path-mtu for the netflowv9 based external logging facility for an inside-VRF of NAT44 instance.
This command restricts the maximum size of the Netflow-v9 logging packet. The path-mtu value ranges from 100 to 9200. The netflowv9-based external-logging facility is exported by using the NAT table entries.
![]() Note | Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied. |
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to configure the path-mtu with the value of 2900 for the netflowv9-based external-logging facility:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# path-mtu 2900
Command | Description |
| Enables external logging of a NAT44 instance. |
| Enters inside VRF configuration mode for a NAT44 instance. |
| Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility. |
| Enables an instance for the CGN application. |
To set the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information for a NAT64 Stateful instance, use the path-mtu command in NAT64 Stateful configuration mode. To return to the default behavior, use the no form of this command.
path-mtu value
value |
Specifies the path mtu value in bytes. The range is from 100 to 2000. |
None
NAT64 Stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to set the path-mtu value for a NAT64 Stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# path-mtu 200
Command | Description |
|
|
Configures the refresh rate to log NetFlow-based external logging information. | |
Enables session logging for a NAT64 Stateful instance. | |
Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. |
To configure a PCP server for a DS-Lite instance, use the pcp-server command in DS-Lite configuration mode. To undo the configuration, use the no form of this command.
pcp-server port port number
pcp-server |
Specifies the PCP server to be configured. |
port |
Specifies the port of the PCP server. |
port number |
The port number range is from 1 to 65535. The default port number is 5351. |
None
DS-Lite configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure a PCP server for a DS-Lite instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst RP/0/RP0/CPU0:router(config-cgn-ds-lite)# pcp-server port 66
To configure a PCP server for a NAT44 instance, use the pcp-server command in NAT44 configuration mode. To undo the configuration, use the no form of this command.
pcp-server address IPv4 address port port number
pcp-server |
Specifies the PCP server to be configured. |
address | Specifies the address of the PCP server. |
IPv4 address | IPv4 address. |
port | Specifies the port of the PCP server. |
port number |
The port number range is from 1 to 65535. The default port number is 5351. |
None
Exec
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure a PCP server for a NAT44 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat-44-inst RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst RP/0/RP0/CPU0:router(config-cgn-invrf)# pcp-server address 10.2.2.30 port 66
Command | Description |
Configures a Port Control Protocol (PCP) server for a DS-Lite instance. |
To restrict the number of entries per private IPv4 address for a given ds-lite instance, use the port-limit command in DS-Lite configuration mode. To delete the port-limit values, use the no form of this command.
port-limit value
value |
Specifies the value of the port-limit. The range is from 1 to 65535. The default value is 100. |
None
DS-Lite configuration
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to restrict the number of entries per address on a given DS-Lite instance:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#port-limit 500 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#
Command | Description |
protocol (NAT44) |
|
To limit the number of translation entries per source address, use the portlimit command in CGN configuration mode. To revert back to the default value of 100, use the no form of this command.
portlimit value
value |
Value for the port limit. Range is from 1 to 65535. |
If the port limit is not configured, the default value is 100 per CGN instance.
CGN configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
This is a NAT44 service type specific command to be applied for each CGN instance.
The portlimit command configures the port limit per subscriber for the system, including TCP, UDP, and ICMP. In addition, the portlimit command restricts the number of ports that is used by an IPv4 address; for example, it limits the number of CNAT entries per IPv4 address in the CNAT table.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how the port-limit needs can increased from the default value of 100 to a higher value of 500:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# portlimit 500
Command | Description |
| Enables an instance for the CGN application. |
To limit the number of translation entries of each source address, for each VRF instance, use the portlimit command in Inside-VRF configuration mode. To return to the default value of 100, use the no form of this command.
portlimit value
value |
Value for the port limit. The range is from 1 to 65535. |
By default, there are 100 translation entries for each VRF instance.
Inside-VRF configuration
Release |
Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to set the port-limit of 500 for a VRF instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf invrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# portlimit 500
Command | Description |
| Allocates a number of contiguous outside ports in bulk to reduce Netflow/Syslog data volume. |
| Enables external logging of a NAT44 instance. |
| Enables external logging of the syslog data for a NAT44 instance. |
To restrict the number of ports used by an IPv6 address, use the portlimit command in NAT64 stateful configuration mode. To use the default port limit of 100 per NAT64 instance, use the no form of this command.
portlimit value
value |
Specifies the port limit value. The range is from 1 to 65535. |
100 ports per NAT64 stateful instance
NAT64 stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to set a port limit on a NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# portlimit 600
Command | Description |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
Configures ports dynamically. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Converts an IPv6 address to an IPv4 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Specifies the outbound refresh direction. | |
Creates a NAT64 stateful instance. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
To create a port-set with a unique name, use the port-set command in the Carrier Grade NAT (CGN) configuration mode. To delete the port-set, use the no form of this command.
port-set name
name |
Specifies the name of the port-set to be created. |
None
CGN configuration mode
Release | Modification |
---|---|
Release 5.3.1 |
This command was introduced. |
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to create a port-set for a CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# port-set set1 RP/0/RP0/CPU0:router(config-cgn-portset)#
To create a pool of private addresses that have to be assigned to the subscribers in a VPN Routing and Forwarding (VRF), use the private-pool command. To disable the pool of addresses, use the no private-pool command.
private-pool ip address/prefix
ip address/prefix |
Specifies the address and the prefix for the private pool of IP addresses. |
none
Global Configuration mode
Release | Modification |
---|---|
Release 4.3.2 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure a private pool of IP addresses:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# map address-pool 198.12.0.0/16 RP/0/RP0/CPU0:router(config-cgn-invrf)# nat-mode predefined RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)# private-pool 192.1.106.0/16
To enter ICMP, TCP, and UDP protocol configuration mode for a given CGN instance, use the protocol command in the appropriate configuration mode. To remove all the features that are enabled under the protocol configuration mode, use the no form of this command.
protocol { icmp | tcp | udp } { mss | <28-1500> } { static-forward inside address | <A.B.C.D> | port | <1-65535> }
icmp |
Enters ICMP protocol configuration mode. |
tcp |
Enters TCP protocol configuration mode. |
udp |
Enters UDP protocol configuration mode. |
<28-1500> |
Maximum segment size to be used in bytes. |
static-forward |
Configures a static port. |
inside |
Specifies inside network configuration.. |
address |
Specifies the inside address for static-forward. |
<A.B.C.D> |
Specifies the inside IP address. |
address |
Specifies the port number for static-forward. |
None
CGN inside VRF NAT44 configuration mode
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
The protocol command enters the appropriate CGN NAT44 configuration mode.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the ICMP protocol for a CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol icmp RP/0/RP0/CPU0:router(config-cgn-invrf-icmp)# static-forward inside address 192.0.2.1 port 650
Command | Description |
| Enables an instance for the CGN application. |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
To configure the protocol to be used to transfer the NetFlow and Syslog records for external logging, use the protocol command.
protocol { tcp | udp }
tcp |
Enables reliable log transfer feature. TCP is used to transfer the NetFlow and Syslog records to an external NetFlow or Syslog server. |
udp |
UDP is used to transfer the NetFlow and Syslog records to an external NetFlow or Syslog server. |
UDP is the default protocol used to transfer the NetFlow and Syslog records.
CGN Inside VRF NAT44 configuration mode
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the TCP as the protocol to transfer the NetFlow records:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)#protocol tcp
This example shows how to configure the TCP as the protocol to transfer the Syslog records:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging syslog RP/0/RP0/CPU0:router(config-cgn-invrf-syslog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# address 10.10.0.0 port 50 RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# protocol tcp
To enter the TCP and UDP protocol configuration mode and specify the ports to be preserved, use the protocol command in the port-set configuration mode. To remove the ports that are preserved, use the no form of this command.
protocol { udp | tcp } {preserve-ports port-number}
udp |
Enters the UDP protocol configuration mode. |
tcp |
Enters the TCP protocol configuration mode. |
preserve-ports |
Preserves the ports. |
port number |
Port number. The range is from 1 to 4294967295. Users can enter up to 20 port numbers separated by space per protocol. |
None
Port-set configuration mode.
Release | Modification |
---|---|
Release 5.3.1 |
This command was introduced. |
The no form of the protocol command must not be used when the port-set is in use by an inside-vrf instance. However, users can modify the port-numbers under the TCP or UDP protocol.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to enter the protocol configuration mode and specify the ports to be preserved:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# port-set set1 RP/0/RP0/CPU0:router(config-cgn-portset)# protocol udp RP/0/RP0/CPU0:router(config-cgn-proto)# preserve-port 1021 1031 1041 1101 1202 1303 1404 15015 1606 RP/0/RP0/CPU0:router(config-cgn-portset)# protocol tcp RP/0/RP0/CPU0:router(config-cgn-proto)# preserve-port 1020 1050 1100 1200 1300 1400 1500 1600
To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.
protocol { icmp | tcp | udp } { session | active | initial } {timeout value}
icmp | Enters the ICMP protocol configuration mode. |
tcp | Enters the TCP protocol configuration mode. |
udp | Enters the UDP protocol configuration mode. |
session | Session related configuration. |
active |
Active session timeout |
initial | Initial session timeout |
timeout | Session timeout |
value | Timeout in seconds. The range is from 1 to 65535. |
None
DS-Lite configuration mode
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure TCP protocol for a DS-Lite instance:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)# session active timeout 56 RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#
This example shows how to configure static forwarding in a TCP session for a DS-Lite instance:
RP/0/RP0/CPU0:router# config RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#static-forward inside address RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto-addr)#tunnel-source 10:2::2/22 host 10.1.1.2 port 64 RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto-addr)#
To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.
protocol { gre | icmp | tcp | udp } { session | active | initial } {timeout value}
gre |
Enters the GRE protocol configuration mode. |
icmp |
Enters the ICMP protocol configuration mode. |
tcp |
Enters the TCP protocol configuration mode. |
udp |
Enters the UDP protocol configuration mode. |
session |
Session related configuration. |
active |
Active session timeout |
initial |
Initial session timeout |
timeout |
Session timeout |
value |
Timeout in seconds. The range is from 1 to 65535. |
None
NAT44 configuration mode
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
Release 4.3.0 |
The keyword, gre was added. |
The protocol command enters the appropriate CGN AFI configuration mode.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the ICMP protocol for a CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol icmp timeout 120
This example shows how to configure the UDP protocol for a CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp session initial timeout 120 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp session active timeout 180
This example shows how to configure the TCP protocol for a CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp session active timeout 180
RP/0/RP0/CPU0:router#configure RP/0/RP0/CPU0:router(config)#service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat44-1 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol gre RP/0/RP0/CPU0:router(config-cgn-nat44-proto)#
To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command in NAT64 stateful configuration mode. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.
protocol { icmp | tcp | udp } [{address IPv4 address} {port port number} {timeout value} {v4-init-timeout value} session { active | initial } ]
icmp | Enters the ICMP protocol configuration mode. |
tcp | Enters the TCP protocol configuration mode. |
udp | Enters the UDP protocol configuration mode. |
address | Specifies the IPv4 address for which the timeout value to be set. |
IPv4 address | IPv4 address. |
port | Specifies the port for which the timeout value to be set. |
port number | Port number. the range is from 1 to 65535. |
timeout | Specifies the session timeout |
value | Timeout in seconds. The range is from 1 to 65535. |
v4-init-timeout | Specifies the v4 initiated sessions for which the timeout value to be set. |
value | Timeout in seconds. The range is from 1 to 65535. |
session | Specifies the session related configuration. |
active |
Active session timeout |
initial | Initial session timeout |
None
NAT64 stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure timeout for a TCP session per NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol tcp RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#session active timeout 90
This example shows how to configure timeout for a UDP session per NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol udp RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#timeout 90
This example shows how to configure timeout for an ICMP session per NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol icmp RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#timeout 90
Command | Description |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
Configures ports dynamically. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Converts an IPv6 address to an IPv4 address. | |
Restricts the number of ports used by an IPv6 address. | |
Specifies the outbound refresh direction. | |
Creates a NAT64 stateful instance. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
To reset the received packet size to 1280 when the received ipv4 ICMP packet size is less than 1280 bytes, use the protocol icmp reset-mtu command . To copy the received icmp packet size when translating ipv4 to ipv6 packets, use the no form of this command.
protocol icmp reset-mtu
This command has no keywords or arguments.
Received packet size will be copied when translating ipv4 to ipv6 for icmp packets.
CGN-NAT64
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
When the icmp reset-mtu protocol is enabled, the ICMP packet size is reset to 1280.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the icmp reset-mtu protocol for a CGN instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6 RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# protocol icmp RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-icmp)# reset-mtu
Command | Description |
| Enters the IPv6 address family configuration mode. |
| Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. |
| Enables an instance for the CGN application. |
| Creates a nat64 stateless application |
| Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received. |
| Reserves the bits 64 to 71 for the IPv6 addresses. |
To reassemble fragmented packets, use the reassembly-enable command in 6RD configuration mode. To disable the reassembly of fragmented packets, use the no form of this command.
reassembly-enable
This command has no keywords or arguments.
By default, reassembly is not allowed.
6RD configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to apply the reassembly-enable command for a 6RD tunnel:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# reassembly-enable
To configure the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance, use the refresh-direction command in NAT44 configuration mode. To revert back to the default value of the bidirection, use the no form of this command.
refresh-direction Outbound
Outbound |
Configures only the refresh direction for outbound. |
If the NAT refresh direction is not configured, the default is bidirectional.
NAT44 configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
This is a NAT44 service type specific command to be applied for each CGN instance.
Translation entries that do not have traffic flowing for specific time period are timed out and deleted to prevent unnecessary usage of system resources. Any traffic for a particular translation entry refreshes the entry and prevents it getting timed out. Usually, the refresh is based on packets coming from both inside and outside. This is referred to as bi-directional refresh mechanism. However, bidirectional refresh can lead to denial of service (DoS) attacks because someone from the outside can periodically refresh the entries even though there is no inside traffic.
When NAT refresh direction is configured as Outbound, the translation entries are refreshed only by traffic flowing from inside to outside and prevent DoS attacks.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to configure the mapping refresh direction for outbound:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# refresh-direction outbound
Command | Description |
| Enables an instance for the CGN application. |
To specify the outbound refresh direction, use the refresh-direction command in NAT64 stateful configuration mode. To delete refresh direction, use the no form of this command.
refresh-direction
This command has no keywords or arguments.
None
NAT64 stateful configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to specify the outbound refresh direction for a NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# refresh-direction outbound RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#
Command | Description |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
Configures ports dynamically. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Converts an IPv6 address to an IPv4 address. | |
Restricts the number of ports used by an IPv6 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Creates a NAT64 stateful instance. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
To configure the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance, use the refresh-rate command in CGN inside VRF external logging server configuration mode. To revert back to the default value of 500 packets, use the no form of this command.
refresh-rate value
value |
Value, in packets, for the refresh rate. Range is from 1 to 600. |
value : 500
CGN inside VRF external logging server configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
The netflowv9-based logging facility requires that a logging template be sent to the server periodically. The refresh-rate value implies that after sending that number of packets to the server, the template is resent. The timeout value implies that after that number of minutes have elapsed since the template was last sent, the template is resent to the logging server. The refresh-rate and timeout values are mutually exclusive; that is, the one that expires first, is the one taken into consideration for resending the template.
![]() Note | Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied. |
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the refresh rate value of 50 for NetFlow logging for the NAT table entries:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# refresh-rate 50
Command | Description |
| Enables external logging of a NAT44 instance. |
| Enters inside VRF configuration mode for a NAT44 instance. |
| Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility. |
| Enables an instance for the CGN application. |
| Displays the contents of the NAT44 CGN instance statistics. |
To configure the refresh rate to log NetFlow-based external logging information of a DS-Lite instance, use the refresh-rate command in DS-Lite external logging server configuration mode. To return to the default value, use the no form of this command.
refresh-rate value
value |
Value, in packets, for the refresh rate. Range is from 1 to 600. |
value : 500
DS-Lite external logging server configuration
Release |
Modification |
---|---|
Release 4.2.1 | This command was introduced. |
![]() Note | Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied. |
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the refresh rate value of 50 for a DS-Lite instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9 RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# refresh-rate 50
Command | Description |
| |
Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. | |
Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance. |
To configure the refresh rate to log NetFlow-based external logging information for a NAT64 Stateful instance, use the refresh-rate command in NAT64 Stateful configuration mode. To return to the default value of 500 packets, use the no form of this command.
refresh-rate value
value |
Value, in packets, for the refresh rate. Range is from 1 to 600. |
500 packets
NAT64 Stateful configuration mode
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the refresh rate value of 50 for NetFlow logging for the NAT table entries:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# refresh-rate 50
Command | Description |
|
|
Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. | |
Enables session logging for a NAT64 Stateful instance. | |
Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. |
To reset the Do Not Fragment (DF) bit to enable anycast mode, use the reset-df-bit command in 6RD configuration mode. To disable the anycast mode, use the no form of this command.
reset-df-bit
This command has no keywords or arguments.
Anycast mode is disabled.
6RD configuration
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to reset the DF bit:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router#(config)# service cgn cgn1 RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# reset-df-bit
To configure sequence number check in the TCP configuration, use the sequence-check command. To disable this sequence check, use the no sequence-check command.
sequence-check
diff-window |
This optional keyword allows user to configure a value equal to the difference between the expected and received sequence numbers. The range for this value is 0 to 1,073,725,440. If this keyword is not specified, then the difference is automatically computed for each TCP session based on the negotiated window size while establishing a connection. It is recommended that the user does not configure a specific diff-window. This value will be decided based on the client-server negotiation for every TCP session. But if there are particular deployment scenarios, the diff-window can be configured with a value from the specified range. |
None
NAT44 Configuration Mode
Release | Modification |
---|---|
Release 5.1.1 |
This command was introduced. |
If a packet's sequence number is not the same as the expected value (which is equal to expected sequence number +/- diff-window), even then the packet is accepted. This is because there could be a packet loss along the way. If the value of diff-window is 0, then the sequence number of each packet should be an exact match of the expected sequence number.
Task ID | Operation |
---|---|
cgn |
read, write |
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)#firewall protocl tcp RP/0/RP0/CPU0:router(config-cgn-invrf)#sequence-check
To enable the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility, use the server command in NAT44 inside-VRF external logging configuration mode. To disable this feature, use the no form of this command. External logging of NAT Entries gets disabled.
server
This command has no arguments or keywords.
NAT44 inside VRF external logging configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
The server command enters NAT44 inside VRF address family external logging server configuration mode.
The NAT44 server command configures the ipv4 address and port number for the server to be used for netflowv9 based external logging facility for an inside-VRF of a NAT44 instance.
![]() Note | Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied. |
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the logging information for the IPv4 address and server:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1 RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50
Command | Description |
| Enables the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table. |
| Enables external logging of a NAT44 instance. |
| Enters inside VRF configuration mode for a NAT44 instance. |
| Configures the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a NAT44 instance. |
| Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance. |
| Enables an instance for the CGN application. |
| Displays the contents of the NAT44 CGN instance statistics. |
| Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. |
To enable an instance for the CGN application, use the service cgn command in global configuration mode. To disable the instance of the CGN application, use the no form of this command.
service cgn instance-name
instance-name |
Name of the CGN instance that is configured. |
None
Global configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
The service cgn command enters CGN configuration mode.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to configure the instance named cgn1 for the CGN application:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)#
To enable the particular instance of the CGN application on the active and standby locations, use the service-location command in CGN configuration mode. To disable the instance that runs at the location of the CGN application, use the no form of this command.
service-location preferred-active node-id [ preferred-standby node-id ]
preferred-active node-id |
Specifies the location in which the active CGN application starts. The node-id argument is entered in the rack/slot/module notation. |
preferred-standby node-id |
(Optional) Specifies the location in which the standby CGN application starts. The node-id argument is entered in the rack/slot/module notation. |
None
CGN configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to specify active and standby locations for the CGN application:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn-nat44)# service-location preferred-active 0/1/CPU0 preferred-standby 0/4/CPU0
Command | Description |
| Enables a CGN service role on a specified location. |
| Enables the application SVI interface. |
| Enables the infrastructure SVI interface. |
| Enables an instance for the CGN application. |
To configure the location of a service for the infrastructure service virtual interface (SVI), use the service-location command in interface configuration mode. To disable this feature, use the no form of this command.
service-location node-id
node-id |
Specifies the ID of the node. The node-id argument is entered in the rack/slot/module notation. |
Interface configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
interface |
read, write |
The following example shows how to configure the service location for 0/1/CPU0:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1 RP/0/RP0/CPU0:router(config-if)# service-location 0/1/CPU0
To initiate failover services to the preferred standby location, use the service redundancy failover service-type command in EXEC mode.
service redundancy failover service-type secgn preferred-active node-id
secgn |
Specifies the CGN service. |
preferred-active node-id |
Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation. |
None
EXEC
Release |
Modification |
---|---|
Release 4.0.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to initiate the failover services for the preferred standby location:
RP/0/RP0/CPU0:router# service redundancy failover service-type secgn preferred-active 0/1/cpu0 RP/0/RP0/CPU0:router#
To revert failed over services back to their preferred active location, use the service redundancy revert service-type command in EXEC mode.
service redundancy revert service-type secgn preferred-active node-id
secgn |
Specifies the CGN service. |
preferred-active node-id |
Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation. |
None
EXEC
Release |
Modification |
---|---|
Release 4.0.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
The following example shows how to revert the failed over services for the preferred active location:
RP/0/RP0/CPU0:router# service redundancy revert service-type secgn preferred-active 0/1/cpu0 RP/0/RP0/CPU0:router#
To enable a DS-Lite instance for the CGN application, use the service-type ds-lite command in CGN submode. To disable the DS-Lite instance of the CGN application, use the no form of this command.
service-type ds-lite instance-name [ address-family | aftr-tunnel-endpoint-address | alg | bulk-port-alloc | external-logging | ipv4-aftr-address | map | path-mtu | port-limit | protocol ]
instance-name |
Specifies the name of the ds-lite instance that is configured. |
address-family |
Configures the address family related information. |
aftr-tunnel-endpoint-address |
Specifies the IPv6 address of the tunnel endpoint. |
alg |
Configures the Application Level Gateway type to be used. |
bulk-port-alloc |
Allocates ports in bulk to reduce Netflow/Syslog data volume. |
external-logging |
Enables external logging. |
ipv4-aftr-address |
IPv4 address for ICMP messages. |
map |
IPv4 map address pool for inside addresses. |
path-mtu |
IPv6 mtu value. |
port-limit |
Limits the number of entries per address. |
protocol |
Specifies the transport protocol used. |
None
CGN submode (CONFIG-CGN)
Release |
Modification |
---|---|
Release 4.2.1 | This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the ds-lite instance for the CGN application:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
To create a MAP-E instance, use the service-type map-e command in MAP-E configuration mode. To delete the instance, use the no form of this command.
service-type map-e instance-name { address-family | aftr-endpoint-address | contiguous-ports | cpe-domain | path-mtu | sharing-ratio }
instance-name |
Name of the MAP-E instance. |
address-family |
Specifies the address family configuration. |
aftr-endpoint-address |
Specifies the IPv6 address of Address Family Transition Router (AFTR). |
contiguous-ports |
Specifies the number of contiguous ports for a MAP-E instance. |
cpe-domain |
Specifies the Customer Premises Equipment (CPE ) domain parameters. |
path-mtu |
Specifies the Maximum Transmission Unit (MTU) value of the tunnel, in bytes. |
sharing-ratio |
Configures the port sharing ratio. The value is in powers of 2. |
None
MAP-E configuration mode
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to create a MAP-E instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
Command | Description |
Configures IPv4 or IPv6 address for a MAP-E instance. | |
Configures the IPv6 address of Address Family Transition Router (AFTR). | |
Configures the number of contiguous ports for a MAP-E instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the path Maximum Transmission Unit (MTU) of the tunnel. | |
Configures the port sharing ratio. |
To create a MAP-T instance, use the service-type map-t command in MAP-T configuration mode. To delete the instance, use the no form of this command.
service-type map-t instance-name { address-family | contiguous-ports | cpe-domain | external-domain | sharing-ratio | traceroute }
instance-name |
Indicates the name of the MAP-T instance. |
address-family |
Specifies the address family configuration. |
contiguous-ports |
Specifies the Port Set ID (PSID) configuration. |
cpe-domain |
Specifies the Customer Premises Equipment (CPE ) domain parameters. |
external-domain |
Specifies the external domain parameters. |
sharing-ratio |
Configures the port sharing ratio. The value is in powers of 2. |
traceroute |
Specifies traceroute configuration. |
None
MAP-T configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
From Release 5.3.2, MAP-T is supported only on Cisco ASR 9000 High Density 100GE Ethernet line cards.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to create a MAP-T instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst RP/0/RP0/CPU0:router(config-cgn-map-t)#
Command | Description |
Configures IPv4 or IPv6 address for a MAP-T instance. | |
Clears the statistics of a MAP-T instance. | |
Configures the number of contiguous ports for a MAP-T instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. | |
Configures the port sharing ratio. | |
Displays the MAP-T instance statistics. | |
Configures traceroute translation algorithms. |
To enable a NAT 44 instance for the CGN application, use the service-type nat44 command in CGN submode. To disable the NAT44 instance of the CGN application, use the no form of this command.
service-type nat44 instance-name [ alg | inside-vrf | portlimit | protocol | refresh-direction ]
instance-name |
Name of the NAT44 instance that is configured. |
alg |
Configures the Application Level Gateway type to be used. |
inside-vrf |
Configures inside VRF. |
portlimit |
Limits the number of entries per address. |
protocol |
Specifies the Transport protocol. |
refresh-direction |
NAT refresh direction to be used. |
None
CGN submode (CONFIG-CGN)
Release |
Modification |
---|---|
Release 4.0.0 |
This command was introduced. |
The NAT44 instance name must be unique across all CGN NAT44 and NAT64 stateless instance names.
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the NAT44 instance named nat1 for the CGN application:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
To create a NAT64 stateful instance, use the service-type nat64 command in NAT64 configuration mode. To delete the instance, use the no form of this command. A maximum of 64 instances can be created.
service-type nat64 stateful instance-name { address-family | ipv6-prefix | ipv4 | ubit-reserved | portlimit | protocol | fragment-timeout | external-logging | filter-policy }
stateful |
Specifies the IPv4 to IPv6 stateful translation. |
instance-name |
Indicates the name of the NAT64 stateful instance. |
address-family |
Specifies the address family configuration. |
alg |
Specifies the Application Level Gateway (ALG) to be used. |
ipv6-prefix |
Specifies the IPv6 prefix to translate an IPv4 address to IPv6. |
ipv4 |
Specifies the IPv4 address. |
portlimit |
Limits the number of entries per address. |
protocol |
Specifies the one of the transport protocol - ICMP, TCP, or UDP. |
fragment-timeout |
Specifies the time interval for fragment storage. |
external-logging |
Enables external logging. |
filter-policy |
Configures address-dependent filtering policy. |
ubit-reserved |
Enable reserving ubits in IPv6 address |
None
NAT64 configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to create a NAT64 stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#
Command | Description |
| Configures IPv4 or IPv6 address on a NAT64 instance. |
Configures Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG). | |
Configures ports dynamically. | |
Enables external logging of a NAT64 Stateful instance. | |
Specifies time interval to store packet fragments. | |
Assigns ipv4 address pool. | |
Converts an IPv6 address to an IPv4 address. | |
Restricts the number of ports used by an IPv6 address. | |
Enters the ICMP, TCP, and UDP protocol configuration mode. | |
Specifies the outbound refresh direction. | |
Enables TCP policy that allows IPv4 initiated TCP sessions. | |
Enables reserving ubits in an IPv6 address. |
Use the service-type nat64 command to create a nat64 stateless application. To delete the nat64 stateless application, use the no form of this command.
service-type nat64 stateless instance [ address-family | traceroute | ipv6-prefix | ubit-reserved ]
stateless |
Specifies the IPv4 to IPv6 Stateless translation. |
instance |
Indicates the name of the NAT64 stateless instance. |
address-family |
Specifies the address-family related configuration. |
traceroute |
Indicates the traceroute related configuration. |
ipv6-prefix |
Specifies the IPv6 prefix to be used to translate IPv4 address to IPv6 address. |
ubit-reserved |
Enables reserving ubits in IPv6 address. |
None
CONFIG-CGN
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
The NAT64 stateless instance name must be unique across all the CGN NAT44 and NAT64 stateless instance names. There can only be 64 service-type NAT64 configurations per Roddick line card or chassis spanning over different cards.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the nat64 stateless instance named xlat1for the CGN application:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
To create an IPv6 Rapid Deployment (6RD) tunnel application, use the service-type tunnel command in CGN submode. To delete this instance of the 6RD tunnel application, use the no form of this command.
service-type tunnel v6rd instance address-family | br | path-mtu | reassembly-enable | reset-df-bit | tos | ttl
v6rd |
Specifies the 6RD configuration. |
instance |
Name of the 6RD instance. |
address-family |
Specifies the address-family related configuration. |
br |
Specifies the border relay related configuration. |
path-mtu |
Specifies the IPv6 MTU value. |
reassembly-enable |
Enables the reassembly operation. |
reset-df-bit |
Enables resetting of DF bit. |
tos |
Specifies the type of service to be used for IPv4 tunnel. |
ttl |
Specifies the time to live value to be used for IPv4 tunnel. |
None
CGN submode
Release | Modification |
---|---|
Release 4.1.0 |
This command was introduced. |
There can be 64 service-type 6RD tunnel configurations for each line card or chassis spanning over different cards.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the 6RD tunnel instance for the CGN application:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1 RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)#
To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in NAT44 protocol configuration mode. To revert to the default value for the TCP or UDP session timeouts, use the no form of this command.
session { active | initial } timeout seconds
active |
Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds. |
initial |
Configures the initial session timeout. |
timeout |
Configures the timeout for either active or initial sessions. |
seconds |
Timeout for either active or initial sessions. Range is from 1 to 65535. |
If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.
If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.
If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.
If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).
NAT44 protocol configuration
Release |
Modification |
---|---|
Release 3.9.1 |
This command was introduced. |
We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.
If the no form of this command is specified, the following guidelines apply:
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the initial session timeout value as 90 for TCP:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90
This example shows how to configure the active timeout value as 90 for TCP:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90
This example shows how to configure the initial timeout value as 90 for UDP:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90
This example shows how to configure the active timeout value as 90 for UDP:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1 RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90
Command | Description |
protocol (NAT44) |
|
| Enables an instance for the CGN application. |
| Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance. |
| Displays the outside-address to inside-address translation details for a specified NAT44 instance. |
| Configures the timeout for the ICMP session for a CGN instance. |
To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in CGN DS-Lite protocol configuration mode. To return to the default value for the session timeouts, use the no form of this command.
session { active | init } timeout seconds
active |
Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds. |
init |
Configures the initial session timeout. |
timeout |
Configures the timeout for either active or initial sessions. |
seconds |
Timeout for either active or initial sessions. Range is from 1 to 65535. |
If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.
If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.
If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.
If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).
CGN DS-Lite protocol configuration
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.
If the no form of this command is specified, the following guidelines apply:
Task ID |
Operations |
---|---|
cgn |
read, write |
This example shows how to configure the initial session timeout value as 90 for TCP:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol tcp RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90
This example shows how to configure the active timeout value as 90 for TCP:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol tcp RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90
This example shows how to configure the initial timeout value as 90 for UDP:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol udp RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90
This example shows how to configure the active timeout value as 90 for UDP:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn1 RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1 RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol udp RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90
To enable session logging for a DS-Lite instance, use the session-logging command in DS-Lite configuration mode.
To disable session logging, use the no form of this command.session-logging
This command has no keywords or arguments.
By default, session logging is disabled.
DS-Lite configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to enable session logging for a DS-Lite instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# session logging
Command | Description |
Enables session logging for a NAT44 instance. |
To enable session logging for a NAT44 instance, use the session-logging command in NAT44 configuration mode.
To disable session logging, use the no form of this command.session-logging
This command has no keywords or arguments.
By default, session logging is disabled.
NAT44 configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to enable session logging for a NAT44 instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat-44-inst RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# session logging
Command | Description |
Enables session logging for a DS-Lite instance. |
To enable session logging for a NAT64 Stateful instance, use the session-logging command in NAT64 Stateful configuration mode.
To disable session logging, use the no form of this command.session-logging
This command has no keywords or arguments.
By default, session logging is disabled.
Stateful NAT64 configuration mode
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to enable session logging for a NAT64 Stateful instance:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9 RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# session logging
Command | Description |
|
|
Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. | |
Configures the refresh rate to log NetFlow-based external logging information. | |
Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. |
To configure the port sharing ratio, use the sharing-ratio command in MAP-E configuration mode. To undo the configuration, use the no form of this command.
sharing-ratio value
value |
Value of the port sharing ratio in powers of 2. The range is from 1 to 32768. |
None
MAP-E configuration
Release | Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the port sharing ratio:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst RP/0/RP0/CPU0:router(config-cgn-map_e)# sharing-ratio 8
Command | Description |
Configures IPv4 or IPv6 address for a MAP-E instance. | |
Configures the IPv6 address of Address Family Transition Router (AFTR). | |
Configures the number of contiguous ports for a MAP-E instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the path Maximum Transmission Unit (MTU) of the tunnel. |
To configure the port sharing ratio, use the sharing-ratio command in MAP-T configuration mode. To undo the configuration, use the no form of this command.
sharing-ratio value
value |
Specifies the value of the port sharing ratio. The range is from 1 to 32768 in powers of 2. |
None
MAP-T configuration
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
This example shows how to configure the port sharing ratio:
RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# service cgn cgn-inst RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst RP/0/RP0/CPU0:router(config-cgn-mapt)# sharing-ratio 8
Command | Description |
Configures IPv4 or IPv6 address for a MAP-T instance. | |
Clears the statistics of a MAP-T instance. | |
Configures the number of contiguous ports for a MAP-T instance. | |
Configures the Customer Premises Equipment (CPE ) domain parameters. | |
Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. | |
Displays the MAP-T instance statistics. | |
Configures traceroute translation algorithms. |
To display the translation table entries for an inside-address to outside-address for a specified DS-Lite CGN instance, use the show cgn ds-lite inside-translation command in EXEC mode.
show cgn ds-lite instance-name inside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static } ] | tunnel-v6-source-address IPv6 address inside-address IPv4 address port start number end number
instance-name |
Name of the DS- lite instance that is configured. |
protocol |
Displays the name of the protocols. |
icmp |
Displays the ICMP protocol. |
tcp |
Displays the TCP protocol. |
udp |
Displays the UDP protocol. |
translation-type |
(Optional) Displays the translation type. |
alg |
(Optional) Displays only the ALG translation entries. |
all |
(Optional) Displays all the translation entries, for example, alg, dynamic, and static. |
pcp-explicit-dynamic |
Displays Port Control Protocol (PCP) explicit translation entries. |
pcp-implicit-dynamic |
Displays Port Control Protocol (PCP) implicit translation entries |
dynamic |
(Optional) Displays only the dynamic translation entries. |
static |
(Optional) Displays only the static translation entries. |
tunnel-v6-source-addressIPv6 address |
(Optional) Displays information for the IPv6 address family. |
inside-addressaddress |
Displays the inside address. |
port |
Displays the range of the port numbers. |
start number |
The start port from which the translation table entries should be displayed. |
end number |
The end port till which the translation table entries should be displayed. |
None
Exec
Release | Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
This command has no keywords or arguments.
Task ID | Operation |
---|---|
cgn |
read |
This example displays the translation table entries for a particular DS-Lite instance:
----------------------------------------------------------------------------------------------------------------------- DSLite instance : dslite1, Tunnel-Source-Address : 2001 :db8 ::1, Inside Source Address 10.1.1.1 ----------------------------------------------------------------------------------------------------------------------- Outside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------------------ 132.16.6.65 tcp 314 5554 dyn 875364 5345 132.16.6.65 udp 11333 43337 dyn 334333 873334
This example shows the sample output for PCP translations:
RP/0/RP0/CPU0:router
show cgn ds-lite dsl1 inside-translation protocol udp inside-translation inside-vrf
red inside-address 11.11.11.12 port start 1 end 65535
Inside-translation details
---------------------------
NAT44 instance : dsl1
Inside-VRF : red
--------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
--------------------------------------------------------------------------------------------
200.10.1.78 udp 14 34655 pcp_explicit 7 0
200.10.1.78 udp 14 34655 pcp_implicit 7 0
To display the outside-address to inside-address translation details for a specified NAT44 instance, use the show cgn nat44 outside-translation command in EXEC mode.
show cgn nat44 instance-name outside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static } ] outside-address address port start number end number
instance-name |
Name of the NAT44 instance that is configured. |
protocol |
Displays the name of the protocols. |
icmp |
Displays the ICMP protocol. |
tcp |
Displays the TCP protocol. |
udp |
Displays the UDP protocol. |
translation-type |
(Optional) Displays the translation type. |
alg |
(Optional) Displays only the ALG translation entries. |
all |
(Optional) Displays all the translation entries, for example, alg, dynamic, and static. |
pcp-explicit-dynamic |
Displays Port Control Protocol (PCP) explicit translation entries. |
pcp-implicit-dynamic |
Displays Port Control Protocol (PCP) implicit translation entries |
dynamic |
(Optional) Displays only the dynamic translation entries. |
static |
(Optional) Displays only the static translation entries. |
outside-address |
Displays the outside address for the inside VRF. |
address |
Outside address. |
port |
Displays the range of the port numbers. |
start number |
Displays the start of the port number. |
end number |
Displays the end of the port number. |
None
EXEC
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read |
This example displays the translation table entries for an outside address for a particular DS-Lite instance:
----------------------------------------------------------------------------------------------------------------------- DSLite instance : dslite1, Tunnel-Source-Address : 2001 :db8 ::1, Outside Source Address 100.1.1.1 ----------------------------------------------------------------------------------------------------------------------- Inside Protocol Inside Outside Translation Inside Outside Address Source Source Type to to Port Port Outside Inside Packets Packets ------------------------------------------------------------------------------------------------------ 10.16.6.65 tcp 314 5554 dyn 875364 5345 10.16.6.65 udp 11333 43337 dyn 334333 873334
To display the outside address pool utilization details for a specified DS-Lite instance, use the show cgn ds-lite pool-utilization command in EXEC mode.
show cgn ds-lite instance-name pool-utilization address-range start-address end-address
ds-liteinstance-name |
Name of the ds-lite instance that is configured. |
address-range |
Displays the range for the outside address. |
start-address |
Range for the start address of the outside address pool. The range of the IPv4 addresses cannot be more than 255 consecutive IPv4 addresses. |
end-address |
Range for the end address of the outside address pool. |
None
EXEC
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read |
This example displays the utilization of the outside address pool for a DS-Lite instance:
------------------------------------------------------------------------- DS-Lite instance : dslite1 ------------------------------------------------------------------------- Outside Number Number Address of of Free ports Used ports ------------------------------------------------------------------------- 17.16.6.23 123 64388 17.16.6.120 58321 6190 17.16.6.98 98 64413 17.16.6.2 1234 60123
To display all the active destination sessions for a given source IPv4 address and port number per DS-Lite instance, use the show cgn ds-lite session command in EXEC mode.
show cgn ds-lite instance-name session protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | static } ] [ tunnel-v6-source-address IPv6 address inside-address IPv4 address port port number
session |
Specifies the active session for a given source IP address and port. |
instance-name |
Name of the DS-Lite instance that is configured. |
protocol |
Displays the name of the protocols. |
icmp |
Displays the ICMP protocol. |
tcp |
Displays the TCP protocol. |
udp |
Displays the UDP protocol. |
translation-type |
(Optional) Displays the translation type. |
alg |
(Optional) Displays only the ALG translation entries. |
all |
(Optional) Displays all the translation entries, for example, alg, dynamic, and static. |
dynamic |
(Optional) Displays only the dynamic translation entries. |
static |
(Optional) Displays only the static translation entries. |
ipv4 |
(Optional) Displays information for the IPv4 address family. |
tunnel-v6-source-address |
Specifies the source tunnel IPv6 address. |
IPv6 address |
IPv6 address. |
inside-address |
Displays the inside address for the inside Virtual Routing Forwarding (VRF). |
IPv4 address |
IPv4 address of the source. |
port |
Port number of the source. |
port-number |
Specifies the port number range from 1 to 65535. |
None
Exec
Release | Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read |
This example shows how to display all the active destination sessions for a given source IPv4 address and port number per DS-Lite instance:
RP/0/RP0/CPU0:router#
show cgn ds-lite ds-lite-inst session protocol tcp translation-type alg inside-address 10.1.1.50 port 123
Session details:
-----------------------------------------------------------------
DS-Lite instance: ds-lite-inst
-----------------------------------------------------------------
Outside address: 12.168.6.231
Outside port: 235
Translation type: alg
Protocol: tcp
-----------------------------------------------------------------------
Destination IP Destination Port
209.85.231.104 100
209.85.231.106 200
.
.
.
.
209.85.231.178 579
To display the contents of the DS-Lite instance statistics, use the show cgn ds-lite statistics command in EXEC mode.
show cgn ds-lite instance-name statistics
instance-name |
Name of the configured DS-Lite instance. |
None
EXEC
Release |
Modification |
---|---|
Release 4.2.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read |
This command displays the statistics corresponding to DS-Lite instances:
Statistics summary of cgn: 'cgn1' Number of active translations: 45631 Translations create rate: 5678 Translations delete rate: 6755 Inside to outside forward rate: 977 Outside to inside forward rate: 456 Inside to outside drops port limit exceeded: 0 Inside to outside drops system limit reached: 0 Inside to outside drops resource depletion: 0 Outside to inside drops no translation entry: 0 Pool address totally free: 195 Pool address used: 23
The following table describes the fields seen as shown in the above example:
Name |
Description |
Number of active translations |
Translation entries allocated in the database. |
Translations create rate/ Translations delete rate |
Rate in sessions per second. |
Inside to outside forward rate/Outside to inside forward rate |
Rate in packets per second. |
Inside to outside drops port limit exceeded |
Packets dropped because the port-limit for the inside user has exceeded. |
Inside to outside drops system limit reached |
Packets dropped as a result of reaching the system limit. |
Inside to outside drops resource depletion |
Packets dropped because no public L4 port could be allocated. |
Outside to inside drops no translation entry |
Packets dropped due to lack of entry in the translation database. |
Pool address totally free |
Addresses available from the pool. |
Pool address used |
Addresses utilized from the pool. |
Command | Description |
| Displays the translation table entries for an inside-address to outside-address for a specified DS-Lite CGN instance |
|
|
|
|
To display the MAP-E instance statistics, use the show cgn map-e statistics command in EXEC mode.
show cgn map-e instance-name statistics
instance-name |
Name of the configured MAP-E instance. |
statistics |
Specifies the statistics of the configured MAP-E instance. |
None
EXEC
Release |
Modification |
---|---|
Release 4.3.1 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read |
This output shows the statistics entries for a MAP-E instance:
RP/0/RP0/CPU0:router# show cgn map-e m1 statistics
MAP-E IPv4 to IPv6 counters:
======================================
Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0
TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0
Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IP Destination Drop Count : 0
Packet Exceeding Path MTU Drop Count : 0
Unsupported Protocol Drop Count : 0
ICMPv4 Generated for TTL Expire Count : 0
ICMPv4 Generated for Error Count : 0
ICMPv4 Packets Rate-Limited Count : 0
TCP MSS Changed Count : 0
MAP-E IPv6 to IPv4 counters:
======================================
Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0
TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0
Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IPv6 Destination Drop Count : 0
Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop Count : 0
ICMPv6 Input Count : 0
ICMPv6 Invalid UIDB Drop Count : 0
ICMPv6 NoDb Drop Count : 0
ICMPv6 TTL Expire Drop Count : 0
ICMPv6 Invalid IPv6 Destination Drop Count : 0
ICMPv6 Unsupported Type Drop Count : 0
ICMPv6 Invalid NxtHdr Drop Count: 0
ICMPv6 Frag Drop Count : 0
ICMPv6 Forus Count : 0
ICMPv6 Echo Response Received Count : 0
ICMPv6 Echo Replies Count : 0
ICMPv6 Translated to ICMPV4 Output Count : 0
ICMPv6 Generated for TTL Expire Count : 0
ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0
TCP MSS Changed Count: 0
MAP-E IPv4 Frag counters received from V4 cloud:
==================================================
Total Input Count: 0
Total Drop Count: 0
Reassembled Output Count : 0
TCP Input Count: 0
UDP Input Count: 0
ICMPv4 Input Count: 0
Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
Unsupported Protocol Drop Count : 0
Throttled Count : 0
Timeout Drop Count: 0
Duplicates Drop Count : 0
MAP-E Inner IPv4 Frag counters received from V6 cloud:
====================================================
Total Input Count : 0
Total Drop Count : 0
Total Output Count : 0
TCP Input Count : 0
UDP Input Count : 0
ICMPv4 Input Count : 0
Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop count : 0
Throttled Count : 0
Timeout Drop Count : 0
Duplicates Drop Count : 0
ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0
TCP MSS Changed Count : 0
Name |
Description |
Total incoming count |
Total number of packets coming from the public network |
Total Drop Count |
Total number of packets dropped by the router |
Total Output Count |
Total number of packets equal to the difference between the incoming packets and the dropped packets |
TCP Incoming Count |
Number of TCP packets coming from the public network |
TCP Output Count |
Number of TCP packets that were sent out |
UDP Incoming Count |
Number of UDP packets coming from the public network |
UDP Output Count |
Number of UDP packets that were sent out |
ICMPv4 Incoming Count |
Number of ICMPv4 packets embedded in the IPv6 packets |
ICMPv4 Output Count |
Number of ICMP packets sent out |
Invalid UIDB Drop Count |
Number of packets dropped due to the UIDB entries being invalid |
NoDb Drop Count |
Number of packets dropped due to the absence of any mapping |
TTL Expire Drop Count |
Number of packets dropped due to the expiry of TTL. |
Invalid IP Destination Drop Count |
Number of packets dropped due to the destination IP address being invalid |
Packet Exceeding Path MTU Drop Count |
Number of large packets dropped as they are too big and exceed the MTU size |
Unsupported Protocol Drop Count |
Number of packets dropped as they do not belong to any of the three supported protocols such as TCP, UDP, and ICMP |
ICMPv4 Generated for TTL Expire Count |
Number of ICMPv4 packets generated when TTL expires |
ICMPv4 Generated for Error Count |
Number of ICMPv4 packets generated for different error conditions |
ICMPv4 Packets Rate-Limited Count |
Number of ICMPv4 packets that were not generated due to rate limit |
TCP MSS Changed Count |
Number of TCP packets for which the MSS ( Maximum Size Segment) value has been changed |
Reassembled Output Count |
Number of fragmented packets that have been reassembled |
Invalid Source Prefix Drop Count |
Number of packets dropped due to the prefix check failure |
ICMPv6 Invalid NxtHdr Drop Count |
Number of ICMPv6 packets as their protocol header does not consist ICMP |
ICMPv6 Frag Drop Count |
Number of ICMPv6 packets dropped due to the fragmentation |
ICMPv6 Forus Count |
|
ICMPv6 Echo Response Received Count |
Number of ICMPv6 acknowledgment packets for echo replies |
ICMPv6 Echo Replies Count |
Number of ICMPv6 echo requests sent |
ICMPv6 Translated to ICMPV4 Output Count |
Number of ICMPv6 packets that were translated to ICMPv4 packets |
Throttled Count |
Number of excess fragments that were dopped |
Timeout Drop Count |
Number of packets that were dropped as all the fragments of that packet were not received |
Duplicates Drop Count |
Number of fragmented packets dropped as they were duplicates |
Command | Description |
Clears all statistics of a MAP-E instance. |
To display the MAP-T instance statistics, use the show cgn map-t statistics command in EXEC mode.
show cgn map-t instance-name statistics
instance-name |
Specifies the name of the configured MAP-T instance. |
statistics |
Specifies the statistics of the configured MAP-T instance. |
None
EXEC
Release |
Modification |
---|---|
Release 4.3.0 |
This command was introduced. |
No specific guidelines impact the use of this command.
Task ID |
Operations |
---|---|
cgn |
read |
This output shows the statistics entries for a MAP-T instance:
RP/0/RP0/CPU0:router# show cgn map-t m1 statistics
MAP-T IPv6 to IPv4 counters:
======================================
TCP Incoming Count: 0
TCP NonTranslatable Drop Count: 0
TCP Invalid NextHdr Drop Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0
UDP Incoming Count: 0
UDP NonTranslatable Drop Count: 0
UDP Invalid Next Hdr Drop Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0
ICMP Total Incoming Count: 0
ICMP No DB Drop Count: 0
ICMP Fragment drop count: 0
ICMP Invalid NxtHdr Drop Count: 0
ICMP Nontranslatable Drop Count: 0
ICMP Nontranslatable Fwd Count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0
Subsequent Fragment Incoming Count: 0
Subsequent Fragment NonTranslateable Drop Count: 0
Invalid NextHdr Drop Count: 0
Subsequent Fragment No Db Drop Count: 0
Subsequent Fragment Translated Count: 0
Extensions/Options Incoming Count: 0
Extensions/Options Drop Count: 0
Extensions/Options Forward Count: 0
Extensions/Options No DB drop Count: 0
Unsupported Protocol Count: 0
MAP-T IPv4 to IPv6 counters:
======================================
TCP Incoming Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0
UDP Incoming Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0
UDP FragmentCrc Zero Drop Count: 0
UDP CrcZeroRecy Sent Count: 0
UDP CrcZeroRecy Drop Count: 0
ICMP Total Incoming Count: 0
ICMP No Db Drop Count: 0
ICMP Fragment drop count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0
Subsequent Fragment Incoming Count: 0
Subsequent Fragment No Db Drop Count: 0
Subsequent Fragment Translated Count: 0
Options Incoming Count: 0
Options Drop Count: 0
Options Forward Count: 0
Options No DB drop Count: 0
Unsupported Protocol Count: 0
ICMP generated counters :
=======================
IPv4 ICMP Messages generated count: 0
IPv6 ICMP Messages generated count: 0
The following table describes the fields seen as shown in the above example:
![]() Note | The same field description is applicable to IPv4 and IPv6 packets appropriately. |
Name |
Description |
TCP Incoming Count |
Number of incoming TCP packets. |
TCP NonTranslatable Drop Count |
Number of TCP packets dropped without translating. |
TCP Invalid NextHdr Drop Count |
Packets dropped due to invalid Next hop. |
TCP No Db Drop Count |
Packets dropped because of missing MAP-T configuration. |
TCP Translated Count |
Number of TCP packets translated. |
UDP Incoming Count |
Number of incoming UDP packets. |
UDP NonTranslatable Drop Count |
Number of UDP packets dropped without translating. |
UDP Invalid Next Hdr Drop Count |
Packets dropped due to invalid Next hop. |
UDP No Db Drop Count |
Indicates missing MAP-T configuration. |
UDP Translated Count |
Number of UDP packets translated. |
ICMP Total Incoming Count |
Number of incoming ICMP packets. |
ICMP No DB Drop Count |
Packets dropped because of missing MAP-T configuration. |
ICMP Fragment drop count |
Number of ICMP fragments dropped. |
ICMP Invalid NextHdr Drop Count |
Packets dropped due to invalid Next hop. |
ICMP Nontranslatable Drop Count |
Number of ICMP packets dropped without translating. |
ICMP Nontranslatable Forward Count |
Number of ICMP packets forwarded without translating. |
ICMP UnsupportedType Drop Count |
Number of ICMP packets dropped because of the unsupported type. |
ICMP Error Translated Count |
Number of ICMP packets with error in translation. |
ICMP Query Translated Count |
Number of translated IPv6 to IPv4 ICMP query output packets. |
Subsequent Fragment Incoming Count |
Number of incoming fragments |
Subsequent Fragment NonTranslateable Drop Count |
Number of fragments dropped without translating. |
Invalid NextHdr Drop Count |
Number of packets dropped because of invalid next hop. |
Subsequent Fragment No Db Drop Count |
Number of fragments dropped. |
Subsequent Fragment Translated Count |
Number of fragments translated. |
Extensions/Options Incoming Count |
Incoming packets with extended options in the header |
Extensions/Options Drop Count |
Packets dropped with extended options in the header. |
Extensions/Options Forward Count |
Packets forwarded with extended options in the header. |
Extensions/Options No DB drop Count |
Packets dropped due to missing configuration and with extended options in the header. |
Unsupported Protocol Count |
Packets dropped due to unsupported Layer-4 protocol. |
Command | Description |
| Configures IPv4 or IPv6 address for a MAP-T instance. |
| Clears the statistics of a MAP-T instance. |
| Configures the number of contiguous ports for a MAP-T instance. |
| Configures the Customer Premises Equipment (CPE ) domain parameters. |
| Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. |
| Configures the port sharing ratio. |
| Configures traceroute translation algorithms. |
To display the counters for sequence-check, use the show cgn nat44 inside-vrf counters command in EXEC mode.
show cgn nat44 instance-name inside-vrf instance-name counters
counters |
Lists the counters for TCP sequence check |
instance-name |
The name of the NAT44 instance |
None
EXEC
Release | Modification |
---|---|
Release 5.1.1 |
This command was introduced. |
Release 5.2.0 |
Additional counters were introduced. |
No specific guidelines impact the use of this command.
Task ID | Operation |
---|---|
cgn |
read, write |
The following example shows the counters for TCP sequence check.
RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-vrf vrf1 counters
Counters summary of NAT44 instance: 'nat1'
Number of Out2In drops due to TCP sequence mismatch: 0
Number of Outside to inside TCP sequence mismatch: 0
Total number of sessions created due to Out2In packets: 0
Number of Out2In drops due to end point filtering: 0
Number of translations created: 2019
Number of translations deleted: 2017
Number of sessions created: 190000
Number of sessions deleted: 170000
Syslog/Netflow translation create records generated: 0
Syslog/Netflow translation delete records generated: 0
Syslog/Netflow sessions create records generated: 0
Syslog/Netflow sessions delete records generated: 0
Number of Netflow packets generated: 0
Number of Syslog packets generated: 0
Dropped Netflow packets due to congestion: 0
Dropped Syslog packets due to congestion: 0
Average usage of bulk allocated ports: 0
Average number of bulk-allocations made: 0
The following table describes the fields seen in the output of the show cgn nat44 inside-vrf counters as shown in the above example:
Name |
Description |
Number of Out2In drops due to TCP sequence mismatch |
Number of packets dropped for not being in the sequence |
Number of Outside to inside TCP sequence mismatch |
Number of TCP packets dropped for not being in the sequence |
Total number of sessions created due to Out2In packets |
Number of sessions created with both Inside-to-Outside and Outside-to-Inside packets |
Number of Out2In drops due to end point filtering |
Number of packets dropped if Endpoint-Dependent Mapping is configured |
Number of translations created |
Total number of translations created |
Number of translations deleted |
Total number of translations cleared after the timeout |
Number of sessions created |
Total number of sessions created |
Number of sessions deleted |
Total number of sessions deleted |
Syslog/Netflow translation create records generated |
Number of translation create records generated for Syslog or NetFlow |
Syslog/Netflow translation delete records generated |
Number of translation create records deleted for Syslog or NetFlow |
Syslog/Netflow sessions create records generated |
Number of session create records generated for Syslog or NetFlow |
Syslog/Netflow sessions delete records generated |
Number of session delete records generated for Syslog or NetFlow |
Number of Netflow packets generated |
Number of packets generated for NetFlow |
Number of Syslog packets generated |
Number of packets generated for Syslog |
Dropped Netflow packets due to congestion |
Number of NetFlow packets dropped due to system errors |
Dropped Syslog packets due to congestion |
Number of Syslog packets dropped due to system errors |
Average usage of bulk allocated ports |
Percentage of the usage of the bulk allocated ports |
Average number of bulk-allocations made |
Percentage of the bulk allocations made from all the possible locations |
To display the GRE channels of a PPTP tunnel, use the show cgn nat44 greEntries command in EXEC mode.
show cgn nat44 instance-name greEntries inside-vrf vrf-name tunnel-address address pns-port port-number call-id start value end value
instance-name |
Name of the configured NAT44 instance. |
greEntries | GRE channels of the PPTP tunnel. |
inside-vrf | The Virtual Routing Forwarding (VRF) for which the translation details are needed. |
vrf-name | Name of the VRF. |
tunnel-address | Address of the PPTP Network Server (PNS). |
pns-port | Port number of the PNS. The range is from 1 to 65535. |
call-id | Range of call IDs. |