Configuring DS-Lite NAT444
DS-Lite NAT444 is configured on the AFTR's interface connected to the external network. DS-Lite NAT444 supports only dynamic NAT444.
The DS-Lite NAT444 configuration is similar to the dynamic NAT444 configuration. The difference is that DS-Lite NAT444 uses an IPv6 ACL and dynamic NAT444 uses an IPv4 ACL to identify packets to be NATed.
To configure DS-Lite NAT444:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a NAT address group, and enter its view. | nat address-group group-id [ name group-name ] | By default, no NAT address groups exist. |
3. Add a public IP address range to the NAT address group. | address start-address end-address | By default, no public IP address ranges exist. You can add multiple public IP address ranges to an address group, but they cannot overlap. |
4. Configure the port range for the public IP addresses. | port-range start-port-number end-port-number | By default, the port range is 1 to 65535. The configuration takes effect only on PAT translation mode. |
5. Configure port block parameters. | port-block block-size block-size [ extended-block-number extended-block-number ] | By default, no port block parameters exist. The configuration takes effect only on PAT translation mode. |
6. Return to system view. | quit | N/A |
7. Enter interface view. | interface interface-type interface-number | N/A |
8. Configure DS-Lite NAT444. | nat outbound ds-lite-b4 { ipv6-acl-number | name ipv6-acl-name } address-group group-id | By default, DS-Lite NAT444 is not configured. |
9. Return to system view. | quit | N/A |
10. (Optional.) Configure a PAT mapping mode. | nat mapping-behavior endpoint-independent [ acl { ipv4-acl-number | name ipv4-acl-name } ] | The default mapping mode is Address and Port-Dependent Mapping. |
11. (Optional.) Enable hot backup for dynamic NAT444. | nat port-block synchronization enable | By default, hot backup is disabled for dynamic NAT444. |