Cisco IOS XR Carrier Grade NAT Command Reference for the Cisco CRS Router, Release 5.1.x

address (DS-LITE Netflow9)

To enable the IPv4 address of the server that is used for logging the entries for a DS-Lite instance, use the address command in CGN DS-Lite external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.

address address port number

Syntax Description

address	IPv4 address of the server.
port	Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs.
number	Port number. Range is from 1 to 65535.

Command Default

If the address command is not configured, NetflowV9 logging is disabled.

Command Modes

CGN DS-Lite external logging server configuration

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to configure the IPv4 address and port number 45 for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# address 2.3.4.5 port 45

Related Commands

Command	Description
path-mtu (DS-LITE Netflow9)	Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information.
refresh rate (DS-LITE Netflow9)
timeout (DS-LITE Netflow9)	Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance.

address (NAT44 NetflowV9)

To enable the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table, use the address command in CGN inside VRF external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.

address address port number

Syntax Description

address	IPv4 address of the server.
port	Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs.
number	Port number. Range is from 1 to 65535.

Command Default

If the address command is not configured, NAT44 NetflowV9 logging is disabled.

Command Modes

CGN inside VRF external logging server configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.1.0	The usage guidelines was updated.

Usage Guidelines

The CGN NetflowV9-based translation entry is used to create and delete the logs. This NAT44 specific command will configure the ipv4 address and port number for the netflowV9 external logging facility. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which in turn corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs. The configurations for path-mtu, refresh-rate and timeout is applicable only when the ipv4 address and port number for the logging server has been configured.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to configure the IPv4 address and port number 45 for NetFlow logging of the NAT table entries:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 2.3.4.5 port 45

Related Commands

Command	Description
external-logging (NAT44 Netflow)	Enables external logging of a NAT44 instance.
inside-vrf (NAT44)	Enters inside VRF configuration mode for a NAT44 instance.
server (NAT44)	Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.
service cgn	Enables an instance for the CGN application.

address static-forward (NAT44)

To enable the inside IPv4 address and port number for static forwarding for a NAT44 instance, use the address command in NAT44 inside VRF static port inside configuration mode. To disable this feature, use the no form of this command.

address address port number

no address address port number

Syntax Description

address	IPv4 address of an inside host server.
port	Configures the inside port for static forwarding. The port keyword allows a specific UDP, TCP, or ICMP port on a global address to be translated to a specific port on a local address.
number	Inside port number. For TCP and UDP, range is from 1 to 65535. For ICMP, range is from and 0 to 65535.

Command Default

None

Command Modes

NAT44 inside VRF static port inside configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.1.0	The usage guidelines section was updated.

Usage Guidelines

This NAT44 command configures the static port forwarding for an inside-ipv4 address and inside-port number combination. With this configuration, packets received inside with the configured inside-ipv4 address and inside-port number are forwarded using the displayed outside-ipv4address and outside-port number.

CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the inside IPv4 address and port for static forwarding. CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf v1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# static-forward inside
RP/0/RP0/CPU0:router(config-cgn-invrf-sport-inside)# address 10.20.30.10 port 1000

Related Commands

Command	Description
protocol (NAT44)
protocol (CGN)	Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.
service cgn	Enables an instance for the CGN application.
show cgn nat44 inside-translation	Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.

address (Stateful NAT64 Netflow Version 9)

To enable the IPv4 address of the server that is used for logging the entries for a NAT64 stateful instance, use the address command in NAT64 Stateful configuration mode. To disable the Netflow server configuration, use the no form of this command.

address address port number

Syntax Description

address	IPv4 address of the server.
port	Configures the port that is used for logging. The address corresponds to the IPv4 address of the netflow version 9 logging server port, which corresponds to the UDP port number in which the netflow version 9 logging server listens for the Netflow logs.
number	Port number. Range is from 1 to 65535.

Command Default

If the address command is not configured, Netflow logging is disabled.

Command Modes

NAT64 Stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to configure the IPv4 address and port number 45:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# address 2.3.4.5 port 45

Related Commands

Command	Description
path-mtu (Stateful NAT64 Netflow Version 9)	Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information.
refresh rate (Stateful NAT64 Netflow Version 9)	Configures the refresh rate to log NetFlow-based external logging information.
session-logging (Stateful NAT64 Netflow Version 9)	Enables session logging for a NAT64 Stateful instance.
timeout (Stateful NAT64 Netflow Version 9)	Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.

address-family (6rd)

To bind an ipv4 or ipv6 ServiceApp interface to a 6rd instance, use the address-family command in 6RD configuration mode. To unbind the ServiceApp interface, use the no form of this command.

address-family { ipv4 | ipv6 } interface ServiceApp value

Syntax Description

ipv4	Specifies the IPv4 address family.
ipv6	Specifies the IPv6 address family.
interface	Specifies the ServiceApp interface to be used.
ServiceApp	Specifies the SVI interface.
value	Interface value. The range is from 1 to 2000.

Command Default

None

Command Modes

6RD configuration

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to bind ipv4 ServiceApp interface to a 6RD instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 100

Examples

This example shows how to bind ipv6 ServiceApp interface to a 6RD instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 120

address-family ipv4 (Stateless NAT64)

To enter the IPv4 address family configuration mode while configuring the Carrier Grade NAT (CGN), use the address-family ipv4 command in an appropriate configuration mode. To disable support for an address family, use the no form of this command.

address-family ipv4 { interface ServiceApp | tcp mss | tos }

Syntax Description

interface	Specifies the ServiceApp interface to be used.
ServiceApp	Specifies the SEAPP SVI interface. The number of service application interfaces to be configured ranges from 1 to 2000.
tcp	Specifies the TCP protocol.
mss	Specifies the maximum segment size for TCP in bytes. The value of maximum segment size ranges from 28 to 1500.
tos	Type of service to be set when translating IPv6 to IPv4. The value of type of service ranges from 0 to 255.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.1.0	Updated the Syntax and Usage Guidelines sections.

Usage Guidelines

This command configures the ipv4 address family for NAT64 stateless XLAT.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows the tcp mss for the ipv4 address family:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# tcp mss 200

address-family IPv6 (DS-LITE)

To enter the IPv6 address family configuration mode for a DS-Lite instance, use the address-family ipv6 command. To disable support for an address family, use the no form of this command.

address-family IPv6 interface ServiceApp <1-244>

Syntax Description

interface	Indicates the ServiceApp interface to be used.
ServiceApp	SEAPP SVI Interface.
<1-244>	Number of service application interfaces to be configured. Range is from 1 to 244.

Command Default

None

Command Modes

CGN-DS-Lite configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to enter the IPv6 address family configuration mode for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-ds-lite-afi)# interface serviceApp 200
RP/0/RP0/CPU0:router(config-cgn-ds-lite-afi)#

Related Commands

Command	Description
address-family ipv4 (Stateless NAT64)	Enters the IPv4 address family configuration mode.
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.

Command

Description

address-family ipv4 (Stateless NAT64)

Enters the IPv4 address family configuration mode.

address-family (Stateful NAT64)

Configures IPv4 or IPv6 address on a NAT64 instance.

address-family ipv6 (Stateless NAT64)

To enter the IPv6 address family configuration mode, use the address-family ipv6 command. To disable support for an address family, use the no form of this command.

address-family ipv6{interface ServiceApp <1-2000>} { df override } { protocol | { icmp | reset-mtu } } tcp mss<28-1500>traffic-class<0-255>

Syntax Description

interface	Indicates the ServiceApp interface to be used.
ServiceApp	SEAPP SVI Interface.
<1-2000>	Number of service application interfaces to be configured. Range is from 1 to 2000.
df-override	Override DF bit.
protocol	Select a protocol.
icmp	(Optional) ICMP protocol.
reset-mtu	(Optional) Reset maximum transmission unit when packet is too big.
tcp	TCP protocol.
mss	Maximum segment size for TCP in bytes.
<28-1500>	Maximum segment size to be used in bytes.
traffic-class	Traffic class to be set when translating from IPv4 to IPv6.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

This command configures the ipv6 address family for NAT64 stateless XLAT.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows the traffic-class setting for the ipv6 address family:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stless-afi)# traffic-class 25

Related Commands

Command	Description
df-override (CGN)	Sets the do not fragment bit
protocol icmp reset-mtu (CGN)	Resets the received packet size.
service cgn	Enables an instance for the CGN application.
traffic-class (CGN)	Configures the traffic class value to be used when translating a packet from IPv4 to IPv6

address-family (MAP-E)

To configure an IPv4 or IPv6 address for a MAP-E stateful instance, use the address-family command in MAP-E configuration mode. To undo the address configuration, use the no form of this command.

address-family { ipv4 | ipv6 } { interface | { ServiceApp value } | tcp | { mss size } }

Syntax Description

ipv4	Specifies the IPv4 address family.
ipv6	Specifies the IPv6 address family.
interface	Specifies the ServiceApp interface to be used.
ServiceApp	Specifies the SVI interface.
value	Specifies the Interface value. The range is from 1 to 2000.
tcp	Specifies the TCP protocol.
mss	Specifies the Maximum Segment Size (MSS) for TCP in bytes.
size	Size of the segment in bytes. The range is from 28 to 1500.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure ipv4 address for a MAP-E instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-map_e-afi)#interface serviceApp 65

Examples

This example shows how to configure ipv6 address for a MAP-E instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-map_e-afi)#interface serviceApp 66

Related Commands

Command	Description
aftr-endpoint-address (MAP-E)	Configures the IPv6 address of Address Family Transition Router (AFTR).
contiguous-ports (MAP-E)	Configures the number of contiguous ports for a MAP-E instance.
cpe-domain (MAP-E)	Configures the Customer Premises Equipment (CPE ) domain parameters.
path-mtu (MAP-E)	Configures the path Maximum Transmission Unit (MTU) of the tunnel.
sharing-ratio (MAP-E)	Configures the port sharing ratio.

address-family (MAP-T)

To configure an IPv4 or IPv6 address for a MAP-T instance, use the address-family command in the MAP-T configuration mode. To undo the address configuration, use the no form of this command.

address-family { ipv4 | ipv6 } { df-override | interface | { ServiceApp value } | tcp | { mss size } | traffic-class | { value } | tos }

Syntax Description

ipv4	Specifies the IPv4 address family.
ipv6	Specifies the IPv6 address family.
df-override	Specifies the 'df' override bit.
interface	Specifies the ServiceApp interface to be used.
ServiceApp	Specifies the SVI interface.
value	Specifies the Interface value. The range is from 1 to 2000.
tcp	Specifies the TCP protocol.
mss	Specifies the Maximum Segment Size (MSS) for TCP in bytes.
size	Size of the segment in bytes. The range is from 28 to 1500.
traffic-class	Specifies the traffic class value to be set when translating from IPv4 to IPv6.
value	Value of the traffic-class. The range is from 0 to 255.
tos	Specifies the type of service value to be set when translating from IPv6 to IPv4. The range is from 0 to 255.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Unlike NAT64, ISM is used for only control plane and exception traffic, not for the bulk of the traffic. For more information on Mapping of Address and Port (MAP), please refer to the Technical Guide to Mapping of Address and Port (MAP).

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure ipv4 address for a MAP-T instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-mapt-afi)#tcp mss 565

Examples

This example shows how to configure ipv6 address for a MAP-T instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-mapt-afi)#traffic-class 65

Related Commands

Command	Description
clear cgn map-t statistics	Clears the statistics of a MAP-T instance.
contiguous-ports (MAP-T)	Configures the number of contiguous ports for a MAP-T instance.
cpe-domain (MAP-T)	Configures the Customer Premises Equipment (CPE ) domain parameters.
external-domain (MAP-T)	Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa.
sharing-ratio (MAP-T)	Configures the port sharing ratio.
show cgn map-t statistics	Displays the MAP-T instance statistics.
traceroute (MAP-T)	Configures traceroute translation algorithms.

address-family (Stateful NAT64)

To configure an IPv4 or IPv6 address for a NAT64 stateful instance, use the address-family command in NAT64 stateful configuration mode. To undo the address configuration, use the no form of this command.

address-family { ipv4 | ipv6 } [ df-override | interface | protocol | tcp | traffic-class | tos ]

Syntax Description

ipv4	Specifies the IPv4 address family.
ipv6	Specifies the IPv6 address family.
df-override	Specifies the 'df' override bit.
interface	Specifies the ServiceApp interface to be used.
ServiceApp	Specifies the SVI interface.
value	Specifies the Interface value. The range is from 1 to 2000.
protocol	Specifies the protocol.
icmp	ICMP protocol.
reset-mtu	Resets the maximum transmission unit of the packet.
tcp	TCP protocol.
mss	Specifies the Maximum Segment Size (MSS) for TCP in bytes.
size	Size of the segment in bytes. The range is from 28 to 1500.
traffic-class	Specifies the traffic class value to be set when translating from IPv4 to IPv6.
value	Value of the traffic-class. The range is from 0 to 255.
tos	Specifies the type of service value to be set when translating from IPv6 to IPv4. The range is from 0 to 255.

Command Default

None

Command Modes

NAT64 stateful configuration

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure ipv4 address on a NAT64 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful-afi)#tcp mss 565

Examples

This example shows how to configure ipv6 address on a NAT64 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful-afi)#traffic-class 65

Related Commands

Command	Description
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
service-type nat64 (Stateful NAT64)	Creates a NAT64 stateful instance.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

aftr-endpoint-address (MAP-E)

To configure the IPv6 address of Address Family Transition Router (AFTR), use the aftr-endpoint-address command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

aftr-endpoint-address address

Syntax Description

address

Specifies the IPv6 address of the AFTR.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the AFTR address for a MAP-E instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# aftr-endpoint-address 2001:db8:100::40

Related Commands

Command	Description
address-family (MAP-E)	Configures IPv4 or IPv6 address for a MAP-E instance.
contiguous-ports (MAP-E)	Configures the number of contiguous ports for a MAP-E instance.
cpe-domain (MAP-E)	Configures the Customer Premises Equipment (CPE ) domain parameters.
path-mtu (MAP-E)	Configures the path Maximum Transmission Unit (MTU) of the tunnel.
sharing-ratio (MAP-E)	Configures the port sharing ratio.

aftr-tunnel-endpoint-address (DS-LITE)

To assign an IPv6 tunnel endpoint address for a DS-lite instance, use the aftr-tunnel-endpoint-address in DS-Lite configuration mode. To unassign the address for the ds-lite instance, use the no form of this command.

aftr-tunnel-endpoint-address IPv6 address

Syntax Description

IPv6 address

Specifies the IPv6 address of the tunnel endpoint.

Command Default

None

Command Modes

DS-Lite configuration

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to assign an IPv6 tunnel endpoint address for a ds-lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#aftr-tunnel-endpoint-address 10:10::2
RP/0/RP0/CPU0:router(config-cgn-ds-lite)

alg ActiveFTP (NAT44)

To enable the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance, use the alg ActiveFTP command in NAT44 configuration mode. To disable the support of ALG for the Active FTP, use the no form of this command.

alg ActiveFTP

Syntax Description

This command has no arguments or keywords.

Command Default

By default, ActiveFTP ALG is disabled.

Command Modes

NAT44 Configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.1.0	The Usage Guidelines section was updated.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to configure ALG for the active FTP connection for the NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# alg ActiveFTP

alg ftp (DS-LITE)

To enable the support for FTP Application-Level Gateway (ALG) for a DS-Lite instance, use the alg command in DS-Lite configuration mode. To disable, use the no form of this command.

alg ftp

Syntax Description

ftp	Enables the FTP ALG.

Command Default

None

Command Modes

DS-Lite configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to enable support for FTP ALG:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#alg ftp
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

alg pptpalg (NAT44)

To configure Point-to-Point Tunneling Protocol (PPTP) as the Application-Level Gateway (ALG) for a NAT44 instance, use the alg pptpalg command in NAT44 configuration mode. To undo the configuration, use the no form of this command.

alg pptpalg

Syntax Description

This command has no arguments or keywords.

Command Default

By default, PPTP ALG is disabled.

Command Modes

NAT44 configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure ALG for the PPTP connection on NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat441
RP/0/RP0/CPU0:router(config-cgn-nat44)# alg pptpalg

Related Commands

Command

Description

alg ActiveFTP (NAT44)

Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance.

alg rtsp (NAT44)

Enables the support for Application-Level Gateway (ALG) Real Time Streaming Protocol (RTSP).

alg rtsp (DS-LITE)

To enable support for the Application-Level Gateway (ALG) Real Time Streaming Protocol (RTSP), use the alg rtsp command in the DS-Lite configuration mode. To disable the support, use the no form of this command.

alg rtsp

Syntax Description

rtsp	Specifies the real time streaming protocol.
server-port	Specifies the port to be used for RTSP. The range is from 1 to 65535.The default port is 554.

Command Default

By default, the alg rtsp is disabled.

Command Modes

DS-Lite Configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

The application has to be directed to identify RTSP packets. The alg rtsp configuration command allows enabling of RTSP scan.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the alg rtsp command for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# alg rtsp

Related Commands

Command	Description
address-family ipv4 (Stateless NAT64)	Enters the IPv4 address family configuration mode.
alg ActiveFTP (NAT44)	Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance.
inside-vrf (NAT44)	Enters inside VRF configuration mode for a NAT44 instance.
portlimit (NAT44)	Limits the number of translation entries per source address.
protocol (NAT44)
service cgn	Enables an instance for the CGN application.
service-type nat44	Enables a NAT44 instance for the CGN application.
refresh-direction (NAT44)	Configures the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance.

alg rtsp (NAT44)

To configure Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG), use the alg rtsp command in the NAT44 configuration mode. To undo the configuration, use the no form of this command.

alg rtsp server-port value

Syntax Description

server-port	Specifies the port to be used for RTSP.
value	Specifies the port number. The default port is 554. The range is from 1 to 65535

Command Default

By default, the alg rtsp is disabled.

Command Modes

NAT44 Configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

The application has to be directed to identify RTSP packets. The alg rtsp configuration command allows enabling of RTSP scan.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the alg rtsp command for the CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# alg rtsp server-port 666

Related Commands

Command

Description

alg ActiveFTP (NAT44)

Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance.

alg rtsp (Stateful NAT64)

To configure Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG), use the alg rtsp command in Stateful NAT64 configuration mode. To undo the configuration, use the no form of this command.

alg rtsp server-port value

Syntax Description

server-port	Specifies the port to be used for RTSP.
value	Port number. The default port is 554. The range is from 1 to 65535.

Command Default

By default, the alg rtsp is disabled.

Command Modes

Stateful NAT64

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

The application must be directed to identify RTSP packets. The alg rtsp configuration command enables RTSP scan.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the alg rtsp command for the CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# alg rtsp server-port 666

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

attach port-set

To attach the port-set to the NAT inside-vrf instance, use the attach port-set command in the CGN inside VRF configuration mode. To remove the port-set from the inside-vrf instance, use the no form of this command.

attach port-set name

Syntax Description

name	Specifies the port-set created.

Command Default

None

Command Modes

CGN inside VRF configuration mode.

Command History

Release	Modification
Release 5.3.1	This command was introduced.

Usage Guidelines

A port-set is attached to the VRF instance that handles packets from the subscriber network (inside-VRF). Users can attach only one port-set to the NAT inside-vrf instance. If multiple port-sets are attached to the inside-vrf instance, then only the last attached port-set is considered for the NAPT operation. However, a port-set can be attached to multiple inside-vrf instances. If a port-set is in use by one or more NAT inside-vrf instances, users cannot delete that port-set until the associations with all NAT inside-vrf instances are removed. However, the user can modify the contents of port-set while they are in use and have the modifications take effect immediately.

Task ID

Task ID	Operation
cgn	read, write

Examples

The following example shows how to attach the port-set to an inside VRF instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#map-address pool 100.1.1.0/24
RP/0/RP0/CPU0:router(config-cgn-invrf-afi)#attach port-set set1

br (6rd)

To enable the Border Relay(BR) configuration, use the br command in 6RD configuration mode. To disable this feature, use the no form of this command.

br { ipv4 | ipv6-prefix | source-address | unicast }

Syntax Description

ipv4	Specifies the IPv4 related configuration.
ipv6-prefix	Specifies the IPv6 prefix.
source-address	Specifies the source address for the tunnel.
unicast	Specifies the IPv6 unicast address.

Command Default

None

Command Modes

6RD configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the unicast address using the br configuration level commands :

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv6-prefix 2001:db8::/32
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# source-address 10.2.2.2
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv4 prefix length 0
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv4 suffix length 0
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# unicast address 2001:db8:a02:202::1

Related Commands

Command	Description
ipv4 prefix (6rd)	Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel.
ipv4 suffix (6rd)	Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel.
ipv6-prefix (6rd)	Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application.
source-address (6rd)	Assigns an ipv4 address as the tunnel source address.
unicast address (6rd)	Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration.

br-endpoint-address (MAP-E)

To configure the IPv6 address of BR, use the br-endpoint-address command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

br-endpoint-address address

Syntax Description

address

Specifies the IPv6 address of the BR.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release	Modification
Release 5.3.2	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgv6	read, write

Examples

This example shows how to configure the BR address for a MAP-E instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgv6 cgv6-1
RP/0/RP0/CPU0:router(config-cgv6)# Service-inline interface TenGigE0/0/0/0
RP/0/RP0/CPU0:router(config-cgv6)#  service-type-map_e map1
RP/0/RP0/CPU0:router(config-cgv6-map-e)#  cpe-domain ipv4 Prefix 120.2.1.0/24
RP/0/RP0/CPU0:router(config-cgv6-map-e)#  cpe-domain ipv6 prefix 9020:da8:2::/48
RP/0/RP0/CPU0:router(config-cgv6-map-e)#   sharing-ratio 256
RP/0/RP0/CPU0:router(config-cgv6-map-e)#   contiguous-ports 16
RP/0/RP0/CPU0:router(config-cgv6-map-e)#    br-endpoint-address 9020:da8:2:ffff::1

bulk-port-alloc (NAT44)

To pre-allocate a number of contiguous outside ports in bulk and to reduce Netflow/Syslog data volume, use the bulk-port-alloc command in NAT44 configuration mode. To undo the bulk port allocation, use the no form of this command.

bulk-port-alloc size size-value

Syntax Description

size size-value

Specifies the port size for allocation. The value should be greater than or equal to one fourth of the port limit and less than twice the port limit. The allowed values are 8, 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096.

Command Default

None

Command Modes

NAT44 Inside VRF configuration

Command History

Release	Modification
Release 4.2.1	This command was introduced.
Release 5.2.0	The minimum size for bulk port allocation was reduced to 8.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to allocate ports in bulk to reduce the syslog data volume:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat441
RP/0/RP0/CPU0:router(config-cgn)#inside-vrf vrf1
RP/0/RP0/CPU0:router(config-cgn-ds-lite-invrf)#bulk-port-alloc size 64
RP/0/RP0/CPU0:router(config-cgn-ds-lite-invrf)#

Related Commands

Command

Description

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.

protocol (NAT44)

bulk-port-alloc (DS-LITE)

To pre-allocate a number of contiguous outside ports in bulk and to reduce Netflow/Syslog data volume, use the bulk-port-alloc command in DS-Lite configuration mode. To undo the bulk port allocation, use the no form of this command.

bulk-port-alloc size

Syntax Description

size	Specifies the port size for allocation. The value should be greater than or equal to one fourth of the port limit and less than twice the port limit. The allowed values are 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096.

Command Default

None

Command Modes

DS-Lite configuration

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to allocate ports in bulk to reduce the syslog data volume:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#bulk-port-alloc size 64
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command	Description
protocol (NAT44)

clear cgn ds-lite

To clear all translation database entries that are created dynamically for the specific DS-Lite instance, use the clear cgn ds-lite command in EXEC mode .

clear cgn ds-lite instance-name

Syntax Description

instance-name

Instance name for DS-Lite.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn ds-lite command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

clear cgn ds-lite ipaddress

To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn ds-lite ipaddress command in EXEC mode.

clear cgn ds-lite instance-name ipaddress address

Syntax Description

instance-name	Instance name for DS-Lite.
address	Specifies the IPv4 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn ds-lite ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

clear cgn ds-lite port

To clear the translation database entries that are created dynamically for the specified port number, use the clear cgn ds-lite port command in EXEC mode.

clear cgn ds-lite instance-name port number

Syntax Description

instance-name	Instance name for DS-Lite.
number	Port number. Range is from 1 to 65535.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn ds-lite port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

clear cgn ds-lite protocol

To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn ds-lite protocol command in EXEC mode.

clear cgn ds-lite instance-name protocol { udp | tcp | icmp }

Syntax Description

instance-name	Name for the DS-Lite CGN instance.
protocol	Specifies the protocol for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn ds-lite protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

clear cgn ds-lite statistics

To clear all the statistics for a ds-lite instance, use theclear cgn ds-lite statistics command in EXEC mode.

clear cgn ds-lite instance-name statistics

Syntax Description

instance-name	Specifies the name of the DS-Lite instance.
statistics	Specifies the DS-Lite statistics.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn ds-lite statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID	Operation
cgn	read

Related Commands

Command

Description

clear cgn nat44 port

Clears the translation database entries that are created dynamically for the specified inside port number.

clear cgn nat44 protocol

Clears translation database entries that are created dynamically for the specified protocol.

clear cgn map-e statistics

To clear all statistics of a MAP-E instance, use the clear cgn map-e statistics command in EXEC mode.

clear cgn map-e instance-name statistics

Syntax Description

instance-name	Name of the map-e instance.
statistics	Specifies the map-e statistics.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn map-e statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID	Operation
cgn	read

Examples

This example shows how to clear the statistics entries for a MAP-E instance:

RP/0/RP0/CPU0:router# show cgn map-e m1 statistics

MAP-E IPv4 to IPv6 counters:
======================================

Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0

Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IP Destination Drop Count : 0
Packet Exceeding Path MTU Drop Count : 0
Unsupported Protocol Drop Count : 0

ICMPv4 Generated for TTL Expire Count : 0
ICMPv4 Generated for Error Count : 0
ICMPv4 Packets Rate-Limited Count : 0

TCP MSS Changed Count : 0

MAP-E IPv6 to IPv4 counters:
======================================

Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0
Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IPv6 Destination Drop Count : 0
Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop Count : 0

ICMPv6 Input Count : 0
ICMPv6 Invalid UIDB Drop Count : 0
ICMPv6 NoDb Drop Count : 0
ICMPv6 TTL Expire Drop Count : 0
ICMPv6 Invalid IPv6 Destination Drop Count : 0
ICMPv6 Unsupported Type Drop Count : 0
ICMPv6 Invalid NxtHdr Drop Count: 0
ICMPv6 Frag Drop Count : 0
ICMPv6 Forus Count : 0
ICMPv6 Echo Response Received Count : 0
ICMPv6 Echo Replies Count : 0
ICMPv6 Translated to ICMPV4 Output Count : 0

ICMPv6 Generated for TTL Expire Count : 0
ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0

TCP MSS Changed Count: 0

MAP-E IPv4 Frag counters received from V4 cloud:
==================================================

Total Input Count: 0
Total Drop Count: 0
Reassembled Output Count : 0

TCP Input Count: 0
UDP Input Count: 0
ICMPv4 Input Count: 0

Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
Unsupported Protocol Drop Count : 0
Throttled Count : 0
Timeout Drop Count: 0
Duplicates Drop Count : 0

MAP-E Inner IPv4 Frag counters received from V6 cloud:
====================================================

Total Input Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Input Count : 0
UDP Input Count : 0
ICMPv4 Input Count : 0

Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop count : 0
Throttled Count : 0
Timeout Drop Count : 0
Duplicates Drop Count : 0

ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0

TCP MSS Changed Count : 0   

The RP/0/RP0/CPU0:router# clear cgn map-e m1 statistics command clears the output 
shown above.

Related Commands

Command

Description

show cgn map-e statistics

Displays the MAP-E instance statistics.

clear cgn map-t statistics

To clear all the statistics of a MAP-T instance, use the clear cgn map-t statistics command in EXEC mode.

clear cgn map-t instance-name statistics

Syntax Description

instance-name	Specifies the name of the map-t instance.
statistics	Specifies the map-t statistics.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn map-t statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID	Operation
cgn	read

Examples

This example shows the statistics entries for a MAP-T instance:

RP/0/RP0/CPU0:router# show cgn map-t m1 statistics

MAP-T IPv6 to IPv4 counters:
======================================

TCP Incoming Count: 0
TCP NonTranslatable Drop Count: 0
TCP Invalid NextHdr Drop Count: 0
TCP NoDb Drop Count: 0
TCP Translated Count: 0 
UDP Incoming Count: 0
UDP NonTranslatable Drop Count: 0
UDP Invalid Next Hdr Drop Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0 

ICMP Total Incoming Count: 0
ICMP No DB Drop Count: 0
ICMP Fragment drop count: 0
ICMP Invalid NxtHdr Drop Count: 0
ICMP Nontanslatable Drop Count: 0
ICMP Nontanslatable Fwd Count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 0 
Subsequent Fragment NonTranslateable Drop Count: 0
Invalid NextHdr Drop Count: 0
Subsequent Fragment No Db Drop Count: 0
Subsequent Fragment Translated Count: 0 

Extensions/Options Incoming Count: 0
Extensions/Options Drop Count: 0
Extensions/Options Forward Count: 0

Extensions/Options No DB drop Count: 0
Unsupported Protocol Count: 0

MAP-T IPv4 to IPv6 counters:
======================================

TCP Incoming Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0

UDP Incoming Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0
UDP FragmentCrc Zero Drop Count: 0
UDP CrcZeroRecy Sent Count: 0
UDP CrcZeroRecy Drop Count: 0

ICMP Total Incoming Count: 0
ICMP No Db Drop Count: 0
ICMP Fragment drop count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 0
Subsequent Fragment No Db Drop  Count: 0
Subsequent Fragment Translated Count: 0

Options Incoming Count: 0
Options Drop Count: 0
Options Forward Count: 0
Options No DB drop Count: 0
Unsupported Protocol Count: 0
          
ICMP generated counters :
=======================

IPv4 ICMP Messages generated count: 0
IPv6 ICMP Messages generated count: 0

The RP/0/RP0/CPU0:router# clear cgn map-t m1 statistics command clears the output 
shown above.

Related Commands

Command	Description
address-family (MAP-T)	Configures IPv4 or IPv6 address for a MAP-T instance.
contiguous-ports (MAP-T)	Configures the number of contiguous ports for a MAP-T instance.
cpe-domain (MAP-T)	Configures the Customer Premises Equipment (CPE ) domain parameters.
external-domain (MAP-T)	Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa.
sharing-ratio (MAP-T)	Configures the port sharing ratio.
show cgn map-t statistics	Displays the MAP-T instance statistics.
traceroute (MAP-T)	Configures traceroute translation algorithms.

clear cgn nat44

To clear all translation database entries that are created dynamically for the specific CGN instance, use the clear cgn nat44 command in EXEC mode.

clear cgn nat44 instance-name

Syntax Description

instance-name

Instance name for NAT44.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.0.0	NAT44 instance was included in the command syntax.

Usage Guidelines

Caution

Because the clear cgn nat44 command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Examples

The following example shows how to clear all the translation entries for the cgn1 instance:

RP/0/RP0/CPU0:router# show cgn nat44 nat2 statistics

Statistics summary of NAT44 instance: 'nat2'
Number of active translations: 45631
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195

RP/0/RP0/CPU0:router# clear cgn nat44 nat2

RP/0/RP0/CPU0:router# show cgn nat44 nat2 statistics

Statistics summary of NAT44 Instance: 'nat2'
Number of active translations: 0 <<<<<<<<<<<<<< All the entries are deleted and provided no new translation entires are created
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195

Related Commands

Command	Description
service cgn	Enables an instance for the CGN application.
show cgn nat44 inside-translation	Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
show cgn nat44 outside-translation	Displays the outside-address to inside-address translation details for a specified NAT44 instance.

clear cgn nat44 inside-vrf counters

To clear the counters for sequence-check, use the clear cgn nat44 inside-vrf counters in EXEC mode.

clear cgn nat44 instance-name inside-vrf instance-name counters

Syntax Description

counters

Lists the counters for TCP sequence check

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 5.1.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

The following example clears the counters for TCP sequence check.

RP/0/RP0/CPU0:router# clear cgn nat44 nat1 inside-vrf vrf1 counters

clear cgn nat44 inside-vrf

To clear translation database entries that are created dynamically for the specified inside VRF, use the clear cgn nat44 inside-vrf command in EXEC mode.

clear cgn nat44 instance-name inside-vrf vrf-name

Syntax Description

instance-name	Instance name for NAT44.
vrf-name	Name for the inside VRF.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.0.0	NAT44 instance was included in the command syntax.

Usage Guidelines

Caution

Because the clear cgn nat44 inside-vrf command clears all translation database entries for the specified inside-vrf and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Examples

This example shows how to clear the translation database entries for the inside VRF named ivrf:

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 34 2356 alg 875364 65345
12.168.6.98 tcp 56 8972 static 78645 56343
12.168.2.12 tcp 21 2390 static 45638 89865
12.168.2.123 tcp 34 239 dynamic 809835 67854

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 inside-vrf insidevrf1

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command

Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.

clear cgn nat44 ipaddress

To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn nat44 ipaddress command in EXEC mode.

clear cgn nat44 instance-name ipaddress address

Syntax Description

instance-name	Instance name for NAT44.
address	Specifies the IPv4 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.0.0	NAT44 instance was included in the command syntax.

Usage Guidelines

Caution

Because the clear cgn nat44 ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Examples

The following example shows how to clear the translation database entries for the specified IPv4 address:

RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance  : nat1
Inside-VRF    : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 34 2356 alg 875364 65345
12.168.2.123 tcp 34 239 dynamic 809835 67854

RP/0/RP0/CPU0:router# clear cgn nat44 nat1 ipaddress 10.0.0.0

RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat1
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command

Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.

clear cgn nat44 port

To clear the translation database entries that are created dynamically for the specified inside port number, use the clear cgn nat44 port command in EXEC mode.

clear cgn nat44 instance-name port number

Syntax Description

instance-name	Instance name for NAT44.
number	Port number. Range is from 1 to 65535.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.0.0	NAT44 instance was included in the command syntax.

Usage Guidelines

Caution

Because the clear cgn nat44 port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Examples

This example shows how to clear the translation database entries for port number 1231:

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1
inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 1231 2356 alg 875364 65345

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 port 1231

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command

Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.

clear cgn nat44 pptpCounters

To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn nat44 pptpCounters command in EXEC mode.

clear cgn nat44 instance-name pptpCounters

Syntax Description

instance-name	Name for the NAT44 CGN instance.
pptpCounters	Specifies the PPTP counters that must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn nat44 pptpCounters command clears all the PPTP counters, use this command with caution.

Task ID

Task ID	Operations
cgn	read

clear cgn nat44 protocol

To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn nat44 protocol command in EXEC mode.

clear cgn nat44 instance-name protocol { gre | udp | tcp | icmp }

Syntax Description

instance-name	Name for the NAT44 CGN instance.
protocol	Specifies the protocol for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.0.0	NAT44 instance was included in the command syntax.
Release 4.3.0	The keyword, gre was added.

Usage Guidelines

Caution

Because the clear cgn nat44 protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Examples

This example shows how to clear the translation database entries for the TCP protocol:

RP/0/RP0/CPU0:router# 
show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 1231 2356 alg 875364 65345

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 protocol tcp

RP/0/RP0/CPU0:router# 
show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command	Description
protocol (NAT44)
show cgn nat44 inside-translation	Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
show cgn nat44 outside-translation	Displays the outside-address to inside-address translation details for a specified NAT44 instance.

clear cgn nat64 stateful

To clear all translation database entries that are created dynamically for the specific NAT64 stateful instance, use the clear cgn nat64 stateful command in EXEC mode.

clear cgn nat64 stateful instance-name

Syntax Description

instance-name

NAT64 stateful instance.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn nat64 stateful command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Related Commands

Command	Description
clear cgn nat64 stateful counters	Clears all the counters that are created for a NAT64 stateful instance
clear cgn nat64 stateful ipaddress	Clears translation database entries that are created dynamically for the specified IPv6 address.
clear cgn nat64 stateful port	Clears the translation database entries that are created dynamically for the specified port number
clear cgn nat64 stateful protocol	Clears the translation database entries that are created dynamically for the specified protocol
clear cgn nat64 stateful statistics	Clears all the statistics for a nat64 stateful instance

clear cgn nat64 stateful counters

To clear all the counters created for a NAT64 stateful instance, use the clear cgn nat64 stateful counters command in EXEC mode.

clear cgn nat64 stateful instance-name counters

Syntax Description

instance-name

NAT64 stateful instance.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn nat64 stateful counters command clears all counters, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Related Commands

Command	Description
clear cgn nat64 stateful	Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance
clear cgn nat64 stateful ipaddress	Clears translation database entries that are created dynamically for the specified IPv6 address.
clear cgn nat64 stateful port	Clears the translation database entries that are created dynamically for the specified port number
clear cgn nat64 stateful protocol	Clears the translation database entries that are created dynamically for the specified protocol
clear cgn nat64 stateful statistics	Clears all the statistics for a nat64 stateful instance

clear cgn nat64 stateful ipaddress

To clear translation database entries that are created dynamically for the specified IPv6 address, use the clear cgn nat64 stateful ipaddress command in EXEC mode.

clear cgn nat64 stateful instance-name ipaddress ipv6 address [ port port number protocol [ icmp | tcp | udp ] | protocol [ icmp | tcp | udp ] port port number ]

Syntax Description

instance-name	Instance name for stateful NAT64.
ipv6 address	Specifies the IPv6 address for which the translation entries must be cleared.
protocol	Displays the name of the protocols.
icmp	Displays the ICMP protocol.
tcp	Displays the TCP protocol.
udp	Displays the UDP protocol.
port	Displays the range of the port numbers from 1 to 65535.
port number	Specifies the port number within the range.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn nat64 stateful ipaddress command clears all translation database entries for the specified IPv6 address and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Related Commands

Command	Description
clear cgn nat64 stateful	Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance
clear cgn nat64 stateful counters	Clears all the counters that are created for a NAT64 stateful instance
clear cgn nat64 stateful port	Clears the translation database entries that are created dynamically for the specified port number
clear cgn nat64 stateful protocol	Clears the translation database entries that are created dynamically for the specified protocol
clear cgn nat64 stateful statistics	Clears all the statistics for a nat64 stateful instance

clear cgn nat64 stateful port

To clear the translation database entries that are created dynamically for the specified port number, use the clear cgn nat64 stateful port command in EXEC mode.

clear cgn nat64 stateful instance-name port port number [ ipaddress IPv6 address protocol [ icmp | tcp | udp ] | protocol [ icmp | tcp | udp ] ipaddress IPv6 address ]

Syntax Description

instance-name	Instance name for stateful NAT64.
port number	Specifies the port number within the range.
protocol	Displays the name of the protocols.
icmp	Displays the ICMP protocol.
tcp	Displays the TCP protocol.
udp	Displays the UDP protocol.
ipv6 address	Specifies the IPv6 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn nat64 stateful port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Related Commands

Command	Description
clear cgn nat64 stateful	Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance
clear cgn nat64 stateful counters	Clears all the counters that are created for a NAT64 stateful instance
clear cgn nat64 stateful ipaddress	Clears translation database entries that are created dynamically for the specified IPv6 address.
clear cgn nat64 stateful protocol	Clears the translation database entries that are created dynamically for the specified protocol
clear cgn nat64 stateful statistics	Clears all the statistics for a nat64 stateful instance

clear cgn nat64 stateful protocol

To clear the translation database entries that are created dynamically for the specified protocol, use the clear cgn nat64 stateful protocol command in EXEC mode.

clear cgn nat64 stateful instance-name protocol { icmp | tcp | udp } [ [ ipaddress IPv6 address port port number ] | [ port port number ipaddress IPv6 address ] ]

Syntax Description

instance-name	Instance name for stateful NAT64.
port number	Specifies the port number within the range.
protocol	Displays the name of the protocols.
icmp	Displays the ICMP protocol.
tcp	Displays the TCP protocol.
udp	Displays the UDP protocol.
ipv6 address	Specifies the IPv6 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn nat64 stateful protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID	Operations
cgn	read

Related Commands

Command	Description
clear cgn nat64 stateful	Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance
clear cgn nat64 stateful counters	Clears all the counters that are created for a NAT64 stateful instance
clear cgn nat64 stateful ipaddress	Clears translation database entries that are created dynamically for the specified IPv6 address.
clear cgn nat64 stateful port	Clears the translation database entries that are created dynamically for the specified port number
clear cgn nat64 stateful statistics	Clears all the statistics for a nat64 stateful instance

clear cgn nat64 stateful statistics

To clear all the statistics for a nat64 stateful instance, use theclear cgn nat64 stateful statistics command in EXEC mode.

clear cgn nat64 stateful instance-name statistics

Syntax Description

instance-name	Specifies the name of the nat64 stateful instance.
statistics	Specifies the nat64 stateful statistics.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn nat64 stateful statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID	Operation
cgn	read

Related Commands

Command	Description
clear cgn nat64 stateful	Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance
clear cgn nat64 stateful counters	Clears all the counters that are created for a NAT64 stateful instance
clear cgn nat64 stateful ipaddress	Clears translation database entries that are created dynamically for the specified IPv6 address.
clear cgn nat64 stateful port	Clears the translation database entries that are created dynamically for the specified port number
clear cgn nat64 stateful protocol	Clears the translation database entries that are created dynamically for the specified protocol

clear cgn tunnel v6rd statistics

To clear all the statistics of a IPv6 Rapid Deployment (6RD) instance, use the clear cgn tunnel v6rd statistics command in EXEC mode.

clear cgn tunnel v6rd instance-name statistics

Syntax Description

instance-name	Specifies the name of the 6rd instance.
statistics	6rd instance statistics.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

Caution

Because the clear cgn tunnel v6rd statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID	Operation
cgn	read

Examples

This example shows the statistics entries for a 6RD instance:

RP/0/RP0/CPU0:router# show cgn tunnel v6rd 6rd1 statistics

Tunnel 6rd configuration
=========================
Tunnel 6rd name: 6rd1
IPv6 Prefix/Length: 2001:db8::/32
Source address: 9.1.1.1
BR Unicast address: 2001:db8:901:101::1
IPv4 Prefix length: 0
IPv4 Suffix length: 0
TOS: 0, TTL: 255, Path MTU: 1280
Tunnel 6rd statistics
======================
IPv4 to IPv6
=============
Incoming packet count : 2296951183
Incoming tunneled packets count : 2296951183
Decapsulated packets : 0
ICMP translation count : 0
Insufficient IPv4 payload drop count : 0
Security check failure drops : 0
No DB entry drop count : 0
Unsupported protocol drop count : 0
Invalid IPv6 source prefix drop count : 2296951183
IPv6 to IPv4
=============
Incoming packet count : 0
Encapsulated packets count : 0
No DB drop count : 0
Unsupported protocol drop count : 0
IPv4 ICMP
==========
Incoming packets count : 0
Reply packets count : 0
Throttled packet count : 0
Nontranslatable drops : 0
Unsupported icmp type drop count : 0
IPv6 ICMP
==========
Incoming packets count : 0
Reply packets count : 0
Packet Too Big generated packets count : 0
Packet Too Big not generated packets count : 0
NA generated packets count : 0
TTL expiry generated packets count : 0
Unsupported icmp type drop count : 0
Throttled packet count : 0
IPv4 to IPv6 Fragments
=======================
Incoming fragments count : 0
Reassembled packet count : 0
Reassembled fragments count : 0
ICMP incoming fragments count : 0
Total fragment drop count : 0
Fragments dropped due to timeout : 0
Reassembly throttled drop count : 0
Duplicate fragments drop count : 0
Reassembly disabled drop count : 0
No DB entry fragments drop count : 0
Fragments dropped due to security check failure : 0
Insufficient IPv4 payload fragment drop count : 0
Unsupported protocol fragment drops : 0
Invalid IPv6 prefix fragment drop count : 0
IPv6 to IPv4 Fragments
=======================
Incoming ICMP fragment count : 0
RP/0/RP1/CPU0:#
=================================================================================

The RP/0/RP0/CPU0:router# clear cgn tunnel v6rd 6rd1 statistics command clears the 
output shown above.

Related Commands

Command

Description

show cgn tunnel v6rd statistics

Displays the statistics information for an IPv6 Rapid Deployment (6RD) instance.

clear cgv6 map-e statistics

To clear all the statistics for a map-e instance, use theclear cgv6 map-e statistics command in EXEC mode.

clear cgv6 map-e instance-name statistics

Syntax Description

instance-name	Specifies the name of the MAP-E instance.
statistics	Specifies the MAP-E statistics.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 5.3.2	This command was introduced.

Usage Guidelines

Caution

Because the clear cgv6 map-e statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID	Operation
cgv6	read

contiguous-ports (MAP-E)

To configure the number of contiguous ports for a MAP-E instance, use the contiguous-ports command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

contiguous-ports number

Syntax Description

number

Number of contiguous ports. The value is in powers of 2. The range is from 1 to 65535.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the number of contiguous ports for a MAP-E instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# contiguous-ports 8

Related Commands

Command	Description
address-family (MAP-E)	Configures IPv4 or IPv6 address for a MAP-E instance.
aftr-endpoint-address (MAP-E)	Configures the IPv6 address of Address Family Transition Router (AFTR).
cpe-domain (MAP-E)	Configures the Customer Premises Equipment (CPE ) domain parameters.
path-mtu (MAP-E)	Configures the path Maximum Transmission Unit (MTU) of the tunnel.
sharing-ratio (MAP-E)	Configures the port sharing ratio.

contiguous-ports (MAP-T)

To configure the number of contiguous ports for a MAP-T instance, use the contiguous-ports command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

contiguous-ports number

Syntax Description

number

Number of contiguous ports. The value is in powers of 2. The range is from 1 to 65535.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the number of contiguous ports for a MAP-T instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# contiguous-ports 8

Related Commands

Command	Description
address-family (MAP-T)	Configures IPv4 or IPv6 address for a MAP-T instance.
clear cgn map-t statistics	Clears the statistics of a MAP-T instance.
cpe-domain (MAP-T)	Configures the Customer Premises Equipment (CPE ) domain parameters.
external-domain (MAP-T)	Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa.
sharing-ratio (MAP-T)	Configures the port sharing ratio.
show cgn map-t statistics	Displays the MAP-T instance statistics.
traceroute (MAP-T)	Configures traceroute translation algorithms.

cpe-domain (MAP-E)

To configure the Customer Premises Equipment (CPE ) domain parameters, use the cpe-domain command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

cpe-domain { ipv4 | ipv6 } [ prefix address ]

Syntax Description

ipv4	Specifies IPv4 parameters.
ipv6	Specifies IPv6 parameters.
prefix	Specifies the CPE domain IPv4 or IPv6 prefix.
address / length	IPv4 or IPv6 address and subnet mask.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the CPE domain's IPv6 prefix:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# cpe-domain ipv6 prefix 10:2::24/32

Examples

This example shows how to configure the CPE domain's IPv4 prefix:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# cpe-domain ipv4 prefix 202.38.102.0/24

Related Commands

Command	Description
address-family (MAP-E)	Configures IPv4 or IPv6 address for a MAP-E instance.
aftr-endpoint-address (MAP-E)	Configures the IPv6 address of Address Family Transition Router (AFTR).
contiguous-ports (MAP-E)	Configures the number of contiguous ports for a MAP-E instance.
path-mtu (MAP-E)	Configures the path Maximum Transmission Unit (MTU) of the tunnel.
sharing-ratio (MAP-E)	Configures the port sharing ratio.

cpe-domain (MAP-T)

To configure the Customer Premises Equipment (CPE ) domain parameters, use the cpe-domain command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

cpe-domain { ipv4 | ipv6 } [ prefix address ]

Syntax Description

ipv4	Specifies IPv4 parameters.
ipv6	Specifies IPv6 parameters.
prefix	Specifies the CPE domain IPv4 or IPv6 prefix.
address / length	Specifies IPv4 or IPv6 address and subnet mask.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the CPE domain's IPv6 prefix:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# cpe-domain ipv6 prefix 10:2::24/32

Examples

This example shows how to configure the CPE domain's IPv4 prefix:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# cpe-domain ipv4 prefix 202.38.102.0/24

Related Commands

Command	Description
address-family (MAP-T)	Configures IPv4 or IPv6 address for a MAP-T instance.
clear cgn map-t statistics	Clears the statistics of a MAP-T instance.
contiguous-ports (MAP-T)	Configures the number of contiguous ports for a MAP-T instance.
external-domain (MAP-T)	Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa.
sharing-ratio (MAP-T)	Configures the port sharing ratio.
show cgn map-t statistics	Displays the MAP-T instance statistics.
traceroute (MAP-T)	Configures traceroute translation algorithms.

datapath-test

To test the integrity of the ServiceApp data path and to shut down the SVI in case of a failure, use the datapath-test command in the 6rd configuration mode. To undo the detection of the failure and shutdown, use the no form of this command.

datapath-test [ shut-down-on-failure ]

Syntax Description

shut-down-on-failure

(Optional) If configured, the ServiceApp Interfaces for IPv4 and IPv6 are shut down when any of these interfaces fails.

Use this option only if redundant CGSEs capable of handling the traffic, when the failed ServiceApp interfaces are shutdown, are configured.

Command Default

None

Command Modes

6RD configuration

Command History

Release	Modification
Release 5.2.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to shut down the interface:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 100
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 101
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-afi)# exit
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# datapath-test shut-down-on-failure

df-override (CGN)

To set the DF (Do not Fragment) bit to 0, use the df-override command . To restore the default behavior, use the no form of this command.

df-override

Syntax Description

df-override

Specifies the df-override bit.

Command Default

The df-override bit is set to 1.

Command Modes

CGN-NAT64

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

Use the df-override command to set the DF bit to 0 when translating IPv6 packets to IPv4 packets, provided the original IPv6 packet size is less than 1280 bytes and there is no Fragment header.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the df-override command for the NAT64 stateless configuration.

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# df-override

Related Commands

Command	Description
address-family ipv6 (Stateless NAT64)	Enters the IPv6 address family configuration mode.
interface ServiceApp	Enables the application SVI interface.
protocol icmp reset-mtu (CGN)	Resets the received packet size.
service cgn	Enables an instance for the CGN application.
service-type nat64 (Stateless)	Creates a nat64 stateless application
tcp mss (CGN)	Adjusts the TCP maximum segment size value for a ServiceApp interface.
traffic-class (CGN)	Configures the traffic class value to be used when translating a packet from IPv4 to IPv6

dynamic-port-range (Stateful NAT64)

To configure ports dynamically ranging from 1 to 65535, use the dynamic-port-range command in NAT64 stateful configuration mode. To undo the configuration, use the no form of this command.

dynamic-port-range start port-number

Syntax Description

start	Specifies the starting range of port numbers.
value	Specifies the port number to be dynamically configured. The range is from 1 to 65535.

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to dynamically configure ports for a NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# dynamic-port-range start 66
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
service-type nat64 (Stateful NAT64)	Creates a NAT64 stateful instance.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

dynamic port range start

To configure the dynamic port range start value for a CGN NAT 44 instance, use the dynamic port range start command in the EXEC mode. These ports include TCP, UDP, and ICMP.

dynamic port range start value

Syntax Description

value

The value ranges between 1 to 65535.

Command Default

When the value is not configured, then the dynamic translations start from 1024.

Command Modes

CGN-NAT44 Configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to execute the dynamic port range start value as 1048 for a NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router#(config-cgn-nat44)dynamic port range start 1048

external-domain (MAP-T)

To configure the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses, use the external-domain command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

external-domain ipv6 prefix address subnet mask

Syntax Description

ipv6	Specifies IPv6 parameters.
prefix	Specifies the external domain IPv6 prefix.
address / length	Specifies IPv4 or IPv6 address and subnet mask.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the external domain's IPv6 prefix:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# external-domain ipv6 prefix 10:2::24/64

Related Commands

Command	Description
address-family (MAP-T)	Configures IPv4 or IPv6 address for a MAP-T instance.
clear cgn map-t statistics	Clears the statistics of a MAP-T instance.
contiguous-ports (MAP-T)	Configures the number of contiguous ports for a MAP-T instance.
cpe-domain (MAP-T)	Configures the Customer Premises Equipment (CPE ) domain parameters.
sharing-ratio (MAP-T)	Configures the port sharing ratio.
show cgn map-t statistics	Displays the MAP-T instance statistics.
traceroute (MAP-T)	Configures traceroute translation algorithms.

external-logging (DS-LITE Netflow9)

To enable the external-logging facility for a DS-Lite instance, use the external-logging command in DS-Lite configuration mode. To disable external-logging, use the no form of this command.

external-logging netflow9

Syntax Description

netflow9

Netflow version 9 protocol is used for external logging.

Command Default

By default, external-logging is disabled.

Command Modes

DS-Lite configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

The external-logging facility supports only netflow version 9.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to externally log data for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)#

external-logging (DS-LITE Syslog)

To enable the external-logging facility for a DS-Lite instance, use the external-logging command in DS-Lite configuration mode. To disable external-logging, use the no form of this command.

external-logging syslog server { address |{ address port number} host-name |{ name} path-mtu{ value} }

Syntax Description

syslog	Logs syslog information to an external server.
server	Specifies the location of the server to log the syslog information.
address	Specifies the IPv4 or IPv6 address of the server.
host-name	Specifies the host name used in syslog header.
path-mtu	Specifies the mtu of the path used for logging information.

Command Default

By default, external-logging is disabled.

Command Modes

DS-Lite configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to log syslog information for a DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#external-logging syslog
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)#server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#address 10.2.1.10 port 65
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#

external-logging (NAT44 Netflow)

To enable the external-logging facility for an inside VRF of a CGN instance, use the external-logging command in CGN inside VRF NAT44 configuration mode. To disable external-logging, use the no form of this command.

external-logging netflow version 9

Syntax Description

netflow version 9

Netflow version 9 protocol is used for external logging.

Command Default

By default, external-logging is disabled.

Command Modes

CGN Inside VRF NAT44 configuration mode

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.0.0	The keyword netflow v9 has been modified to netflow version 9 .

Usage Guidelines

The external-logging command enters CGN inside VRF address family external logging configuration mode.

You can use NetFlow to export NAT table entries.

The external-logging facility supports only netflow version 9.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to enter the configuration mode for the netflow version 9 external-logging facility:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50

external-logging (NAT44 Syslog)

To enable the external-logging facility for syslog data, use the external-logging command in CGN inside VRF NAT44 configuration mode. To disable external-logging, use the no form of this command.

external-logging syslog server { address |{ address port number} host-name |{ name} path-mtu value protocol protocol-type}

Syntax Description

syslog	Logs syslog information to an external server.
server	Specifies the location of the server to log the syslog information.
address	Specifies the IPv4 or IPv6 address of the server.
host-name	Specifies the host name used in syslog header.
path-mtu	Specifies the mtu of the path used for logging information.
protocol	Specifies the layer 4 protocol used for logging information.

Command Default

By default, external-logging is disabled.

Command Modes

CGN Inside VRF NAT44 configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example show how to log syslog information for a NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging syslog
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# address 10.10.0.0 port 50
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)#

external-logging (Stateful NAT64 Netflow)

To enable the external-logging facility for a NAT64 stateful instance, use the external-logging command in NAT64 Stateful configuration mode. To disable external-logging, use the no form of this command.

external-logging netflow version 9

Syntax Description

netflow version 9

Netflow version 9 protocol is used for external logging.

Command Default

By default, external-logging is disabled.

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to enter the configuration mode for the netflow version 9 external-logging facility:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
service-type nat64 (Stateful NAT64)	Creates a NAT64 stateful instance.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

filter-policy

To enable address and port-based filtering, use the filter-policy command. To undo this configuration, use the no filter-policy command.

filter-policy

Syntax Description

ignore-port

This keyword is used to ignore the checking based on port. If this keyword is not specified, then the address as well as the port are checked.

Command Default

This command is disabled by default.

Command Modes

NAT44 Configuration Mode

Command History

Release	Modification
Release 5.1.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure filter policy for a NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#filter-policy

filter-policy (Stateful NAT64)

To configure address-dependant filter policy, use the filter-policy command in NAT64 stateful configuration mode. To undo the configuration, use the no form of this command.

filter-policy

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure address-dependant filter policy for a NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# filter-policy
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

firewall

To enter the firewall mode and the protocol sub-mode, use the firewall command. To exit the firewall mode, use the no firewall command.

firewall

Syntax Description

protocol tcp

By specifying this keyword, the TCP protocol is selected. And the TCP related configuration can be defined.

Command Default

None

Command Modes

NAT44 Configuration Mode

Command History

Release	Modification
Release 5.1.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to define TCP-related configuration for a NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#firewall protocl tcp

fragment-timeout (Stateful NAT64)

To specify the time interval to store packet fragments, use the fragment-timeout command in NAT64 stateful configuration mode. To delete the time interval, use the no form of this command. The default timeout value is 2 seconds.

fragment-timeout value

Syntax Description

value

Specifies the timeout value in seconds. The range is from 0 to 15.

Command Default

2 seconds

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to specify the time interval to store packet fragments for a NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# fragment-timeout 10
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

hw-module service cgn location

To enable a CGN service role on a specified location, use the hw-module service cgn location command in global configuration mode. To disable the CGN service role at the specified location, use the no form of this command.

hw-module service cgn location node-id

Syntax Description

node-id

Location of the service card for CGN that you want to configure. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

Global configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write
root-lr	read, write

Examples

This example shows how to configure the CGN service for location 0/2/CPU0:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# hw-module service cgn location 0/2/CPU0

Related Commands

Command	Description
interface ServiceApp	Enables the application SVI interface.
interface ServiceInfra	Enables the infrastructure SVI interface.
service cgn	Enables an instance for the CGN application.
service-location (CGN)	Enables the particular instance of the CGN application on the active and standby locations.

inside-vrf (NAT44)

To enter inside VRF configuration mode for a NAT44 instance, use the inside-vrf command in NAT44 configuration mode. To disable this feature, use the no form of this command.

inside-vrf vrf-name

Syntax Description

vrf-name

Name for the inside VRF.

Command Default

None

Command Modes

NAT44 configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

The inside-vrf command enters NAT44 inside VRF configuration mode.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to enter inside VRF configuration mode:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#

Related Commands

Command	Description
external-logging (NAT44 Netflow)	Enables external logging of a NAT44 instance.
protocol (NAT44)
service cgn	Enables an instance for the CGN application.
show cgn nat44 inside-translation	Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
show cgn nat44 outside-translation	Displays the outside-address to inside-address translation details for a specified NAT44 instance.

interface ServiceApp

To enable the application SVI interface, use the interface ServiceApp command in global configuration mode. To disable a particular service application interface, use the no form of this command.

interface ServiceApp value

Syntax Description

value

Total number of service application interfaces to be configured. Range is from 1 to 2442000.

Command Default

None

Command Modes

Global configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

The total number of service application interfaces per multi-service PLIM card cannot exceed 889.

The name of the serviceapp interfaces is serviceapp n where n can be a number between 1 to 2442000.

Task ID

Task ID	Operations
interface	read, write

Examples

This example shows how to configure a nat64 stateless service application interface:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)#address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)#interface ServiceApp 461

This example shows how to configure 6rd service application interface:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)#address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 46

This example shows how to configure a nat44service application interface:

RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#interface ServiceApp 1
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)#address-family ipv4

This example shows how to configure a DDoS TMS service application interface:

RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#interface ServiceApp 1
RP/0/RP0/CPU0:router(config-if)#service sesh sesh1

interface ServiceInfra

To enable the infrastructure SVI interface, use the interface ServiceInfra command in global configuration mode. To disable a particular service infrastructure interface, use the no form of this command.

interface ServiceInfra value

Syntax Description

value

Total number of service infrastructure interfaces to be configured. Range is from 1 to 2000.

Command Default

None

Command Modes

Global configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

Only one service infrastructure interface can be configured per ISM.

Note

The Infra SVI interface and its IPv4 address configuration are required to boot the CGSE. The IPv4 address is used as the source address of the netflow v9 logging packet.

Task ID

Task ID	Operations
interface	read, write

Examples

This example shows how to configure one service infrastructure interface:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1
RP/0/RP0/CPU0:router(config-if)#ipv4 address 3.1.1.1 255.255.255.248
RP/0/RP0/CPU0:router(config-if)#service-location 0/1/CPU0

ipv4 prefix (6rd)

To assign a value for the ipv4-prefix length to be used as part of both ends of tunnel, use the ipv4 prefix command in 6RD configuration mode. To remove the ipv4 prefix, use the no form of this command.

ipv4 prefix length value

Syntax Description

length	Indicates the IPv4 prefix length to be used while deriving the delegated IPv6 prefix.
value	IPv4 prefix length value. The range is from 0 to 31.

Command Default

None

Command Modes

6RD configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

This command assigns a value for the common ipv4 prefix length to be used as part of both ends of the tunnel. This is an optional br (Border Relay) tunnel configuration parameter. If this parameter is added or modified, the unicast address must be modified.

The sum of the ipv4 prefix length and ipv4 suffix length must not exceed 31. This value is used to calculate 6RD delegated prefix.

Once configured, the ipv4 prefix cannot be deleted individually. It must be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the ipv4 prefix length:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv4 prefix length 16

Related Commands

Command	Description
ipv4 suffix (6rd)	Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel.
ipv6-prefix (6rd)	Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application.
source-address (6rd)	Assigns an ipv4 address as the tunnel source address.
unicast address (6rd)	Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration.

ipv4 suffix (6rd)

To assign a value for the ipv4-suffix length to be used as part of both ends of a tunnel, use the ipv4 suffix command in 6RD configuration mode. To remove the ipv4 suffix, use the no form of this command.

ipv4 suffix length value

Syntax Description

ipv4 suffix length	Specifies the IPv4 suffix length to be used while deriving the delegated IPv6 prefix.
value	Length of the IPv4 suffix. The range is from 0 to 31.

Command Default

None

Command Modes

6RD configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

This command assigns a value for the common ipv4 suffix length to be used as part of both ends of the tunnel. This is an optional br (Border Relay) tunnel configuration parameter. If this parameter is added or modified, the unicast address should also be modified.

Note

The sum of the ipv4 prefix length and ipv4 suffix length must not exceed 31. This value is used to calculate 6RD delegated prefix.

Note

Once configured, the ipv4 suffix cannot be deleted individually. It must be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the ipv4 suffix length:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv4 suffix length 15

Related Commands

Command	Description
ipv4 prefix (6rd)	Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel.
ipv6-prefix (6rd)	Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application.
source-address (6rd)	Assigns an ipv4 address as the tunnel source address.
unicast address (6rd)	Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration.

ipv4 (Stateful NAT64)

To assign an ipv4 address pool to be used by a NAT64 stateful instance and to map an internal ipv6 address to a public ipv4 address, use the ipv4 command in NAT64 stateful configuration mode. To unassign the address pool, use the no form of this command.

The maximum number of address pools that can be assigned is 8.

ipv4 address-pool address/prefix

Syntax Description

address-pool	Specifies the IPv4 address pool.
address/prefix	Indicates the start address and prefix of the address pool

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to assign an IPv4 address pool for a NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# ipv4 address-pool 10.2.2.24/3

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
service-type nat64 (Stateful NAT64)	Creates a NAT64 stateful instance.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

ipv6-prefix (6rd)

To generate the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application, use the ipv6-prefix command in 6RD configuration mode. To remove the ipv6 prefix assigned for the application, use the no form of this command.

ipv6-prefix X:X::X/length IPV6 subnet mask

Syntax Description

X:X::X/length

IPv6 address.

Command Default

None

Command Modes

6RD configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

The ipv6-prefix command is used for Border Relay (BR) tunnel configurations. It is used to generate a delegated ipv6 prefix for the BR-related configuration. This is a mandatory br tunnel parameter. All mandatory parameters must be added or deleted at the same time.

Note

For a given 6RD domain, there is exactly one 6RD prefix. The ipv6-prefix command is used to convert the ipv4 address into ipv6 address for use by the 6RD domain.

Note

For a 6RD tunnel, configure the ipv6-prefix, ipv4 source-address, and unicast IPv6 address in a single commit operation. Once configured, the ipv6-prefix cannot be deleted individually. It must be deleted along with all the br tunnel configuration parameters.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to enter the ipv6-prefix for the 6RD CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv6-prefix 2010:db8:ff00::/40

Related Commands

Command	Description
ipv4 prefix (6rd)	Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel.
ipv4 suffix (6rd)	Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel.
source-address (6rd)	Assigns an ipv4 address as the tunnel source address.
unicast address (6rd)	Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration.

ipv6-prefix (Stateful NAT64)

To convert an IPv6 address to an IPv4 address, use the ipv6-prefix command in NAT64 stateful configuration mode. To use the default prefix - 64:FF9B::/96, use the no form of this command.

ipv6-prefix ipv6 address and prefix

Syntax Description

ipv6 address and prefix

Specifies the IPv6 address and prefix.

Command Default

Default prefix - 64:FF9B::/96

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure an IPv6 prefix:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# ipv6-prefix 2001:db8::/32

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
service-type nat64 (Stateful NAT64)	Creates a NAT64 stateful instance.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

map (NAT44)

To map an outside VRF and address pool to an inside vrf, use the map command in CGN inside VRF NAT44 configuration submode. To explicitly pair the inside and the outside Service Application Interfaces (ServiceApps), use the outsideserviceapp option. Suppose if there are 4 or more ServiceApps configured, then there are chances that two or more inside ServiceApps get paired to the same outside ServiceApp, thus excluding other outside ServiceApps. Because of this mapping, the unpaired ServiceApps may drop traffic in the egress path. Hence the explicit pairing is required between an inside ServiceApp and an outside ServiceApp. To remove the outside VRF, explicit ServiceApp pairing, and address pool mapping for the specified inside VRF of a CGN instance, use the no form of this command.

map [ outsideserviceapp serviceapp serviceapp-number ] [ outside-vrf outside-vrf-name ] address-pool address /prefix

Syntax Description

outsideserviceapp	Pairs the inside and the outside ServiceApps explicitly.
serviceapp	Service application interfaces that need to be paired.
serviceapp-number	Number that indicates each ServiceApp. The range is from 1 to 2000.
outside-vrf	Maps to a given outside VRF.
outside-vrf-name	Name of outside VRF.
number	Number that indicates each service application. The range is from 1 to 2000.
address-pool	Address pool to which the inside VRF is mapped.
address/prefix	Network address and prefix for the address pool. The prefix must not be less than 16.
address/prefix	Network address and prefix for the address pool. The minimum prefix value is 30.

Command Default

None

Command Modes

CGN inside VRF NAT44 configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

The map command maps the inside VRF to an outside VRF and assigns an outside address pool for the mapping.

If the outside VRF name is not specified, the default VRF is considered.

There is only one NAT44 instance for each CGN instance. An inside-VRF can be present in only one CGN instance. One inside-VRF can be mapped to only one outside-VRF. There can be multiple non-overlapping address-pools in a particular outside-VRF. The address pools being used on a CRS box for the outside-VRFs must not overlap with each other. An outside-VRF can be present in multiple CGN instances with different address pools. If the outside-VRF name is not specified, the default VRF is enabled.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the outside VRF and to assign the outside address pool for the mapping:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map outside-vrf outsidevrf1 address-pool 
10.2.2.0/24

This example shows how to explicitly pair the inside and outside ServiceApps.

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map outsideserviceapp serviceapp 2 outside-vrf ovrf1 address-pool 10.2.2.0/24

Related Commands

Command	Description
inside-vrf (NAT44)	Enters inside VRF configuration mode for a NAT44 instance.
service cgn	Enables an instance for the CGN application.
show cgn nat44 inside-translation	Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
show cgn nat44 outside-translation	Displays the outside-address to inside-address translation details for a specified NAT44 instance.

map (DS-LITE)

To map a private IPv4 source address coming over the DS-Lite tunnel to an address in a IPv4 public address pool, use the map command in CGN DS-Lite configuration mode. To undo the mapping, use the no form of this command.

map address-pool address/prefix

Syntax Description

address-pool	Specifies the IPv4 map address pool.
address/prefix	Specifies the address and prefix for the address pool.

Command Default

None

Command Modes

CGN DS-Lite configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to map a private IPv4 source address coming over the DS-Lite tunnel to an address in a IPv4 public address pool:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#map address-pool 10.1.1.2/2
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

mirror-packets

To enable the mirroring the data packets and filter the traffic based on the set of parameters, use the mirror-packets command in CGN inside VRF external logging server configuration mode. To disable the configuration, use the no form of this command.

mirror-packets destination-ipv4-address protocol-type port source-prefix collector-ipv4-address

Syntax Description

mirror-packets	Configures the data traffic to be mirrored to a configured destination (host) IPv4 address.
destination-ipv4-address	IPv4 address of the destination (host)
protocol type	The protocol type used.
port	Configures the inside port for static forwarding. The port keyword allows a specific UDP, TCP, or ICMP port on a global address to be translated to a specific port on a private address.
source-prefix	Source IPv4 address.
collector-ipv4-address	IPv4 address of the collector.

Command Default

Command Modes

CGN inside VRF external logging server configuration

Command History

Release	Modification
Release 5.2.2	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

The following example shows how to configure mirroring the data packets with the destination IPv4 address, protocol type, port number, source-prefix, and collector IPv4 address.

service cgn cgn1
 service-location preferred-active 0/1/CPU0
 service-type nat44 nat1
  inside-vrf BLR_BTM3
   mirror-packets
    destination-ipv4-address 201.22.3.45
     protocol-type tcp udp
     port 4002
     source-prefix 100.1.1.252/30
    !
    collector-ipv4-address 187.2.4.5
   !
  !
 !
!

mss (DS-LITE)

To enable the TCP maximum segment size (MSS) adjustment value for a DS-Lite instance and to adjust the MSS value of the TCP SYN packets going through, use the mss command in DS-Lite configuration mode. To disable the packets to override the TCP MSS value, use the no form of this command.

mss size

Syntax Description

size	Size, in bytes, to be applied for the MSS value. Range is from 28 to 1500.

Command Default

By default, the TCP maximum segment size (MSS) adjustment is disabled.

Command Modes

DS-Lite configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

The MSS value, which is configured using the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.

The mss command adjusts the MSS value of the TCP SYN packets.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the mss value for a DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#mss 66

mss (NAT44)

To enable the TCP maximum segment size (MSS) adjustment value for an inside VRF of a specified CGN instance and to adjust the MSS value of the TCP SYN packets going through, use the mss command in CGN inside VRF NAT44 protocol configuration mode. To disable the packets to override the TCP MSS value, use the no form of this command.

mss size

Syntax Description

size	Size, in bytes, to be applied for the MSS value. Range is from 28 to 1500.

Command Default

Default is disabled for the TCP maximum segment size (MSS) adjustment.

Command Modes

CGN inside VRF NAT44 protocol configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

The MSS value, which is configured using the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.

The mss command adjusts the MSS value of the TCP SYN packets.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to configure TCP MSS value as 1100 for the CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# mss 1100

nat-mode

To enter the predefined mode for NAT44, use the nat-mode command. To disable this mode, use the no nat-mode command.

nat-mode { predefined }

Syntax Description

predefined

Maps a private IP address to a specific port range of the corresponding public IP address. This keyword is for the predefined mode.

Command Default

None

Command Modes

Global configuration mode

Command History

Release	Modification
Release 4.3.2	This command was introduced.
Release 5.2.0	This command was modified.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

Applicable until Release 5.1.x.
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map address-pool 198.12.0.0/24
RP/0/RP0/CPU0:router(config-cgn-invrf)# nat-mode predefined
RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)#

Applicable for Release 5.2.x and above.
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)#inside-vrf insidevrf1

RP/0/RP0/CPU0:router(config-cgn-invrf)#map outside-vrf blue address-pool 100.0.0.0/24
RP/0/RP0/CPU0:router(config-cgn-invrf)#nat-mode 
RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)#predefined private-pool 103.1.106.0/24

path-mtu (6rd)

To configure the ipv4 tunnel MTU (Maximum Transmission Unit) size in bytes, use the path-mtu command in 6RD configuration mode. To reset the MTU to its default value, use the no form of this command.

path-mtu value

Syntax Description

value

Path-MTU value, in bytes. The range is from 1280 to 1480.

Command Default

None

Command Modes

6RD configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

This command configures the path MTU size, in bytes, for the ipv4 tunnel. If the size of any incoming packet is more than this path MTU, then an ICMP error is sent as a response.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the path-mtu with the value of 1500:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# path-mtu 1500

path-mtu (DS-LITE)

To assign the path Maximum Transmission Unit (MTU) for the tunnel between routers for every ds-lite instance, use the path-mtu command in DS-Lite configuration mode. To delete the mtu value, use the no form of this command.

path-mtu value

Syntax Description

value

Specifies the MTU value of the tunnel in bytes. The range is from 1280 to 9216. The default value is 1280, which is the minimum IPv6 path MTU.

Command Default

None

Command Modes

DS-Lite configuration

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to assign the path mtu for the tunnel between routers:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#path-mtu 1282
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command	Description
protocol (NAT44)

path-mtu (DS-LITE Netflow9)

To set the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information of a DS-Lite instance, use the path-mtu command in DS-Lite external logging server configuration mode. To return to the default behavior, use the no form of this command.

path-mtu value

Syntax Description

value

Specifies the path mtu value in bytes. The range is from 100 to 2000.

Command Default

None

Command Modes

DS-Lite external logging server configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to set the path-mtu value for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# path-mtu 200

Related Commands

Command	Description
address (DS-LITE Netflow9)
refresh rate (DS-LITE Netflow9)
timeout (DS-LITE Netflow9)	Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance.

path-mtu (MAP-E)

To configure the path Maximum Transmission Unit (MTU) of the tunnel, use the path-mtu command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

path-mtu value

Syntax Description

value

Tunnel path MTU value, in bytes. The range is from 1280 to 9216.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the tunnel path MTU value:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# path-mtu 1300

Related Commands

Command	Description
address-family (MAP-E)	Configures IPv4 or IPv6 address for a MAP-E instance.
aftr-endpoint-address (MAP-E)	Configures the IPv6 address of Address Family Transition Router (AFTR).
contiguous-ports (MAP-E)	Configures the number of contiguous ports for a MAP-E instance.
cpe-domain (MAP-E)	Configures the Customer Premises Equipment (CPE ) domain parameters.
sharing-ratio (MAP-E)	Configures the port sharing ratio.

path-mtu (NAT44 Netflow Version 9)

To configure the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a NAT44 instance, use the path-mtu command in NAT44 inside VRF address family external logging server configuration mode. To revert back to the default of 1500, use the no form of this command. This command restricts the maximum size of the Netflow-version 9 logging packet

path-mtu value

Syntax Description

value

Value, in bytes, of the path-mtu for the netflowv9-based external-logging facility. Range is from 100 to 9200.

Command Default

By default, the value of the path-mtu for the netflowv9-based external-logging facility is set to 1500.

Command Modes

NAT44 inside VRF address family external logging server configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

This NAT44 specific command configures the value of the path-mtu for the netflowv9 based external logging facility for an inside-VRF of NAT44 instance.

This command restricts the maximum size of the Netflow-v9 logging packet. The path-mtu value ranges from 100 to 9200. The netflowv9-based external-logging facility is exported by using the NAT table entries.

Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to configure the path-mtu with the value of 2900 for the netflowv9-based external-logging facility:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# path-mtu 2900

Related Commands

Command	Description
external-logging (NAT44 Netflow)	Enables external logging of a NAT44 instance.
inside-vrf (NAT44)	Enters inside VRF configuration mode for a NAT44 instance.
server (NAT44)	Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.
service cgn	Enables an instance for the CGN application.

path-mtu (Stateful NAT64 Netflow Version 9)

To set the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information for a NAT64 Stateful instance, use the path-mtu command in NAT64 Stateful configuration mode. To return to the default behavior, use the no form of this command.

path-mtu value

Syntax Description

value

Specifies the path mtu value in bytes. The range is from 100 to 2000.

Command Default

None

Command Modes

NAT64 Stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to set the path-mtu value for a NAT64 Stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# path-mtu 200

Related Commands

Command	Description
address (Stateful NAT64 Netflow Version 9)
refresh rate (Stateful NAT64 Netflow Version 9)	Configures the refresh rate to log NetFlow-based external logging information.
session-logging (Stateful NAT64 Netflow Version 9)	Enables session logging for a NAT64 Stateful instance.
timeout (Stateful NAT64 Netflow Version 9)	Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.

pcp-server (DS-LITE)

To configure a PCP server for a DS-Lite instance, use the pcp-server command in DS-Lite configuration mode. To undo the configuration, use the no form of this command.

pcp-server port port number

Syntax Description

pcp-server	Specifies the PCP server to be configured.
port	Specifies the port of the PCP server.
port number	The port number range is from 1 to 65535. The default port number is 5351.

Command Default

None

Command Modes

DS-Lite configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure a PCP server for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# pcp-server port 66

pcp-server (NAT44)

To configure a PCP server for a NAT44 instance, use the pcp-server command in NAT44 configuration mode. To undo the configuration, use the no form of this command.

pcp-server address IPv4 address port port number

Syntax Description

pcp-server	Specifies the PCP server to be configured.
address	Specifies the address of the PCP server.
IPv4 address	IPv4 address.
port	Specifies the port of the PCP server.
port number	The port number range is from 1 to 65535. The default port number is 5351.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure a PCP server for a NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat-44-inst
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst
RP/0/RP0/CPU0:router(config-cgn-invrf)# pcp-server address 10.2.2.30 port 66

Related Commands

Command

Description

pcp-server (DS-LITE)

Configures a Port Control Protocol (PCP) server for a DS-Lite instance.

port-limit (DS-LITE)

To restrict the number of entries per private IPv4 address for a given ds-lite instance, use the port-limit command in DS-Lite configuration mode. To delete the port-limit values, use the no form of this command.

port-limit value

Syntax Description

value

Specifies the value of the port-limit. The range is from 1 to 65535. The default value is 100.

Command Default

None

Command Modes

DS-Lite configuration

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to restrict the number of entries per address on a given DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#port-limit 500
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command	Description
protocol (NAT44)

portlimit (NAT44)

To limit the number of translation entries per source address, use the portlimit command in CGN configuration mode. To revert back to the default value of 100, use the no form of this command.

portlimit value

Syntax Description

value

Value for the port limit. Range is from 1 to 65535.

Command Default

If the port limit is not configured, the default value is 100 per CGN instance.

Command Modes

CGN configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

This is a NAT44 service type specific command to be applied for each CGN instance.

The portlimit command configures the port limit per subscriber for the system, including TCP, UDP, and ICMP. In addition, the portlimit command restricts the number of ports that is used by an IPv4 address; for example, it limits the number of CNAT entries per IPv4 address in the CNAT table.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how the port-limit needs can increased from the default value of 100 to a higher value of 500:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# portlimit 500

Related Commands

Command

Description

service cgn

Enables an instance for the CGN application.

portlimit (NAT44_Inside-VRF)

To limit the number of translation entries of each source address, for each VRF instance, use the portlimit command in Inside-VRF configuration mode. To return to the default value of 100, use the no form of this command.

portlimit value

Syntax Description

value

Value for the port limit. The range is from 1 to 65535.

Command Default

By default, there are 100 translation entries for each VRF instance.

Command Modes

Inside-VRF configuration

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to set the port-limit of 500 for a VRF instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf invrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# portlimit 500

Related Commands

Command	Description
bulk-port-alloc (NAT44)	Allocates a number of contiguous outside ports in bulk to reduce Netflow/Syslog data volume.
external-logging (NAT44 Netflow)	Enables external logging of a NAT44 instance.
external-logging (NAT44 Syslog)	Enables external logging of the syslog data for a NAT44 instance.

portlimit (Stateful NAT64)

To restrict the number of ports used by an IPv6 address, use the portlimit command in NAT64 stateful configuration mode. To use the default port limit of 100 per NAT64 instance, use the no form of this command.

portlimit value

Syntax Description

value

Specifies the port limit value. The range is from 1 to 65535.

Command Default

100 ports per NAT64 stateful instance

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to set a port limit on a NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# portlimit 600

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
service-type nat64 (Stateful NAT64)	Creates a NAT64 stateful instance.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

port-set

To create a port-set with a unique name, use the port-set command in the Carrier Grade NAT (CGN) configuration mode. To delete the port-set, use the no form of this command.

port-set name

Syntax Description

name	Specifies the name of the port-set to be created.

Command Default

None

Command Modes

CGN configuration mode

Command History

Release	Modification
Release 5.3.1	This command was introduced.

Usage Guidelines

Each port-set can contain up to 20 ports per UDP or TCP transport protocol. If a port-set is in use by one or more NAT inside-vrf instances, users cannot delete that port-set until the associations with all NAT inside-vrf instances are removed. However, the user can modify the contents of port-set while they are in use and the modifications take effect immediately.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to create a port-set for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# port-set set1
RP/0/RP0/CPU0:router(config-cgn-portset)#

private-pool

To create a pool of private addresses that have to be assigned to the subscribers in a VPN Routing and Forwarding (VRF), use the private-pool command. To disable the pool of addresses, use the no private-pool command.

private-pool ip address/prefix

Syntax Description

ip address/prefix

Specifies the address and the prefix for the private pool of IP addresses.

Command Default

none

Command Modes

Global Configuration mode

Command History

Release	Modification
Release 4.3.2	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure a private pool of IP addresses:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map address-pool 198.12.0.0/16
RP/0/RP0/CPU0:router(config-cgn-invrf)# nat-mode predefined
RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)# private-pool 192.1.106.0/16

protocol (CGN)

To enter ICMP, TCP, and UDP protocol configuration mode for a given CGN instance, use the protocol command in the appropriate configuration mode. To remove all the features that are enabled under the protocol configuration mode, use the no form of this command.

protocol { icmp | tcp | udp } { mss | <28-1500> } { static-forward inside address | <A.B.C.D> | port | <1-65535> }

Syntax Description

icmp	Enters ICMP protocol configuration mode.
tcp	Enters TCP protocol configuration mode.
udp	Enters UDP protocol configuration mode.
<28-1500>	Maximum segment size to be used in bytes.
static-forward	Configures a static port.
inside	Specifies inside network configuration..
address	Specifies the inside address for static-forward.
<A.B.C.D>	Specifies the inside IP address.
address	Specifies the port number for static-forward.

Command Default

None

Command Modes

CGN inside VRF NAT44 configuration mode

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

The protocol command enters the appropriate CGN NAT44 configuration mode.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the ICMP protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-invrf-icmp)# static-forward inside address 192.0.2.1 port 650

Related Commands

Command	Description
service cgn	Enables an instance for the CGN application.
show cgn nat44 inside-translation	Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
show cgn nat44 outside-translation	Displays the outside-address to inside-address translation details for a specified NAT44 instance.

protocol (External Logging)

To configure the protocol to be used to transfer the NetFlow and Syslog records for external logging, use the protocol command.

protocol { tcp | udp }

Syntax Description

tcp	Enables reliable log transfer feature. TCP is used to transfer the NetFlow and Syslog records to an external NetFlow or Syslog server.
udp	UDP is used to transfer the NetFlow and Syslog records to an external NetFlow or Syslog server.

Command Default

UDP is the default protocol used to transfer the NetFlow and Syslog records.

Command Modes

CGN Inside VRF NAT44 configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the TCP as the protocol to transfer the NetFlow records:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)#protocol tcp

This example shows how to configure the TCP as the protocol to transfer the Syslog records:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging syslog
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# address 10.10.0.0 port 50
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# protocol tcp

protocol (port-preservation)

To enter the TCP and UDP protocol configuration mode and specify the ports to be preserved, use the protocol command in the port-set configuration mode. To remove the ports that are preserved, use the no form of this command.

protocol { udp | tcp } {preserve-ports port-number}

Syntax Description

udp	Enters the UDP protocol configuration mode.
tcp	Enters the TCP protocol configuration mode.
preserve-ports	Preserves the ports.
port number	Port number. The range is from 1 to 4294967295. Users can enter up to 20 port numbers separated by space per protocol.

Command Default

None

Command Modes

Port-set configuration mode.

Command History

Release	Modification
Release 5.3.1	This command was introduced.

Usage Guidelines

The no form of the protocol command must not be used when the port-set is in use by an inside-vrf instance. However, users can modify the port-numbers under the TCP or UDP protocol.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to enter the protocol configuration mode and specify the ports to be preserved:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# port-set set1
RP/0/RP0/CPU0:router(config-cgn-portset)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# preserve-port 1021 1031 1041 1101 1202 1303 1404 15015 1606


RP/0/RP0/CPU0:router(config-cgn-portset)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# preserve-port 1020 1050 1100 1200 1300 1400 1500 1600

protocol (DS-LITE)

To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.

protocol { icmp | tcp | udp } { session | active | initial } {timeout value}

Syntax Description

icmp	Enters the ICMP protocol configuration mode.
tcp	Enters the TCP protocol configuration mode.
udp	Enters the UDP protocol configuration mode.
session	Session related configuration.
active	Active session timeout
initial	Initial session timeout
timeout	Session timeout
value	Timeout in seconds. The range is from 1 to 65535.

Command Default

None

Command Modes

DS-Lite configuration mode

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure TCP protocol for a DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)# session active timeout 56
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#

Examples

This example shows how to configure static forwarding in a TCP session for a DS-Lite instance:

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#static-forward inside address
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto-addr)#tunnel-source 10:2::2/22 host 10.1.1.2 port 64
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto-addr)#

protocol (NAT44)

To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.

protocol { gre | icmp | tcp | udp } { session | active | initial } {timeout value}

Syntax Description

gre	Enters the GRE protocol configuration mode.
icmp	Enters the ICMP protocol configuration mode.
tcp	Enters the TCP protocol configuration mode.
udp	Enters the UDP protocol configuration mode.
session	Session related configuration.
active	Active session timeout
initial	Initial session timeout
timeout	Session timeout
value	Timeout in seconds. The range is from 1 to 65535.

Command Default

None

Command Modes

NAT44 configuration mode

Command History

Release	Modification
Release 4.1.0	This command was introduced.
Release 4.3.0	The keyword, gre was added.

Usage Guidelines

The protocol command enters the appropriate CGN AFI configuration mode.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the ICMP protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol icmp timeout 120

This example shows how to configure the UDP protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp session initial timeout 120
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp session active timeout 180

This example shows how to configure the TCP protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp session active timeout 180

Examples

This example shows how to configure GRE for a NAT44 instance:

RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat44-1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol gre
RP/0/RP0/CPU0:router(config-cgn-nat44-proto)#

protocol (Stateful NAT64)

To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command in NAT64 stateful configuration mode. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.

protocol { icmp | tcp | udp } [{address IPv4 address} {port port number} {timeout value} {v4-init-timeout value} session { active | initial } ]

Syntax Description

icmp	Enters the ICMP protocol configuration mode.
tcp	Enters the TCP protocol configuration mode.
udp	Enters the UDP protocol configuration mode.
address	Specifies the IPv4 address for which the timeout value to be set.
IPv4 address	IPv4 address.
port	Specifies the port for which the timeout value to be set.
port number	Port number. the range is from 1 to 65535.
timeout	Specifies the session timeout
value	Timeout in seconds. The range is from 1 to 65535.
v4-init-timeout	Specifies the v4 initiated sessions for which the timeout value to be set.
value	Timeout in seconds. The range is from 1 to 65535.
session	Specifies the session related configuration.
active	Active session timeout
initial	Initial session timeout

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure timeout for a TCP session per NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#session active timeout 90

Examples

This example shows how to configure timeout for a UDP session per NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol udp
RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#timeout 90

Examples

This example shows how to configure timeout for an ICMP session per NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol icmp
RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#timeout 90

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
service-type nat64 (Stateful NAT64)	Creates a NAT64 stateful instance.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

protocol icmp reset-mtu (CGN)

To reset the received packet size to 1280 when the received ipv4 ICMP packet size is less than 1280 bytes, use the protocol icmp reset-mtu command . To copy the received icmp packet size when translating ipv4 to ipv6 packets, use the no form of this command.

protocol icmp reset-mtu

Syntax Description

This command has no keywords or arguments.

Command Default

Received packet size will be copied when translating ipv4 to ipv6 for icmp packets.

Command Modes

CGN-NAT64

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

When the icmp reset-mtu protocol is enabled, the ICMP packet size is reset to 1280.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the icmp reset-mtu protocol for a CGN instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-icmp)# reset-mtu

Related Commands

Command	Description
address-family ipv6 (Stateless NAT64)	Enters the IPv6 address family configuration mode.
ipv6-prefix (6rd)	Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application.
service cgn	Enables an instance for the CGN application.
service-type nat64 (Stateless)	Creates a nat64 stateless application
traceroute (CGN)	Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received.
ubit-reserved (CGN)	Reserves the bits 64 to 71 for the IPv6 addresses.

reassembly-enable (6rd)

To reassemble fragmented packets, use the reassembly-enable command in 6RD configuration mode. To disable the reassembly of fragmented packets, use the no form of this command.

reassembly-enable

Syntax Description

This command has no keywords or arguments.

Command Default

By default, reassembly is not allowed.

Command Modes

6RD configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to apply the reassembly-enable command for a 6RD tunnel:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# reassembly-enable

refresh-direction (NAT44)

To configure the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance, use the refresh-direction command in NAT44 configuration mode. To revert back to the default value of the bidirection, use the no form of this command.

refresh-direction Outbound

Syntax Description

Outbound

Configures only the refresh direction for outbound.

Command Default

If the NAT refresh direction is not configured, the default is bidirectional.

Command Modes

NAT44 configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

This is a NAT44 service type specific command to be applied for each CGN instance.

Translation entries that do not have traffic flowing for specific time period are timed out and deleted to prevent unnecessary usage of system resources. Any traffic for a particular translation entry refreshes the entry and prevents it getting timed out. Usually, the refresh is based on packets coming from both inside and outside. This is referred to as bi-directional refresh mechanism. However, bidirectional refresh can lead to denial of service (DoS) attacks because someone from the outside can periodically refresh the entries even though there is no inside traffic.

When NAT refresh direction is configured as Outbound, the translation entries are refreshed only by traffic flowing from inside to outside and prevent DoS attacks.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to configure the mapping refresh direction for outbound:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# refresh-direction outbound

Related Commands

Command

Description

service cgn

Enables an instance for the CGN application.

refresh-direction (Stateful NAT64)

To specify the outbound refresh direction, use the refresh-direction command in NAT64 stateful configuration mode. To delete refresh direction, use the no form of this command.

refresh-direction

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to specify the outbound refresh direction for a NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# refresh-direction outbound
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
service-type nat64 (Stateful NAT64)	Creates a NAT64 stateful instance.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

refresh-rate (NAT44 Netflow Version 9)

To configure the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance, use the refresh-rate command in CGN inside VRF external logging server configuration mode. To revert back to the default value of 500 packets, use the no form of this command.

refresh-rate value

Syntax Description

value

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

value : 500

Command Modes

CGN inside VRF external logging server configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

The netflowv9-based logging facility requires that a logging template be sent to the server periodically. The refresh-rate value implies that after sending that number of packets to the server, the template is resent. The timeout value implies that after that number of minutes have elapsed since the template was last sent, the template is resent to the logging server. The refresh-rate and timeout values are mutually exclusive; that is, the one that expires first, is the one taken into consideration for resending the template.

Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the refresh rate value of 50 for NetFlow logging for the NAT table entries:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# refresh-rate 50

Related Commands

Command	Description
external-logging (NAT44 Netflow)	Enables external logging of a NAT44 instance.
inside-vrf (NAT44)	Enters inside VRF configuration mode for a NAT44 instance.
server (NAT44)	Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.
service cgn	Enables an instance for the CGN application.
show cgn nat44 statistics	Displays the contents of the NAT44 CGN instance statistics.

refresh rate (DS-LITE Netflow9)

To configure the refresh rate to log NetFlow-based external logging information of a DS-Lite instance, use the refresh-rate command in DS-Lite external logging server configuration mode. To return to the default value, use the no form of this command.

refresh-rate value

Syntax Description

value

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

value : 500

Command Modes

DS-Lite external logging server configuration

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the refresh rate value of 50 for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# refresh-rate 50

Related Commands

Command	Description
address (DS-LITE Netflow9)
path-mtu (DS-LITE Netflow9)	Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information.
timeout (DS-LITE Netflow9)	Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance.

refresh rate (Stateful NAT64 Netflow Version 9)

To configure the refresh rate to log NetFlow-based external logging information for a NAT64 Stateful instance, use the refresh-rate command in NAT64 Stateful configuration mode. To return to the default value of 500 packets, use the no form of this command.

refresh-rate value

Syntax Description

value

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

500 packets

Command Modes

NAT64 Stateful configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the refresh rate value of 50 for NetFlow logging for the NAT table entries:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# refresh-rate 50

Related Commands

Command	Description
address (Stateful NAT64 Netflow Version 9)
path-mtu (Stateful NAT64 Netflow Version 9)	Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information.
session-logging (Stateful NAT64 Netflow Version 9)	Enables session logging for a NAT64 Stateful instance.
timeout (Stateful NAT64 Netflow Version 9)	Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.

reset-df-bit (6rd)

To reset the Do Not Fragment (DF) bit to enable anycast mode, use the reset-df-bit command in 6RD configuration mode. To disable the anycast mode, use the no form of this command.

reset-df-bit

Syntax Description

This command has no keywords or arguments.

Command Default

Anycast mode is disabled.

Command Modes

6RD configuration

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to reset the DF bit:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# reset-df-bit

sequence-check

To configure sequence number check in the TCP configuration, use the sequence-check command. To disable this sequence check, use the no sequence-check command.

sequence-check

Syntax Description

diff-window

This optional keyword allows user to configure a value equal to the difference between the expected and received sequence numbers. The range for this value is 0 to 1,073,725,440.

If this keyword is not specified, then the difference is automatically computed for each TCP session based on the negotiated window size while establishing a connection.

It is recommended that the user does not configure a specific diff-window. This value will be decided based on the client-server negotiation for every TCP session. But if there are particular deployment scenarios, the diff-window can be configured with a value from the specified range.

Command Default

None

Command Modes

NAT44 Configuration Mode

Command History

Release	Modification
Release 5.1.1	This command was introduced.

Usage Guidelines

If a packet's sequence number is not the same as the expected value (which is equal to expected sequence number +/- diff-window), even then the packet is accepted. This is because there could be a packet loss along the way. If the value of diff-window is 0, then the sequence number of each packet should be an exact match of the expected sequence number.

Task ID

Task ID	Operation
cgn	read, write

Examples

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#firewall protocl tcp
RP/0/RP0/CPU0:router(config-cgn-invrf)#sequence-check

server (NAT44)

To enable the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility, use the server command in NAT44 inside-VRF external logging configuration mode. To disable this feature, use the no form of this command. External logging of NAT Entries gets disabled.

server

Syntax Description

This command has no arguments or keywords.

Command Modes

NAT44 inside VRF external logging configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

The server command enters NAT44 inside VRF address family external logging server configuration mode.

The NAT44 server command configures the ipv4 address and port number for the server to be used for netflowv9 based external logging facility for an inside-VRF of a NAT44 instance.

Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the logging information for the IPv4 address and server:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50

Related Commands

Command	Description
address (NAT44 NetflowV9)	Enables the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table.
external-logging (NAT44 Netflow)	Enables external logging of a NAT44 instance.
inside-vrf (NAT44)	Enters inside VRF configuration mode for a NAT44 instance.
path-mtu (NAT44 Netflow Version 9)	Configures the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a NAT44 instance.
refresh-rate (NAT44 Netflow Version 9)	Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance.
service cgn	Enables an instance for the CGN application.
show cgn nat44 statistics	Displays the contents of the NAT44 CGN instance statistics.
timeout (NAT44 Netflow Version 9)	Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.

service cgn

To enable an instance for the CGN application, use the service cgn command in global configuration mode. To disable the instance of the CGN application, use the no form of this command.

service cgn instance-name

Syntax Description

instance-name

Name of the CGN instance that is configured.

Command Default

None

Command Modes

Global configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

The service cgn command enters CGN configuration mode.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to configure the instance named cgn1 for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#

service-location (CGN)

To enable the particular instance of the CGN application on the active and standby locations, use the service-location command in CGN configuration mode. To disable the instance that runs at the location of the CGN application, use the no form of this command.

service-location preferred-active node-id [ preferred-standby node-id ]

Syntax Description

preferred-active node-id	Specifies the location in which the active CGN application starts. The node-id argument is entered in the rack/slot/module notation.
preferred-standby node-id	(Optional) Specifies the location in which the standby CGN application starts. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

CGN configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to specify active and standby locations for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn-nat44)# service-location preferred-active 0/1/CPU0 preferred-standby 0/4/CPU0

Related Commands

Command	Description
hw-module service cgn location	Enables a CGN service role on a specified location.
interface ServiceApp	Enables the application SVI interface.
interface ServiceInfra	Enables the infrastructure SVI interface.
service cgn	Enables an instance for the CGN application.

service-location (interface)

To configure the location of a service for the infrastructure service virtual interface (SVI), use the service-location command in interface configuration mode. To disable this feature, use the no form of this command.

service-location node-id

Syntax Description

node-id

Specifies the ID of the node. The node-id argument is entered in the rack/slot/module notation.

Command Modes

Interface configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
interface	read, write

Examples

The following example shows how to configure the service location for 0/1/CPU0:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1
RP/0/RP0/CPU0:router(config-if)# service-location 0/1/CPU0

service redundancy failover service-type

To initiate failover services to the preferred standby location, use the service redundancy failover service-type command in EXEC mode.

service redundancy failover service-type secgn preferred-active node-id

Syntax Description

secgn	Specifies the CGN service.
preferred-active node-id	Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.0.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to initiate the failover services for the preferred standby location:

RP/0/RP0/CPU0:router# service redundancy failover service-type secgn preferred-active 0/1/cpu0
RP/0/RP0/CPU0:router#

service redundancy revert service-type

To revert failed over services back to their preferred active location, use the service redundancy revert service-type command in EXEC mode.

service redundancy revert service-type secgn preferred-active node-id

Syntax Description

secgn	Specifies the CGN service.
preferred-active node-id	Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.0.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

The following example shows how to revert the failed over services for the preferred active location:

RP/0/RP0/CPU0:router# 
service redundancy revert service-type secgn preferred-active 0/1/cpu0
RP/0/RP0/CPU0:router#

service-type ds-lite

To enable a DS-Lite instance for the CGN application, use the service-type ds-lite command in CGN submode. To disable the DS-Lite instance of the CGN application, use the no form of this command.

Syntax Description

instance-name	Specifies the name of the ds-lite instance that is configured.
address-family	Configures the address family related information.
aftr-tunnel-endpoint-address	Specifies the IPv6 address of the tunnel endpoint.
alg	Configures the Application Level Gateway type to be used.
bulk-port-alloc	Allocates ports in bulk to reduce Netflow/Syslog data volume.
external-logging	Enables external logging.
ipv4-aftr-address	IPv4 address for ICMP messages.
map	IPv4 map address pool for inside addresses.
path-mtu	IPv6 mtu value.
port-limit	Limits the number of entries per address.
protocol	Specifies the transport protocol used.

Command Default

None

Command Modes

CGN submode (CONFIG-CGN)

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the ds-lite instance for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1

service-type map-e

To create a MAP-E instance, use the service-type map-e command in MAP-E configuration mode. To delete the instance, use the no form of this command.

service-type map-e instance-name { address-family | aftr-endpoint-address | contiguous-ports | cpe-domain | path-mtu | sharing-ratio }

Syntax Description

instance-name	Name of the MAP-E instance.
address-family	Specifies the address family configuration.
aftr-endpoint-address	Specifies the IPv6 address of Address Family Transition Router (AFTR).
contiguous-ports	Specifies the number of contiguous ports for a MAP-E instance.
cpe-domain	Specifies the Customer Premises Equipment (CPE ) domain parameters.
path-mtu	Specifies the Maximum Transmission Unit (MTU) value of the tunnel, in bytes.
sharing-ratio	Configures the port sharing ratio. The value is in powers of 2.

Command Default

None

Command Modes

MAP-E configuration mode

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to create a MAP-E instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst

Related Commands

Command	Description
address-family (MAP-E)	Configures IPv4 or IPv6 address for a MAP-E instance.
aftr-endpoint-address (MAP-E)	Configures the IPv6 address of Address Family Transition Router (AFTR).
contiguous-ports (MAP-E)	Configures the number of contiguous ports for a MAP-E instance.
cpe-domain (MAP-E)	Configures the Customer Premises Equipment (CPE ) domain parameters.
path-mtu (MAP-E)	Configures the path Maximum Transmission Unit (MTU) of the tunnel.
sharing-ratio (MAP-E)	Configures the port sharing ratio.

service-type map-t

To create a MAP-T instance, use the service-type map-t command in MAP-T configuration mode. To delete the instance, use the no form of this command.

service-type map-t instance-name { address-family | contiguous-ports | cpe-domain | external-domain | sharing-ratio | traceroute }

Syntax Description

instance-name	Indicates the name of the MAP-T instance.
address-family	Specifies the address family configuration.
contiguous-ports	Specifies the Port Set ID (PSID) configuration.
cpe-domain	Specifies the Customer Premises Equipment (CPE ) domain parameters.
external-domain	Specifies the external domain parameters.
sharing-ratio	Configures the port sharing ratio. The value is in powers of 2.
traceroute	Specifies traceroute configuration.

Command Default

None

Command Modes

MAP-T configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

From Release 5.3.2, MAP-T is supported only on Cisco ASR 9000 High Density 100GE Ethernet line cards.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to create a MAP-T instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-map-t)#

Related Commands

Command	Description
address-family (MAP-T)	Configures IPv4 or IPv6 address for a MAP-T instance.
clear cgn map-t statistics	Clears the statistics of a MAP-T instance.
contiguous-ports (MAP-T)	Configures the number of contiguous ports for a MAP-T instance.
cpe-domain (MAP-T)	Configures the Customer Premises Equipment (CPE ) domain parameters.
external-domain (MAP-T)	Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa.
sharing-ratio (MAP-T)	Configures the port sharing ratio.
show cgn map-t statistics	Displays the MAP-T instance statistics.
traceroute (MAP-T)	Configures traceroute translation algorithms.

service-type nat44

To enable a NAT 44 instance for the CGN application, use the service-type nat44 command in CGN submode. To disable the NAT44 instance of the CGN application, use the no form of this command.

service-type nat44 instance-name [ alg | inside-vrf | portlimit | protocol | refresh-direction ]

Syntax Description

instance-name	Name of the NAT44 instance that is configured.
alg	Configures the Application Level Gateway type to be used.
inside-vrf	Configures inside VRF.
portlimit	Limits the number of entries per address.
protocol	Specifies the Transport protocol.
refresh-direction	NAT refresh direction to be used.

Command Default

None

Command Modes

CGN submode (CONFIG-CGN)

Command History

Release	Modification
Release 4.0.0	This command was introduced.

Usage Guidelines

The NAT44 instance name must be unique across all CGN NAT44 and NAT64 stateless instance names.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the NAT44 instance named nat1 for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1

service-type nat64 (Stateful NAT64)

To create a NAT64 stateful instance, use the service-type nat64 command in NAT64 configuration mode. To delete the instance, use the no form of this command. A maximum of 64 instances can be created.

service-type nat64 stateful instance-name { address-family | ipv6-prefix | ipv4 | ubit-reserved | portlimit | protocol | fragment-timeout | external-logging | filter-policy }

Syntax Description

stateful	Specifies the IPv4 to IPv6 stateful translation.
instance-name	Indicates the name of the NAT64 stateful instance.
address-family	Specifies the address family configuration.
alg	Specifies the Application Level Gateway (ALG) to be used.
ipv6-prefix	Specifies the IPv6 prefix to translate an IPv4 address to IPv6.
ipv4	Specifies the IPv4 address.
portlimit	Limits the number of entries per address.
protocol	Specifies the one of the transport protocol - ICMP, TCP, or UDP.
fragment-timeout	Specifies the time interval for fragment storage.
external-logging	Enables external logging.
filter-policy	Configures address-dependent filtering policy.
ubit-reserved	Enable reserving ubits in IPv6 address

Command Default

None

Command Modes

NAT64 configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to create a NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command	Description
address-family (Stateful NAT64)	Configures IPv4 or IPv6 address on a NAT64 instance.
alg rtsp (Stateful NAT64)	Configures Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG).
dynamic-port-range (Stateful NAT64)	Configures ports dynamically.
external-logging (Stateful NAT64 Netflow)	Enables external logging of a NAT64 Stateful instance.
fragment-timeout (Stateful NAT64)	Specifies time interval to store packet fragments.
ipv4 (Stateful NAT64)	Assigns ipv4 address pool.
ipv6-prefix (Stateful NAT64)	Converts an IPv6 address to an IPv4 address.
portlimit (Stateful NAT64)	Restricts the number of ports used by an IPv6 address.
protocol (Stateful NAT64)	Enters the ICMP, TCP, and UDP protocol configuration mode.
refresh-direction (Stateful NAT64)	Specifies the outbound refresh direction.
tcp-policy (Stateful NAT64)	Enables TCP policy that allows IPv4 initiated TCP sessions.
ubit-reserved (Stateful NAT64)	Enables reserving ubits in an IPv6 address.

service-type nat64 (Stateless)

Use the service-type nat64 command to create a nat64 stateless application. To delete the nat64 stateless application, use the no form of this command.

service-type nat64 stateless instance [ address-family | traceroute | ipv6-prefix | ubit-reserved ]

Syntax Description

stateless	Specifies the IPv4 to IPv6 Stateless translation.
instance	Indicates the name of the NAT64 stateless instance.
address-family	Specifies the address-family related configuration.
traceroute	Indicates the traceroute related configuration.
ipv6-prefix	Specifies the IPv6 prefix to be used to translate IPv4 address to IPv6 address.
ubit-reserved	Enables reserving ubits in IPv6 address.

Command Default

None

Command Modes

CONFIG-CGN

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

The NAT64 stateless instance name must be unique across all the CGN NAT44 and NAT64 stateless instance names. There can only be 64 service-type NAT64 configurations per Roddick line card or chassis spanning over different cards.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the nat64 stateless instance named xlat1for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1

service-type tunnel v6rd

To create an IPv6 Rapid Deployment (6RD) tunnel application, use the service-type tunnel command in CGN submode. To delete this instance of the 6RD tunnel application, use the no form of this command.

service-type tunnel v6rd instance address-family | br | path-mtu | reassembly-enable | reset-df-bit | tos | ttl

Syntax Description

v6rd	Specifies the 6RD configuration.
instance	Name of the 6RD instance.
address-family	Specifies the address-family related configuration.
br	Specifies the border relay related configuration.
path-mtu	Specifies the IPv6 MTU value.
reassembly-enable	Enables the reassembly operation.
reset-df-bit	Enables resetting of DF bit.
tos	Specifies the type of service to be used for IPv4 tunnel.
ttl	Specifies the time to live value to be used for IPv4 tunnel.

Command Default

None

Command Modes

CGN submode

Command History

Release	Modification
Release 4.1.0	This command was introduced.

Usage Guidelines

There can be 64 service-type 6RD tunnel configurations for each line card or chassis spanning over different cards.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the 6RD tunnel instance for the CGN application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)#

session (NAT44)

To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in NAT44 protocol configuration mode. To revert to the default value for the TCP or UDP session timeouts, use the no form of this command.

session { active | initial } timeout seconds

Syntax Description

active	Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds.
initial	Configures the initial session timeout.
timeout	Configures the timeout for either active or initial sessions.
seconds	Timeout for either active or initial sessions. Range is from 1 to 65535.

Command Default

If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.

If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.

If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.

If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).

Command Modes

NAT44 protocol configuration

Command History

Release	Modification
Release 3.9.1	This command was introduced.

Usage Guidelines

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

If the no form of this command is specified, the following guidelines apply:

UDP initial session timeout value reverts back to the default value of 30.
UDP active session timeout value reverts back to the default value of 120.
TCP initial session timeout value reverts back to the default value of 120.
TCP active session timeout value reverts back to the default value of 1800.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the initial session timeout value as 90 for TCP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for TCP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

This example shows how to configure the initial timeout value as 90 for UDP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for UDP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

Related Commands

Command	Description
protocol (NAT44)
service cgn	Enables an instance for the CGN application.
show cgn nat44 inside-translation	Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.
show cgn nat44 outside-translation	Displays the outside-address to inside-address translation details for a specified NAT44 instance.
timeout (NAT44)	Configures the timeout for the ICMP session for a CGN instance.

session (DS-LITE)

To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in CGN DS-Lite protocol configuration mode. To return to the default value for the session timeouts, use the no form of this command.

session { active | init } timeout seconds

Syntax Description

active	Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds.
init	Configures the initial session timeout.
timeout	Configures the timeout for either active or initial sessions.
seconds	Timeout for either active or initial sessions. Range is from 1 to 65535.

Command Default

If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.

If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.

If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.

If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).

Command Modes

CGN DS-Lite protocol configuration

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

If the no form of this command is specified, the following guidelines apply:

UDP initial session timeout value reverts back to the default value of 30.
UDP active session timeout value reverts back to the default value of 120.
TCP initial session timeout value reverts back to the default value of 120.
TCP active session timeout value reverts back to the default value of 1800.

Task ID

Task ID	Operations
cgn	read, write

Examples

This example shows how to configure the initial session timeout value as 90 for TCP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for TCP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

This example shows how to configure the initial timeout value as 90 for UDP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for UDP:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

session-logging (DS-LITE Netflow9)

To enable session logging for a DS-Lite instance, use the session-logging command in DS-Lite configuration mode.

To disable session logging, use the no form of this command.

session-logging

Syntax Description

This command has no keywords or arguments.

Command Default

By default, session logging is disabled.

Command Modes

DS-Lite configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to enable session logging for a DS-Lite instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# session logging

Related Commands

Command

Description

session-logging (NAT44 Netflow Version 9)

Enables session logging for a NAT44 instance.

session-logging (NAT44 Netflow Version 9)

To enable session logging for a NAT44 instance, use the session-logging command in NAT44 configuration mode.

To disable session logging, use the no form of this command.

session-logging

Syntax Description

This command has no keywords or arguments.

Command Default

By default, session logging is disabled.

Command Modes

NAT44 configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to enable session logging for a NAT44 instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat-44-inst
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# session logging

Related Commands

Command

Description

session-logging (DS-LITE Netflow9)

Enables session logging for a DS-Lite instance.

session-logging (Stateful NAT64 Netflow Version 9)

To enable session logging for a NAT64 Stateful instance, use the session-logging command in NAT64 Stateful configuration mode.

To disable session logging, use the no form of this command.

session-logging

Syntax Description

This command has no keywords or arguments.

Command Default

By default, session logging is disabled.

Command Modes

Stateful NAT64 configuration mode

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to enable session logging for a NAT64 Stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# session logging

Related Commands

Command	Description
address (Stateful NAT64 Netflow Version 9)
path-mtu (Stateful NAT64 Netflow Version 9)	Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information.
refresh rate (Stateful NAT64 Netflow Version 9)	Configures the refresh rate to log NetFlow-based external logging information.
timeout (Stateful NAT64 Netflow Version 9)	Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.

sharing-ratio (MAP-E)

To configure the port sharing ratio, use the sharing-ratio command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

sharing-ratio value

Syntax Description

value

Value of the port sharing ratio in powers of 2. The range is from 1 to 32768.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the port sharing ratio:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# sharing-ratio 8

Related Commands

Command	Description
address-family (MAP-E)	Configures IPv4 or IPv6 address for a MAP-E instance.
aftr-endpoint-address (MAP-E)	Configures the IPv6 address of Address Family Transition Router (AFTR).
contiguous-ports (MAP-E)	Configures the number of contiguous ports for a MAP-E instance.
cpe-domain (MAP-E)	Configures the Customer Premises Equipment (CPE ) domain parameters.
path-mtu (MAP-E)	Configures the path Maximum Transmission Unit (MTU) of the tunnel.

sharing-ratio (MAP-T)

To configure the port sharing ratio, use the sharing-ratio command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

sharing-ratio value

Syntax Description

value

Specifies the value of the port sharing ratio. The range is from 1 to 32768 in powers of 2.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

This example shows how to configure the port sharing ratio:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# sharing-ratio 8

Related Commands

Command	Description
address-family (MAP-T)	Configures IPv4 or IPv6 address for a MAP-T instance.
clear cgn map-t statistics	Clears the statistics of a MAP-T instance.
contiguous-ports (MAP-T)	Configures the number of contiguous ports for a MAP-T instance.
cpe-domain (MAP-T)	Configures the Customer Premises Equipment (CPE ) domain parameters.
external-domain (MAP-T)	Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa.
show cgn map-t statistics	Displays the MAP-T instance statistics.
traceroute (MAP-T)	Configures traceroute translation algorithms.

show cgn ds-lite inside-translation

To display the translation table entries for an inside-address to outside-address for a specified DS-Lite CGN instance, use the show cgn ds-lite inside-translation command in EXEC mode.

show cgn ds-lite instance-name inside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static } ] | tunnel-v6-source-address IPv6 address inside-address IPv4 address port start number end number

Syntax Description

instance-name	Name of the DS- lite instance that is configured.
protocol	Displays the name of the protocols.
icmp	Displays the ICMP protocol.
tcp	Displays the TCP protocol.
udp	Displays the UDP protocol.
translation-type	(Optional) Displays the translation type.
alg	(Optional) Displays only the ALG translation entries.
all	(Optional) Displays all the translation entries, for example, alg, dynamic, and static.
pcp-explicit-dynamic	Displays Port Control Protocol (PCP) explicit translation entries.
pcp-implicit-dynamic	Displays Port Control Protocol (PCP) implicit translation entries
dynamic	(Optional) Displays only the dynamic translation entries.
static	(Optional) Displays only the static translation entries.
tunnel-v6-source-addressIPv6 address	(Optional) Displays information for the IPv6 address family.
inside-addressaddress	Displays the inside address.
port	Displays the range of the port numbers.
start number	The start port from which the translation table entries should be displayed.
end number	The end port till which the translation table entries should be displayed.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

Syntax Description

This command has no keywords or arguments.

Task ID

Task ID	Operation
cgn	read

Examples

This example displays the translation table entries for a particular DS-Lite instance:

-----------------------------------------------------------------------------------------------------------------------
DSLite  instance : dslite1,   Tunnel-Source-Address : 2001 :db8 ::1, Inside Source Address 10.1.1.1
-----------------------------------------------------------------------------------------------------------------------
Outside		          Protocol   Inside    Outside     Translation      Inside         Outside
Address																							Source    Source      Type              to             to
                    										Port	     Port                         Outside        Inside
                                                                     Packets        Packets
------------------------------------------------------------------------------------------------------

132.16.6.65	      tcp	        314	     5554	         dyn             875364          5345
132.16.6.65       udp         11333    43337         dyn             334333          873334

Examples

This example shows the sample output for PCP translations:

RP/0/RP0/CPU0:router

show cgn ds-lite dsl1 inside-translation protocol udp inside-translation inside-vrf 
red inside-address 11.11.11.12 port start 1 end 65535

Inside-translation details
---------------------------
NAT44 instance : dsl1
Inside-VRF     : red
--------------------------------------------------------------------------------------------
   Outside         Protocol  Inside       Outside       Translation   Inside      Outside
   Address                   Source       Source        Type          to          to
                             Port         Port                        Outside     Inside
                                                                      Packets     Packets
--------------------------------------------------------------------------------------------
  200.10.1.78       udp     14           34655         pcp_explicit     7             0
  200.10.1.78       udp     14           34655         pcp_implicit     7             0

show cgn ds-lite outside-translation

To display the outside-address to inside-address translation details for a specified NAT44 instance, use the show cgn nat44 outside-translation command in EXEC mode.

show cgn nat44 instance-name outside-translation protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static } ] outside-address address port start number end number

Syntax Description

instance-name	Name of the NAT44 instance that is configured.
protocol	Displays the name of the protocols.
icmp	Displays the ICMP protocol.
tcp	Displays the TCP protocol.
udp	Displays the UDP protocol.
translation-type	(Optional) Displays the translation type.
alg	(Optional) Displays only the ALG translation entries.
all	(Optional) Displays all the translation entries, for example, alg, dynamic, and static.
pcp-explicit-dynamic	Displays Port Control Protocol (PCP) explicit translation entries.
pcp-implicit-dynamic	Displays Port Control Protocol (PCP) implicit translation entries
dynamic	(Optional) Displays only the dynamic translation entries.
static	(Optional) Displays only the static translation entries.
outside-address	Displays the outside address for the inside VRF.
address	Outside address.
port	Displays the range of the port numbers.
start number	Displays the start of the port number.
end number	Displays the end of the port number.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read

Examples

This example displays the translation table entries for an outside address for a particular DS-Lite instance:

-----------------------------------------------------------------------------------------------------------------------
DSLite  instance : dslite1, Tunnel-Source-Address : 2001 :db8 ::1, Outside Source Address 100.1.1.1
-----------------------------------------------------------------------------------------------------------------------
Inside		Protocol   Inside    Outside     Translation    Inside            Outside
Address		          Source    Source      Type              to                to
                   Port	     Port                       Outside           Inside
                                                        Packets           Packets
------------------------------------------------------------------------------------------------------

10.16.6.65	tcp	    314	     5554	         dyn           875364            5345
10.16.6.65 udp     11333    43337         dyn           334333            873334

show cgn ds-lite pool utilization

To display the outside address pool utilization details for a specified DS-Lite instance, use the show cgn ds-lite pool-utilization command in EXEC mode.

show cgn ds-lite instance-name pool-utilization address-range start-address end-address

Syntax Description

ds-liteinstance-name	Name of the ds-lite instance that is configured.
address-range	Displays the range for the outside address.
start-address	Range for the start address of the outside address pool. The range of the IPv4 addresses cannot be more than 255 consecutive IPv4 addresses.
end-address	Range for the end address of the outside address pool.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read

Examples

This example displays the utilization of the outside address pool for a DS-Lite instance:

-------------------------------------------------------------------------
DS-Lite  instance	: dslite1
-------------------------------------------------------------------------
Outside						Number			    Number
Address						of 							   of
													Free ports		 Used ports	
-------------------------------------------------------------------------
17.16.6.23		 123			     		64388			
17.16.6.120		58321			   		6190
17.16.6.98		 98			      		64413
17.16.6.2		  1234			    		60123

show cgn ds-lite session

To display all the active destination sessions for a given source IPv4 address and port number per DS-Lite instance, use the show cgn ds-lite session command in EXEC mode.

show cgn ds-lite instance-name session protocol { icmp | tcp | udp } [ translation-type { alg | all | dynamic | static } ] [ tunnel-v6-source-address IPv6 address inside-address IPv4 address port port number

Syntax Description

session	Specifies the active session for a given source IP address and port.
instance-name	Name of the DS-Lite instance that is configured.
protocol	Displays the name of the protocols.
icmp	Displays the ICMP protocol.
tcp	Displays the TCP protocol.
udp	Displays the UDP protocol.
translation-type	(Optional) Displays the translation type.
alg	(Optional) Displays only the ALG translation entries.
all	(Optional) Displays all the translation entries, for example, alg, dynamic, and static.
dynamic	(Optional) Displays only the dynamic translation entries.
static	(Optional) Displays only the static translation entries.
ipv4	(Optional) Displays information for the IPv4 address family.
tunnel-v6-source-address	Specifies the source tunnel IPv6 address.
IPv6 address	IPv6 address.
inside-address	Displays the inside address for the inside Virtual Routing Forwarding (VRF).
IPv4 address	IPv4 address of the source.
port	Port number of the source.
port-number	Specifies the port number range from 1 to 65535.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read

Examples

This example shows how to display all the active destination sessions for a given source IPv4 address and port number per DS-Lite instance:

RP/0/RP0/CPU0:router# 
show cgn ds-lite ds-lite-inst session protocol tcp translation-type alg inside-address 10.1.1.50 port 123

Session details:
-----------------------------------------------------------------
DS-Lite instance: ds-lite-inst
-----------------------------------------------------------------
Outside address: 12.168.6.231
Outside port: 235
Translation type: alg
Protocol: tcp
-----------------------------------------------------------------------
Destination IP                 Destination Port
209.85.231.104                   100
209.85.231.106                   200
.
.
.
.
209.85.231.178                   579

show cgn ds-lite statistics

To display the contents of the DS-Lite instance statistics, use the show cgn ds-lite statistics command in EXEC mode.

show cgn ds-lite instance-name statistics

Syntax Description

instance-name

Name of the configured DS-Lite instance.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.2.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read

Examples

This command displays the statistics corresponding to DS-Lite instances:

Statistics summary of cgn: 'cgn1'
Number of active translations: 45631
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resource depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195
Pool address used: 23

The following table describes the fields seen as shown in the above example:

Name	Description
Number of active translations	Translation entries allocated in the database.
Translations create rate/ Translations delete rate	Rate in sessions per second.
Inside to outside forward rate/Outside to inside forward rate	Rate in packets per second.
Inside to outside drops port limit exceeded	Packets dropped because the port-limit for the inside user has exceeded.
Inside to outside drops system limit reached	Packets dropped as a result of reaching the system limit.
Inside to outside drops resource depletion	Packets dropped because no public L4 port could be allocated.
Outside to inside drops no translation entry	Packets dropped due to lack of entry in the translation database.
Pool address totally free	Addresses available from the pool.
Pool address used	Addresses utilized from the pool.

Related Commands

Command	Description
show cgn ds-lite inside-translation	Displays the translation table entries for an inside-address to outside-address for a specified DS-Lite CGN instance
show cgn ds-lite outside-translation
show cgn ds-lite pool utilization

show cgn map-e statistics

To display the MAP-E instance statistics, use the show cgn map-e statistics command in EXEC mode.

show cgn map-e instance-name statistics

Syntax Description

instance-name	Name of the configured MAP-E instance.
statistics	Specifies the statistics of the configured MAP-E instance.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.3.1	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read

Examples

This output shows the statistics entries for a MAP-E instance:

RP/0/RP0/CPU0:router# show cgn map-e m1 statistics

MAP-E IPv4 to IPv6 counters:
======================================

Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0

Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IP Destination Drop Count : 0
Packet Exceeding Path MTU Drop Count : 0
Unsupported Protocol Drop Count : 0

ICMPv4 Generated for TTL Expire Count : 0
ICMPv4 Generated for Error Count : 0
ICMPv4 Packets Rate-Limited Count : 0

TCP MSS Changed Count : 0

MAP-E IPv6 to IPv4 counters:
======================================

Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0
Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IPv6 Destination Drop Count : 0
Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop Count : 0

ICMPv6 Input Count : 0
ICMPv6 Invalid UIDB Drop Count : 0
ICMPv6 NoDb Drop Count : 0
ICMPv6 TTL Expire Drop Count : 0
ICMPv6 Invalid IPv6 Destination Drop Count : 0
ICMPv6 Unsupported Type Drop Count : 0
ICMPv6 Invalid NxtHdr Drop Count: 0
ICMPv6 Frag Drop Count : 0
ICMPv6 Forus Count : 0
ICMPv6 Echo Response Received Count : 0
ICMPv6 Echo Replies Count : 0
ICMPv6 Translated to ICMPV4 Output Count : 0

ICMPv6 Generated for TTL Expire Count : 0
ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0

TCP MSS Changed Count: 0

MAP-E IPv4 Frag counters received from V4 cloud:
==================================================

Total Input Count: 0
Total Drop Count: 0
Reassembled Output Count : 0

TCP Input Count: 0
UDP Input Count: 0
ICMPv4 Input Count: 0

Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
Unsupported Protocol Drop Count : 0
Throttled Count : 0
Timeout Drop Count: 0
Duplicates Drop Count : 0

MAP-E Inner IPv4 Frag counters received from V6 cloud:
====================================================

Total Input Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Input Count : 0
UDP Input Count : 0
ICMPv4 Input Count : 0

Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop count : 0
Throttled Count : 0
Timeout Drop Count : 0
Duplicates Drop Count : 0

ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0

TCP MSS Changed Count : 0

Name	Description
Total incoming count	Total number of packets coming from the public network
Total Drop Count	Total number of packets dropped by the router
Total Output Count	Total number of packets equal to the difference between the incoming packets and the dropped packets
TCP Incoming Count	Number of TCP packets coming from the public network
TCP Output Count	Number of TCP packets that were sent out
UDP Incoming Count	Number of UDP packets coming from the public network
UDP Output Count	Number of UDP packets that were sent out
ICMPv4 Incoming Count	Number of ICMPv4 packets embedded in the IPv6 packets
ICMPv4 Output Count	Number of ICMP packets sent out
Invalid UIDB Drop Count	Number of packets dropped due to the UIDB entries being invalid
NoDb Drop Count	Number of packets dropped due to the absence of any mapping
TTL Expire Drop Count	Number of packets dropped due to the expiry of TTL.
Invalid IP Destination Drop Count	Number of packets dropped due to the destination IP address being invalid
Packet Exceeding Path MTU Drop Count	Number of large packets dropped as they are too big and exceed the MTU size
Unsupported Protocol Drop Count	Number of packets dropped as they do not belong to any of the three supported protocols such as TCP, UDP, and ICMP
ICMPv4 Generated for TTL Expire Count	Number of ICMPv4 packets generated when TTL expires
ICMPv4 Generated for Error Count	Number of ICMPv4 packets generated for different error conditions
ICMPv4 Packets Rate-Limited Count	Number of ICMPv4 packets that were not generated due to rate limit
TCP MSS Changed Count	Number of TCP packets for which the MSS ( Maximum Size Segment) value has been changed
Reassembled Output Count	Number of fragmented packets that have been reassembled
Invalid Source Prefix Drop Count	Number of packets dropped due to the prefix check failure
ICMPv6 Invalid NxtHdr Drop Count	Number of ICMPv6 packets as their protocol header does not consist ICMP
ICMPv6 Frag Drop Count	Number of ICMPv6 packets dropped due to the fragmentation
ICMPv6 Forus Count
ICMPv6 Echo Response Received Count	Number of ICMPv6 acknowledgment packets for echo replies
ICMPv6 Echo Replies Count	Number of ICMPv6 echo requests sent
ICMPv6 Translated to ICMPV4 Output Count	Number of ICMPv6 packets that were translated to ICMPv4 packets
Throttled Count	Number of excess fragments that were dopped
Timeout Drop Count	Number of packets that were dropped as all the fragments of that packet were not received
Duplicates Drop Count	Number of fragmented packets dropped as they were duplicates

Related Commands

Command

Description

clear cgn map-e statistics

Clears all statistics of a MAP-E instance.

show cgn map-t statistics

To display the MAP-T instance statistics, use the show cgn map-t statistics command in EXEC mode.

show cgn map-t instance-name statistics

Syntax Description

instance-name	Specifies the name of the configured MAP-T instance.
statistics	Specifies the statistics of the configured MAP-T instance.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operations
cgn	read

Examples

This output shows the statistics entries for a MAP-T instance:

RP/0/RP0/CPU0:router# show cgn map-t m1 statistics

MAP-T IPv6 to IPv4 counters:
======================================

TCP Incoming Count: 0
TCP NonTranslatable Drop Count: 0
TCP Invalid NextHdr Drop Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0 
UDP Incoming Count: 0
UDP NonTranslatable Drop Count: 0
UDP Invalid Next Hdr Drop Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0 

ICMP Total Incoming Count: 0
ICMP No DB Drop Count: 0
ICMP Fragment drop count: 0
ICMP Invalid NxtHdr Drop Count: 0
ICMP Nontranslatable Drop Count: 0
ICMP Nontranslatable Fwd Count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 0 
Subsequent Fragment NonTranslateable Drop Count: 0
Invalid NextHdr Drop Count: 0
Subsequent Fragment No Db Drop Count: 0
Subsequent Fragment Translated Count: 0 

Extensions/Options Incoming Count: 0
Extensions/Options Drop Count: 0
Extensions/Options Forward Count: 0

Extensions/Options No DB drop Count: 0
Unsupported Protocol Count: 0

MAP-T IPv4 to IPv6 counters:
======================================

TCP Incoming Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0

UDP Incoming Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0
UDP FragmentCrc Zero Drop Count: 0
UDP CrcZeroRecy Sent Count: 0
UDP CrcZeroRecy Drop Count: 0

ICMP Total Incoming Count: 0
ICMP No Db Drop Count: 0
ICMP Fragment drop count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 0
Subsequent Fragment No Db Drop  Count: 0
Subsequent Fragment Translated Count: 0

Options Incoming Count: 0
Options Drop Count: 0
Options Forward Count: 0
Options No DB drop Count: 0
Unsupported Protocol Count: 0
          
ICMP generated counters :
=======================

IPv4 ICMP Messages generated count: 0
IPv6 ICMP Messages generated count: 0

The following table describes the fields seen as shown in the above example:

Note

The same field description is applicable to IPv4 and IPv6 packets appropriately.

Name	Description
TCP Incoming Count	Number of incoming TCP packets.
TCP NonTranslatable Drop Count	Number of TCP packets dropped without translating.
TCP Invalid NextHdr Drop Count	Packets dropped due to invalid Next hop.
TCP No Db Drop Count	Packets dropped because of missing MAP-T configuration.
TCP Translated Count	Number of TCP packets translated.
UDP Incoming Count	Number of incoming UDP packets.
UDP NonTranslatable Drop Count	Number of UDP packets dropped without translating.
UDP Invalid Next Hdr Drop Count	Packets dropped due to invalid Next hop.
UDP No Db Drop Count	Indicates missing MAP-T configuration.
UDP Translated Count	Number of UDP packets translated.
ICMP Total Incoming Count	Number of incoming ICMP packets.
ICMP No DB Drop Count	Packets dropped because of missing MAP-T configuration.
ICMP Fragment drop count	Number of ICMP fragments dropped.
ICMP Invalid NextHdr Drop Count	Packets dropped due to invalid Next hop.
ICMP Nontranslatable Drop Count	Number of ICMP packets dropped without translating.
ICMP Nontranslatable Forward Count	Number of ICMP packets forwarded without translating.
ICMP UnsupportedType Drop Count	Number of ICMP packets dropped because of the unsupported type.
ICMP Error Translated Count	Number of ICMP packets with error in translation.
ICMP Query Translated Count	Number of translated IPv6 to IPv4 ICMP query output packets.
Subsequent Fragment Incoming Count	Number of incoming fragments
Subsequent Fragment NonTranslateable Drop Count	Number of fragments dropped without translating.
Invalid NextHdr Drop Count	Number of packets dropped because of invalid next hop.
Subsequent Fragment No Db Drop Count	Number of fragments dropped.
Subsequent Fragment Translated Count	Number of fragments translated.
Extensions/Options Incoming Count	Incoming packets with extended options in the header
Extensions/Options Drop Count	Packets dropped with extended options in the header.
Extensions/Options Forward Count	Packets forwarded with extended options in the header.
Extensions/Options No DB drop Count	Packets dropped due to missing configuration and with extended options in the header.
Unsupported Protocol Count	Packets dropped due to unsupported Layer-4 protocol.

Related Commands

Command	Description
address-family (MAP-T)	Configures IPv4 or IPv6 address for a MAP-T instance.
clear cgn map-t statistics	Clears the statistics of a MAP-T instance.
contiguous-ports (MAP-T)	Configures the number of contiguous ports for a MAP-T instance.
cpe-domain (MAP-T)	Configures the Customer Premises Equipment (CPE ) domain parameters.
external-domain (MAP-T)	Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa.
sharing-ratio (MAP-T)	Configures the port sharing ratio.
traceroute (MAP-T)	Configures traceroute translation algorithms.

show cgn nat44 inside-vrf counters

To display the counters for sequence-check, use the show cgn nat44 inside-vrf counters command in EXEC mode.

show cgn nat44 instance-name inside-vrf instance-name counters

Syntax Description

counters	Lists the counters for TCP sequence check
instance-name	The name of the NAT44 instance

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 5.1.1	This command was introduced.
Release 5.2.0	Additional counters were introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read, write

Examples

The following example shows the counters for TCP sequence check.

RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-vrf vrf1 counters


Counters summary of NAT44 instance: 'nat1'
Number of Out2In drops due to TCP sequence mismatch: 0
Number of Outside to inside TCP sequence mismatch: 0
Total number of sessions created due to Out2In packets: 0
Number of Out2In drops due to end point filtering: 0
Number of translations created: 2019
Number of translations deleted: 2017
Number of sessions created: 190000
Number of sessions deleted: 170000
Syslog/Netflow translation create records generated: 0
Syslog/Netflow translation delete records generated: 0
Syslog/Netflow sessions create records generated: 0
Syslog/Netflow sessions delete records generated: 0
Number of Netflow packets generated: 0
Number of Syslog packets generated: 0
Dropped Netflow packets due to congestion: 0
Dropped Syslog packets due to congestion: 0
Average usage of bulk allocated ports: 0
Average number of bulk-allocations made: 0

The following table describes the fields seen in the output of the show cgn nat44 inside-vrf counters as shown in the above example:

Name	Description
Number of Out2In drops due to TCP sequence mismatch	Number of packets dropped for not being in the sequence
Number of Outside to inside TCP sequence mismatch	Number of TCP packets dropped for not being in the sequence
Total number of sessions created due to Out2In packets	Number of sessions created with both Inside-to-Outside and Outside-to-Inside packets
Number of Out2In drops due to end point filtering	Number of packets dropped if Endpoint-Dependent Mapping is configured
Number of translations created	Total number of translations created
Number of translations deleted	Total number of translations cleared after the timeout
Number of sessions created	Total number of sessions created
Number of sessions deleted	Total number of sessions deleted
Syslog/Netflow translation create records generated	Number of translation create records generated for Syslog or NetFlow
Syslog/Netflow translation delete records generated	Number of translation create records deleted for Syslog or NetFlow
Syslog/Netflow sessions create records generated	Number of session create records generated for Syslog or NetFlow
Syslog/Netflow sessions delete records generated	Number of session delete records generated for Syslog or NetFlow
Number of Netflow packets generated	Number of packets generated for NetFlow
Number of Syslog packets generated	Number of packets generated for Syslog
Dropped Netflow packets due to congestion	Number of NetFlow packets dropped due to system errors
Dropped Syslog packets due to congestion	Number of Syslog packets dropped due to system errors
Average usage of bulk allocated ports	Percentage of the usage of the bulk allocated ports
Average number of bulk-allocations made	Percentage of the bulk allocations made from all the possible locations

show cgn nat44 greEntries

To display the GRE channels of a PPTP tunnel, use the show cgn nat44 greEntries command in EXEC mode.

show cgn nat44 instance-name greEntries inside-vrf vrf-name tunnel-address address pns-port port-number call-id start value end value

Syntax Description

instance-name	Name of the configured NAT44 instance.
greEntries	GRE channels of the PPTP tunnel.
inside-vrf	The Virtual Routing Forwarding (VRF) for which the translation details are needed.
vrf-name	Name of the VRF.
tunnel-address	Address of the PPTP Network Server (PNS).
pns-port	Port number of the PNS. The range is from 1 to 65535.
call-id	Range of call IDs.
value	Value of the call IDs. The range is from 0 to 65535.

Command Default

None

Command Modes

Exec

Command History

Release	Modification
Release 4.3.0	This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID	Operation
cgn	read

Examples

This example displays the GRE channel details:

RP/0/RP0/CPU0:router# show cgn nat44 nat1 greEntries

GRE-Channel details
---------------------------
NAT44 instance : instname
Inside-VRF     : vrf name
-------------------------------------
   In Call Id       Out Call Id   
--------------------------------------
    xxxx              yyyy
    aaaa              bbbb

show cgn nat44 inside-translation

To display the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance, use the show cgn nat44 inside-translation command in EXEC mode.

show cgn nat44 instance-name { inside-vrf protocol { gre | icmp | tcp | udp } [ translation-type { alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static } ] inside-vrf vrf-name | tunnel-v6-source-address { source tunnel address | | inside-address | address port | | start | | number | end | | number }

Syntax Description

instance-name	Name of the NAT44 instance that is configured.
protocol	Displays the name of the protocols.
gre	Displays the GRE protocol.
icmp	Displays the ICMP protocol.
tcp	Displays the TCP protocol.
udp	Displays the UDP protocol.
translation-type	(Optional) Displays the translation type.
alg	(Optional) Displays only the ALG translation entries.
all	(Optional) Displays all the translation entries, for example, alg, dynamic, and static.
pcp-explicit-dynamic	Displays Port Control Protocol (PCP) explicit translation entries.
pcp-implicit-dynamic	Displays Port Control Protocol (PCP) implicit translation entries
dynamic	(Optional) Displays only the dynamic translation entries.
static	(Optional) Displays only the static translation entries.
ipv4	(Optional) Displays information for the IPv4 address family.
inside-vrf	Displays the information for the inside VPN routing and forwarding (VRF) for the necessary translation details.
vrf-name	Name of the inside VRF.
inside-address	Displays the inside address for the inside VRF.
address	Inside address.
port	Displays the range of the port numbers.
start number	The start port from which the translation table entries should be displayed.
end number	The end port till which the translation table entries should be displayed.

Command Default

None

Command Modes

EXEC

Command History

Release	Modification
Release 3.9.1	This command was introduced.
Release 4.0.0	NAT44 instance was included to the command.
Release 4.3.0	The keyword, gre was added.

Usage Guidelines

The show cgn nat44 inside-translation command displays the translation for entries that are based on the inside-vrf, inside IPv4 address, and the pool of the inside ports. The inside-address keyword must have a /32 address. Each entry is displayed with a field that informs whether it is static, ALG, or dynamic translation.

If the value of the translation type is not specified, all types of entries are displayed.

Task ID

Task ID	Operations
cgn	read

Examples

This example shows sample output from the show cgn inside-translation command:

RP/0/RP0/CPU0:router# 
show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port-range 23 56

Inside-translation details 
-----------------------------------
NAT44 instance : nat1
Inside-VRF     : insidevrf1 
--------------------------------------------------------------------------------------
Outside        Protocol  Inside   Outside     Translation      Inside       Outside
Address                  Source   Source      Type             to           to
                         Port     Port                         Outside      Inside
                                                               Packets      Packets
--------------------------------------------------------------------------------------
12.168.6.231   tcp       34       2356        alg              875364       65345
12.168.6.98    tcp       56       8972        static           78645        56343
12.168.2.12    tcp       21       2390        static           45638        89865
12.168.2.123   tcp       34       239         dynamic          809835       67854
.
.
.
.
.
12.168.2.123   tcp       34       3899         dynamic          9835       6785

Examples

This example shows the sample output for PPTP and GRE:

RP/0/RP0/CPU0:router
show cgn nat44 inst1 inside-translation protocol gre inside-vrf ivrf inside-address 11.11.11.2 port start 1 end 65535

Inside-translation details
---------------------------
NAT44 instance : inst1
Inside-VRF     : ivrf
--------------------------------------------------------------------------------------------
   Outside         Protocol  Inside       Outside       Translation   Inside      Outside
   Address                   Source       Source        Type          to          to
                             Port         Port                        Outside     Inside
                                                                      Packets     Packets
--------------------------------------------------------------------------------------------
  52.52.52.215       gre     21           61746         alg           0           359423           
  52.52.52.215       gre     23           32489         alg           0           359423           
  52.52.52.215       gre     29           5940          alg           0           359423

Note

There is no Inside-to-Outside accounting during GRE translation. The value is always 'zero'.

Examples

This example shows the sample output for PCP translations:

RP/0/RP0/CPU0:router

show cgn nat44 nat1 inside-translation protocol udp inside-translation inside-vrf 
red inside-address 11.11.11.12 port start 1 end 65535

Inside-translation details
---------------------------
NAT44 instance : nat1
Inside-VRF     : red
--------------------------------------------------------------------------------------------
   Outside         Protocol  Inside       Outside       Translation   Inside      Outside
   Address                   Source       Source        Type          to          to
                             Port         Port                        Outside     Inside
                                                                      Packets     Packets
--------------------------------------------------------------------------------------------
  100.0.0.217       udp     14           34655         pcp_explicit     7             0
  100.0.0.217       udp     14           34655         pcp_implicit     7             0

This table describes the significant fields shown in the display.

Table 1 show cgn inside-translation Field Descriptions
Field	Description
CGN instance	Name of the CGN instance configured
Inside-VRF	Name of the inside-vrf configured
Outside Address	Outside IPv4 address
Inside Source Port	Inside Source Port Number
Outside Source Port	Translated Source Port Number
Translation Type	Type of Translation (All/ALG/Dynamic/pcp-explicit-dynamic/pcp-implicit-dynamic/Static).
Inside to Outside Packets	Outbound Packets.
Outside to Inside Packets	Inbound Packets.

Related Commands

Command	Description
clear cgn nat44 inside-vrf	Clears translation database entries that are created dynamically for the specified inside VRF.
clear cgn nat44 port	Clears the translation database entries that are created dynamically for the specified inside port number.
clear cgn nat44 protocol	Clears translation database entries that are created dynamically for the specified protocol.
protocol (NAT44)
service cgn	Enables an instance for the CGN application.
show cgn nat44 outside-translation	Displays the outside-address to inside-address translation details for a specified NAT44 instance.

show cgn nat44 mapping

To display the mapping from a private IP address to a public IP address or from a public IP address to a private IP address for NAT44 in both the classic mode and the predefined mode, use the show cgn nat44 mapping command.

show cgn nat44 instance-name mapping { inside-address | outside-address} inside-vrf vrf-instance start-addr

Results

Chapter: Carrier Grade NAT Commands on Cisco IOS XR Software

Carrier Grade NAT Commands on Cisco IOS XR Software

address (DS-LITE Netflow9)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Task ID

Examples

Related Commands

address (NAT44 NetflowV9)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Task ID

Examples

Related Commands

address static-forward (NAT44)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Task ID

Examples

Related Commands

address (Stateful NAT64 Netflow Version 9)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Task ID

Examples

Related Commands

address-family (6rd)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Task ID

Examples

Examples

address-family ipv4 (Stateless NAT64)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Task ID

Examples

address-family IPv6 (DS-LITE)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Task ID

Examples

Related Commands

address-family ipv6 (Stateless NAT64)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Task ID

Examples

Related Commands

address-family (MAP-E)

Syntax Description

Command Default

Command Modes

Command History