Configuring Dynamic Source Address and Port Translation in IPv4 Networks
Network Address Port Translation (NAPT) is a method by which many network addresses and their TCP/UDP ports are translated into a single network address and its TCP/UDP ports. This translation can be configured in both IPv4 and IPv6 networks. This section describes the steps for configuring NAPT in IPv4 networks.
To configure NAPT, you must configure a rule at the [edit services nat] hierarchy level for dynamically translating the source IPv4 addresses.
To configure the NAPT in IPv4 networks:
- In configuration mode, go to the [edit services] hierarchy level.[edit]user@host# edit services
- Configure the service set and NAT rule. [edit services]user@host# set service-set service-set-name nat-rules rule-name
In the following example, the name of the service set is s1 and the name of the NAT rule is rule-napt-44.
[edit services]user@host# set service-set s1 nat-rules rule-napt-44 - Go to the [interface-service] hierarchy level
of the service set.[edit services]user@host# edit service-set s1 interface-service
- Configure the service interface.[edit services service-set s1 interface service]user@host# set service-interface service-interface-name
In the following example, the name of the service interface is ms-0/1/0.
Note: If the service interface is not present in the router, or the specified interface is not functional, the following command can result in an error.
[edit services service-set s1 interface service]user@host# set service-interface ms-0/1/0 - Go to the [edit services nat] hierarchy level.
Issue the command from the top of the services hierarchy, or use the top keyword.[edit services service-set s1 interface service]user@host# top editservices nat
- Configure the NAT pool with an address.[edit services nat]user@host# set pool pool-name address address
In the following example, the name of the pool is napt-pool and the address is 10.10.10.0.
[edit services nat]user@host# set pool napt-pool address 10.10.10.0 - Configure the port.[edit services nat]user@host# set pool pool-name port port-type
In the following example, the port type is selected as automatic.
[edit services nat]user@host# set pool napt-pool port automatic - Configure the rule and the match direction.[edit services nat]user@host# set rule rule-name match-direction match-direction
In the following example, the name of the rule is rule-napt-44 and the match direction is input.
[edit services nat]user@host# set rule rule-napt-44 match-direction input - Configure the term, the action for the translated traffic,
and the translation type.[edit services nat]user@host# set rule rule-name term term-name then translated translated-action translation-type translation- type
In the following example, the name of the term is t1, the action for the translated traffic is translated, the name of the source pool is napt-pool, and the translation type is napt-44.
[edit services nat]user@host# set rule rule-napt-44 match-direction input term t1 then translated source-pool napt-pool translation-type napt-44 - Go to the [edit services adaptive-services-pics] hierarchy level. In the command, the top keyword ensures
that the command is run from the top of the hierarchy.[edit services nat]user@host# top edit services adaptive-services-pics
- Configure the trace options.[edit services adaptive-services-pics]user@host# set traceoptions flag tracing parameter
In the following example, the tracing parameter is configured as all.
[edit services adaptive-services-pics]user@host# set traceoptions flag all - Verify the configuration by using the show command
at the [edit services] hierarchy level.
[edit services] user@host# show service-set s1 { nat-rules rule-napt-44; interface-service { service-interface ms-0/1/0; } } nat { pool napt-pool { address 10.10.10.0/32; port { automatic; } } rule rule-napt-44 { match-direction input; term t1 { then { translated { source-pool napt-pool; translation-type { napt-44; } } } } } } adaptive-services-pics { traceoptions { flag all; } }
