Carrier Grade NAT Commands on Cisco IOS XR Software

This chapter describes the commands used to configure and use the Carrier Grade NAT (CGN) .

To use commands of this module, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using any command, contact your AAA administrator for assistance.

For detailed information about CGN concepts, configuration tasks, and examples, see Cisco IOS XR Software Carrier Grade NAT Configuration Guide for the Cisco CRS Router .

address (DS-LITE Netflow9)

To enable the IPv4 address of the server that is used for logging the entries for a DS-Lite instance, use the address command in CGN DS-Lite external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.

address address port number

Syntax Description

address

IPv4 address of the server.

port

Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs.

number

Port number. Range is from 1 to 65535.

Command Default

If the address command is not configured, NetflowV9 logging is disabled.

Command Modes

CGN DS-Lite external logging server configuration

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the IPv4 address and port number 45 for a DS-Lite instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# address 2.3.4.5 port 45

Related Commands

Command Description

path-mtu (DS-LITE Netflow9)

 Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. 

refresh rate (DS-LITE Netflow9)

  

timeout (DS-LITE Netflow9)

 Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance. 

address (NAT44 NetflowV9)

To enable the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table, use the address command in CGN inside VRF external logging server configuration mode. To disable the Netflow server configuration, use the no form of this command.

address address port number

Syntax Description

address

IPv4 address of the server.

port

Configures the port that is used for logging. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs.

number

Port number. Range is from 1 to 65535.

Command Default

If the address command is not configured, NAT44 NetflowV9 logging is disabled.

Command Modes

CGN inside VRF external logging server configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.1.0

The usage guidelines was updated.

Usage Guidelines

The CGN NetflowV9-based translation entry is used to create and delete the logs. This NAT44 specific command will configure the ipv4 address and port number for the netflowV9 external logging facility. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which in turn corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs. The configurations for path-mtu , refresh-rate and timeout is applicable only when the ipv4 address and port number for the logging server has been configured.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the IPv4 address and port number 45 for NetFlow logging of the NAT table entries: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 2.3.4.5 port 45

Related Commands

Command Description

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.  

inside-vrf (NAT44)

Enters inside VRF configuration mode for a NAT44 instance.  

server (NAT44)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility. 

service cgn

Enables an instance for the CGN application. 

address static-forward (NAT44)

To enable the inside IPv4 address and port number for static forwarding for a NAT44 instance, use the address command in NAT44 inside VRF static port inside configuration mode. To disable this feature, use the no form of this command.

address address port number

no address address port number

Syntax Description

address

IPv4 address of an inside host server.

port

Configures the inside port for static forwarding. The port keyword allows a specific UDP, TCP, or ICMP port on a global address to be translated to a specific port on a local address.

number

Inside port number. For TCP and UDP, range is from 1 to 65535. For ICMP, range is from and 0 to 65535.

Command Default

None

Command Modes

NAT44 inside VRF static port inside configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.1.0

The usage guidelines section was updated.

Usage Guidelines

This NAT44 command configures the static port forwarding for an inside-ipv4 address and inside-port number combination. With this configuration, packets received inside with the configured inside-ipv4 address and inside-port number are forwarded using the displayed outside-ipv4address and outside-port number.

CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the inside IPv4 address and port for static forwarding. CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port. 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf v1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# static-forward inside
RP/0/RP0/CPU0:router(config-cgn-invrf-sport-inside)# address 10.20.30.10 port 1000

Related Commands

Command Description

protocol (NAT44)

 

protocol (CGN)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance. 

service cgn

Enables an instance for the CGN application. 

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

address (Stateful NAT64 Netflow Version 9)

To enable the IPv4 address of the server that is used for logging the entries for a NAT64 stateful instance, use the address command in NAT64 Stateful configuration mode. To disable the Netflow server configuration, use the no form of this command.

address address port number

Syntax Description

address

IPv4 address of the server.

port

Configures the port that is used for logging. The address corresponds to the IPv4 address of the netflow version 9 logging server port, which corresponds to the UDP port number in which the netflow version 9 logging server listens for the Netflow logs.

number

Port number. Range is from 1 to 65535.

Command Default

If the address command is not configured, Netflow logging is disabled.

Command Modes

NAT64 Stateful configuration mode

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the IPv4 address and port number 45:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# address 2.3.4.5 port 45

Related Commands

Command Description

path-mtu (Stateful NAT64 Netflow Version 9)

 Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. 

refresh rate (Stateful NAT64 Netflow Version 9)

 Configures the refresh rate to log NetFlow-based external logging information. 

session-logging (Stateful NAT64 Netflow Version 9)

 Enables session logging for a NAT64 Stateful instance. 

timeout (Stateful NAT64 Netflow Version 9)

 Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. 

address-family (6rd)

To bind an ipv4 or ipv6 ServiceApp interface to a 6rd instance, use the address-family command in 6RD configuration mode. To unbind the ServiceApp interface, use the no form of this command.

address-family {ipv4 | ipv6} interface ServiceApp value

Syntax Description

ipv4

Specifies the IPv4 address family.

ipv6

Specifies the IPv6 address family.

interface

Specifies the ServiceApp interface to be used.

ServiceApp

Specifies the SVI interface.

value

Interface value. The range is from 1 to 2000.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to bind ipv4 ServiceApp interface to a 6RD instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 100

Examples

This example shows how to bind ipv6 ServiceApp interface to a 6RD instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 120

address-family ipv4 (Stateless NAT64)

To enter the IPv4 address family configuration mode while configuring the Carrier Grade NAT (CGN), use the address-family ipv4 command in an appropriate configuration mode. To disable support for an address family, use the no form of this command.

address-family ipv4 {interface ServiceApp | tcp mss | tos}

Syntax Description

interface

Specifies the ServiceApp interface to be used.

ServiceApp

Specifies the SEAPP SVI interface. The number of service application interfaces to be configured ranges from 1 to 2000.

tcp

Specifies the TCP protocol.

mss

Specifies the maximum segment size for TCP in bytes. The value of maximum segment size ranges from 28 to 1500.

tos

Type of service to be set when translating IPv6 to IPv4. The value of type of service ranges from 0 to 255.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 3.9.1

This command was introduced.

Release 4.1.0

Updated the Syntax and Usage Guidelines sections.

Usage Guidelines

This command configures the ipv4 address family for NAT64 stateless XLAT.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows the tcp mss for the ipv4 address family: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# tcp mss 200

address-family IPv6 (DS-LITE)

To enter the IPv6 address family configuration mode for a DS-Lite instance, use the address-family ipv6 command. To disable support for an address family, use the no form of this command.

address-family IPv6 interface ServiceApp <1-244>

Syntax Description

interface

Indicates the ServiceApp interface to be used.

ServiceApp

SEAPP SVI Interface.

<1-244>

Number of service application interfaces to be configured. Range is from 1 to 244.

Command Default

None

Command Modes

CGN-DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
cgn

read, write

Examples

This example shows how to enter the IPv6 address family configuration mode for a DS-Lite instance: 

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-ds-lite-afi)# interface serviceApp 200
RP/0/RP0/CPU0:router(config-cgn-ds-lite-afi)#

Related Commands

Command Description

address-family ipv4 (Stateless NAT64)

Enters the IPv4 address family configuration mode.  

address-family (Stateful NAT64)

Configures IPv4 or IPv6 address on a NAT64 instance. 

address-family ipv6 (Stateless NAT64)

To enter the IPv6 address family configuration mode, use the address-family ipv6 command. To disable support for an address family, use the no form of this command.

address-family ipv6{ interface ServiceApp <1-2000>} {df override} {protocol | {icmp | reset-mtu}}tcp mss<28-1500>traffic-class<0-255>

Syntax Description

interface

Indicates the ServiceApp interface to be used.

ServiceApp

SEAPP SVI Interface.

<1-2000>

Number of service application interfaces to be configured. Range is from 1 to 2000.

df-override

Override DF bit.

protocol

Select a protocol.

icmp

(Optional) ICMP protocol.

reset-mtu

(Optional) Reset maximum transmission unit when packet is too big.

tcp

TCP protocol.

mss

Maximum segment size for TCP in bytes.

<28-1500>

Maximum segment size to be used in bytes.

traffic-class

Traffic class to be set when translating from IPv4 to IPv6.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

This command configures the ipv6 address family for NAT64 stateless XLAT.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows the traffic-class setting for the ipv6 address family: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stless-afi)# traffic-class 25

Related Commands

Command Description

df-override (CGN)

Sets the do not fragment bit  

protocol icmp reset-mtu (CGN)

Resets the received packet size.  

service cgn

Enables an instance for the CGN application. 

traffic-class (CGN)

Configures the traffic class value to be used when translating a packet from IPv4 to IPv6  

address-family (MAP-E)

To configure an IPv4 or IPv6 address for a MAP-E stateful instance, use the address-family command in MAP-E configuration mode. To undo the address configuration, use the no form of this command.

address-family {ipv4 | ipv6} {interface | {ServiceApp value} | tcp | {mss size}}

Syntax Description

ipv4

Specifies the IPv4 address family.
ipv6

Specifies the IPv6 address family.
interface

Specifies the ServiceApp interface to be used.
ServiceApp

Specifies the SVI interface.
value

Specifies the Interface value. The range is from 1 to 2000.
tcp

Specifies the TCP protocol.
mss

Specifies the Maximum Segment Size (MSS) for TCP in bytes.

size

Size of the segment in bytes. The range is from 28 to 1500.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure ipv4 address for a MAP-E instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-map_e-afi)#interface serviceApp 65

Examples

This example shows how to configure ipv6 address for a MAP-E instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-map_e-afi)#interface serviceApp 66

Related Commands

Command Description

aftr-endpoint-address (MAP-E)

 Configures the IPv6 address of Address Family Transition Router (AFTR). 

contiguous-ports (MAP-E)

 Configures the number of contiguous ports for a MAP-E instance.  

cpe-domain (MAP-E)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

path-mtu (MAP-E)

 Configures the path Maximum Transmission Unit (MTU) of the tunnel. 

sharing-ratio (MAP-E)

 Configures the port sharing ratio. 

address-family (MAP-T)

To configure an IPv4 or IPv6 address for a MAP-T instance, use the address-family command in the MAP-T configuration mode. To undo the address configuration, use the no form of this command.

address-family {ipv4 | ipv6} {df-override | interface | {ServiceApp value} | tcp | {mss size} | traffic-class | {value} | tos}

Syntax Description

ipv4

Specifies the IPv4 address family.

ipv6

Specifies the IPv6 address family.

df-override

Specifies the 'df' override bit.

interface

Specifies the ServiceApp interface to be used.

ServiceApp

Specifies the SVI interface.

value

Specifies the Interface value. The range is from 1 to 2000.

tcp

Specifies the TCP protocol.

mss

Specifies the Maximum Segment Size (MSS) for TCP in bytes.

size

Size of the segment in bytes. The range is from 28 to 1500.

traffic-class

Specifies the traffic class value to be set when translating from IPv4 to IPv6.

value

Value of the traffic-class. The range is from 0 to 255.

tos

Specifies the type of service value to be set when translating from IPv6 to IPv4. The range is from 0 to 255.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

Unlike NAT64, ISM is used for only control plane and exception traffic, not for the bulk of the traffic.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure ipv4 address for a MAP-T instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-mapt-afi)#tcp mss 565

Examples

This example shows how to configure ipv6 address for a MAP-T instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-mapt-afi)#traffic-class 65

Related Commands

Command Description

clear cgn map-t statistics

Clears the statistics of a MAP-T instance. 

contiguous-ports (MAP-T)

Configures the number of contiguous ports for a MAP-T instance.  

cpe-domain (MAP-T)

Configures the Customer Premises Equipment (CPE ) domain parameters. 

external-domain (MAP-T)

Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. 

sharing-ratio (MAP-T)

Configures the port sharing ratio. 

show cgn map-t statistics

Displays the MAP-T instance statistics.  

traceroute (MAP-T)

Configures traceroute translation algorithms. 

address-family (Stateful NAT64)

To configure an IPv4 or IPv6 address for a NAT64 stateful instance, use the address-family command in NAT64 stateful configuration mode. To undo the address configuration, use the no form of this command.

address-family {ipv4 | ipv6} [df-override | interface | protocol | tcp | traffic-class | tos]

Syntax Description

ipv4

Specifies the IPv4 address family.
ipv6

Specifies the IPv6 address family.
df-override

Specifies the 'df' override bit.
interface

Specifies the ServiceApp interface to be used.
ServiceApp

Specifies the SVI interface.
value

Specifies the Interface value. The range is from 1 to 2000.
protocol

Specifies the protocol.
icmp

ICMP protocol.
reset-mtu

Resets the maximum transmission unit of the packet.
tcp

TCP protocol.
mss

Specifies the Maximum Segment Size (MSS) for TCP in bytes.

size

Size of the segment in bytes. The range is from 28 to 1500.
traffic-class

Specifies the traffic class value to be set when translating from IPv4 to IPv6.
value

Value of the traffic-class. The range is from 0 to 255.

tos

Specifies the type of service value to be set when translating from IPv6 to IPv4. The range is from 0 to 255.

Command Default

None

Command Modes

NAT64 stateful configuration

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure ipv4 address on a NAT64 instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful-afi)#tcp mss 565

Examples

This example shows how to configure ipv6 address on a NAT64 instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful-afi)#traffic-class 65

Related Commands

Command Description

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

aftr-endpoint-address (MAP-E)

To configure the IPv6 address of Address Family Transition Router (AFTR), use the aftr-endpoint-address command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

aftr-endpoint-address address

Syntax Description

address

Specifies the IPv6 address of the AFTR.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the AFTR address for a MAP-E instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# aftr-endpoint-address 2001:db8:100::40

Related Commands

Command Description

address-family (MAP-E)

 Configures IPv4 or IPv6 address for a MAP-E instance. 

contiguous-ports (MAP-E)

 Configures the number of contiguous ports for a MAP-E instance.  

cpe-domain (MAP-E)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

path-mtu (MAP-E)

 Configures the path Maximum Transmission Unit (MTU) of the tunnel. 

sharing-ratio (MAP-E)

 Configures the port sharing ratio. 

aftr-tunnel-endpoint-address (DS-LITE)

To assign an IPv6 tunnel endpoint address for a DS-lite instance, use the aftr-tunnel-endpoint-address in DS-Lite configuration mode. To unassign the address for the ds-lite instance, use the no form of this command.

aftr-tunnel-endpoint-address IPv6 address

Syntax Description

IPv6 address

Specifies the IPv6 address of the tunnel endpoint.

Command Default

None

Command Modes

DS-Lite configuration

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to assign an IPv6 tunnel endpoint address for a ds-lite instance: 


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#aftr-tunnel-endpoint-address 10:10::2
RP/0/RP0/CPU0:router(config-cgn-ds-lite)

alg ActiveFTP (NAT44)

To enable the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance, use the alg ActiveFTP command in NAT44 configuration mode. To disable the support of ALG for the Active FTP, use the no form of this command.

alg ActiveFTP

Syntax Description

This command has no arguments or keywords.

Command Default

By default, ActiveFTP ALG is disabled.

Command Modes

NAT44 Configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.1.0

The Usage Guidelines section was updated.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure ALG for the active FTP connection for the NAT44 instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# alg ActiveFTP

alg ftp (DS-LITE)

To enable the support for FTP Application-Level Gateway (ALG) for a DS-Lite instance, use the alg command in DS-Lite configuration mode. To disable, use the no form of this command.

alg ftp

Syntax Description

ftp

Enables the FTP ALG.

Command Default

None

Command Modes

DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enable support for FTP ALG: 


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#alg ftp
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

alg pptpalg (NAT44)

To configure Point-to-Point Tunneling Protocol (PPTP) as the Application-Level Gateway (ALG) for a NAT44 instance, use the alg pptpalg command in NAT44 configuration mode. To undo the configuration, use the no form of this command.

alg pptpalg

Syntax Description

This command has no arguments or keywords.

Command Default

By default, PPTP ALG is disabled.

Command Modes

NAT44 configuration mode

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure ALG for the PPTP connection on NAT44 instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat441
RP/0/RP0/CPU0:router(config-cgn-nat44)# alg pptpalg

Related Commands

Command Description

alg ActiveFTP (NAT44)

 Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance. 

alg rtsp (NAT44)

 Enables the support for Application-Level Gateway (ALG) Real Time Streaming Protocol (RTSP).  

alg rtsp (DS-LITE)

To enable support for the Application-Level Gateway (ALG) Real Time Streaming Protocol (RTSP), use the alg rtsp command in the DS-Lite configuration mode. To disable the support, use the no form of this command.

alg rtsp

Syntax Description

rtsp

Specifies the real time streaming protocol.

server-port

Specifies the port to be used for RTSP. The range is from 1 to 65535.The default port is 554.

Command Default

By default, the alg rtsp is disabled.

Command Modes

DS-Lite Configuration

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

The application has to be directed to identify RTSP packets. The alg rtsp configuration command allows enabling of RTSP scan.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the alg rtsp command for a DS-Lite instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# alg rtsp

Related Commands

Command Description

address-family ipv4 (Stateless NAT64)

Enters the IPv4 address family configuration mode.  

alg ActiveFTP (NAT44)

Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance. 

inside-vrf (NAT44)

Enters inside VRF configuration mode for a NAT44 instance.  

portlimit (NAT44)

Limits the number of translation entries per source address. 

protocol (NAT44)

 

service cgn

Enables an instance for the CGN application. 

service-type nat44

Enables a NAT44 instance for the CGN application. 

refresh-direction (NAT44)

Configures the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance. 

alg rtsp (NAT44)

To configure Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG), use the alg rtsp command in the NAT44 configuration mode. To undo the configuration, use the no form of this command.

alg rtsp server-port value

Syntax Description

server-port

Specifies the port to be used for RTSP.

value

Specifies the port number. The default port is 554. The range is from 1 to 65535

Command Default

By default, the alg rtsp is disabled.

Command Modes

NAT44 Configuration

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

The application has to be directed to identify RTSP packets. The alg rtsp configuration command allows enabling of RTSP scan.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the alg rtsp command for the CGN instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# alg rtsp server-port 666

Related Commands

Command Description

alg ActiveFTP (NAT44)

Enables the Application-Level Gateway (ALG) of Active FTP for a NAT44 instance. 

alg rtsp (Stateful NAT64)

To configure Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG), use the alg rtsp command in Stateful NAT64 configuration mode. To undo the configuration, use the no form of this command.

alg rtsp server-port value

Syntax Description

server-port

Specifies the port to be used for RTSP.
value

Port number. The default port is 554. The range is from 1 to 65535.

Command Default

By default, the alg rtsp is disabled.

Command Modes

Stateful NAT64

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

The application must be directed to identify RTSP packets. The alg rtsp configuration command enables RTSP scan.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the alg rtsp command for the CGN instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# alg rtsp server-port 666

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

attach port-set

To attach the port-set to the NAT inside-vrf instance, use the attach port-set command in the CGN inside VRF configuration mode. To remove the port-set from the inside-vrf instance, use the no form of this command.

attach port-set name

Syntax Description

name

Specifies the port-set created.

Command Default

None

Command Modes

CGN inside VRF configuration mode.

Command History

Release Modification
Release 5.3.1

This command was introduced.

Usage Guidelines

A port-set is attached to the VRF instance that handles packets from the subscriber network (inside-VRF). Users can attach only one port-set to the NAT inside-vrf instance. If multiple port-sets are attached to the inside-vrf instance, then only the last attached port-set is considered for the NAPT operation. However, a port-set can be attached to multiple inside-vrf instances. If a port-set is in use by one or more NAT inside-vrf instances, users cannot delete that port-set until the associations with all NAT inside-vrf instances are removed. However, the user can modify the contents of port-set while they are in use and have the modifications take effect immediately.

Task ID

Task ID Operation

cgn

read, write

Examples

The following example shows how to attach the port-set to an inside VRF instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#map-address pool 100.1.1.0/24
RP/0/RP0/CPU0:router(config-cgn-invrf-afi)#attach port-set set1

br (6rd)

To enable the Border Relay(BR) configuration, use the br command in 6RD configuration mode. To disable this feature, use the no form of this command.

br {ipv4 | ipv6-prefix | source-address | unicast}

Syntax Description

ipv4

Specifies the IPv4 related configuration.
ipv6-prefix

Specifies the IPv6 prefix.
source-address

Specifies the source address for the tunnel.
unicast

Specifies the IPv6 unicast address.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the unicast address using the br configuration level commands : 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv6-prefix 2001:db8::/32
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# source-address 10.2.2.2
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv4 prefix length 0
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ipv4 suffix length 0
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# unicast address 2001:db8:a02:202::1

Related Commands

Command Description

ipv4 prefix (6rd)

 Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel. 

ipv4 suffix (6rd)

 Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel. 

ipv6-prefix (6rd)

 Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. 

source-address (6rd)

 Assigns an ipv4 address as the tunnel source address. 

unicast address (6rd)

 Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. 

br-endpoint-address (MAP-E)

To configure the IPv6 address of BR, use the br-endpoint-address command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

br-endpoint-address address

Syntax Description

address

Specifies the IPv6 address of the BR.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release Modification
Release 5.3.2

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgv6

read, write

Examples

This example shows how to configure the BR address for a MAP-E instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgv6 cgv6-1
RP/0/RP0/CPU0:router(config-cgv6)# Service-inline interface TenGigE0/0/0/0
RP/0/RP0/CPU0:router(config-cgv6)#  service-type-map_e map1
RP/0/RP0/CPU0:router(config-cgv6-map-e)#  cpe-domain ipv4 Prefix 120.2.1.0/24
RP/0/RP0/CPU0:router(config-cgv6-map-e)#  cpe-domain ipv6 prefix 9020:da8:2::/48
RP/0/RP0/CPU0:router(config-cgv6-map-e)#   sharing-ratio 256
RP/0/RP0/CPU0:router(config-cgv6-map-e)#   contiguous-ports 16
RP/0/RP0/CPU0:router(config-cgv6-map-e)#    br-endpoint-address 9020:da8:2:ffff::1

bulk-port-alloc (NAT44)

To pre-allocate a number of contiguous outside ports in bulk and to reduce Netflow/Syslog data volume, use the bulk-port-alloc command in NAT44 configuration mode. To undo the bulk port allocation, use the no form of this command.

bulk-port-alloc size size-value

Syntax Description

size size-value

Specifies the port size for allocation. The value should be greater than or equal to one fourth of the port limit and less than twice the port limit. The allowed values are 8, 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096.

Command Default

None

Command Modes

NAT44 Inside VRF configuration

Command History

Release Modification
Release 4.2.1

This command was introduced.

Release 5.2.0

The minimum size for bulk port allocation was reduced to 8.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to allocate ports in bulk to reduce the syslog data volume: 

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat441
RP/0/RP0/CPU0:router(config-cgn)#inside-vrf vrf1
RP/0/RP0/CPU0:router(config-cgn-ds-lite-invrf)#bulk-port-alloc size 64
RP/0/RP0/CPU0:router(config-cgn-ds-lite-invrf)#

Related Commands

Command Description

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.  

protocol (NAT44)

 

bulk-port-alloc (DS-LITE)

To pre-allocate a number of contiguous outside ports in bulk and to reduce Netflow/Syslog data volume, use the bulk-port-alloc command in DS-Lite configuration mode. To undo the bulk port allocation, use the no form of this command.

bulk-port-alloc size

Syntax Description

size

Specifies the port size for allocation. The value should be greater than or equal to one fourth of the port limit and less than twice the port limit. The allowed values are 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096.

Command Default

None

Command Modes

DS-Lite configuration

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to allocate ports in bulk to reduce the syslog data volume: 


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#bulk-port-alloc size 64
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command Description
protocol (NAT44)  

clear cgn ds-lite

To clear all translation database entries that are created dynamically for the specific DS-Lite instance, use the clear cgn ds-lite command in EXEC mode .

clear cgn ds-lite instance-name

Syntax Description

instance-name

Instance name for DS-Lite.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn ds-lite command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

clear cgn ds-lite ipaddress

To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn ds-lite ipaddress command in EXEC mode.

clear cgn ds-lite instance-name ipaddress address

Syntax Description

instance-name

Instance name for DS-Lite.

address

Specifies the IPv4 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn ds-lite ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

clear cgn ds-lite port

To clear the translation database entries that are created dynamically for the specified port number, use the clear cgn ds-lite port command in EXEC mode.

clear cgn ds-lite instance-name port number

Syntax Description

instance-name

Instance name for DS-Lite.

number

Port number. Range is from 1 to 65535.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn ds-lite port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

clear cgn ds-lite protocol

To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn ds-lite protocol command in EXEC mode.

clear cgn ds-lite instance-name protocol {udp | tcp | icmp}

Syntax Description

instance-name

Name for the DS-Lite CGN instance.

protocol

Specifies the protocol for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn ds-lite protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

clear cgn ds-lite statistics

To clear all the statistics for a ds-lite instance, use theclear cgn ds-lite statistics command in EXEC mode.

clear cgn ds-lite instance-name statistics

Syntax Description

instance-name

Specifies the name of the DS-Lite instance.

statistics

Specifies the DS-Lite statistics.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn ds-lite statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID Operation

cgn

read

Related Commands

Command Description

clear cgn nat44 port

Clears the translation database entries that are created dynamically for the specified inside port number. 

clear cgn nat44 protocol

Clears translation database entries that are created dynamically for the specified protocol.  

clear cgn map-e statistics

To clear all statistics of a MAP-E instance, use the clear cgn map-e statistics command in EXEC mode.

clear cgn map-e instance-name statistics

Syntax Description

instance-name

Name of the map-e instance.
statistics

Specifies the map-e statistics.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn map-e statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID Operation

cgn

read

Examples

This example shows how to clear the statistics entries for a MAP-E instance:


RP/0/RP0/CPU0:router# show cgn map-e m1 statistics

MAP-E IPv4 to IPv6 counters:
======================================

Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0

Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IP Destination Drop Count : 0
Packet Exceeding Path MTU Drop Count : 0
Unsupported Protocol Drop Count : 0

ICMPv4 Generated for TTL Expire Count : 0
ICMPv4 Generated for Error Count : 0
ICMPv4 Packets Rate-Limited Count : 0

TCP MSS Changed Count : 0

MAP-E IPv6 to IPv4 counters:
======================================

Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0
Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IPv6 Destination Drop Count : 0
Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop Count : 0

ICMPv6 Input Count : 0
ICMPv6 Invalid UIDB Drop Count : 0
ICMPv6 NoDb Drop Count : 0
ICMPv6 TTL Expire Drop Count : 0
ICMPv6 Invalid IPv6 Destination Drop Count : 0
ICMPv6 Unsupported Type Drop Count : 0
ICMPv6 Invalid NxtHdr Drop Count: 0
ICMPv6 Frag Drop Count : 0
ICMPv6 Forus Count : 0
ICMPv6 Echo Response Received Count : 0
ICMPv6 Echo Replies Count : 0
ICMPv6 Translated to ICMPV4 Output Count : 0

ICMPv6 Generated for TTL Expire Count : 0
ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0

TCP MSS Changed Count: 0

MAP-E IPv4 Frag counters received from V4 cloud:
==================================================

Total Input Count: 0
Total Drop Count: 0
Reassembled Output Count : 0

TCP Input Count: 0
UDP Input Count: 0
ICMPv4 Input Count: 0

Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
Unsupported Protocol Drop Count : 0
Throttled Count : 0
Timeout Drop Count: 0
Duplicates Drop Count : 0

MAP-E Inner IPv4 Frag counters received from V6 cloud:
====================================================

Total Input Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Input Count : 0
UDP Input Count : 0
ICMPv4 Input Count : 0

Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop count : 0
Throttled Count : 0
Timeout Drop Count : 0
Duplicates Drop Count : 0

ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0

TCP MSS Changed Count : 0   

The RP/0/RP0/CPU0:router# clear cgn map-e m1 statistics command clears the output 
shown above.

Related Commands

Command Description

show cgn map-e statistics

 Displays the MAP-E instance statistics. 

clear cgn map-t statistics

To clear all the statistics of a MAP-T instance, use the clear cgn map-t statistics command in EXEC mode.

clear cgn map-t instance-name statistics

Syntax Description

instance-name

Specifies the name of the map-t instance.
statistics

Specifies the map-t statistics.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn map-t statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID Operation

cgn

read

Examples

This example shows the statistics entries for a MAP-T instance:


RP/0/RP0/CPU0:router# show cgn map-t m1 statistics

MAP-T IPv6 to IPv4 counters:
======================================

TCP Incoming Count: 0
TCP NonTranslatable Drop Count: 0
TCP Invalid NextHdr Drop Count: 0
TCP NoDb Drop Count: 0
TCP Translated Count: 0 
UDP Incoming Count: 0
UDP NonTranslatable Drop Count: 0
UDP Invalid Next Hdr Drop Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0 

ICMP Total Incoming Count: 0
ICMP No DB Drop Count: 0
ICMP Fragment drop count: 0
ICMP Invalid NxtHdr Drop Count: 0
ICMP Nontanslatable Drop Count: 0
ICMP Nontanslatable Fwd Count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 0 
Subsequent Fragment NonTranslateable Drop Count: 0
Invalid NextHdr Drop Count: 0
Subsequent Fragment No Db Drop Count: 0
Subsequent Fragment Translated Count: 0 

Extensions/Options Incoming Count: 0
Extensions/Options Drop Count: 0
Extensions/Options Forward Count: 0

Extensions/Options No DB drop Count: 0
Unsupported Protocol Count: 0

MAP-T IPv4 to IPv6 counters:
======================================

TCP Incoming Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0

UDP Incoming Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0
UDP FragmentCrc Zero Drop Count: 0
UDP CrcZeroRecy Sent Count: 0
UDP CrcZeroRecy Drop Count: 0

ICMP Total Incoming Count: 0
ICMP No Db Drop Count: 0
ICMP Fragment drop count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 0
Subsequent Fragment No Db Drop  Count: 0
Subsequent Fragment Translated Count: 0

Options Incoming Count: 0
Options Drop Count: 0
Options Forward Count: 0
Options No DB drop Count: 0
Unsupported Protocol Count: 0
          
ICMP generated counters :
=======================

IPv4 ICMP Messages generated count: 0
IPv6 ICMP Messages generated count: 0

The RP/0/RP0/CPU0:router# clear cgn map-t m1 statistics command clears the output 
shown above.

Related Commands

Command Description

address-family (MAP-T)

 Configures IPv4 or IPv6 address for a MAP-T instance.  

contiguous-ports (MAP-T)

 Configures the number of contiguous ports for a MAP-T instance.  

cpe-domain (MAP-T)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

external-domain (MAP-T)

 Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. 

sharing-ratio (MAP-T)

 Configures the port sharing ratio. 

show cgn map-t statistics

 Displays the MAP-T instance statistics.  

traceroute (MAP-T)

 Configures traceroute translation algorithms. 

clear cgn nat44

To clear all translation database entries that are created dynamically for the specific CGN instance, use the clear cgn nat44 command in EXEC mode.

clear cgn nat44 instance-name

Syntax Description

instance-name

Instance name for NAT44.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines


Caution

Because the clear cgn nat44 command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Examples

The following example shows how to clear all the translation entries for the cgn1 instance: 


RP/0/RP0/CPU0:router# show cgn nat44 nat2 statistics

Statistics summary of NAT44 instance: 'nat2'
Number of active translations: 45631
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195

RP/0/RP0/CPU0:router# clear cgn nat44 nat2

RP/0/RP0/CPU0:router# show cgn nat44 nat2 statistics

Statistics summary of NAT44 Instance: 'nat2'
Number of active translations: 0 <<<<<<<<<<<<<< All the entries are deleted and provided no new translation entires are created
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195

Related Commands

Command Description

service cgn

Enables an instance for the CGN application. 

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn nat44 inside-vrf counters

To clear the counters for sequence-check, use the clear cgn nat44 inside-vrf counters in EXEC mode.

clear cgn nat44 instance-name inside-vrf instance-name counters

Syntax Description

counters

Lists the counters for TCP sequence check

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

The following example clears the counters for TCP sequence check. 

RP/0/RP0/CPU0:router# clear cgn nat44 nat1 inside-vrf vrf1 counters

clear cgn nat44 inside-vrf

To clear translation database entries that are created dynamically for the specified inside VRF, use the clear cgn nat44 inside-vrf command in EXEC mode.

clear cgn nat44 instance-name inside-vrf vrf-name

Syntax Description

instance-name

Instance name for NAT44.

vrf-name

Name for the inside VRF.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines


Caution

Because the clear cgn nat44 inside-vrf command clears all translation database entries for the specified inside-vrf and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows how to clear the translation database entries for the inside VRF named ivrf: 


RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 34 2356 alg 875364 65345
12.168.6.98 tcp 56 8972 static 78645 56343
12.168.2.12 tcp 21 2390 static 45638 89865
12.168.2.123 tcp 34 239 dynamic 809835 67854

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 inside-vrf insidevrf1

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn nat44 ipaddress

To clear translation database entries that are created dynamically for the specified IPv4 address, use the clear cgn nat44 ipaddress command in EXEC mode.

clear cgn nat44 instance-name ipaddress address

Syntax Description

instance-name

Instance name for NAT44.

address

Specifies the IPv4 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines


Caution

Because the clear cgn nat44 ipaddress command clears all translation database entries for the specified IPv4 address and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Examples

The following example shows how to clear the translation database entries for the specified IPv4 address: 


RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance  : nat1
Inside-VRF    : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 34 2356 alg 875364 65345
12.168.2.123 tcp 34 239 dynamic 809835 67854

RP/0/RP0/CPU0:router# clear cgn nat44 nat1 ipaddress 10.0.0.0

RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 23 end 56

Inside-translation details
-----------------------------------
NAT44 instance : nat1
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn nat44 port

To clear the translation database entries that are created dynamically for the specified inside port number, use the clear cgn nat44 port command in EXEC mode.

clear cgn nat44 instance-name port number

Syntax Description

instance-name

Instance name for NAT44.

number

Port number. Range is from 1 to 65535.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Usage Guidelines


Caution

Because the clear cgn nat44 port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows how to clear the translation database entries for port number 1231: 


RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1
inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 1231 2356 alg 875364 65345

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 port 1231

RP/0/RP0/CPU0:router# show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn nat44 pptpCounters

To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn nat44 pptpCounters command in EXEC mode.

clear cgn nat44 instance-name pptpCounters

Syntax Description

instance-name

Name for the NAT44 CGN instance.

pptpCounters

Specifies the PPTP counters that must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.3.0 This command was introduced.

Usage Guidelines


Caution

Because the clear cgn nat44 pptpCounters command clears all the PPTP counters, use this command with caution.

Task ID

Task ID

Operations

cgn

read

clear cgn nat44 protocol

To clear translation database entries that are created dynamically for the specified protocol, use the clear cgn nat44 protocol command in EXEC mode.

clear cgn nat44 instance-name protocol {gre | udp | tcp | icmp}

Syntax Description

instance-name

Name for the NAT44 CGN instance.

protocol

Specifies the protocol for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included in the command syntax.

Release 4.3.0

The keyword, gre was added.

Usage Guidelines


Caution

Because the clear cgn nat44 protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows how to clear the translation database entries for the TCP protocol: 


RP/0/RP0/CPU0:router# 
show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------
12.168.6.231 tcp 1231 2356 alg 875364 65345

RP/0/RP0/CPU0:router# clear cgn nat44 nat2 protocol tcp

RP/0/RP0/CPU0:router# 
show cgn nat44 nat2 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port start 1231 end 1231

Inside-translation details
-----------------------------------
NAT44 instance : nat2
Inside-VRF     : insidevrf1
------------------------------------------------------------------------------------------
Outside Protocol Inside Outside Translation Inside Outside
Address Source Source Type to to
Port Port Outside Inside
Packets Packets
------------------------------------------------------------------------------------------

Related Commands

Command Description

protocol (NAT44)

 

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

clear cgn nat64 stateful

To clear all translation database entries that are created dynamically for the specific NAT64 stateful instance, use the clear cgn nat64 stateful command in EXEC mode.

clear cgn nat64 stateful instance-name

Syntax Description

instance-name

NAT64 stateful instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn nat64 stateful command clears all translation database entries and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Related Commands

Command Description

clear cgn nat64 stateful counters

 Clears all the counters that are created for a NAT64 stateful instance 

clear cgn nat64 stateful ipaddress

 Clears translation database entries that are created dynamically for the specified IPv6 address. 

clear cgn nat64 stateful port

 Clears the translation database entries that are created dynamically for the specified port number 

clear cgn nat64 stateful protocol

 Clears the translation database entries that are created dynamically for the specified protocol 

clear cgn nat64 stateful statistics

 Clears all the statistics for a nat64 stateful instance 

clear cgn nat64 stateful counters

To clear all the counters created for a NAT64 stateful instance, use the clear cgn nat64 stateful counters command in EXEC mode.

clear cgn nat64 stateful instance-name counters

Syntax Description

instance-name

NAT64 stateful instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn nat64 stateful counters command clears all counters, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Related Commands

Command Description

clear cgn nat64 stateful

 Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance 

clear cgn nat64 stateful ipaddress

 Clears translation database entries that are created dynamically for the specified IPv6 address. 

clear cgn nat64 stateful port

 Clears the translation database entries that are created dynamically for the specified port number 

clear cgn nat64 stateful protocol

 Clears the translation database entries that are created dynamically for the specified protocol 

clear cgn nat64 stateful statistics

 Clears all the statistics for a nat64 stateful instance 

clear cgn nat64 stateful ipaddress

To clear translation database entries that are created dynamically for the specified IPv6 address, use the clear cgn nat64 stateful ipaddress command in EXEC mode.

clear cgn nat64 stateful instance-name ipaddress ipv6 address [port port number protocol [icmp | tcp | udp] | protocol [icmp | tcp | udp] port port number]

Syntax Description

instance-name

Instance name for stateful NAT64.

ipv6 address

Specifies the IPv6 address for which the translation entries must be cleared.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

port

Displays the range of the port numbers from 1 to 65535.

port number

Specifies the port number within the range.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn nat64 stateful ipaddress command clears all translation database entries for the specified IPv6 address and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Related Commands

Command Description

clear cgn nat64 stateful

 Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance 

clear cgn nat64 stateful counters

 Clears all the counters that are created for a NAT64 stateful instance 

clear cgn nat64 stateful port

 Clears the translation database entries that are created dynamically for the specified port number 

clear cgn nat64 stateful protocol

 Clears the translation database entries that are created dynamically for the specified protocol 

clear cgn nat64 stateful statistics

 Clears all the statistics for a nat64 stateful instance 

clear cgn nat64 stateful port

To clear the translation database entries that are created dynamically for the specified port number, use the clear cgn nat64 stateful port command in EXEC mode.

clear cgn nat64 stateful instance-name port port number [ipaddress IPv6 address protocol [icmp | tcp | udp] | protocol [icmp | tcp | udp] ipaddress IPv6 address]

Syntax Description

instance-name

Instance name for stateful NAT64.

port number

Specifies the port number within the range.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

ipv6 address

Specifies the IPv6 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn nat64 stateful port command clears all translation database entries for the specified port and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Related Commands

Command Description

clear cgn nat64 stateful

 Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance 

clear cgn nat64 stateful counters

 Clears all the counters that are created for a NAT64 stateful instance 

clear cgn nat64 stateful ipaddress

 Clears translation database entries that are created dynamically for the specified IPv6 address. 

clear cgn nat64 stateful protocol

 Clears the translation database entries that are created dynamically for the specified protocol 

clear cgn nat64 stateful statistics

 Clears all the statistics for a nat64 stateful instance 

clear cgn nat64 stateful protocol

To clear the translation database entries that are created dynamically for the specified protocol, use the clear cgn nat64 stateful protocol command in EXEC mode.

clear cgn nat64 stateful instance-name protocol {icmp | tcp | udp} [ [ipaddress IPv6 address port port number] | [port port number ipaddress IPv6 address]]

Syntax Description

instance-name

Instance name for stateful NAT64.

port number

Specifies the port number within the range.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

ipv6 address

Specifies the IPv6 address for which the translation entries must be cleared.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn nat64 stateful protocol command clears all translation database entries for the specified protocol and impacts the traffic on those translation entries, use this command with caution.

Task ID

Task ID

Operations

cgn

read

Related Commands

Command Description

clear cgn nat64 stateful

 Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance 

clear cgn nat64 stateful counters

 Clears all the counters that are created for a NAT64 stateful instance 

clear cgn nat64 stateful ipaddress

 Clears translation database entries that are created dynamically for the specified IPv6 address. 

clear cgn nat64 stateful port

 Clears the translation database entries that are created dynamically for the specified port number 

clear cgn nat64 stateful statistics

 Clears all the statistics for a nat64 stateful instance 

clear cgn nat64 stateful statistics

To clear all the statistics for a nat64 stateful instance, use theclear cgn nat64 stateful statistics command in EXEC mode.

clear cgn nat64 stateful instance-name statistics

Syntax Description

instance-name

Specifies the name of the nat64 stateful instance.
statistics

Specifies the nat64 stateful statistics.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn nat64 stateful statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID Operation

cgn

read

Related Commands

Command Description

clear cgn nat64 stateful

 Clears all translation database entries that are created dynamically for the specific NAT64 stateful instance 

clear cgn nat64 stateful counters

 Clears all the counters that are created for a NAT64 stateful instance 

clear cgn nat64 stateful ipaddress

 Clears translation database entries that are created dynamically for the specified IPv6 address. 

clear cgn nat64 stateful port

 Clears the translation database entries that are created dynamically for the specified port number 

clear cgn nat64 stateful protocol

 Clears the translation database entries that are created dynamically for the specified protocol 

clear cgn tunnel v6rd statistics

To clear all the statistics of a IPv6 Rapid Deployment (6RD) instance, use the clear cgn tunnel v6rd statistics command in EXEC mode.

clear cgn tunnel v6rd instance-name statistics

Syntax Description

instance-name

Specifies the name of the 6rd instance.
statistics

6rd instance statistics.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines


Caution

Because the clear cgn tunnel v6rd statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID Operation

cgn

read

Examples

This example shows the statistics entries for a 6RD instance:


RP/0/RP0/CPU0:router# show cgn tunnel v6rd 6rd1 statistics

Tunnel 6rd configuration
=========================
Tunnel 6rd name: 6rd1
IPv6 Prefix/Length: 2001:db8::/32
Source address: 9.1.1.1
BR Unicast address: 2001:db8:901:101::1
IPv4 Prefix length: 0
IPv4 Suffix length: 0
TOS: 0, TTL: 255, Path MTU: 1280
Tunnel 6rd statistics
======================
IPv4 to IPv6
=============
Incoming packet count : 2296951183
Incoming tunneled packets count : 2296951183
Decapsulated packets : 0
ICMP translation count : 0
Insufficient IPv4 payload drop count : 0
Security check failure drops : 0
No DB entry drop count : 0
Unsupported protocol drop count : 0
Invalid IPv6 source prefix drop count : 2296951183
IPv6 to IPv4
=============
Incoming packet count : 0
Encapsulated packets count : 0
No DB drop count : 0
Unsupported protocol drop count : 0
IPv4 ICMP
==========
Incoming packets count : 0
Reply packets count : 0
Throttled packet count : 0
Nontranslatable drops : 0
Unsupported icmp type drop count : 0
IPv6 ICMP
==========
Incoming packets count : 0
Reply packets count : 0
Packet Too Big generated packets count : 0
Packet Too Big not generated packets count : 0
NA generated packets count : 0
TTL expiry generated packets count : 0
Unsupported icmp type drop count : 0
Throttled packet count : 0
IPv4 to IPv6 Fragments
=======================
Incoming fragments count : 0
Reassembled packet count : 0
Reassembled fragments count : 0
ICMP incoming fragments count : 0
Total fragment drop count : 0
Fragments dropped due to timeout : 0
Reassembly throttled drop count : 0
Duplicate fragments drop count : 0
Reassembly disabled drop count : 0
No DB entry fragments drop count : 0
Fragments dropped due to security check failure : 0
Insufficient IPv4 payload fragment drop count : 0
Unsupported protocol fragment drops : 0
Invalid IPv6 prefix fragment drop count : 0
IPv6 to IPv4 Fragments
=======================
Incoming ICMP fragment count : 0
RP/0/RP1/CPU0:#
=================================================================================

The RP/0/RP0/CPU0:router# clear cgn tunnel v6rd 6rd1 statistics command clears the 
output shown above.

Related Commands

Command Description

show cgn tunnel v6rd statistics

 Displays the statistics information for an IPv6 Rapid Deployment (6RD) instance.  

clear cgv6 map-e statistics

To clear all the statistics for a map-e instance, use theclear cgv6 map-e statistics command in EXEC mode.

clear cgv6 map-e instance-name statistics

Syntax Description

instance-name

Specifies the name of the MAP-E instance.

statistics

Specifies the MAP-E statistics.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 5.3.2

This command was introduced.

Usage Guidelines


Caution

Because the clear cgv6 map-e statistics command clears all statistics counters, use this command with caution.

Task ID

Task ID Operation

cgv6

read

contiguous-ports (MAP-E)

To configure the number of contiguous ports for a MAP-E instance, use the contiguous-ports command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

contiguous-ports number

Syntax Description

number

Number of contiguous ports. The value is in powers of 2. The range is from 1 to 65535.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the number of contiguous ports for a MAP-E instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# contiguous-ports 8

Related Commands

Command Description

address-family (MAP-E)

 Configures IPv4 or IPv6 address for a MAP-E instance. 

aftr-endpoint-address (MAP-E)

 Configures the IPv6 address of Address Family Transition Router (AFTR). 

cpe-domain (MAP-E)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

path-mtu (MAP-E)

 Configures the path Maximum Transmission Unit (MTU) of the tunnel. 

sharing-ratio (MAP-E)

 Configures the port sharing ratio. 

contiguous-ports (MAP-T)

To configure the number of contiguous ports for a MAP-T instance, use the contiguous-ports command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

contiguous-ports number

Syntax Description

number

Number of contiguous ports. The value is in powers of 2. The range is from 1 to 65535.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the number of contiguous ports for a MAP-T instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# contiguous-ports 8

Related Commands

Command Description

address-family (MAP-T)

 Configures IPv4 or IPv6 address for a MAP-T instance.  

clear cgn map-t statistics

 Clears the statistics of a MAP-T instance. 

cpe-domain (MAP-T)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

external-domain (MAP-T)

 Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. 

sharing-ratio (MAP-T)

 Configures the port sharing ratio. 

show cgn map-t statistics

 Displays the MAP-T instance statistics.  

traceroute (MAP-T)

 Configures traceroute translation algorithms. 

cpe-domain (MAP-E)

To configure the Customer Premises Equipment (CPE ) domain parameters, use the cpe-domain command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

cpe-domain {ipv4 | ipv6} [prefix address]

Syntax Description

ipv4

Specifies IPv4 parameters.
ipv6

Specifies IPv6 parameters.
prefix

Specifies the CPE domain IPv4 or IPv6 prefix.
address / length

IPv4 or IPv6 address and subnet mask.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the CPE domain's IPv6 prefix:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# cpe-domain ipv6 prefix 10:2::24/32

Examples

This example shows how to configure the CPE domain's IPv4 prefix:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# cpe-domain ipv4 prefix 202.38.102.0/24

Related Commands

Command Description

address-family (MAP-E)

 Configures IPv4 or IPv6 address for a MAP-E instance. 

aftr-endpoint-address (MAP-E)

 Configures the IPv6 address of Address Family Transition Router (AFTR). 

contiguous-ports (MAP-E)

 Configures the number of contiguous ports for a MAP-E instance.  

path-mtu (MAP-E)

 Configures the path Maximum Transmission Unit (MTU) of the tunnel. 

sharing-ratio (MAP-E)

 Configures the port sharing ratio. 

cpe-domain (MAP-T)

To configure the Customer Premises Equipment (CPE ) domain parameters, use the cpe-domain command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

cpe-domain {ipv4 | ipv6} [prefix address]

Syntax Description

ipv4

Specifies IPv4 parameters.
ipv6

Specifies IPv6 parameters.
prefix

Specifies the CPE domain IPv4 or IPv6 prefix.
address / length

Specifies IPv4 or IPv6 address and subnet mask.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the CPE domain's IPv6 prefix:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# cpe-domain ipv6 prefix 10:2::24/32

Examples

This example shows how to configure the CPE domain's IPv4 prefix:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# cpe-domain ipv4 prefix 202.38.102.0/24

Related Commands

Command Description

address-family (MAP-T)

 Configures IPv4 or IPv6 address for a MAP-T instance.  

clear cgn map-t statistics

 Clears the statistics of a MAP-T instance. 

contiguous-ports (MAP-T)

 Configures the number of contiguous ports for a MAP-T instance.  

external-domain (MAP-T)

 Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. 

sharing-ratio (MAP-T)

 Configures the port sharing ratio. 

show cgn map-t statistics

 Displays the MAP-T instance statistics.  

traceroute (MAP-T)

 Configures traceroute translation algorithms. 

datapath-test

To test the integrity of the ServiceApp data path and to shut down the SVI in case of a failure, use the datapath-test command in the 6rd configuration mode. To undo the detection of the failure and shutdown, use the no form of this command.

datapath-test [shut-down-on-failure]

Syntax Description

shut-down-on-failure

(Optional) If configured, the ServiceApp Interfaces for IPv4 and IPv6 are shut down when any of these interfaces fails.

Use this option only if redundant CGSEs capable of handling the traffic, when the failed ServiceApp interfaces are shutdown, are configured.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 5.2.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to shut down the interface: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 100
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 101
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-afi)# exit
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# datapath-test shut-down-on-failure

df-override (CGN)

To set the DF (Do not Fragment) bit to 0, use the df-override command . To restore the default behavior, use the no form of this command.

df-override

Syntax Description

df-override

Specifies the df-override bit.

Command Default

The df-override bit is set to 1.

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

Use the df-override command to set the DF bit to 0 when translating IPv6 packets to IPv4 packets, provided the original IPv6 packet size is less than 1280 bytes and there is no Fragment header.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the df-override command for the NAT64 stateless configuration. 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# df-override

Related Commands

Command Description

address-family ipv6 (Stateless NAT64)

Enters the IPv6 address family configuration mode.  

interface ServiceApp

Enables the application SVI interface. 

protocol icmp reset-mtu (CGN)

Resets the received packet size.  

service cgn

Enables an instance for the CGN application. 

service-type nat64 (Stateless)

Creates a nat64 stateless application  

tcp mss (CGN)

Adjusts the TCP maximum segment size value for a ServiceApp interface.  

traffic-class (CGN)

Configures the traffic class value to be used when translating a packet from IPv4 to IPv6  

dynamic-port-range (Stateful NAT64)

To configure ports dynamically ranging from 1 to 65535, use the dynamic-port-range command in NAT64 stateful configuration mode. To undo the configuration, use the no form of this command.

dynamic-port-range start port-number

Syntax Description

start

Specifies the starting range of port numbers.
value

Specifies the port number to be dynamically configured. The range is from 1 to 65535.

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to dynamically configure ports for a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# dynamic-port-range start 66
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

dynamic port range start

To configure the dynamic port range start value for a CGN NAT 44 instance, use the dynamic port range start command in the EXEC mode. These ports include TCP, UDP, and ICMP.

dynamic port range start value

Syntax Description

value

The value ranges between 1 to 65535.

Command Default

When the value is not configured, then the dynamic translations start from 1024.

Command Modes

CGN-NAT44 Configuration

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to execute the dynamic port range start value as 1048 for a NAT44 instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router#(config-cgn-nat44)dynamic port range start 1048

external-domain (MAP-T)

To configure the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses, use the external-domain command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

external-domain ipv6 prefix address subnet mask

Syntax Description

ipv6

Specifies IPv6 parameters.
prefix

Specifies the external domain IPv6 prefix.
address / length

Specifies IPv4 or IPv6 address and subnet mask.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the external domain's IPv6 prefix:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# external-domain ipv6 prefix 10:2::24/64

Related Commands

Command Description

address-family (MAP-T)

 Configures IPv4 or IPv6 address for a MAP-T instance.  

clear cgn map-t statistics

 Clears the statistics of a MAP-T instance. 

contiguous-ports (MAP-T)

 Configures the number of contiguous ports for a MAP-T instance.  

cpe-domain (MAP-T)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

sharing-ratio (MAP-T)

 Configures the port sharing ratio. 

show cgn map-t statistics

 Displays the MAP-T instance statistics.  

traceroute (MAP-T)

 Configures traceroute translation algorithms. 

external-logging (DS-LITE Netflow9)

To enable the external-logging facility for a DS-Lite instance, use the external-logging command in DS-Lite configuration mode. To disable external-logging, use the no form of this command.

external-logging netflow9

Syntax Description

netflow9

Netflow version 9 protocol is used for external logging.

Command Default

By default, external-logging is disabled.

Command Modes

DS-Lite configuration mode

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

The external-logging facility supports only netflow version 9.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to externally log data for a DS-Lite instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)#

external-logging (DS-LITE Syslog)

To enable the external-logging facility for a DS-Lite instance, use the external-logging command in DS-Lite configuration mode. To disable external-logging, use the no form of this command.

external-logging syslog server { address |{ address port number} host-name |{ name} path-mtu{ value} }

Syntax Description

syslog

Logs syslog information to an external server.

server

Specifies the location of the server to log the syslog information.

address

Specifies the IPv4 or IPv6 address of the server.

host-name

Specifies the host name used in syslog header.

path-mtu

Specifies the mtu of the path used for logging information.

Command Default

By default, external-logging is disabled.

Command Modes

DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to log syslog information for a DS-Lite instance: 


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#external-logging syslog
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)#server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#address 10.2.1.10 port 65
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)#

external-logging (NAT44 Netflow)

To enable the external-logging facility for an inside VRF of a CGN instance, use the external-logging command in CGN inside VRF NAT44 configuration mode. To disable external-logging, use the no form of this command.

external-logging netflow version 9

Syntax Description

netflow version 9

Netflow version 9 protocol is used for external logging.

Command Default

By default, external-logging is disabled.

Command Modes

CGN Inside VRF NAT44 configuration mode

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

The keyword netflow v9 has been modified to netflow version 9 .

Usage Guidelines

The external-logging command enters CGN inside VRF address family external logging configuration mode.

You can use NetFlow to export NAT table entries.

The external-logging facility supports only netflow version 9.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to enter the configuration mode for the netflow version 9 external-logging facility: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50

external-logging (NAT44 Syslog)

To enable the external-logging facility for syslog data, use the external-logging command in CGN inside VRF NAT44 configuration mode. To disable external-logging, use the no form of this command.

external-logging syslog server { address |{ address port number} host-name |{ name} path-mtu value protocol protocol-type }

Syntax Description

syslog

Logs syslog information to an external server.

server

Specifies the location of the server to log the syslog information.

address

Specifies the IPv4 or IPv6 address of the server.

host-name

Specifies the host name used in syslog header.

path-mtu

Specifies the mtu of the path used for logging information.

protocol

Specifies the layer 4 protocol used for logging information.

Command Default

By default, external-logging is disabled.

Command Modes

CGN Inside VRF NAT44 configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example show how to log syslog information for a NAT44 instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging syslog
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# address 10.10.0.0 port 50
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)#

external-logging (Stateful NAT64 Netflow)

To enable the external-logging facility for a NAT64 stateful instance, use the external-logging command in NAT64 Stateful configuration mode. To disable external-logging, use the no form of this command.

external-logging netflow version 9

Syntax Description

netflow version 9

Netflow version 9 protocol is used for external logging.

Command Default

By default, external-logging is disabled.

Command Modes

NAT64 stateful configuration mode

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to enter the configuration mode for the netflow version 9 external-logging facility: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

filter-policy

To enable address and port-based filtering, use the filter-policy command. To undo this configuration, use the no filter-policy command.

filter-policy

Syntax Description

ignore-port

This keyword is used to ignore the checking based on port. If this keyword is not specified, then the address as well as the port are checked.

Command Default

This command is disabled by default.

Command Modes

NAT44 Configuration Mode

Command History

Release Modification

Release 5.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure filter policy for a NAT44 instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#filter-policy

filter-policy (Stateful NAT64)

To configure address-dependant filter policy, use the filter-policy command in NAT64 stateful configuration mode. To undo the configuration, use the no form of this command.

filter-policy

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure address-dependant filter policy for a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# filter-policy
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

firewall

To enter the firewall mode and the protocol sub-mode, use the firewall command. To exit the firewall mode, use the no firewall command.

firewall

Syntax Description

protocol tcp

By specifying this keyword, the TCP protocol is selected. And the TCP related configuration can be defined.

Command Default

None

Command Modes

NAT44 Configuration Mode

Command History

Release Modification

Release 5.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to define TCP-related configuration for a NAT44 instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#firewall protocl tcp

fragment-timeout (Stateful NAT64)

To specify the time interval to store packet fragments, use the fragment-timeout command in NAT64 stateful configuration mode. To delete the time interval, use the no form of this command. The default timeout value is 2 seconds.

fragment-timeout value

Syntax Description

value

Specifies the timeout value in seconds. The range is from 0 to 15.

Command Default

2 seconds

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to specify the time interval to store packet fragments for a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# fragment-timeout 10
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

hw-module service cgn location

To enable a CGN service role on a specified location, use the hw-module service cgn location command in global configuration mode. To disable the CGN service role at the specified location, use the no form of this command.

hw-module service cgn location node-id

Syntax Description

node-id

Location of the service card for CGN that you want to configure. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

root-lr

read, write

Examples

This example shows how to configure the CGN service for location 0/2/CPU0: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# hw-module service cgn location 0/2/CPU0

Related Commands

Command Description

interface ServiceApp

Enables the application SVI interface. 

interface ServiceInfra

Enables the infrastructure SVI interface. 

service cgn

Enables an instance for the CGN application. 

service-location (CGN)

Enables the particular instance of the CGN application on the active and standby locations.  

inside-vrf (NAT44)

To enter inside VRF configuration mode for a NAT44 instance, use the inside-vrf command in NAT44 configuration mode. To disable this feature, use the no form of this command.

inside-vrf vrf-name

Syntax Description

vrf-name

Name for the inside VRF.

Command Default

None

Command Modes

NAT44 configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

The inside-vrf command enters NAT44 inside VRF configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to enter inside VRF configuration mode: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#

Related Commands

Command Description

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.  

protocol (NAT44)

 

service cgn

Enables an instance for the CGN application. 

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

interface ServiceApp

To enable the application SVI interface, use the interface ServiceApp command in global configuration mode. To disable a particular service application interface, use the no form of this command.

interface ServiceApp value

Syntax Description

value

Total number of service application interfaces to be configured. Range is from 1 to 2442000.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

The total number of service application interfaces per multi-service PLIM card cannot exceed 889.

The name of the serviceapp interfaces is serviceapp n where n can be a number between 1 to 2442000.

Task ID

Task ID

Operations

interface

read, write

Examples

This example shows how to configure a nat64 stateless service application interface: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)#address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)#interface ServiceApp 461

This example shows how to configure 6rd service application interface:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)#address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-6rd-afi)#interface ServiceApp 46

This example shows how to configure a nat44service application interface: 


RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#interface ServiceApp 1
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)#address-family ipv4

This example shows how to configure a DDoS TMS service application interface: 


RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#interface ServiceApp 1
RP/0/RP0/CPU0:router(config-if)#service sesh sesh1

interface ServiceInfra

To enable the infrastructure SVI interface, use the interface ServiceInfra command in global configuration mode. To disable a particular service infrastructure interface, use the no form of this command.

interface ServiceInfra value

Syntax Description

value

Total number of service infrastructure interfaces to be configured. Range is from 1 to 2000.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

Only one service infrastructure interface can be configured per ISM.


Note

The Infra SVI interface and its IPv4 address configuration are required to boot the CGSE. The IPv4 address is used as the source address of the netflow v9 logging packet.

Task ID

Task ID

Operations

interface

read, write

Examples

This example shows how to configure one service infrastructure interface:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1
RP/0/RP0/CPU0:router(config-if)#ipv4 address 3.1.1.1 255.255.255.248
RP/0/RP0/CPU0:router(config-if)#service-location 0/1/CPU0

ipv4 prefix (6rd)

To assign a value for the ipv4-prefix length to be used as part of both ends of tunnel, use the ipv4 prefix command in 6RD configuration mode. To remove the ipv4 prefix, use the no form of this command.

ipv4 prefix length value

Syntax Description

length

Indicates the IPv4 prefix length to be used while deriving the delegated IPv6 prefix.
value

IPv4 prefix length value. The range is from 0 to 31.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

This command assigns a value for the common ipv4 prefix length to be used as part of both ends of the tunnel. This is an optional br (Border Relay) tunnel configuration parameter. If this parameter is added or modified, the unicast address must be modified.

The sum of the ipv4 prefix length and ipv4 suffix length must not exceed 31. This value is used to calculate 6RD delegated prefix.

Once configured, the ipv4 prefix cannot be deleted individually. It must be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the ipv4 prefix length:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv4 prefix length 16

Related Commands

Command Description

ipv4 suffix (6rd)

 Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel. 

ipv6-prefix (6rd)

 Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. 

source-address (6rd)

 Assigns an ipv4 address as the tunnel source address. 

unicast address (6rd)

 Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. 

ipv4 suffix (6rd)

To assign a value for the ipv4-suffix length to be used as part of both ends of a tunnel, use the ipv4 suffix command in 6RD configuration mode. To remove the ipv4 suffix, use the no form of this command.

ipv4 suffix length value

Syntax Description

ipv4 suffix length

Specifies the IPv4 suffix length to be used while deriving the delegated IPv6 prefix.
value

Length of the IPv4 suffix. The range is from 0 to 31.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

This command assigns a value for the common ipv4 suffix length to be used as part of both ends of the tunnel. This is an optional br (Border Relay) tunnel configuration parameter. If this parameter is added or modified, the unicast address should also be modified.


Note

The sum of the ipv4 prefix length and ipv4 suffix length must not exceed 31. This value is used to calculate 6RD delegated prefix.


Note

Once configured, the ipv4 suffix cannot be deleted individually. It must be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the ipv4 suffix length:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv4 suffix length 15

Related Commands

Command Description

ipv4 prefix (6rd)

 Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel. 

ipv6-prefix (6rd)

 Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. 

source-address (6rd)

 Assigns an ipv4 address as the tunnel source address. 

unicast address (6rd)

 Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. 

ipv4 (Stateful NAT64)

To assign an ipv4 address pool to be used by a NAT64 stateful instance and to map an internal ipv6 address to a public ipv4 address, use the ipv4 command in NAT64 stateful configuration mode. To unassign the address pool, use the no form of this command.

The maximum number of address pools that can be assigned is 8.

ipv4 address-pool address/prefix

Syntax Description

address-pool

Specifies the IPv4 address pool.
address/prefix

Indicates the start address and prefix of the address pool

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to assign an IPv4 address pool for a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# ipv4 address-pool 10.2.2.24/3

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

ipv6-prefix (6rd)

To generate the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application, use the ipv6-prefix command in 6RD configuration mode. To remove the ipv6 prefix assigned for the application, use the no form of this command.

ipv6-prefix X:X::X/length IPV6 subnet mask

Syntax Description

X:X::X/length

IPv6 address.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

The ipv6-prefix command is used for Border Relay (BR) tunnel configurations. It is used to generate a delegated ipv6 prefix for the BR-related configuration. This is a mandatory br tunnel parameter. All mandatory parameters must be added or deleted at the same time.


Note

For a given 6RD domain, there is exactly one 6RD prefix. The ipv6-prefix command is used to convert the ipv4 address into ipv6 address for use by the 6RD domain.


Note

For a 6RD tunnel, configure the ipv6-prefix , ipv4 source-address , and unicast IPv6 address in a single commit operation. Once configured, the ipv6-prefix cannot be deleted individually. It must be deleted along with all the br tunnel configuration parameters.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enter the ipv6-prefix for the 6RD CGN instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# ipv6-prefix 2010:db8:ff00::/40

Related Commands

Command Description

ipv4 prefix (6rd)

 Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel. 

ipv4 suffix (6rd)

 Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel. 

source-address (6rd)

 Assigns an ipv4 address as the tunnel source address. 

unicast address (6rd)

 Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. 

ipv6-prefix (Stateful NAT64)

To convert an IPv6 address to an IPv4 address, use the ipv6-prefix command in NAT64 stateful configuration mode. To use the default prefix - 64:FF9B::/96, use the no form of this command.

ipv6-prefix ipv6 address and prefix

Syntax Description

ipv6 address and prefix

Specifies the IPv6 address and prefix.

Command Default

Default prefix - 64:FF9B::/96

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure an IPv6 prefix:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# ipv6-prefix 2001:db8::/32

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

map (NAT44)

To map an outside VRF and address pool to an inside vrf, use the map command in CGN inside VRF NAT44 configuration submode. To explicitly pair the inside and the outside Service Application Interfaces (ServiceApps), use the outsideserviceapp option. Suppose if there are 4 or more ServiceApps configured, then there are chances that two or more inside ServiceApps get paired to the same outside ServiceApp, thus excluding other outside ServiceApps. Because of this mapping, the unpaired ServiceApps may drop traffic in the egress path. Hence the explicit pairing is required between an inside ServiceApp and an outside ServiceApp. To remove the outside VRF, explicit ServiceApp pairing, and address pool mapping for the specified inside VRF of a CGN instance, use the no form of this command.

map [outsideserviceapp serviceapp serviceapp-number] [outside-vrf outside-vrf-name] address-pool address/ prefix

Syntax Description

outsideserviceapp

Pairs the inside and the outside ServiceApps explicitly.

serviceapp

Service application interfaces that need to be paired.

serviceapp-number

Number that indicates each ServiceApp. The range is from 1 to 2000.

outside-vrf

Maps to a given outside VRF.

outside-vrf-name

Name of outside VRF.

number

Number that indicates each service application. The range is from 1 to 2000.

address-pool

Address pool to which the inside VRF is mapped.

address/prefix

Network address and prefix for the address pool. The prefix must not be less than 16.

address/prefix

Network address and prefix for the address pool. The minimum prefix value is 30.

Command Default

None

Command Modes

CGN inside VRF NAT44 configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

The map command maps the inside VRF to an outside VRF and assigns an outside address pool for the mapping.

If the outside VRF name is not specified, the default VRF is considered.

There is only one NAT44 instance for each CGN instance. An inside-VRF can be present in only one CGN instance. One inside-VRF can be mapped to only one outside-VRF. There can be multiple non-overlapping address-pools in a particular outside-VRF. The address pools being used on a CRS box for the outside-VRFs must not overlap with each other. An outside-VRF can be present in multiple CGN instances with different address pools. If the outside-VRF name is not specified, the default VRF is enabled.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the outside VRF and to assign the outside address pool for the mapping: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map outside-vrf outsidevrf1 address-pool 
10.2.2.0/24

This example shows how to explicitly pair the inside and outside ServiceApps.


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map outsideserviceapp serviceapp 2 outside-vrf ovrf1 address-pool 10.2.2.0/24

Related Commands

Command Description

inside-vrf (NAT44)

Enters inside VRF configuration mode for a NAT44 instance.  

service cgn

Enables an instance for the CGN application. 

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

map (DS-LITE)

To map a private IPv4 source address coming over the DS-Lite tunnel to an address in a IPv4 public address pool, use the map command in CGN DS-Lite configuration mode. To undo the mapping, use the no form of this command.

map address-pool address/prefix

Syntax Description

address-pool

Specifies the IPv4 map address pool.

address/prefix

Specifies the address and prefix for the address pool.

Command Default

None

Command Modes

CGN DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to map a private IPv4 source address coming over the DS-Lite tunnel to an address in a IPv4 public address pool: 


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#map address-pool 10.1.1.2/2
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

mirror-packets

To enable the mirroring the data packets and filter the traffic based on the set of parameters, use the mirror-packets command in CGN inside VRF external logging server configuration mode. To disable the configuration, use the no form of this command.

mirror-packets destination-ipv4-address protocol-type port source-prefix collector-ipv4-address

Syntax Description

mirror-packets

Configures the data traffic to be mirrored to a configured destination (host) IPv4 address.

destination-ipv4-address

IPv4 address of the destination (host)

protocol type

The protocol type used.

port

Configures the inside port for static forwarding. The port keyword allows a specific UDP, TCP, or ICMP port on a global address to be translated to a specific port on a private address.

source-prefix

Source IPv4 address.

collector-ipv4-address

IPv4 address of the collector.

Command Default

Command Modes

CGN inside VRF external logging server configuration

Command History

Release Modification

Release 5.2.2

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
cgn

read, write

Examples

The following example shows how to configure mirroring the data packets with the destination IPv4 address, protocol type, port number, source-prefix, and collector IPv4 address. 


service cgn cgn1
 service-location preferred-active 0/1/CPU0
 service-type nat44 nat1
  inside-vrf BLR_BTM3
   mirror-packets
    destination-ipv4-address 201.22.3.45
     protocol-type tcp udp
     port 4002
     source-prefix 100.1.1.252/30
    !
    collector-ipv4-address 187.2.4.5
   !
  !
 !
!

mss (DS-LITE)

To enable the TCP maximum segment size (MSS) adjustment value for a DS-Lite instance and to adjust the MSS value of the TCP SYN packets going through, use the mss command in DS-Lite configuration mode. To disable the packets to override the TCP MSS value, use the no form of this command.

mss size

Syntax Description

size

Size, in bytes, to be applied for the MSS value. Range is from 28 to 1500.

Command Default

By default, the TCP maximum segment size (MSS) adjustment is disabled.

Command Modes

DS-Lite configuration mode

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

The MSS value, which is configured using the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.

The mss command adjusts the MSS value of the TCP SYN packets.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the mss value for a DS-Lite instance:


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#mss 66

mss (NAT44)

To enable the TCP maximum segment size (MSS) adjustment value for an inside VRF of a specified CGN instance and to adjust the MSS value of the TCP SYN packets going through, use the mss command in CGN inside VRF NAT44 protocol configuration mode. To disable the packets to override the TCP MSS value, use the no form of this command.

mss size

Syntax Description

size

Size, in bytes, to be applied for the MSS value. Range is from 28 to 1500.

Command Default

Default is disabled for the TCP maximum segment size (MSS) adjustment.

Command Modes

CGN inside VRF NAT44 protocol configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

The MSS value, which is configured using the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.

The mss command adjusts the MSS value of the TCP SYN packets.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure TCP MSS value as 1100 for the CGN instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# mss 1100

nat-mode

To enter the predefined mode for NAT44, use the nat-mode command. To disable this mode, use the no nat-mode command.

nat-mode {predefined}

Syntax Description

predefined

Maps a private IP address to a specific port range of the corresponding public IP address. This keyword is for the predefined mode.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.3.2

This command was introduced.

Release 5.2.0

This command was modified.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

Applicable until Release 5.1.x.
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map address-pool 198.12.0.0/24
RP/0/RP0/CPU0:router(config-cgn-invrf)# nat-mode predefined
RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)# 

Applicable for Release 5.2.x and above.
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)#inside-vrf insidevrf1

RP/0/RP0/CPU0:router(config-cgn-invrf)#map outside-vrf blue address-pool 100.0.0.0/24
RP/0/RP0/CPU0:router(config-cgn-invrf)#nat-mode 
RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)#predefined private-pool 103.1.106.0/24

path-mtu (6rd)

To configure the ipv4 tunnel MTU (Maximum Transmission Unit) size in bytes, use the path-mtu command in 6RD configuration mode. To reset the MTU to its default value, use the no form of this command.

path-mtu value

Syntax Description

value

Path-MTU value, in bytes. The range is from 1280 to 1480.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

This command configures the path MTU size, in bytes, for the ipv4 tunnel. If the size of any incoming packet is more than this path MTU, then an ICMP error is sent as a response.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the path-mtu with the value of 1500: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# path-mtu 1500

path-mtu (DS-LITE)

To assign the path Maximum Transmission Unit (MTU) for the tunnel between routers for every ds-lite instance, use the path-mtu command in DS-Lite configuration mode. To delete the mtu value, use the no form of this command.

path-mtu value

Syntax Description

value

Specifies the MTU value of the tunnel in bytes. The range is from 1280 to 9216. The default value is 1280, which is the minimum IPv6 path MTU.

Command Default

None

Command Modes

DS-Lite configuration

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to assign the path mtu for the tunnel between routers: 


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#path-mtu 1282
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command Description
protocol (NAT44)  

path-mtu (DS-LITE Netflow9)

To set the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information of a DS-Lite instance, use the path-mtu command in DS-Lite external logging server configuration mode. To return to the default behavior, use the no form of this command.

path-mtu value

Syntax Description

value

Specifies the path mtu value in bytes. The range is from 100 to 2000.

Command Default

None

Command Modes

DS-Lite external logging server configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to set the path-mtu value for a DS-Lite instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# path-mtu 200

Related Commands

Command Description

address (DS-LITE Netflow9)

  

refresh rate (DS-LITE Netflow9)

  

timeout (DS-LITE Netflow9)

 Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance. 

path-mtu (MAP-E)

To configure the path Maximum Transmission Unit (MTU) of the tunnel, use the path-mtu command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

path-mtu value

Syntax Description

value

Tunnel path MTU value, in bytes. The range is from 1280 to 9216.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the tunnel path MTU value:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# path-mtu 1300

Related Commands

Command Description

address-family (MAP-E)

 Configures IPv4 or IPv6 address for a MAP-E instance. 

aftr-endpoint-address (MAP-E)

 Configures the IPv6 address of Address Family Transition Router (AFTR). 

contiguous-ports (MAP-E)

 Configures the number of contiguous ports for a MAP-E instance.  

cpe-domain (MAP-E)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

sharing-ratio (MAP-E)

 Configures the port sharing ratio. 

path mtu

To configure the path Maximum Transmission Unit (MTU) of the tunnel, use the path-mtu command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

path-mtuvalueno path-mtuvalue

Syntax Description

value

Tunnel path MTU value, in bytes. The range is from 100 to 2000.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release

Modification

Release 6.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the tunnel path MTU value:


RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RSP0/CPU0:router(config-cgn)# service-type map-t-cisco map-t-inst
RP/0/RSP0/CPU0:router(config-cgn)# address-family ipv4
RP/0/RSP0/CPU0:router(config-cgn-mapt-afi)# path-mtu 1300

Note

If the path-mtu value is not specified, 1500 bytes is considered as the default Tunnel Path MTU value for IPv4 packets. For IPv6 packets the default value is 1280 bytes.

path-mtu (NAT44 Netflow Version 9)

To configure the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a NAT44 instance, use the path-mtu command in NAT44 inside VRF address family external logging server configuration mode. To revert back to the default of 1500, use the no form of this command. This command restricts the maximum size of the Netflow-version 9 logging packet

path-mtu value

Syntax Description

value

Value, in bytes, of the path-mtu for the netflowv9-based external-logging facility. Range is from 100 to 9200.

Command Default

By default, the value of the path-mtu for the netflowv9-based external-logging facility is set to 1500.

Command Modes

NAT44 inside VRF address family external logging server configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

This NAT44 specific command configures the value of the path-mtu for the netflowv9 based external logging facility for an inside-VRF of NAT44 instance.

This command restricts the maximum size of the Netflow-v9 logging packet. The path-mtu value ranges from 100 to 9200. The netflowv9-based external-logging facility is exported by using the NAT table entries.


Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu, refresh-rate and timeout are applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the path-mtu with the value of 2900 for the netflowv9-based external-logging facility: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# path-mtu 2900

Related Commands

Command Description

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.  

inside-vrf (NAT44)

Enters inside VRF configuration mode for a NAT44 instance.  

server (NAT44)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility. 

service cgn

Enables an instance for the CGN application. 

path-mtu (Stateful NAT64 Netflow Version 9)

To set the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information for a NAT64 Stateful instance, use the path-mtu command in NAT64 Stateful configuration mode. To return to the default behavior, use the no form of this command.

path-mtu value

Syntax Description

value

Specifies the path mtu value in bytes. The range is from 100 to 2000.

Command Default

None

Command Modes

NAT64 Stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to set the path-mtu value for a NAT64 Stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# path-mtu 200

Related Commands

Command Description

address (Stateful NAT64 Netflow Version 9)

  

refresh rate (Stateful NAT64 Netflow Version 9)

 Configures the refresh rate to log NetFlow-based external logging information. 

session-logging (Stateful NAT64 Netflow Version 9)

 Enables session logging for a NAT64 Stateful instance. 

timeout (Stateful NAT64 Netflow Version 9)

 Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. 

pcp-server (DS-LITE)

To configure a PCP server for a DS-Lite instance, use the pcp-server command in DS-Lite configuration mode. To undo the configuration, use the no form of this command.

pcp-server port port number

Syntax Description

pcp-server

Specifies the PCP server to be configured.

port

Specifies the port of the PCP server.

port number

The port number range is from 1 to 65535. The default port number is 5351.

Command Default

None

Command Modes

DS-Lite configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure a PCP server for a DS-Lite instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# pcp-server port 66

pcp-server (NAT44)

To configure a PCP server for a NAT44 instance, use the pcp-server command in NAT44 configuration mode. To undo the configuration, use the no form of this command.

pcp-server address IPv4 address port port number

Syntax Description

pcp-server

Specifies the PCP server to be configured.
address

Specifies the address of the PCP server.
IPv4 address

IPv4 address.
port

Specifies the port of the PCP server.
port number

The port number range is from 1 to 65535. The default port number is 5351.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure a PCP server for a NAT44 instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat-44-inst
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst
RP/0/RP0/CPU0:router(config-cgn-invrf)# pcp-server address 10.2.2.30 port 66

Related Commands

Command Description

pcp-server (DS-LITE)

 Configures a Port Control Protocol (PCP) server for a DS-Lite instance.  

port-limit (DS-LITE)

To restrict the number of entries per private IPv4 address for a given ds-lite instance, use the port-limit command in DS-Lite configuration mode. To delete the port-limit values, use the no form of this command.

port-limit value

Syntax Description

value

Specifies the value of the port-limit. The range is from 1 to 65535. The default value is 100.

Command Default

None

Command Modes

DS-Lite configuration

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to restrict the number of entries per address on a given DS-Lite instance: 


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#port-limit 500
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#

Related Commands

Command Description
protocol (NAT44)  

portlimit (NAT44)

To limit the number of translation entries per source address, use the portlimit command in CGN configuration mode. To revert back to the default value of 100, use the no form of this command.

portlimit value

Syntax Description

value

Value for the port limit. Range is from 1 to 65535.

Command Default

If the port limit is not configured, the default value is 100 per CGN instance.

Command Modes

CGN configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

This is a NAT44 service type specific command to be applied for each CGN instance.

The portlimit command configures the port limit per subscriber for the system, including TCP, UDP, and ICMP. In addition, the portlimit command restricts the number of ports that is used by an IPv4 address; for example, it limits the number of CNAT entries per IPv4 address in the CNAT table.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how the port-limit needs can increased from the default value of 100 to a higher value of 500: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# portlimit 500

Related Commands

Command Description

service cgn

Enables an instance for the CGN application. 

portlimit (NAT44_Inside-VRF)

To limit the number of translation entries of each source address, for each VRF instance, use the portlimit command in Inside-VRF configuration mode. To return to the default value of 100, use the no form of this command.

portlimit value

Syntax Description

value

Value for the port limit. The range is from 1 to 65535.

Command Default

By default, there are 100 translation entries for each VRF instance.

Command Modes

Inside-VRF configuration

Command History

Release

Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to set the port-limit of 500 for a VRF instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf invrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# portlimit 500

Related Commands

Command Description

bulk-port-alloc (NAT44)

Allocates a number of contiguous outside ports in bulk to reduce Netflow/Syslog data volume.  

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.  

external-logging (NAT44 Syslog)

Enables external logging of the syslog data for a NAT44 instance.  

portlimit (Stateful NAT64)

To restrict the number of ports used by an IPv6 address, use the portlimit command in NAT64 stateful configuration mode. To use the default port limit of 100 per NAT64 instance, use the no form of this command.

portlimit value

Syntax Description

value

Specifies the port limit value. The range is from 1 to 65535.

Command Default

100 ports per NAT64 stateful instance

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to set a port limit on a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# portlimit 600

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

port-set

To create a port-set with a unique name, use the port-set command in the Carrier Grade NAT (CGN) configuration mode. To delete the port-set, use the no form of this command.

port-set name

Syntax Description

name

Specifies the name of the port-set to be created.

Command Default

None

Command Modes

CGN configuration mode

Command History

Release Modification
Release 5.3.1

This command was introduced.

Usage Guidelines

Each port-set can contain up to 20 ports per UDP or TCP transport protocol. If a port-set is in use by one or more NAT inside-vrf instances, users cannot delete that port-set until the associations with all NAT inside-vrf instances are removed. However, the user can modify the contents of port-set while they are in use and the modifications take effect immediately.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to create a port-set for a CGN instance: 

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# port-set set1
RP/0/RP0/CPU0:router(config-cgn-portset)#

private-pool

To create a pool of private addresses that have to be assigned to the subscribers in a VPN Routing and Forwarding (VRF), use the private-pool command. To disable the pool of addresses, use the no private-pool command.

private-pool ip address/prefix

Syntax Description

ip address/prefix

Specifies the address and the prefix for the private pool of IP addresses.

Command Default

none

Command Modes

Global Configuration mode

Command History

Release Modification

Release 4.3.2

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure a private pool of IP addresses:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map address-pool 198.12.0.0/16
RP/0/RP0/CPU0:router(config-cgn-invrf)# nat-mode predefined
RP/0/RP0/CPU0:router(config-cgn-invrf-natmode)# private-pool 192.1.106.0/16

protocol (CGN)

To enter ICMP, TCP, and UDP protocol configuration mode for a given CGN instance, use the protocol command in the appropriate configuration mode. To remove all the features that are enabled under the protocol configuration mode, use the no form of this command.

protocol {icmp | tcp | udp} {mss | <28-1500>} {static-forward inside address | <A.B.C.D> | port | <1-65535>}

Syntax Description

icmp

Enters ICMP protocol configuration mode.

tcp

Enters TCP protocol configuration mode.

udp

Enters UDP protocol configuration mode.

<28-1500>

Maximum segment size to be used in bytes.

static-forward

Configures a static port.

inside

Specifies inside network configuration..

address

Specifies the inside address for static-forward.

<A.B.C.D>

Specifies the inside IP address.

address

Specifies the port number for static-forward.

Command Default

None

Command Modes

CGN inside VRF NAT44 configuration mode

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

The protocol command enters the appropriate CGN NAT44 configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the ICMP protocol for a CGN instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-invrf-icmp)# static-forward inside address 192.0.2.1 port 650

Related Commands

Command Description

service cgn

Enables an instance for the CGN application. 

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

protocol (External Logging)

To configure the protocol to be used to transfer the NetFlow and Syslog records for external logging, use the protocol command.

protocol {tcp | udp}

Syntax Description

tcp

Enables reliable log transfer feature. TCP is used to transfer the NetFlow and Syslog records to an external NetFlow or Syslog server.

udp

UDP is used to transfer the NetFlow and Syslog records to an external NetFlow or Syslog server.

Command Default

UDP is the default protocol used to transfer the NetFlow and Syslog records.

Command Modes

CGN Inside VRF NAT44 configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the TCP as the protocol to transfer the NetFlow records: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)#protocol tcp

This example shows how to configure the TCP as the protocol to transfer the Syslog records: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging syslog
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# address 10.10.0.0 port 50
RP/0/RP0/CPU0:router(config-cgn-invrf-syslog-server)# protocol tcp

protocol (port-preservation)

To enter the TCP and UDP protocol configuration mode and specify the ports to be preserved, use the protocol command in the port-set configuration mode. To remove the ports that are preserved, use the no form of this command.

protocol {udp | tcp} {preserve-ports port-number}

Syntax Description

udp

Enters the UDP protocol configuration mode.

tcp

Enters the TCP protocol configuration mode.

preserve-ports

Preserves the ports.

port number

Port number. The range is from 1 to 4294967295. Users can enter up to 20 port numbers separated by space per protocol.

Command Default

None

Command Modes

Port-set configuration mode.

Command History

Release Modification
Release 5.3.1

This command was introduced.

Usage Guidelines

The no form of the protocol command must not be used when the port-set is in use by an inside-vrf instance. However, users can modify the port-numbers under the TCP or UDP protocol.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enter the protocol configuration mode and specify the ports to be preserved: 

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# port-set set1
RP/0/RP0/CPU0:router(config-cgn-portset)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# preserve-port 1021 1031 1041 1101 1202 1303 1404 15015 1606


RP/0/RP0/CPU0:router(config-cgn-portset)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# preserve-port 1020 1050 1100 1200 1300 1400 1500 1600

protocol (DS-LITE)

To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.

protocol {icmp | tcp | udp} {session | active | initial}{timeout value}

Syntax Description

icmp

Enters the ICMP protocol configuration mode.
tcp

Enters the TCP protocol configuration mode.
udp

Enters the UDP protocol configuration mode.
session

Session related configuration.
active

Active session timeout
initial

Initial session timeout
timeout

Session timeout
value

Timeout in seconds. The range is from 1 to 65535.

Command Default

None

Command Modes

DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure TCP protocol for a DS-Lite instance:


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)# session active timeout 56
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#

Examples

This example shows how to configure static forwarding in a TCP session for a DS-Lite instance:


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)#static-forward inside address
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto-addr)#tunnel-source 10:2::2/22 host 10.1.1.2 port 64
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto-addr)#

protocol (NAT44)

To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.

protocol {gre | icmp | tcp | udp} {session | active | initial} {timeout value}

Syntax Description

gre

Enters the GRE protocol configuration mode.

icmp

Enters the ICMP protocol configuration mode.

tcp

Enters the TCP protocol configuration mode.

udp

Enters the UDP protocol configuration mode.

session

Session related configuration.

active

Active session timeout

initial

Initial session timeout

timeout

Session timeout

value

Timeout in seconds. The range is from 1 to 65535.

Command Default

None

Command Modes

NAT44 configuration mode

Command History

Release Modification
Release 4.1.0

This command was introduced.

Release 4.3.0

The keyword, gre was added.

Usage Guidelines

The protocol command enters the appropriate CGN AFI configuration mode.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the ICMP protocol for a CGN instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol icmp timeout 120

This example shows how to configure the UDP protocol for a CGN instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp session initial timeout 120
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp session active timeout 180

This example shows how to configure the TCP protocol for a CGN instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp session active timeout 180

Examples

This example shows how to configure GRE for a NAT44 instance: 

RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#service-type nat44 nat44-1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol gre
RP/0/RP0/CPU0:router(config-cgn-nat44-proto)#

protocol (Stateful NAT64)

To enter the ICMP, TCP, and UDP protocol configuration mode, use the protocol command in NAT64 stateful configuration mode. To remove all features that are enabled under the protocol configuration mode, use the no form of this command.

protocol {icmp | tcp | udp} [ {address IPv4 address} {port port number} {timeout value} {v4-init-timeout value} session {active | initial}]

Syntax Description

icmp

Enters the ICMP protocol configuration mode.
tcp

Enters the TCP protocol configuration mode.
udp

Enters the UDP protocol configuration mode.
address

Specifies the IPv4 address for which the timeout value to be set.
IPv4 address

IPv4 address.
port

Specifies the port for which the timeout value to be set.
port number

Port number. the range is from 1 to 65535.
timeout

Specifies the session timeout
value

Timeout in seconds. The range is from 1 to 65535.
v4-init-timeout

Specifies the v4 initiated sessions for which the timeout value to be set.
value

Timeout in seconds. The range is from 1 to 65535.
session

Specifies the session related configuration.
active

Active session timeout
initial

Initial session timeout

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure timeout for a TCP session per NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol tcp
RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#session active timeout 90

Examples

This example shows how to configure timeout for a UDP session per NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol udp
RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#timeout 90

Examples

This example shows how to configure timeout for an ICMP session per NAT64 stateful instance:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#protocol icmp
RP/0/RP0/CPU0:router(config-cgn-nat64-stful-proto)#timeout 90

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

protocol icmp reset-mtu (CGN)

To reset the received packet size to 1280 when the received ipv4 ICMP packet size is less than 1280 bytes, use the protocol icmp reset-mtu command . To copy the received icmp packet size when translating ipv4 to ipv6 packets, use the no form of this command.

protocol icmp reset-mtu

Syntax Description

This command has no keywords or arguments.

Command Default

Received packet size will be copied when translating ipv4 to ipv6 for icmp packets.

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

When the icmp reset-mtu protocol is enabled, the ICMP packet size is reset to 1280.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the icmp reset-mtu protocol for a CGN instance: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-icmp)# reset-mtu

Related Commands

Command Description

address-family ipv6 (Stateless NAT64)

Enters the IPv6 address family configuration mode.  

ipv6-prefix (6rd)

Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. 

service cgn

Enables an instance for the CGN application. 

service-type nat64 (Stateless)

Creates a nat64 stateless application  

traceroute (CGN)

Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received.  

ubit-reserved (CGN)

Reserves the bits 64 to 71 for the IPv6 addresses.  

reassembly-enable (6rd)

To reassemble fragmented packets, use the reassembly-enable command in 6RD configuration mode. To disable the reassembly of fragmented packets, use the no form of this command.

reassembly-enable

Syntax Description

This command has no keywords or arguments.

Command Default

By default, reassembly is not allowed.

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to apply the reassembly-enable command for a 6RD tunnel: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# reassembly-enable

refresh-direction (NAT44)

To configure the Network Address Translation (NAT) mapping refresh direction for the specified CGN instance, use the refresh-direction command in NAT44 configuration mode. To revert back to the default value of the bidirection, use the no form of this command.

refresh-direction Outbound

Syntax Description

Outbound

Configures only the refresh direction for outbound.

Command Default

If the NAT refresh direction is not configured, the default is bidirectional.

Command Modes

NAT44 configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

This is a NAT44 service type specific command to be applied for each CGN instance.

Translation entries that do not have traffic flowing for specific time period are timed out and deleted to prevent unnecessary usage of system resources. Any traffic for a particular translation entry refreshes the entry and prevents it getting timed out. Usually, the refresh is based on packets coming from both inside and outside. This is referred to as bi-directional refresh mechanism. However, bidirectional refresh can lead to denial of service (DoS) attacks because someone from the outside can periodically refresh the entries even though there is no inside traffic.

When NAT refresh direction is configured as Outbound, the translation entries are refreshed only by traffic flowing from inside to outside and prevent DoS attacks.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the mapping refresh direction for outbound: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# refresh-direction outbound

Related Commands

Command Description

service cgn

Enables an instance for the CGN application. 

refresh-direction (Stateful NAT64)

To specify the outbound refresh direction, use the refresh-direction command in NAT64 stateful configuration mode. To delete refresh direction, use the no form of this command.

refresh-direction

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to specify the outbound refresh direction for a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# refresh-direction outbound
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

refresh-rate (NAT44 Netflow Version 9)

To configure the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance, use the refresh-rate command in CGN inside VRF external logging server configuration mode. To revert back to the default value of 500 packets, use the no form of this command.

refresh-rate value

Syntax Description

value

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

value : 500

Command Modes

CGN inside VRF external logging server configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

The netflowv9-based logging facility requires that a logging template be sent to the server periodically. The refresh-rate value implies that after sending that number of packets to the server, the template is resent. The timeout value implies that after that number of minutes have elapsed since the template was last sent, the template is resent to the logging server. The refresh-rate and timeout values are mutually exclusive; that is, the one that expires first, is the one taken into consideration for resending the template.


Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu , refresh-rate and timeout are applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the refresh rate value of 50 for NetFlow logging for the NAT table entries: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# refresh-rate 50

Related Commands

Command Description

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.  

inside-vrf (NAT44)

Enters inside VRF configuration mode for a NAT44 instance.  

server (NAT44)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility. 

service cgn

Enables an instance for the CGN application. 

show cgn nat44 statistics

Displays the contents of the NAT44 CGN instance statistics.  

refresh rate (DS-LITE Netflow9)

To configure the refresh rate to log NetFlow-based external logging information of a DS-Lite instance, use the refresh-rate command in DS-Lite external logging server configuration mode. To return to the default value, use the no form of this command.

refresh-rate value

Syntax Description

value

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

value : 500

Command Modes

DS-Lite external logging server configuration

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines


Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu , refresh-rate and timeout are applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the refresh rate value of 50 for a DS-Lite instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# refresh-rate 50

Related Commands

Command Description

address (DS-LITE Netflow9)

  

path-mtu (DS-LITE Netflow9)

 Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. 

timeout (DS-LITE Netflow9)

 Configures the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance. 

refresh rate (Stateful NAT64 Netflow Version 9)

To configure the refresh rate to log NetFlow-based external logging information for a NAT64 Stateful instance, use the refresh-rate command in NAT64 Stateful configuration mode. To return to the default value of 500 packets, use the no form of this command.

refresh-rate value

Syntax Description

value

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

500 packets

Command Modes

NAT64 Stateful configuration mode

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the refresh rate value of 50 for NetFlow logging for the NAT table entries: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# refresh-rate 50

Related Commands

Command Description

address (Stateful NAT64 Netflow Version 9)

  

path-mtu (Stateful NAT64 Netflow Version 9)

 Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. 

session-logging (Stateful NAT64 Netflow Version 9)

 Enables session logging for a NAT64 Stateful instance. 

timeout (Stateful NAT64 Netflow Version 9)

 Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. 

reset-df-bit (6rd)

To reset the Do Not Fragment (DF) bit to enable anycast mode, use the reset-df-bit command in 6RD configuration mode. To disable the anycast mode, use the no form of this command.

reset-df-bit

Syntax Description

This command has no keywords or arguments.

Command Default

Anycast mode is disabled.

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to reset the DF bit: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# reset-df-bit

sequence-check

To configure sequence number check in the TCP configuration, use the sequence-check command. To disable this sequence check, use the no sequence-check command.

sequence-check

Syntax Description

diff-window

This optional keyword allows user to configure a value equal to the difference between the expected and received sequence numbers. The range for this value is 0 to 1,073,725,440.

If this keyword is not specified, then the difference is automatically computed for each TCP session based on the negotiated window size while establishing a connection.

It is recommended that the user does not configure a specific diff-window. This value will be decided based on the client-server negotiation for every TCP session. But if there are particular deployment scenarios, the diff-window can be configured with a value from the specified range.

Command Default

None

Command Modes

NAT44 Configuration Mode

Command History

Release Modification

Release 5.1.1

This command was introduced.

Usage Guidelines

If a packet's sequence number is not the same as the expected value (which is equal to expected sequence number +/- diff-window), even then the packet is accepted. This is because there could be a packet loss along the way. If the value of diff-window is 0, then the sequence number of each packet should be an exact match of the expected sequence number.

Task ID

Task ID Operation

cgn

read, write

Examples


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)#firewall protocl tcp
RP/0/RP0/CPU0:router(config-cgn-invrf)#sequence-check

server (NAT44)

To enable the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility, use the server command in NAT44 inside-VRF external logging configuration mode. To disable this feature, use the no form of this command. External logging of NAT Entries gets disabled.

server

Syntax Description

This command has no arguments or keywords.

Command Modes

NAT44 inside VRF external logging configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

The server command enters NAT44 inside VRF address family external logging server configuration mode.

The NAT44 server command configures the ipv4 address and port number for the server to be used for netflowv9 based external logging facility for an inside-VRF of a NAT44 instance.


Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu , refresh-rate and timeout are applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the logging information for the IPv4 address and server: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# address 10.10.0.0 port 50

Related Commands

Command Description

address (NAT44 NetflowV9)

Enables the IPv4 address of the server that is used for logging the entries for the Network Address Translation (NAT) table. 

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.  

inside-vrf (NAT44)

Enters inside VRF configuration mode for a NAT44 instance.  

path-mtu (NAT44 Netflow Version 9)

Configures the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility for the inside VRF of a NAT44 instance. 

refresh-rate (NAT44 Netflow Version 9)

Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance. 

service cgn

Enables an instance for the CGN application. 

show cgn nat44 statistics

Displays the contents of the NAT44 CGN instance statistics.  

timeout (NAT44 Netflow Version 9)

Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. 

service cgn

To enable an instance for the CGN application, use the service cgn command in global configuration mode. To disable the instance of the CGN application, use the no form of this command.

service cgn instance-name

Syntax Description

instance-name

Name of the CGN instance that is configured.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

The service cgn command enters CGN configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the instance named cgn1 for the CGN application: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)#

service-location (CGN)

To enable the particular instance of the CGN application on the active and standby locations, use the service-location command in CGN configuration mode. To disable the instance that runs at the location of the CGN application, use the no form of this command.

service-location preferred-active node-id [preferred-standby node-id]

Syntax Description

preferred-active node-id

Specifies the location in which the active CGN application starts. The node-id argument is entered in the rack/slot/module notation.

preferred-standby node-id

(Optional) Specifies the location in which the standby CGN application starts. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

CGN configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to specify active and standby locations for the CGN application: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn-nat44)# service-location preferred-active 0/1/CPU0 preferred-standby 0/4/CPU0

Related Commands

Command Description

hw-module service cgn location

Enables a CGN service role on a specified location.  

interface ServiceApp

Enables the application SVI interface. 

interface ServiceInfra

Enables the infrastructure SVI interface. 

service cgn

Enables an instance for the CGN application. 

service location MAP-T

To enable the particular instance of the CGN application on the active location, use the service-location command in CGN configuration mode. To disable the instance that runs at the location of the CGN application, use the no form of this command.

service-location preferred-active node-id

no service-location preferred-active node-id

Syntax Description

preferred-active node-id

Specifies the location in which the active CGN application starts. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

CGN configuration

Command History

Release

Modification

Release 6.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to specify active locations for the CGN application:


RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# service cgv6 cgn1
RP/0/RSP0/CPU0:router(config-cgn)# service-location preferred-active node1

service-location (interface)

To configure the location of a service for the infrastructure service virtual interface (SVI), use the service-location command in interface configuration mode. To disable this feature, use the no form of this command.

service-location node-id

Syntax Description

node-id

Specifies the ID of the node. The node-id argument is entered in the rack/slot/module notation.

Command Modes

Interface configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

interface

read, write

Examples

The following example shows how to configure the service location for 0/1/CPU0:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1
RP/0/RP0/CPU0:router(config-if)# service-location 0/1/CPU0

service redundancy failover service-type

To initiate failover services to the preferred standby location, use the service redundancy failover service-type command in EXEC mode.

service redundancy failover service-type secgn preferred-active node-id

Syntax Description

secgn

Specifies the CGN service.

preferred-active node-id

Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.0.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to initiate the failover services for the preferred standby location: 


RP/0/RP0/CPU0:router# service redundancy failover service-type secgn preferred-active 0/1/cpu0
RP/0/RP0/CPU0:router#

service redundancy revert service-type

To revert failed over services back to their preferred active location, use the service redundancy revert service-type command in EXEC mode.

service redundancy revert service-type secgn preferred-active node-id

Syntax Description

secgn

Specifies the CGN service.

preferred-active node-id

Specifies the location from where the failover must start. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.0.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to revert the failed over services for the preferred active location: 


RP/0/RP0/CPU0:router# 
service redundancy revert service-type secgn preferred-active 0/1/cpu0
RP/0/RP0/CPU0:router#

service-type ds-lite

To enable a DS-Lite instance for the CGN application, use the service-type ds-lite command in CGN submode. To disable the DS-Lite instance of the CGN application, use the no form of this command.

service-type ds-lite instance-name [address-family | aftr-tunnel-endpoint-address | alg | bulk-port-alloc | external-logging | ipv4-aftr-address | map | path-mtu | port-limit | protocol]

Syntax Description

instance-name

Specifies the name of the ds-lite instance that is configured.

address-family

Configures the address family related information.

aftr-tunnel-endpoint-address

Specifies the IPv6 address of the tunnel endpoint.

alg

Configures the Application Level Gateway type to be used.

bulk-port-alloc

Allocates ports in bulk to reduce Netflow/Syslog data volume.

external-logging

Enables external logging.

ipv4-aftr-address

IPv4 address for ICMP messages.

map

IPv4 map address pool for inside addresses.

path-mtu

IPv6 mtu value.

port-limit

Limits the number of entries per address.

protocol

Specifies the transport protocol used.

Command Default

None

Command Modes

CGN submode (CONFIG-CGN)

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the ds-lite instance for the CGN application: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1

service-type map-e

To create a MAP-E instance, use the service-type map-e command in MAP-E configuration mode. To delete the instance, use the no form of this command.

service-type map-e instance-name {address-family | aftr-endpoint-address | contiguous-ports | cpe-domain | path-mtu | sharing-ratio}

Syntax Description

instance-name

Name of the MAP-E instance.
address-family

Specifies the address family configuration.
aftr-endpoint-address

Specifies the IPv6 address of Address Family Transition Router (AFTR).
contiguous-ports

Specifies the number of contiguous ports for a MAP-E instance.
cpe-domain

Specifies the Customer Premises Equipment (CPE ) domain parameters.
path-mtu

Specifies the Maximum Transmission Unit (MTU) value of the tunnel, in bytes.
sharing-ratio

Configures the port sharing ratio. The value is in powers of 2.

Command Default

None

Command Modes

MAP-E configuration mode

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to create a MAP-E instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst

Related Commands

Command Description

address-family (MAP-E)

 Configures IPv4 or IPv6 address for a MAP-E instance. 

aftr-endpoint-address (MAP-E)

 Configures the IPv6 address of Address Family Transition Router (AFTR). 

contiguous-ports (MAP-E)

 Configures the number of contiguous ports for a MAP-E instance.  

cpe-domain (MAP-E)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

path-mtu (MAP-E)

 Configures the path Maximum Transmission Unit (MTU) of the tunnel. 

sharing-ratio (MAP-E)

 Configures the port sharing ratio. 

service-type map-t

To create a MAP-T instance, use the service-type map-t command in MAP-T configuration mode. To delete the instance, use the no form of this command.

service-type map-t instance-name {address-family | contiguous-ports | cpe-domain | external-domain | sharing-ratio | traceroute}

Syntax Description

instance-name

Indicates the name of the MAP-T instance.
address-family

Specifies the address family configuration.
contiguous-ports

Specifies the Port Set ID (PSID) configuration.
cpe-domain

Specifies the Customer Premises Equipment (CPE ) domain parameters.
external-domain

Specifies the external domain parameters.
sharing-ratio

Configures the port sharing ratio. The value is in powers of 2.
traceroute

Specifies traceroute configuration.

Command Default

None

Command Modes

MAP-T configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

From Release 5.3.2, MAP-T is supported only on Cisco ASR 9000 High Density 100GE Ethernet line cards.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to create a MAP-T instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-map-t)#

Related Commands

Command Description

address-family (MAP-T)

 Configures IPv4 or IPv6 address for a MAP-T instance.  

clear cgn map-t statistics

 Clears the statistics of a MAP-T instance. 

contiguous-ports (MAP-T)

 Configures the number of contiguous ports for a MAP-T instance.  

cpe-domain (MAP-T)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

external-domain (MAP-T)

 Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. 

sharing-ratio (MAP-T)

 Configures the port sharing ratio. 

show cgn map-t statistics

 Displays the MAP-T instance statistics.  

traceroute (MAP-T)

 Configures traceroute translation algorithms. 

service-type nat44

To enable a NAT 44 instance for the CGN application, use the service-type nat44 command in CGN submode. To disable the NAT44 instance of the CGN application, use the no form of this command.

service-type nat44 instance-name [alg | inside-vrf | portlimit | protocol | refresh-direction]

Syntax Description

instance-name

Name of the NAT44 instance that is configured.

alg

Configures the Application Level Gateway type to be used.

inside-vrf

Configures inside VRF.

portlimit

Limits the number of entries per address.

protocol

Specifies the Transport protocol.

refresh-direction

NAT refresh direction to be used.

Command Default

None

Command Modes

CGN submode (CONFIG-CGN)

Command History

Release

Modification

Release 4.0.0

This command was introduced.

Usage Guidelines

The NAT44 instance name must be unique across all CGN NAT44 and NAT64 stateless instance names.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the NAT44 instance named nat1 for the CGN application: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1

service-type nat64 (Stateful NAT64)

To create a NAT64 stateful instance, use the service-type nat64 command in NAT64 configuration mode. To delete the instance, use the no form of this command. A maximum of 64 instances can be created.

service-type nat64 stateful instance-name {address-family | ipv6-prefix | ipv4 | ubit-reserved | portlimit | protocol | fragment-timeout | external-logging | filter-policy}

Syntax Description

stateful

Specifies the IPv4 to IPv6 stateful translation.
instance-name

Indicates the name of the NAT64 stateful instance.
address-family

Specifies the address family configuration.
alg

Specifies the Application Level Gateway (ALG) to be used.
ipv6-prefix

Specifies the IPv6 prefix to translate an IPv4 address to IPv6.
ipv4

Specifies the IPv4 address.
portlimit

Limits the number of entries per address.
protocol

Specifies the one of the transport protocol - ICMP, TCP, or UDP.
fragment-timeout

Specifies the time interval for fragment storage.
external-logging

Enables external logging.
filter-policy

Configures address-dependent filtering policy.
ubit-reserved

Enable reserving ubits in IPv6 address

Command Default

None

Command Modes

NAT64 configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to create a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

alg rtsp (Stateful NAT64)

 Configures Real Time Streaming Protocol (RTSP) as the Application-Level Gateway (ALG). 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

service-type nat64 (Stateless)

Use the service-type nat64 command to create a nat64 stateless application. To delete the nat64 stateless application, use the no form of this command.

service-type nat64 stateless instance [address-family | traceroute | ipv6-prefix | ubit-reserved]

Syntax Description

stateless

Specifies the IPv4 to IPv6 Stateless translation.

instance

Indicates the name of the NAT64 stateless instance.

address-family

Specifies the address-family related configuration.

traceroute

Indicates the traceroute related configuration.

ipv6-prefix

Specifies the IPv6 prefix to be used to translate IPv4 address to IPv6 address.

ubit-reserved

Enables reserving ubits in IPv6 address.

Command Default

None

Command Modes

CONFIG-CGN

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

The NAT64 stateless instance name must be unique across all the CGN NAT44 and NAT64 stateless instance names. There can only be 64 service-type NAT64 configurations per Roddick line card or chassis spanning over different cards.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the nat64 stateless instance named xlat1for the CGN application: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1

service-type tunnel v6rd

To create an IPv6 Rapid Deployment (6RD) tunnel application, use the service-type tunnel command in CGN submode. To delete this instance of the 6RD tunnel application, use the no form of this command.

service-type tunnel v6rd instance address-family | br | path-mtu | reassembly-enable | reset-df-bit | tos | ttl

Syntax Description

v6rd

Specifies the 6RD configuration.

instance

Name of the 6RD instance.

address-family

Specifies the address-family related configuration.

br

Specifies the border relay related configuration.

path-mtu

Specifies the IPv6 MTU value.

reassembly-enable

Enables the reassembly operation.

reset-df-bit

Enables resetting of DF bit.

tos

Specifies the type of service to be used for IPv4 tunnel.

ttl

Specifies the time to live value to be used for IPv4 tunnel.

Command Default

None

Command Modes

CGN submode

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

There can be 64 service-type 6RD tunnel configurations for each line card or chassis spanning over different cards.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the 6RD tunnel instance for the CGN application: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)#

session (NAT44)

To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in NAT44 protocol configuration mode. To revert to the default value for the TCP or UDP session timeouts, use the no form of this command.

session {active | initial} timeout seconds

Syntax Description

active

Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds.

initial

Configures the initial session timeout.

timeout

Configures the timeout for either active or initial sessions.

seconds

Timeout for either active or initial sessions. Range is from 1 to 65535.

Command Default

If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.

If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.

If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.

If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).

Command Modes

NAT44 protocol configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

If the no form of this command is specified, the following guidelines apply:

  • UDP initial session timeout value reverts back to the default value of 30.
  • UDP active session timeout value reverts back to the default value of 120.
  • TCP initial session timeout value reverts back to the default value of 120.
  • TCP active session timeout value reverts back to the default value of 1800.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the initial session timeout value as 90 for TCP: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for TCP: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

This example shows how to configure the initial timeout value as 90 for UDP: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for UDP: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

Related Commands

Command Description
protocol (NAT44)  

service cgn

Enables an instance for the CGN application. 

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

timeout (NAT44)

Configures the timeout for the ICMP session for a CGN instance. 

session (DS-LITE)

To configure the timeout values for both active and initial sessions for TCP or UDP, use the session command in CGN DS-Lite protocol configuration mode. To return to the default value for the session timeouts, use the no form of this command.

session {active | init} timeout seconds

Syntax Description

active

Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds.

init

Configures the initial session timeout.

timeout

Configures the timeout for either active or initial sessions.

seconds

Timeout for either active or initial sessions. Range is from 1 to 65535.

Command Default

If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.

If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.

If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.

If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).

Command Modes

CGN DS-Lite protocol configuration

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

If the no form of this command is specified, the following guidelines apply:

  • UDP initial session timeout value reverts back to the default value of 30.
  • UDP active session timeout value reverts back to the default value of 120.
  • TCP initial session timeout value reverts back to the default value of 120.
  • TCP active session timeout value reverts back to the default value of 1800.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the initial session timeout value as 90 for TCP: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for TCP:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

This example shows how to configure the initial timeout value as 90 for UDP: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session initial timeout 90

This example shows how to configure the active timeout value as 90 for UDP:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol udp
RP/0/RP0/CPU0:router(config-cgn-proto)# session active timeout 90

session-logging (DS-LITE Netflow9)

To enable session logging for a DS-Lite instance, use the session-logging command in DS-Lite configuration mode.

To disable session logging, use the no form of this command.

session-logging

Syntax Description

This command has no keywords or arguments.

Command Default

By default, session logging is disabled.

Command Modes

DS-Lite configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enable session logging for a DS-Lite instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# session logging

Related Commands

Command Description

session-logging (NAT44 Netflow Version 9)

 Enables session logging for a NAT44 instance. 

session-logging (NAT44 Netflow Version 9)

To enable session logging for a NAT44 instance, use the session-logging command in NAT44 configuration mode.

To disable session logging, use the no form of this command.

session-logging

Syntax Description

This command has no keywords or arguments.

Command Default

By default, session logging is disabled.

Command Modes

NAT44 configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enable session logging for a NAT44 instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat-44-inst
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf vrf-inst
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# session logging

Related Commands

Command Description

session-logging (DS-LITE Netflow9)

 Enables session logging for a DS-Lite instance. 

session-logging (Stateful NAT64 Netflow Version 9)

To enable session logging for a NAT64 Stateful instance, use the session-logging command in NAT64 Stateful configuration mode.

To disable session logging, use the no form of this command.

session-logging

Syntax Description

This command has no keywords or arguments.

Command Default

By default, session logging is disabled.

Command Modes

Stateful NAT64 configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enable session logging for a NAT64 Stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# session logging

Related Commands

Command Description

address (Stateful NAT64 Netflow Version 9)

  

path-mtu (Stateful NAT64 Netflow Version 9)

 Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. 

refresh rate (Stateful NAT64 Netflow Version 9)

 Configures the refresh rate to log NetFlow-based external logging information. 

timeout (Stateful NAT64 Netflow Version 9)

 Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. 

sharing-ratio (MAP-E)

To configure the port sharing ratio, use the sharing-ratio command in MAP-E configuration mode. To undo the configuration, use the no form of this command.

sharing-ratio value

Syntax Description

value

Value of the port sharing ratio in powers of 2. The range is from 1 to 32768.

Command Default

None

Command Modes

MAP-E configuration

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the port sharing ratio:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-e map-e-inst
RP/0/RP0/CPU0:router(config-cgn-map_e)# sharing-ratio 8

Related Commands

Command Description

address-family (MAP-E)

 Configures IPv4 or IPv6 address for a MAP-E instance. 

aftr-endpoint-address (MAP-E)

 Configures the IPv6 address of Address Family Transition Router (AFTR). 

contiguous-ports (MAP-E)

 Configures the number of contiguous ports for a MAP-E instance.  

cpe-domain (MAP-E)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

path-mtu (MAP-E)

 Configures the path Maximum Transmission Unit (MTU) of the tunnel. 

sharing-ratio (MAP-T)

To configure the port sharing ratio, use the sharing-ratio command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

sharing-ratio value

Syntax Description

value

Specifies the value of the port sharing ratio. The range is from 1 to 32768 in powers of 2.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the port sharing ratio:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# sharing-ratio 8

Related Commands

Command Description

address-family (MAP-T)

 Configures IPv4 or IPv6 address for a MAP-T instance.  

clear cgn map-t statistics

 Clears the statistics of a MAP-T instance. 

contiguous-ports (MAP-T)

 Configures the number of contiguous ports for a MAP-T instance.  

cpe-domain (MAP-T)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

external-domain (MAP-T)

 Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. 

show cgn map-t statistics

 Displays the MAP-T instance statistics.  

traceroute (MAP-T)

 Configures traceroute translation algorithms. 

show cgn ds-lite inside-translation

To display the translation table entries for an inside-address to outside-address for a specified DS-Lite CGN instance, use the show cgn ds-lite inside-translation command in EXEC mode.

show cgn ds-lite instance-name inside-translation protocol {icmp | tcp | udp} [translation-type {alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static}] | tunnel-v6-source-address IPv6 address inside-address IPv4 address port start number end number

Syntax Description

instance-name

Name of the DS- lite instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

pcp-explicit-dynamic

Displays Port Control Protocol (PCP) explicit translation entries.

pcp-implicit-dynamic

Displays Port Control Protocol (PCP) implicit translation entries

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

tunnel-v6-source-addressIPv6 address

(Optional) Displays information for the IPv6 address family.

inside-addressaddress

Displays the inside address.

port

Displays the range of the port numbers.

start number

The start port from which the translation table entries should be displayed.

end number

The end port till which the translation table entries should be displayed.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.2.1

This command was introduced.

Syntax Description

This command has no keywords or arguments.

Task ID

Task ID Operation

cgn

read

Examples

This example displays the translation table entries for a particular DS-Lite instance: 


-----------------------------------------------------------------------------------------------------------------------
DSLite  instance : dslite1,   Tunnel-Source-Address : 2001 :db8 ::1, Inside Source Address 10.1.1.1
-----------------------------------------------------------------------------------------------------------------------
Outside		          Protocol   Inside    Outside     Translation      Inside         Outside
Address																							Source    Source      Type              to             to
                    										Port	     Port                         Outside        Inside
                                                                     Packets        Packets
------------------------------------------------------------------------------------------------------

132.16.6.65	      tcp	        314	     5554	         dyn             875364          5345
132.16.6.65       udp         11333    43337         dyn             334333          873334

Examples

This example shows the sample output for PCP translations: 

RP/0/RP0/CPU0:router

show cgn ds-lite dsl1 inside-translation protocol udp inside-translation inside-vrf 
red inside-address 11.11.11.12 port start 1 end 65535

Inside-translation details
---------------------------
NAT44 instance : dsl1
Inside-VRF     : red
--------------------------------------------------------------------------------------------
   Outside         Protocol  Inside       Outside       Translation   Inside      Outside
   Address                   Source       Source        Type          to          to
                             Port         Port                        Outside     Inside
                                                                      Packets     Packets
--------------------------------------------------------------------------------------------
  200.10.1.78       udp     14           34655         pcp_explicit     7             0
  200.10.1.78       udp     14           34655         pcp_implicit     7             0

show cgn ds-lite outside-translation

To display the outside-address to inside-address translation details for a specified NAT44 instance, use the show cgn nat44 outside-translation command in EXEC mode.

show cgn nat44 instance-name outside-translation protocol {icmp | tcp | udp} [translation-type {alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static}] outside-address address port start number end number

Syntax Description

instance-name

Name of the NAT44 instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

pcp-explicit-dynamic

Displays Port Control Protocol (PCP) explicit translation entries.

pcp-implicit-dynamic

Displays Port Control Protocol (PCP) implicit translation entries

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

outside-address

Displays the outside address for the inside VRF.

address

Outside address.

port

Displays the range of the port numbers.

start number

Displays the start of the port number.

end number

Displays the end of the port number.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This example displays the translation table entries for an outside address for a particular DS-Lite instance: 

-----------------------------------------------------------------------------------------------------------------------
DSLite  instance : dslite1, Tunnel-Source-Address : 2001 :db8 ::1, Outside Source Address 100.1.1.1
-----------------------------------------------------------------------------------------------------------------------
Inside		Protocol   Inside    Outside     Translation    Inside            Outside
Address		          Source    Source      Type              to                to
                   Port	     Port                       Outside           Inside
                                                        Packets           Packets
------------------------------------------------------------------------------------------------------

10.16.6.65	tcp	    314	     5554	         dyn           875364            5345
10.16.6.65 udp     11333    43337         dyn           334333            873334

show cgn ds-lite pool utilization

To display the outside address pool utilization details for a specified DS-Lite instance, use the show cgn ds-lite pool-utilization command in EXEC mode.

show cgn ds-lite instance-name pool-utilization address-range start-address end-address

Syntax Description

ds-liteinstance-name

Name of the ds-lite instance that is configured.

address-range

Displays the range for the outside address.

start-address

Range for the start address of the outside address pool. The range of the IPv4 addresses cannot be more than 255 consecutive IPv4 addresses.

end-address

Range for the end address of the outside address pool.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This example displays the utilization of the outside address pool for a DS-Lite instance: 


-------------------------------------------------------------------------
DS-Lite  instance	: dslite1
-------------------------------------------------------------------------
Outside						Number			    Number
Address						of 							   of
													Free ports		 Used ports	
-------------------------------------------------------------------------
17.16.6.23		 123			     		64388			
17.16.6.120		58321			   		6190
17.16.6.98		 98			      		64413
17.16.6.2		  1234			    		60123

show cgn ds-lite session

To display all the active destination sessions for a given source IPv4 address and port number per DS-Lite instance, use the show cgn ds-lite session command in EXEC mode.

show cgn ds-lite instance-name session protocol {icmp | tcp | udp} [ translation-type {alg | all | dynamic | static}] [ tunnel-v6-source-address IPv6 address inside-address IPv4 address port port number

Syntax Description

session

Specifies the active session for a given source IP address and port.

instance-name

Name of the DS-Lite instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

ipv4

(Optional) Displays information for the IPv4 address family.

tunnel-v6-source-address

Specifies the source tunnel IPv6 address.

IPv6 address

IPv6 address.

inside-address

Displays the inside address for the inside Virtual Routing Forwarding (VRF).

IPv4 address

IPv4 address of the source.

port

Port number of the source.

port-number

Specifies the port number range from 1 to 65535.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example shows how to display all the active destination sessions for a given source IPv4 address and port number per DS-Lite instance: 


RP/0/RP0/CPU0:router# 
show cgn ds-lite ds-lite-inst session protocol tcp translation-type alg inside-address 10.1.1.50 port 123

Session details:
-----------------------------------------------------------------
DS-Lite instance: ds-lite-inst
-----------------------------------------------------------------
Outside address: 12.168.6.231
Outside port: 235
Translation type: alg
Protocol: tcp
-----------------------------------------------------------------------
Destination IP                 Destination Port
209.85.231.104                   100
209.85.231.106                   200
.
.
.
.
209.85.231.178                   579

show cgn ds-lite statistics

To display the contents of the DS-Lite instance statistics, use the show cgn ds-lite statistics command in EXEC mode.

show cgn ds-lite instance-name statistics

Syntax Description

instance-name

Name of the configured DS-Lite instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This command displays the statistics corresponding to DS-Lite instances: 


Statistics summary of cgn: 'cgn1'
Number of active translations: 45631
Translations create rate: 5678
Translations delete rate: 6755
Inside to outside forward rate: 977
Outside to inside forward rate: 456
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resource depletion: 0
Outside to inside drops no translation entry: 0
Pool address totally free: 195
Pool address used: 23

The following table describes the fields seen as shown in the above example:

Name

Description

Number of active translations

Translation entries allocated in the database.

Translations create rate/ Translations delete rate

Rate in sessions per second.

Inside to outside forward rate/Outside to inside forward rate

Rate in packets per second.

Inside to outside drops port limit exceeded

Packets dropped because the port-limit for the inside user has exceeded.

Inside to outside drops system limit reached

Packets dropped as a result of reaching the system limit.

Inside to outside drops resource depletion

Packets dropped because no public L4 port could be allocated.

Outside to inside drops no translation entry

Packets dropped due to lack of entry in the translation database.

Pool address totally free

Addresses available from the pool.

Pool address used

Addresses utilized from the pool.

Related Commands

Command Description

show cgn ds-lite inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified DS-Lite CGN instance  

show cgn ds-lite outside-translation

 

show cgn ds-lite pool utilization

 

show cgn map-e statistics

To display the MAP-E instance statistics, use the show cgn map-e statistics command in EXEC mode.

show cgn map-e instance-name statistics

Syntax Description

instance-name

Name of the configured MAP-E instance.

statistics

Specifies the statistics of the configured MAP-E instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This output shows the statistics entries for a MAP-E instance:


RP/0/RP0/CPU0:router# show cgn map-e m1 statistics

MAP-E IPv4 to IPv6 counters:
======================================

Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0

Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IP Destination Drop Count : 0
Packet Exceeding Path MTU Drop Count : 0
Unsupported Protocol Drop Count : 0

ICMPv4 Generated for TTL Expire Count : 0
ICMPv4 Generated for Error Count : 0
ICMPv4 Packets Rate-Limited Count : 0

TCP MSS Changed Count : 0

MAP-E IPv6 to IPv4 counters:
======================================

Total Incoming Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Incoming Count : 0
TCP Output Count : 0
UDP Incoming Count : 0
UDP Output Count : 0
ICMPv4 Incoming Count : 0
ICMPv4 Output Count : 0
Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
TTL Expire Drop Count : 0
Invalid IPv6 Destination Drop Count : 0
Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop Count : 0

ICMPv6 Input Count : 0
ICMPv6 Invalid UIDB Drop Count : 0
ICMPv6 NoDb Drop Count : 0
ICMPv6 TTL Expire Drop Count : 0
ICMPv6 Invalid IPv6 Destination Drop Count : 0
ICMPv6 Unsupported Type Drop Count : 0
ICMPv6 Invalid NxtHdr Drop Count: 0
ICMPv6 Frag Drop Count : 0
ICMPv6 Forus Count : 0
ICMPv6 Echo Response Received Count : 0
ICMPv6 Echo Replies Count : 0
ICMPv6 Translated to ICMPV4 Output Count : 0

ICMPv6 Generated for TTL Expire Count : 0
ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0

TCP MSS Changed Count: 0

MAP-E IPv4 Frag counters received from V4 cloud:
==================================================

Total Input Count: 0
Total Drop Count: 0
Reassembled Output Count : 0

TCP Input Count: 0
UDP Input Count: 0
ICMPv4 Input Count: 0

Invalid UIDB Drop Count : 0
NoDb Drop Count : 0
Unsupported Protocol Drop Count : 0
Throttled Count : 0
Timeout Drop Count: 0
Duplicates Drop Count : 0

MAP-E Inner IPv4 Frag counters received from V6 cloud:
====================================================

Total Input Count : 0
Total Drop Count : 0
Total Output Count : 0

TCP Input Count : 0
UDP Input Count : 0
ICMPv4 Input Count : 0

Invalid Source Prefix Drop Count : 0
Unsupported Protocol Drop count : 0
Throttled Count : 0
Timeout Drop Count : 0
Duplicates Drop Count : 0

ICMPv6 Generated for Error Count : 0
ICMPv6 Packets Rate-Limited Count : 0

TCP MSS Changed Count : 0

Name

Description

Total incoming count

Total number of packets coming from the public network

Total Drop Count

Total number of packets dropped by the router

Total Output Count

Total number of packets equal to the difference between the incoming packets and the dropped packets

TCP Incoming Count

Number of TCP packets coming from the public network

TCP Output Count

Number of TCP packets that were sent out

UDP Incoming Count

Number of UDP packets coming from the public network

UDP Output Count

Number of UDP packets that were sent out

ICMPv4 Incoming Count

Number of ICMPv4 packets embedded in the IPv6 packets

ICMPv4 Output Count

Number of ICMP packets sent out

Invalid UIDB Drop Count

Number of packets dropped due to the UIDB entries being invalid

NoDb Drop Count

Number of packets dropped due to the absence of any mapping

TTL Expire Drop Count

Number of packets dropped due to the expiry of TTL.

Invalid IP Destination Drop Count

Number of packets dropped due to the destination IP address being invalid

Packet Exceeding Path MTU Drop Count

Number of large packets dropped as they are too big and exceed the MTU size

Unsupported Protocol Drop Count

Number of packets dropped as they do not belong to any of the three supported protocols such as TCP, UDP, and ICMP

ICMPv4 Generated for TTL Expire Count

Number of ICMPv4 packets generated when TTL expires

ICMPv4 Generated for Error Count

Number of ICMPv4 packets generated for different error conditions

ICMPv4 Packets Rate-Limited Count

Number of ICMPv4 packets that were not generated due to rate limit

TCP MSS Changed Count

Number of TCP packets for which the MSS ( Maximum Size Segment) value has been changed

Reassembled Output Count

Number of fragmented packets that have been reassembled

Invalid Source Prefix Drop Count

Number of packets dropped due to the prefix check failure

ICMPv6 Invalid NxtHdr Drop Count

Number of ICMPv6 packets as their protocol header does not consist ICMP

ICMPv6 Frag Drop Count

Number of ICMPv6 packets dropped due to the fragmentation

ICMPv6 Forus Count

ICMPv6 Echo Response Received Count

Number of ICMPv6 acknowledgment packets for echo replies

ICMPv6 Echo Replies Count

Number of ICMPv6 echo requests sent

ICMPv6 Translated to ICMPV4 Output Count

Number of ICMPv6 packets that were translated to ICMPv4 packets

Throttled Count

Number of excess fragments that were dopped

Timeout Drop Count

Number of packets that were dropped as all the fragments of that packet were not received

Duplicates Drop Count

Number of fragmented packets dropped as they were duplicates

Related Commands

Command Description

clear cgn map-e statistics

 Clears all statistics of a MAP-E instance. 

show cgn map-t statistics

To display the MAP-T instance statistics, use the show cgn map-t statistics command in EXEC mode.

show cgn map-t instance-name statistics

Syntax Description

instance-name

Specifies the name of the configured MAP-T instance.

statistics

Specifies the statistics of the configured MAP-T instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This output shows the statistics entries for a MAP-T instance: 


RP/0/RP0/CPU0:router# show cgn map-t m1 statistics

MAP-T IPv6 to IPv4 counters:
======================================

TCP Incoming Count: 0
TCP NonTranslatable Drop Count: 0
TCP Invalid NextHdr Drop Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0 
UDP Incoming Count: 0
UDP NonTranslatable Drop Count: 0
UDP Invalid Next Hdr Drop Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0 

ICMP Total Incoming Count: 0
ICMP No DB Drop Count: 0
ICMP Fragment drop count: 0
ICMP Invalid NxtHdr Drop Count: 0
ICMP Nontranslatable Drop Count: 0
ICMP Nontranslatable Fwd Count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 0 
Subsequent Fragment NonTranslateable Drop Count: 0
Invalid NextHdr Drop Count: 0
Subsequent Fragment No Db Drop Count: 0
Subsequent Fragment Translated Count: 0 

Extensions/Options Incoming Count: 0
Extensions/Options Drop Count: 0
Extensions/Options Forward Count: 0

Extensions/Options No DB drop Count: 0
Unsupported Protocol Count: 0

MAP-T IPv4 to IPv6 counters:
======================================

TCP Incoming Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0

UDP Incoming Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0
UDP FragmentCrc Zero Drop Count: 0
UDP CrcZeroRecy Sent Count: 0
UDP CrcZeroRecy Drop Count: 0

ICMP Total Incoming Count: 0
ICMP No Db Drop Count: 0
ICMP Fragment drop count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 0
Subsequent Fragment No Db Drop  Count: 0
Subsequent Fragment Translated Count: 0

Options Incoming Count: 0
Options Drop Count: 0
Options Forward Count: 0
Options No DB drop Count: 0
Unsupported Protocol Count: 0
          
ICMP generated counters :
=======================

IPv4 ICMP Messages generated count: 0
IPv6 ICMP Messages generated count: 0

The following table describes the fields seen as shown in the above example:


Note
The same field description is applicable to IPv4 and IPv6 packets appropriately.

Name

Description

TCP Incoming Count

Number of incoming TCP packets.

TCP NonTranslatable Drop Count

Number of TCP packets dropped without translating.

TCP Invalid NextHdr Drop Count

Packets dropped due to invalid Next hop.

TCP No Db Drop Count

Packets dropped because of missing MAP-T configuration.

TCP Translated Count

Number of TCP packets translated.

UDP Incoming Count

Number of incoming UDP packets.

UDP NonTranslatable Drop Count

Number of UDP packets dropped without translating.

UDP Invalid Next Hdr Drop Count

Packets dropped due to invalid Next hop.

UDP No Db Drop Count

Indicates missing MAP-T configuration.

UDP Translated Count

Number of UDP packets translated.

ICMP Total Incoming Count

Number of incoming ICMP packets.

ICMP No DB Drop Count

Packets dropped because of missing MAP-T configuration.

ICMP Fragment drop count

Number of ICMP fragments dropped.

ICMP Invalid NextHdr Drop Count

Packets dropped due to invalid Next hop.

ICMP Nontranslatable Drop Count

Number of ICMP packets dropped without translating.

ICMP Nontranslatable Forward Count

Number of ICMP packets forwarded without translating.

ICMP UnsupportedType Drop Count

Number of ICMP packets dropped because of the unsupported type.

ICMP Error Translated Count

Number of ICMP packets with error in translation.

ICMP Query Translated Count

Number of translated IPv6 to IPv4 ICMP query output packets.

Subsequent Fragment Incoming Count

Number of incoming fragments

Subsequent Fragment NonTranslateable Drop Count

Number of fragments dropped without translating.

Invalid NextHdr Drop Count

Number of packets dropped because of invalid next hop.

Subsequent Fragment No Db Drop Count

Number of fragments dropped.

Subsequent Fragment Translated Count

Number of fragments translated.

Extensions/Options Incoming Count

Incoming packets with extended options in the header

Extensions/Options Drop Count

Packets dropped with extended options in the header.

Extensions/Options Forward Count

Packets forwarded with extended options in the header.

Extensions/Options No DB drop Count

Packets dropped due to missing configuration and with extended options in the header.

Unsupported Protocol Count

Packets dropped due to unsupported Layer-4 protocol.

Related Commands

Command Description

address-family (MAP-T)

Configures IPv4 or IPv6 address for a MAP-T instance.  

clear cgn map-t statistics

Clears the statistics of a MAP-T instance. 

contiguous-ports (MAP-T)

Configures the number of contiguous ports for a MAP-T instance.  

cpe-domain (MAP-T)

Configures the Customer Premises Equipment (CPE ) domain parameters. 

external-domain (MAP-T)

Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. 

sharing-ratio (MAP-T)

Configures the port sharing ratio. 

traceroute (MAP-T)

Configures traceroute translation algorithms. 

show cgn nat44 inside-vrf counters

To display the counters for sequence-check, use the show cgn nat44 inside-vrf counters command in EXEC mode.

show cgn nat44 instance-name inside-vrf instance-name counters

Syntax Description

counters

Lists the counters for TCP sequence check

instance-name

The name of the NAT44 instance

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.1.1

This command was introduced.

Release 5.2.0

Additional counters were introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

The following example shows the counters for TCP sequence check. 

RP/0/RP0/CPU0:router# show cgn nat44 nat1 inside-vrf vrf1 counters


Counters summary of NAT44 instance: 'nat1'
Number of Out2In drops due to TCP sequence mismatch: 0
Number of Outside to inside TCP sequence mismatch: 0
Total number of sessions created due to Out2In packets: 0
Number of Out2In drops due to end point filtering: 0
Number of translations created: 2019
Number of translations deleted: 2017
Number of sessions created: 190000
Number of sessions deleted: 170000
Syslog/Netflow translation create records generated: 0
Syslog/Netflow translation delete records generated: 0
Syslog/Netflow sessions create records generated: 0
Syslog/Netflow sessions delete records generated: 0
Number of Netflow packets generated: 0
Number of Syslog packets generated: 0
Dropped Netflow packets due to congestion: 0
Dropped Syslog packets due to congestion: 0
Average usage of bulk allocated ports: 0
Average number of bulk-allocations made: 0

The following table describes the fields seen in the output of the show cgn nat44 inside-vrf counters as shown in the above example:

Name

Description

Number of Out2In drops due to TCP sequence mismatch

Number of packets dropped for not being in the sequence

Number of Outside to inside TCP sequence mismatch

Number of TCP packets dropped for not being in the sequence

Total number of sessions created due to Out2In packets

Number of sessions created with both Inside-to-Outside and Outside-to-Inside packets

Number of Out2In drops due to end point filtering

Number of packets dropped if Endpoint-Dependent Mapping is configured

Number of translations created

Total number of translations created

Number of translations deleted

Total number of translations cleared after the timeout

Number of sessions created

Total number of sessions created

Number of sessions deleted

Total number of sessions deleted

Syslog/Netflow translation create records generated

Number of translation create records generated for Syslog or NetFlow

Syslog/Netflow translation delete records generated

Number of translation create records deleted for Syslog or NetFlow

Syslog/Netflow sessions create records generated

Number of session create records generated for Syslog or NetFlow

Syslog/Netflow sessions delete records generated

Number of session delete records generated for Syslog or NetFlow

Number of Netflow packets generated

Number of packets generated for NetFlow

Number of Syslog packets generated

Number of packets generated for Syslog

Dropped Netflow packets due to congestion

Number of NetFlow packets dropped due to system errors

Dropped Syslog packets due to congestion

Number of Syslog packets dropped due to system errors

Average usage of bulk allocated ports

Percentage of the usage of the bulk allocated ports

Average number of bulk-allocations made

Percentage of the bulk allocations made from all the possible locations

show cgn nat44 greEntries

To display the GRE channels of a PPTP tunnel, use the show cgn nat44 greEntries command in EXEC mode.

show cgn nat44 instance-name greEntries inside-vrf vrf-name tunnel-address address pns-port port-number call-id start value end value

Syntax Description

instance-name

Name of the configured NAT44 instance.
greEntries

GRE channels of the PPTP tunnel.
inside-vrf

The Virtual Routing Forwarding (VRF) for which the translation details are needed.
vrf-name

Name of the VRF.
tunnel-address

Address of the PPTP Network Server (PNS).
pns-port

Port number of the PNS. The range is from 1 to 65535.
call-id

Range of call IDs.
value

Value of the call IDs. The range is from 0 to 65535.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example displays the GRE channel details:


RP/0/RP0/CPU0:router# show cgn nat44 nat1 greEntries

GRE-Channel details
---------------------------
NAT44 instance : instname
Inside-VRF     : vrf name
-------------------------------------
   In Call Id       Out Call Id   
--------------------------------------
    xxxx              yyyy
    aaaa              bbbb

show cgn nat44 inside-translation

To display the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance, use the show cgn nat44 inside-translation command in EXEC mode.

show cgn nat44 instance-name { inside-vrf protocol {gre | icmp | tcp | udp} [translation-type {alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static}] inside-vrf vrf-name | tunnel-v6-source-address {source tunnel address | | inside-address | address port | | start | | number | end | | number}

Syntax Description

instance-name

Name of the NAT44 instance that is configured.

protocol

Displays the name of the protocols.

gre

Displays the GRE protocol.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

pcp-explicit-dynamic

Displays Port Control Protocol (PCP) explicit translation entries.

pcp-implicit-dynamic

Displays Port Control Protocol (PCP) implicit translation entries

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

ipv4

(Optional) Displays information for the IPv4 address family.

inside-vrf

Displays the information for the inside VPN routing and forwarding (VRF) for the necessary translation details.

vrf-name

Name of the inside VRF.

inside-address

Displays the inside address for the inside VRF.

address

Inside address.

port

Displays the range of the port numbers.

start number

The start port from which the translation table entries should be displayed.

end number

The end port till which the translation table entries should be displayed.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

NAT44 instance was included to the command.

Release 4.3.0

The keyword, gre was added.

Usage Guidelines

The show cgn nat44 inside-translation command displays the translation for entries that are based on the inside-vrf, inside IPv4 address, and the pool of the inside ports. The inside-address keyword must have a /32 address. Each entry is displayed with a field that informs whether it is static, ALG, or dynamic translation.

If the value of the translation type is not specified, all types of entries are displayed.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows sample output from the show cgn inside-translation command: 


RP/0/RP0/CPU0:router# 
show cgn nat44 nat1 inside-translation protocol tcp inside-vrf insidevrf1 inside-address 192.168.6.23 port-range 23 56

Inside-translation details 
-----------------------------------
NAT44 instance : nat1
Inside-VRF     : insidevrf1 
--------------------------------------------------------------------------------------
Outside        Protocol  Inside   Outside     Translation      Inside       Outside
Address                  Source   Source      Type             to           to
                         Port     Port                         Outside      Inside
                                                               Packets      Packets
--------------------------------------------------------------------------------------
12.168.6.231   tcp       34       2356        alg              875364       65345
12.168.6.98    tcp       56       8972        static           78645        56343
12.168.2.12    tcp       21       2390        static           45638        89865
12.168.2.123   tcp       34       239         dynamic          809835       67854
.
.
.
.
.
12.168.2.123   tcp       34       3899         dynamic          9835       6785

Examples

This example shows the sample output for PPTP and GRE: 
RP/0/RP0/CPU0:router
show cgn nat44 inst1 inside-translation protocol gre inside-vrf ivrf inside-address 11.11.11.2 port start 1 end 65535

Inside-translation details
---------------------------
NAT44 instance : inst1
Inside-VRF     : ivrf
--------------------------------------------------------------------------------------------
   Outside         Protocol  Inside       Outside       Translation   Inside      Outside
   Address                   Source       Source        Type          to          to
                             Port         Port                        Outside     Inside
                                                                      Packets     Packets
--------------------------------------------------------------------------------------------
  52.52.52.215       gre     21           61746         alg           0           359423           
  52.52.52.215       gre     23           32489         alg           0           359423           
  52.52.52.215       gre     29           5940          alg           0           359423

Note

There is no Inside-to-Outside accounting during GRE translation. The value is always 'zero'.

Examples

This example shows the sample output for PCP translations: 

RP/0/RP0/CPU0:router

show cgn nat44 nat1 inside-translation protocol udp inside-translation inside-vrf 
red inside-address 11.11.11.12 port start 1 end 65535

Inside-translation details
---------------------------
NAT44 instance : nat1
Inside-VRF     : red
--------------------------------------------------------------------------------------------
   Outside         Protocol  Inside       Outside       Translation   Inside      Outside
   Address                   Source       Source        Type          to          to
                             Port         Port                        Outside     Inside
                                                                      Packets     Packets
--------------------------------------------------------------------------------------------
  100.0.0.217       udp     14           34655         pcp_explicit     7             0
  100.0.0.217       udp     14           34655         pcp_implicit     7             0

This table describes the significant fields shown in the display.

Table 1. show cgn inside-translation Field Descriptions

Field

Description

CGN instance

Name of the CGN instance configured

Inside-VRF

Name of the inside-vrf configured

Outside Address

Outside IPv4 address

Inside Source Port

Inside Source Port Number

Outside Source Port

Translated Source Port Number

Translation Type

Type of Translation (All/ALG/Dynamic/pcp-explicit-dynamic/pcp-implicit-dynamic/Static).

Inside to Outside Packets

Outbound Packets.

Outside to Inside Packets

Inbound Packets.

Related Commands

Command Description

clear cgn nat44 inside-vrf

Clears translation database entries that are created dynamically for the specified inside VRF.  

clear cgn nat44 port

Clears the translation database entries that are created dynamically for the specified inside port number. 

clear cgn nat44 protocol

Clears translation database entries that are created dynamically for the specified protocol.  

protocol (NAT44)

 

service cgn

Enables an instance for the CGN application. 

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

show cgn nat44 mapping

To display the mapping from a private IP address to a public IP address or from a public IP address to a private IP address for NAT44 in both the classic mode and the predefined mode, use the show cgn nat44 mapping command.

show cgn nat44 instance-name mapping { inside-address | outside-address} inside-vrf vrf-instance start-addr start address [ end-addr end address]

Syntax Description

inside-address

Displays the IPv4 address from the private pool.

outside-address

Displays the public IPv4 address.

vrf-instance

Name of the VRF.

start-addr start address

Start address for the IPv4 address range for which the mapping has to be displayed.

end-addr end address

Last address of the IPv4 address range for which the mapping has to be displayed.

Command Default

None

Command Modes

Exec

Command History

Release Modification

Release 4.3.2

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples


RP/0/RP0/CPU0:router# 
show cgn nat44 nat1 mapping inside-address inside-vrf ins1 start-addr 192.1.106.0 end-addr 192.1.107.37

Session details:
-----------------------------------------------------------------
NAT44 instance: nat1
VRF           : ins1
-----------------------------------------------------------------

-----------------------------------------------------------------------------------------------
Inside Ip          Outside IP       Type                Port Range         Ports Used
Address             Address                                                     
-----------------------------------------------------------------------------------------------
192.1.107.0      198.12.0.28          Predefined      29696-36863               0
192.1.107.1      198.12.0.29          Predefined      29696-36863               1
.
.
.
.
192.1.107.37     198.12.0.57          Predefined      29696-36863               0

This table describes the significant fields shown in the display.

Table 2. show cgn nat44 mapping Field Descriptions

Field

Description

NAT44 instance

Name of the NAT44 instance configured

inside-vrf

Name of the VRF configured

Outside IP Address

Public IPv4 address

Inside IP Address

IPv4 address from the private pool.

Type

Type of the NAT mode.

Port Range

The range of ports defined for the public IP addresses to which the mapping is done.

Ports Used

Specifies the number of translations that are currently being used by the subscriber. The value 0 indicates that the subscriber is not using address translation at that moment. The value that is equal to the number of ports in the range indicates that the subscriber might have exceeded the allocated limit because of which some packets might be dropped.

show cgn nat44 outside-translation

To display the outside-address to inside-address translation details for a specified NAT44 instance, use the show cgn nat44 outside-translation command in EXEC mode.

show cgn nat44 instance-name outside-translation protocol {gre | icmp | tcp | udp} [translation-type {alg | all | dynamic | pcp-explicit-dynamic | pcp-implicit-dynamic | static}] outside-address address port start number end number

Syntax Description

instance-name

Name of the NAT44 instance that is configured.

protocol

Displays the name of the protocols.

gre

Displays the GRE protocol.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

pcp-explicit-dynamic

Displays Port Control Protocol (PCP) explicit translation entries.

pcp-implicit-dynamic

Displays Port Control Protocol (PCP) implicit translation entries

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

outside-address

Displays the outside address for the inside VRF.

address

Outside address.

port

Displays the range of the port numbers.

start number

Displays the start of the port number.

end number

Displays the end of the port number.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

The NAT44 instance was included to the command. The address-family keyword was removed.

Release 4.3.0

The keyword, gre was added.

Usage Guidelines

If you want to display the entries for a single port, the value for the end port must be equal to that of the start port. Each entry is displayed with a field that informs whether it is static, ALG, or dynamic translation.

If no VRF is specified, the entries are displayed for the default VRF.

If the value of the translation type is not specified, all types of entries are displayed.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows sample output from the show cgn outside-translation command: 


RP/0/RP0/CPU0:router# 
show cgn nat44 nat1 outside-translation protocol tcp outside-vrf
outsidevrf1 outside-address 10.64.23.45 port start 23 end 5

Outside-translation details 
---------------------------------
NAT44 instance : nat1
Outside-VRF    : outsidevrf1 
------------------------------------------------------------------------------------------
Outside      Protocol    Outside     Inside        Translation   Inside     Outside
Address                  Destination Destination   Type          to         to
                         Port        Port                        Outside    Inside
                                                                 Packets    Packets
------------------------------------------------------------------------------------------
13.16.6.23   tcp         314         56            dynamic       8753       5345
13.16.6.23   tcp         819         329           alg           8901       890
13.16.6.23   tcp         40          178           alg           97654      4532
13.16.6.23   tcp         503         761           static        43215      8765
13.16.6.23   tcp         52          610           dynamic       7645       876
.
.
.
.
.

13.16.6.23   tcp         390          621           static       67532       1234

Examples

This example shows the sample output for PPTP and GRE: 
RP/0/RP0/CPU0:router
show cgn nat44 inst1 outside-translation protocol gre outside-address 52.52.52.215 port start 1 end 65535

Outside-translation details
---------------------------
NAT44 instance : inst1
Outside-VRF    : default
--------------------------------------------------------------------------------------------
   Inside          Protocol  Outside      Inside         Translation  Inside      Outside
   Address                   Destination  Destination    Type         to          to
                             Port         Port                        Outside     Inside
                                                                      Packets     Packets
--------------------------------------------------------------------------------------------
  11.11.11.2         gre     1492         43605         alg           0           359423           
  11.11.11.2         gre     3967         43575         alg           0           359423           
  11.11.11.2         gre     5940         29            alg           0           359423

Note

There is no Inside-to-Outside accounting during GRE translation. The value is always 'zero'.

This table describes the significant fields shown in the display.

Table 3. show cgn outside-translation Field Descriptions

Field

Description

NAT44 instance

Name of the NAT44 instance configured

Outside-VRF

Name of the Outside VRF configured

Outside Address

Outside IPv4 address

Protocol

Protocol Type (TCP/UDP/ICMP)

Outside Destination Port

Outside Destination Port

Inside Destination Port

Inside Destination Port

Translation Type

Type of Translation ( Static/Dynamic/pcp-explicit-dynamic/pcp-implicit-dynamic/ALG/ Static+ALG)

Inside to Outside Packets

Outbound Packets

Outside to Inside Packets

Inbound Packets

Related Commands

Command Description

clear cgn nat44 inside-vrf

Clears translation database entries that are created dynamically for the specified inside VRF.  

clear cgn nat44 port

Clears the translation database entries that are created dynamically for the specified inside port number. 

clear cgn nat44 protocol

Clears translation database entries that are created dynamically for the specified protocol.  
protocol (NAT44)  

service cgn

Enables an instance for the CGN application. 

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 pool-utilization

To display the outside address pool utilization details for a specified NAT44 instance, use the show cgn nat44 pool-utilization command in EXEC mode. The range of the IPv4 addresses must not be more than 255 consecutive IPv4 addresses. Any range beyond the specified limit may hog the CGSE processors resulting in unresponsive CGN commands and Health monitoring test failures which causes subsequent CGSE reload, if auto reload is not disabled.

show cgn nat44 instance-name pool-utilization inside-vrf vrf-name address-range start-address end-address

Syntax Description

nat44instance-name

Name of the NAT44 instance that is configured.

inside-vrf

Displays the contents for the inside VRF.

vrf-name

Name for the inside VRF.

address-range

Displays the range for the outside address.

start-address

Range for the start address of the outside address pool. The range of the IPv4 addresses cannot be more than 255 consecutive IPv4 addresses.

end-address

Range for the end address of the outside address pool.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

The NAT44 instance was included to the command syntax.

Usage Guidelines

The show cgn nat44 pool-utilization command displays the utilization of the outside address pool. In addition, this command displays the number of free and used ports per IPv4 address in the specified range.

Task ID

Task ID

Operations

cgn

read

Examples

The following sample output shows the number of free and used global addresses and port numbers: 


RP/0/RP0/CPU0:router# show cgn nat44 nat1 pool-utilization inside-vrf insidevrf4 address-range 17.16.6.23 20.12.23.1

Public-address-pool-utilization details
-------------------------------------------------------------------------
NAT44 instance: nat1 
VRF           : insidevrf4
-------------------------------------------------------------------------
Outside             Number            Number
Address             of                of
                    Free ports        Used ports
-------------------------------------------------------------------------
17.16.6.23          123               64388
17.16.6.120         58321             6190
17.16.6.98          98                64413
17.16.6.2           1234              60123
.
.
.
.
.
.
.
.
.
18.12.6.12          678               52789

This table describes the significant fields shown in the display.

Table 4. show cgn pool-utilization Field Descriptions

Field

Description

NAT44 instance

Name of the NAT44 instance configured

VRF

Name of the Inside VRF configured

Outside Address

Outside IPv4 address.

Number of Free Ports

Total number of Free ports available for the given Outside IPv4 address

Number of Used Ports

Total number of Used ports for the given Outside IPv4 address

Related Commands

Command Description

inside-vrf (NAT44)

Enters inside VRF configuration mode for a NAT44 instance.  

show cgn nat44 pptpCounters

To display the statistics of NAT44 instance related to Point-to-Point Tunneling Protocol (PPTP) Application-Level Gateway (ALG), use the show cgn nat44 pptpCounters command in EXEC mode.

show cgn nat44 instance-name pptpCounters

Syntax Description

instance-name

Name of the configured NAT44 instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows the statistics of PPTP ALG:

RP/0/RP0/CPU0:router# show cgn nat44 nat1 pptpCounters


PPTP Alg  counters of NAT44 instance: 'nat1'
pptp active tunnels           : 0
pptp active channels          : 0
gre in2out fwds               : 0
gre out2in fwds               : 0
gre in2out drops              : 0
gre out2in drops              : 0
pptp ctrl msg drops           : 0
start ctrl connection reqs    : 0
start ctrl connection reply   : 0
stop ctrl connection reqs     : 0
stop ctrl connection reply    : 0
echo reqs                     : 0
echo reply                    : 0
outbound connection reqs      : 0
outbound connection reply     : 0
inbound connection reqs       : 0
inbound connection reply      : 0
inbound connection connected  : 0
call clear reqs               : 0
call disconnect reqs          : 0
wan error notify              : 0
set link info                 : 0

show cgn nat44 session

To display all the active destination sessions for a given source IPv4 address and port number per NAT44 instance, use the show cgn nat44 session command in EXEC mode.

show cgn nat44 instance-name session protocol {icmp | tcp | udp} [ translation-type {alg | all | dynamic | static}] [ inside-vrf vrf-instance inside-address IPv4 address port port number

Syntax Description

session

Specifies the active session for a given source IP address and port.

instance-name

Name of the NAT44 instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

ipv4

(Optional) Displays information for the IPv4 address family.

inside-vrf

Displays the information for the inside VPN routing and forwarding (VRF) for the necessary translation details.

vrf-name

Name of the inside VRF.

inside-address

Displays the inside address for the inside VRF.

address

IPv4 address of the source.

port

Port number of the source.

port-number

Specifies the port number range from 1 to 65535.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example shows how to display all the active destination sessions for a given source IPv4 address and port number per NAT44 instance: 


RP/0/RP0/CPU0:router# 
show cgn nat44 nat44-inst session protocol tcp translation-type alg inside-address 10.1.1.50 port 123

Session details:
-----------------------------------------------------------------
NAT44 instance: nat44-inst
-----------------------------------------------------------------
Outside address: 12.168.6.231
Outside port: 235
Translation type: alg
Protocol: tcp
-----------------------------------------------------------------------
Destination IP                 Destination Port
209.85.231.104                   100
209.85.231.106                   200
.
.
.
.
209.85.231.178                   579

Related Commands

Command Description

show cgn nat44 inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT44 CGN instance.  

show cgn nat44 outside-translation

Displays the outside-address to inside-address translation details for a specified NAT44 instance.  

show cgn nat44 pool-utilization

Displays the outside address pool utilization details for a specified NAT44 instance.  

show cgn nat44 statistics

Displays the contents of the NAT44 CGN instance statistics.  

show cgn nat44 statistics

To display the contents of the NAT44 CGN instance statistics, use the show cgn nat44 statistics command in EXEC mode.

show cgn nat44 instance-name statistics

Syntax Description

instance-name

Name of the configured NAT44 instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 4.0.0

The summary keyword was removed.

Usage Guidelines

Statistics provides the total number of active translation for a given NAT44 instance and other parameters. In addition, the outside IPv4 addresses, along with the current number of ports in use, are used for translation.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows the statistics entries: 


RP/0/RP0/CPU0:router# show cgn nat44 nat1 statistics

Statistics summary of NAT44 instance: 'nat1'
Number of active translations: 34
Translations create rate: 0
Translations delete rate: 0
Inside to outside forward rate: 3
Outside to inside forward rate: 3
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resource depletion: 0
Outside to inside drops no translation entry: 9692754
Pool address totally free: 62
Pool address used: 2
Pool address usage:
-------------------------------------------------
External Address Ports Used 
-------------------------------------------------
24.114.18.53 4
24.114.18.55 30
-------------------------------------------------

The following table describes the fields seen in the output of the show cgn nat44 nat1 statistics as shown in the above example:

Name

Description

Number of active translations

Translation entries allocated in the database.

Translations create rate/Translations delete rate

Rate in sessions per second.

Inside to outside forward rate/Outside to inside forward rate

Rate in packets per second.

Inside to outside drops port limit exceeded

Packets dropped because the port-limit for the inside user has exceeded

Inside to outside drops system limit reached

Packets dropped as a result of reaching the system limit.

Inside to outside drops resource depletion

Packets dropped because no public L4 port could be allocated.

Outside to inside drops no translation entry

Packets dropped due to lack of entry in the translation database.

Pool address totally free

Addresses available from the pool.

Pool address used

Addresses utilized from the pool.

Examples

This example shows the statistics of PPTP and GRE entries: 


RP/0/RP0/CPU0:router# show cgn nat44 nat1 statistics

Statistics summary of NAT44 instance: 'nat1'
Number of active translations: 3  
Translations create rate: 0
Translations delete rate: 0
Inside to outside forward rate: 0
Outside to inside forward rate: 0
Inside to outside drops port limit exceeded: 0
Inside to outside drops system limit reached: 0
Inside to outside drops resorce depletion: 0
No translation entry drops: 0
PPTP active tunnels: 1
PPTP active channels: 2
PPTP ctrl message drops: 4

Pool address totally free: 255
Pool address used: 1
Pool address usage:
-------------------------------------------------
External Address       Ports Used  
-------------------------------------------------
52.52.52.215           3
-------------------------------------------------

show cgn nat64 stateful counters

To display the counter details of IPv4 and IPv6 stateful translations, use the show cgn nat64 stateful counters command in EXEC mode.

show cgn nat64 stateful instance-name counters

Syntax Description

instance-name

Name of the configured Stateful NAT64 instance.

Command Default

None

Command Modes

Exec mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example shows the details of IPv4 and IPv6 stateful translations:


RP/0/RP0/CPU0:router# show cgn nat64 stateful nat1 counters

Stateful NAT64 IPv6 to IPv4 counters:
========================================

TCP Incoming Count                            : 0
TCP NonTranslatable Drop Count                : 0
TCP State Drop Count                          : 0
TCP NoDb Drop Count                           : 0
TCP Translated Count                          : 0
UDP Incoimg Count                             : 0
UDP NonTranslatable Drop Count                : 0
UDP No DB Drop Count                          : 0
UDP Translated Count                          : 0
ICMP Total Incoming Count                     : 0
ICMP No DB Drop Count                         : 0
ICMP Nontranslatable Drop Count               : 0
ICMP Query Translated Count                   : 0
ICMP Error Incoming Count                     : 0
ICMP Error No DB Drop Count                   : 0
ICMP Error Invalid Nxt Hdr Drop Count         : 0
ICMP Error NonTranslatable Drop Count         : 0
ICMP Error Unsupported Type Count             : 0
ICMP Error Translated Count                   : 0
Fragment Incoming Count                       : 0
Fragment Forward Count                        : 0
Fragment Drop Count                           : 0
Fragment Throttle Count                       : 0
Fragment Timeout Count                        : 0
Fragment TCP Input Count                      : 0
Fragment UDP Input Count                      : 0
Fragment ICMP Input Count                     : 0
Fragment Invalid Input Count                  : 0
Extensions/Options Incoming Count             : 0
Extensions/Options Drop Count                 : 0
Extensions/Options Forward Count              : 0
Extensions/Options No DB drop Count           : 0
Unsupported Protocol Count                    : 0

Stateful NAT64 IPv4 to IPv6 counters
=======================================

TCP Incoming Count                            : 0
TCP NoDb Drop Count                           : 0
TCP V4 Init Policy Drop Count                 : 0
TCP State Drop Count                          : 0
TCP Translated Count                          : 0
UDP Incoimg Count                             : 0
UDP No DB Drop Count                          : 0
UDP Filter Drop Count                         : 0
UDP Translated Count                          : 0
UDP Crc Zero Drop Count                       : 0
UDP FragmentCrc Zero Drop Count               : 0
UDP CrcZeroRecy Sent Count                    : 0
UDP CrcZeroRecy Drop Count                    : 0
ICMP Total Incoming Count                     : 0
ICMP No DB Drop Count                         : 0
ICMP Filter drop Count                        : 0
ICMP Query Translated Count                   : 0
ICMP Error Incoming Count                     : 0
ICMP Error No DB Drop Count                   : 0
ICMP Error Unsupported Type Count             : 0
ICMP Error Unsupported Protocol Count         : 0
ICMP Error Translated Count                   : 0
Fragment Incoming Count                       : 0
Fragment Forward Count                        : 0
Fragment Drop Count                           : 0
Fragment Throttle Count                       : 0
Fragment Timeout Count                        : 0
Fragment TCP Input Count                      : 0
Fragment UDP Input Count                      : 0
Fragment ICMP Input Count                     : 0
Options Incoming Count                        : 0
Options Drop Count                            : 0
Options Forward Count                         : 0
Options No DB drop count                      : 0
Options Unsupported Protocol Count            : 0

ICMP generated counters :
==========================
IPv4 ICMP Messages generated count            : 0
IPv6 ICMP Messages generated count            : 0

Related Commands

Command Description

show cgn nat64 stateful inside-translation

 Displays the translation table entries for an inside-address to outside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful outside-translation

 Displays the translation table entries for an outside-address to inside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful pool-utilization

 Displays the outside address pool utilization details for a specified NAT64 stateful instance. 

show cgn nat64 stateful session

 Displays all the active destination sessions for a given source IPv6 address and port number. 

show cgn nat64 stateful statistics

 Displays the contents of the NAT64 stateful instance statistics.  

show cgn nat64 stateful inside-translation

To display the translation table entries for an inside-address to outside-address for a specified NAT64 stateful instance, use the show cgn nat64 stateful inside-translation command in EXEC mode.

show cgn nat64 stateful instance-name inside-translation protocol {icmp | tcp | udp} [translation-type {alg | all | dynamic | static}] inside-address ipv6 address port start port number end port number

Syntax Description

instance-name

Name of the NAT64 instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

inside-address

Displays the inside address for the protocol.

ipv6 address

IPv6 address.

port

Displays the range of the port numbers.

start port number

The start port from which the translation table entries should be displayed.

end port number

The end port till which the translation table entries should be displayed.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example displays the translation table entries for an inside-address to outside-address for a specified NAT64 stateful instance: 


RP/0/RP0/CPU0:router# 
show cgn nat64 stateful nat1 inside-translation protocol tcp inside-address 2001:db8:ff00::1 port start 23 end 56

Inside-translation details 
-----------------------------------
NAT64 Stateful instance : stful1
----------------------------------------------------------------------------------------------------
Outside		    Protocol   Inside      Outside     Translation    Inside            Outside
Address		               Source      Source      Type           to                to
                        Port	       Port                       Outside           Inside
                                                               Packets           Packets
----------------------------------------------------------------------------------------------------
12.168.6.231	  tcp	    34	          2356	         alg          875364            65345
12.168.6.98	   tcp	    56	          8972	         static       78645	            56343
12.168.2.12	   tcp	    21	          2390	         static	      45638	            89865
12.168.2.123	  tcp	    34	           239	         dynamic	     809835	           67854
.
.
.
.
.
12.168.2.123	  tcp	    34	          3899	         dynamic	      9835	            6785

Related Commands

Command Description

show cgn nat64 stateful counters

 Displays the counter details of IPv4 and IPv6 stateful translations. 

show cgn nat64 stateful outside-translation

 Displays the translation table entries for an outside-address to inside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful pool-utilization

 Displays the outside address pool utilization details for a specified NAT64 stateful instance. 

show cgn nat64 stateful session

 Displays all the active destination sessions for a given source IPv6 address and port number. 

show cgn nat64 stateful statistics

 Displays the contents of the NAT64 stateful instance statistics.  

show cgn nat64 stateful outside-translation

To display the translation table entries for an outside-address to inside-address for a specified NAT64 stateful instance, use the show cgn nat64 stateful outside-translation command in EXEC mode.

show cgn nat64 stateful instance-name outside-translation protocol {icmp | tcp | udp} [translation-type {alg | all | dynamic | static}] outside-address ipv4 address port start port number end port number

Syntax Description

instance-name

Name of the NAT64 instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

outside-address

Displays the outside address for the protocol.

ipv4 address

IPv4 address.

port

Displays the range of the port numbers.

start port number

The start port from which the translation table entries should be displayed.

end port number

The end port till which the translation table entries should be displayed.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example displays the translation table entries for an outside-address to inside-address for a specified NAT64 stateful instance: 


RP/0/RP0/CPU0:router# 
show cgn nat64 stateful nat1 outside-translation protocol tcp outside-address 2001:db8:ff00::1 port start 23 end 56

Outside-translation details 
-----------------------------------
NAT64 Stateful instance : stful1
----------------------------------------------------------------------------------------------------
Outside		              Protocol   Outside     Inside      Translation    Inside            Outside
Address		                         Source      Source      Type           to                to
                                  Port	       Port                       Outside           Inside
                                                                         Packets           Packets
----------------------------------------------------------------------------------------------------
2001:471:1f11:251::1   udp	       314	     	  56	     	   alg		          8753              51345
2001:471:1f11:251::1	  udp	       981		       32919	     	alg		          2901		            790
2001:471:1f11:251::1	  udp	       823		       2919	     	 alg												9901														8911
2001:471:1f11:251::1	  udp	       2191		      919	     	  alg												9627														9087
2001:471:1f11:251::1	  udp	       1981		      119	     	  alg												82901													2345
2001:471:1f11:251::1	  udp	       981		       3919	     	 alg												1901														12345

Related Commands

Command Description

show cgn nat64 stateful counters

 Displays the counter details of IPv4 and IPv6 stateful translations. 

show cgn nat64 stateful inside-translation

 Displays the translation table entries for an inside-address to outside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful pool-utilization

 Displays the outside address pool utilization details for a specified NAT64 stateful instance. 

show cgn nat64 stateful session

 Displays all the active destination sessions for a given source IPv6 address and port number. 

show cgn nat64 stateful statistics

 Displays the contents of the NAT64 stateful instance statistics.  

show cgn nat64 stateful pool-utilization

To display the outside address pool utilization details for a specified NAT64 stateful instance, use the show cgn nat64 stateful pool-utilization command in EXEC mode. The range of the IPv4 addresses must not be more than 255 consecutive IPv4 addresses.

show cgn nat64 stateful instance-name pool-utilization address-range start-address end-address

Syntax Description

instance-name

Name of the NAT64 instance that is configured.

address-range

Displays the range for the outside address.

start-address

Range for the start address of the outside address pool. The range of the IPv4 addresses cannot be more than 255 consecutive IPv4 addresses.

end-address

Range for the end address of the outside address pool.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

The following sample output shows the number of free and used global addresses and port numbers: 


RP/0/RP0/CPU0:router# 
show cgn nat64 stateful nat1 pool-utilization address-range 17.16.6.23 17.16.6.125

Public-address-pool-utilization details
-------------------------------------------------------------------------
NAT64 stateful instance: stful1 
-------------------------------------------------------------------------
Outside						Number								Number
Address						of 											of
													Free ports				Used ports	
-------------------------------------------------------------------------
17.16.6.23			123											64388			
17.16.6.120		58321									6190
17.16.6.98			98												64413
17.16.6.2				1234										60123
.
.
.
.
.
.
.
.
.
17.12.6.12			678											52789

Related Commands

Command Description

show cgn nat64 stateful counters

 Displays the counter details of IPv4 and IPv6 stateful translations. 

show cgn nat64 stateful inside-translation

 Displays the translation table entries for an inside-address to outside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful outside-translation

 Displays the translation table entries for an outside-address to inside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful session

 Displays all the active destination sessions for a given source IPv6 address and port number. 

show cgn nat64 stateful statistics

 Displays the contents of the NAT64 stateful instance statistics.  

show cgn nat64 stateful session

To display all the active destination sessions for a given source IPv6 address and port number per NAT64 stateful instance, use the show cgn nat64 stateful session command in EXEC mode.

show cgn nat64 stateful instance-name session protocol {icmp | tcp | udp} [ translation-type {alg | all | dynamic | static}] [ inside-address IPv6 address port port number

Syntax Description

instance-name

Name of the NAT64 instance that is configured.

protocol

Displays the name of the protocols.

icmp

Displays the ICMP protocol.

tcp

Displays the TCP protocol.

udp

Displays the UDP protocol.

translation-type

(Optional) Displays the translation type.

alg

(Optional) Displays only the ALG translation entries.

all

(Optional) Displays all the translation entries, for example, alg, dynamic, and static.

dynamic

(Optional) Displays only the dynamic translation entries.

static

(Optional) Displays only the static translation entries.

inside-address

Displays the inside address.

address

IPv6 address of the source.

port

Port number of the source.

port-number

Specifies the port number range from 1 to 65535.

Command Default

None

Command Modes

Exec

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example shows how to display all the active destination sessions for a given source IPv4 address and port number per NAT44 instance: 


RP/0/RP0/CPU0:router# 
show cgn nat64 stateful s1 session protocol tcp translation-type alg inside-address2001:471:1f11:251::1port 123

Session details:
-----------------------------------------------------------------
NAT64 stateful instance: s1
-----------------------------------------------------------------
Outside address: 12.168.6.231
Outside port: 235
Translation type: alg
Protocol: tcp
-----------------------------------------------------------------------
Destination IP                 Destination Port
209.85.231.104                   100
209.85.231.106                   200
.
.
.
.
209.85.231.178               579

Related Commands

Command Description

show cgn nat64 stateful counters

 Displays the counter details of IPv4 and IPv6 stateful translations. 

show cgn nat64 stateful inside-translation

 Displays the translation table entries for an inside-address to outside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful outside-translation

 Displays the translation table entries for an outside-address to inside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful pool-utilization

 Displays the outside address pool utilization details for a specified NAT64 stateful instance. 

show cgn nat64 stateful statistics

 Displays the contents of the NAT64 stateful instance statistics.  

show cgn nat64 stateful statistics

To display the contents of the NAT64 stateful instance statistics, use the show cgn nat64 stateful statistics command in EXEC mode.

show cgn nat64 stateful instance-name statistics

Syntax Description

instance-name

Name of the configured NAT64 instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This output shows the statistics entries: 


RP/0/RP0/CPU0:router#show cgn nat64 stateful s1 statistics

NAT 64 stateful statistics 
---------------------------
Statistics summary of NAT64 stateful: 's1'
Number of active translations: 45631
Number of static translations: 1500
Number of dynamic translations: 44131

Number of sessions: 20
Input drops port limit exceeded: 0
Input drops system limit reached: 0
Inside to outside drops resource depletion: 0
Outside drops no translation entry: 0
Filtering drops: 0
Pool address totally free: 195
Pool address used: 23

The following table describes the fields seen in the output of the show cgn nat64 stateful statistics as shown in the above example:

Name

Description

Number of active translations

Translation entries allocated in the database.

Number of static translations

Statically created entries

Number of dynamic translations

Dynamically created entries

Number of sessions

Number of sessions that use the translation entries.

Input drops port limit exceeded

Packets dropped as a result of exceeding the port limit.

Input drops system limit reached

Packets dropped as a result of reaching the system limit.

Inside to outside drops resource depletion

Packets dropped because no public L4 port could be allocated.

Outside drops no translation entry

Packets dropped due to lack of entry in the translation database.

Filtering drops

Packets dropped because of the address filtering policy.

Pool address totally free

Addresses available from the pool.

Pool address used

Addresses utilized from the pool.

Related Commands

Command Description

show cgn nat64 stateful counters

Displays the counter details of IPv4 and IPv6 stateful translations. 

show cgn nat64 stateful inside-translation

Displays the translation table entries for an inside-address to outside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful outside-translation

Displays the translation table entries for an outside-address to inside-address for a specified NAT64 stateful instance. 

show cgn nat64 stateful pool-utilization

Displays the outside address pool utilization details for a specified NAT64 stateful instance. 

show cgn nat64 stateful session

Displays all the active destination sessions for a given source IPv6 address and port number. 

show cgn nat44 static-map

To display the mapping details of static source or static destination address translation, use the show cgn nat44 static-map command.

show cgn nat44 instance-name static-map i2o-src | i2o-dst inside-vrf vrf-name { forward | reverse} staticnat-address IP address

Syntax Description

i2o-src

Displays the details of the Inside-to-Outside source mapping.

i2o-dst

Displays the details of the Inside-to-Outside destination mapping.

inside-vrf vrf-name

Specifies the inside VRF for which the translation details are needed.

forward

Specifies the premap IP address for the inside VRF for which the corresponding postmap IP address has been mapped is displayed.

reverse

Specifies the postmap IP address for the inside VRF for which the corresponding premap IP address has been mapped is displayed.

staticnat-address IP address

Specifies the static NAT address.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 5.2.0

This command was introduced.

Release 6.0

The new keyword i2o-src was added as part of Static Source NAT feature.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows sample output for static destination address mapping: 


RP/0/RP0/CPU0:router# 
show cgn nat44 nat1 static-map i2o-dst inside-vrf red2 forward staticnat-address 13.1.1.0 num-entries 100

Static DEST NAT Mapping details inside a Vrf 
-----------------------------------------------------------------------------------------------
NAT44 instance    : nat1
VRF               : red2
-----------------------------------------------------------------------------------------------
Static NAT Address             Static NAT Mapped Address                                                     
-----------------------------------------------------------------------------------------------
13.1.1.0                       12.1.1.0        
RP/0/RSP0/CPU0:NAT44#

This example shows sample output for static source address mapping: 

RP/0/RP0/CPU0:router # show cgn nat44 nat1 static-map i2o-src inside-vrf insidevrf1 forward staticnat-address 20.1.1.3
-----------------------------------------------------------------------------------------------
NAT44 instance    : nat1
VRF name          : insidevrf1
------------------------------------------------------------------------------------------------
Address: Port      Mapped Address: Port    I2O Packet Count         O2I Packet Count        
------------------------------------------------------------------------------------------------
20.1.1.3:17767         100.1.1.0:9158        0                        0                       
20.1.1.3:34299         100.1.1.0:42281       0                        0 

…..………………………….

show cgn pcpcounters

To display PCP related statistics per CGN instance, use the show cgn pcpcounters command in EXEC mode.

show cgn instance-name pcpcounters

Syntax Description

instance-name

Name of the CGN instance.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This command displays the statistics corresponding to CGN instances:


show cgn c1 pcpcounters

PCP  counters of NAT44 instance: 'cgn1'
pcp input                             : 3
pcp output                            : 3
pcp service nat44                     : 3
pcp service dslite                    : 0
pcp drops                             : 0
pcp in2out key in use                 : 0
pcp throttle drops                    : 0
pcp udp length                        : 0
pcp nrequest                          : 0
pcp minimum udp length                : 0
pcp maximum udp length                : 0
pcp mod4 length                       : 0
pcp invalid 3rd party length          : 0
pcp invalid option                    : 0
pcp version                           : 0
pcp invalid opcode                    : 0
pcp invalid client ip                 : 0
pcp invalid proto                     : 0
pcp invalid port                      : 0
pcp invalid vrfmap                    : 0
pcp invalid external address          : 3
pcp out address in use                : 0
pcp exact match                       : 0
pcp exact entry created               : 0
pcp exact db allocation failed        : 0
pcp udb mismatch                      : 0
pcp exact db not allocated            : 3
pcp static entry present              : 0
pcp entry deleted                     : 0
pcp 3rd party option present          : 0
pcp map input                         : 3
pcp map minimum length                : 0
pcp map maximum length                : 0
pcp map invalid option                : 0
pcp map invalid option length         : 0
pcp map pref fail option              : 0
pcp map invalid delete request        : 0
pcp map delete request                : 0
pcp map create request                : 3
pcp map refresh                       : 0
pcp peer input                        : 0
pcp peer invalid length               : 0
pcp peer delete request               : 0
pcp peer create request               : 0
pcp peer address mismatch             : 0
pcp peer refresh                      : 0

show cgn tunnel v6rd statistics

To display the IPv6 Rapid Deployment (6RD) tunnel statistics information for a CGN instance, use the show cgn tunnel v6rd statistics command in the EXEC mode.

show cgn tunnel v6rd 6rd-instance statistics

Syntax Description

tunnel

Indicates the tunnel type.

v6rd

Specifies the 6rd information.

6rd-instance

Instance name.

statistics

Specifies the statistics details for 6rd.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This sample output shows the summary of the statistics entries: 


RP/0/RP0/CPU0:router#show cgn tunnel v6rd 6rd1 statistics

Tunnel 6rd configuration
=========================
Tunnel 6rd name: 6rd1
IPv6 Prefix/Length: 2001:db8::/32
Source address: 9.1.1.1
BR Unicast address: 2001:db8:901:101::1
IPv4 Prefix length: 0
IPv4 Suffix length: 0
TOS: 0, TTL: 255, Path MTU: 1280
Tunnel 6rd statistics
======================
IPv4 to IPv6
=============
Incoming packet count : 2296951183
Incoming tunneled packets count : 2296951183
Decapsulated packets : 0
ICMP translation count : 0
Insufficient IPv4 payload drop count : 0
Security check failure drops : 0
No DB entry drop count : 0
Unsupported protocol drop count : 0
Invalid IPv6 source prefix drop count : 2296951183
IPv6 to IPv4
=============
Incoming packet count : 0
Encapsulated packets count : 0
No DB drop count : 0
Unsupported protocol drop count : 0
IPv4 ICMP
==========
Incoming packets count : 0
Reply packets count : 0
Throttled packet count : 0
Nontranslatable drops : 0
Unsupported icmp type drop count : 0
IPv6 ICMP
==========
Incoming packets count : 0
Reply packets count : 0
Packet Too Big generated packets count : 0
Packet Too Big not generated packets count : 0
NA generated packets count : 0
TTL expiry generated packets count : 0
Unsupported icmp type drop count : 0
Throttled packet count : 0
IPv4 to IPv6 Fragments
=======================
Incoming fragments count : 0
Reassembled packet count : 0
Reassembled fragments count : 0
ICMP incoming fragments count : 0
Total fragment drop count : 0
Fragments dropped due to timeout : 0
Reassembly throttled drop count : 0
Duplicate fragments drop count : 0
Reassembly disabled drop count : 0
No DB entry fragments drop count : 0
Fragments dropped due to security check failure : 0
Insufficient IPv4 payload fragment drop count : 0
Unsupported protocol fragment drops : 0
Invalid IPv6 prefix fragment drop count : 0
IPv6 to IPv4 Fragments
=======================
Incoming ICMP fragment count : 0
RP/0/RP1/CPU0:#
=================================================================================

The following table describes the fields seen as shown in the above example:


Note
The same field description is applicable to IPv4 and IPv6 packets appropriately.

Name

Description

Incoming packet count

Total number of incoming packets

Incoming tunneled packets count

Total No of 6rd tunnel packets

Decapsulated packets

Number of decapsulated packets

ICMP translation count

ICMPv4 to ICMPv6 translated count

Insufficient IPv4 payload drop count

Number of packets dropped due to missing IPv6 header.

Security check failure drops

Number of packets dropped due to security check failure.

No DB entry drop count

Number of packets dropped due to incomplete or missing 6rd configuration.

Unsupported protocol drop count

Number of packets dropped due to unsupported protocol.

Invalid IPv6 source prefix drop count

Number of packets dropped due to invalid IPv6 source prefix.

Reply packets count

Total ICMPv4 echo replies by the Border Relay (BR) router.

Throttled packet count

Total ICMPv4 packets which are rate-limited by the BR router

Nontranslatable drops

Number of packets dropped without translating.

Unsupported icmp type drop count

Number of packets dropped due to unsupported ICMP type.

Packet Too Big generated packets count Total ICMPv6 Packet Too Big (PTB) messages generated by the BR router.
Packet Too Big not generated packets count

Total ICMPv6 packets for which PTB messages were not generated by the BR router.

NA generated packets count

Total ICMPv6 Neighbor Advertisement (NA) packets generated by the BR router.

TTL expiry generated packets count

Total ICMPv6 TTL expiry messages generated by the BR router.

Incoming fragments count

Number of incoming fragments.

Reassembled packet count

Number of reassembled packets.

Reassembled fragments count

Number of reassembled fragments.

ICMP incoming fragments count

Number of ICMP incoming fragments.

Total fragment drop count

Number of fragments dropped.

Fragments dropped due to timeout

Number of fragments dropped due to timeout.

Reassembly throttled drop count

Number of fragments throttled

Duplicate fragments drop count

Number of fragments dropped due to duplication (repeated fragment offset).

Reassembly disabled drop count

Number of fragments dropped while reassembly is disabled.

No DB entry fragments drop count

Number of fragments dropped due to incomplete or missing 6rd configuration.

Fragments dropped due to security check failure

Number of fragments dropped due to missing IPv6 header.

Insufficient IPv4 payload fragment drop count

Number of fragments dropped due to missing IPv6 header.

Unsupported protocol fragment drops

Number of fragments dropped due to unsupported protocol.

Invalid IPv6 prefix fragment drop count

Number of fragments dropped due to invalid IPv6 prefix.

Related Commands

Command Description

clear cgn tunnel v6rd statistics

Clears all the statistics for a IPv6 Rapid Deployment (6RD) instance 

show cgn utilization throughput

To display the throughput of CGSE or CGSE-PLUS, use the show cgn utilization throughput command in the EXEC mode.

show cgn instance name utilization throughput [ cpu < 0-63 | all> ] [ threshold < % threshold level> ]

Syntax Description

instance name

Specifies the CGN instance name.

throughput

Displays the amount of traffic coming into CGSE or CGSE plus.

cpu < 0-63 | all>

Displays the output for a particular core if specified (0-63) or for all the cores (all).

threshold % threshold level

Specifies the data for only those cores that have exceeded the value specified by the % threshold level.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 5.2.0

This command was introduced for the CGSE card.

Release 5.3.1

The support is extended to the CGSE-PLUS card.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read

Examples

This example shows the statistics entries: 


RP/0/RP0/CPU0:router# show cgn cgn1 utilization throughput cpu 50

RP/0/RP1/CPU0:Tasman#show cgn cgn1 utilization throughput cpu 50
Wed Nov 13 11:07:14.236 IST
---------------------------------------------------------
CGN instance name: cgn1
---------------------------------------------------------
CPU-core        Last 1sec               Last 5min               Peak value
                kbps    pps             kbps    pps             kbps    pps
50         315487    84482         110222    59466         317358    84983





RP/0/RP0/CPU0:router#  show cgn cgn1 utilization throughput cpu all threshold 95

RP/0/RP1/CPU0:Tasman#show cgn cgn1 utilization throughput cpu all threshold 95
Wed Nov 13 11:07:14.236 IST
---------------------------------------------------------
CGN instance name: cgn1
---------------------------------------------------------
CPU-core        Last 1sec               Last 5min               Peak value
                kbps    pps             kbps    pps             kbps    pps
All       1898026  2754578        1156109  1267997        1939104  2765570
1          323628    86662          37467    39984         325282    87101
2          326496    87430          38583    40282         328023    87837
3          326518    87436          38754    40328         328154    87874
4          322071    86245          36192    39642         322560    86376
5          321637    86129          35896    39563         321947    86212
6          324229    86823          37511    39995         325704    87218
7          324823    86982          37584    40015         325398    87136
16         316152    84660          33221    38846         317694    85073
17         317522    85027          33620    38953         317892    85126
18         318519    85294          34582    39211         321171    86004
19         319617    85588          34828    39277         321462    86082
20         315326    84437          34440    39173         317657    85063
21         317369    84986          33711    38978         318448    85275
22         318165    85199          34286    39132         319460    85546
23         319498    85556          34749    39256         320719    85883
32         326556    87446          38969    40386         328875    88067
33         328916    88078          39689    40579         329917    88346
34         326772    87504          38468    40251         327437    87682
35         328819    88052          39784    40604         330525    88509
36         329144    88139          39706    40583         330047    88381
37         328244    87898          38945    40379         328303    87914
38         328307    87915          39324    40481         329267    88172
39         328561    87983          39131    40429         328725    88027
48         312809    83765          32430    38635         314288    84161
49         314632    84253          33120    38819         316297    84699
50         315110    84381          33490    38918         317358    84983
51         316219    84678          34241    39120         319348    85516
52         316477    84747          33504    38922         316477    84747
53         316312    84703          33686    38971         317093    84912
54         317167    84932          34219    39114         318265    85226
55         318280    85230          34520    39194         319203    85477

show cgv6 map-e statistics

To display the MAP-E instance statistics, use the show cgv6 map-e statistics command in EXEC mode.

show cgv6 map-e instance-name statistics

Syntax Description

instance-name

Name of the configured MAP-E instance.

statistics

Specifies the statistics of the configured MAP-E instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 5.3.2

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgv6

read

Examples

This output shows the statistics entries for a MAP-E instance: 


RP/0/RP0/CPU0:router# show cgv6 map-e map1 statistics

Cgv6 Map-e IPv6 to IPv4 counters:

======================================

Translated Udp Count: 0
Translated Tcp Count: 0
Translated Icmp Count: 0
Cgv6 Map-e IPv4 to IPv6 counters:

======================================

Translated Udp Count: 0
Translated Tcp Count: 0
Translated Icmp Count: 0

show cgv6 map-t statistics

To display the MAP-T instance statistics, use the show cgv6 map-t statistics command in EXEC mode.

show cgv6 map-t-ciscoinstance-namestatistics

Syntax Description

instance-name

Name of the configured MAP-T instance.

statistics

Specifies the statistics of the configured MAP-T instance.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 6.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

cgv6

read

Examples

This output shows the statistics entries for a MAP-T instance:

RP/0/RSP0/CPU0:router# show cgv6 map-t-cisco map1 statistics

Map-t-cisco IPv6 to IPv4 counters:
======================================

Translated Udp Count: 0

Translated Tcp Count: 0

Translated Icmp Count: 0


Map-t-cisco IPv4 to IPv6 counters:
======================================

Translated Udp Count: 0

Translated Tcp Count: 0

Translated Icmp Count: 0


Map-t-cisco exception IPv6 to IPv4 counters:
======================================

TCP Incoming Count: 0
TCP NonTranslatable Drop Count: 0
TCP Invalid NextHdr Drop Count: 0
TCP NoDb Drop Count: 0
TCP Translated Count: 0

UDP Incoming Count: 0
UDP NonTranslatable Drop Count: 0
UDP Invalid Next Hdr Drop Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0

ICMP Total Incoming Count: 0
ICMP No DB Drop Count: 0
ICMP Fragment drop count: 0
ICMP Invalid NxtHdr Drop Count: 0
ICMP Nontanslatable Drop Count: 0
ICMP Nontanslatable Fwd Count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count: 0

Subsequent Fragment Incoming Count: 300
Subsequent Fragment NonTranslateable Drop Count: 200
Invalid NextHdr Drop Count: 0
Subsequent Fragment No Db Drop Count: 0
Subsequent Fragment Translated Count: 100

Extensions/Options Incoming Count: 0
Extensions/Options Drop Count: 0
Extensions/Options Forward Count: 0

Extensions/Options No DB drop Count: 0
Unsupported Protocol Count: 0

Map-t-cisco exception packets IPv4 to IPv6 counters:
======================================

TCP Incoming Count: 0
TCP No Db Drop Count: 0
TCP Translated Count: 0

UDP Incoming Count: 0
UDP No Db Drop Count: 0
UDP Translated Count: 0
UDP FragmentCrc Zero Drop Count: 0
UDP CrcZeroRecy Sent Count: 0
UDP CrcZeroRecy Drop Count: 0

ICMP Total Incoming Count: 0
ICMP No Db Drop Count: 0
ICMP Fragment drop count: 0
ICMP UnsupportedType Drop Count: 0
ICMP Err Translated Count: 0
ICMP Query Translated Count

Description of the show output fields

Output Field Description
Translated Udp Count Number of UDP packets translated to IPv4/IPv6
Translated Tcp Count Number of TCP packets translated to IPv4/IPv6
Translated Icmp Count Number of TCP packets translated to IPv4/IPv6
TCP Incoming Count Number of incoming packets on a port
TCP NonTranslatable Drop Count Number of IPV4/IPV6 packets that were dropped because of translation to IPv4/IPv6 failure.
TCP Invalid NextHdr Drop Count Number of packets that were dropped due to invalid next hop
TCP NoDb Drop Count Number of packets for which there is no MAP-T configuration
TCP Translated Count Number of TCP packets that were translated
UDP Incoming Count Number of incoming UDP packets on a port
UDP NonTranslatable Drop Count Number of IPV4/IPV6 packets that were dropped because of translation to IPv4/IPv6 failure.
UDP Invalid Next Hdr Drop Count Number of packets that were dropped due to invalid next hop
UDP No Db Drop Count Number of packets for which there is no MAP-T configuration
UDP Translated Count Number of translated UDP packets
ICMP Total Incoming Count Number of incoming ICMP packets on a port
ICMP No DB Drop Count Number of ICMP packets for which there is no MAP-T configuration.
ICMP Fragment drop count Number of ICMP fragmented packets that are dropped and not forwarded.
ICMP Invalid NxtHdr Drop Count Number of packets that were dropped due to invalid next hop.
ICMP Nontanslatable Drop Count Number of packets that could not be converted to IPv4/IPv6 and are dropped.
ICMP Nontanslatable Fwd Count Number of packets that could not be converted to IPv4/Ipv6 and were forwarded to VSM
ICMP UnsupportedType Drop Count Number of non ICMP packets that were dropped
ICMP Err Translated Count Number of packets that had errors while translating to IPv4/IPv6
ICMP Query Translated Count Number of ICMP packets that were translated to IPv4/IPv6
Subsequent Fragment Incoming Count Number of incoming IPv6 packets that were fragmented.
Subsequent Fragment NonTranslateable Drop Count Number of IPv6 packets dropped without translating.
Invalid NextHdr Drop Count Number of packets that were dropped due to invalid next hop.
Subsequent Fragment No Db Drop Count Number of IPv6 packets dropped due to missing MAP-T configuration
Subsequent Fragment Translated Count Number of IPv6 packets that were translated.
Extensions/Options Incoming Count Number of IPv6 packets that came in with extended options in the header.
Extensions/Options Drop Count Number of IPv6 packets with extended options in the header that were dropped.
Extensions/Options Forward Count Number of IPv6 packets with extended options in the header that were forwarded.
Extensions/Options No DB drop Count Number of IPv6 packets with extended configuration in the header that were dropped due to missing MAP-T configuration
Unsupported Protocol Count Number of Ipv6 packets dropped due to unsupported Layer-4 protocol.
UDP Incoming Count Number of incoming UDP packets
UDP No Db Drop Count Number of UDP packets for which there is no MAP-T configuration.
UDP Translated Count Number of UDP packets translated to IPv4/IPv6
UDP FragmentCrc Zero Drop Count Number of fragmented UDP packets dropped due to 0 checksum.
UDP CrcZeroRecy Sent Count Number of packet with 0 checksum sent back to IPv4 ServiceApp. These packets are then recycled and sent back with valid checksum.
UDP CrcZeroRecy Drop Count Number of UDP packets with 0 checksum that are not recycled and dropped.

show services redundancy

To display the current active and standby CGSE in an intra chassis redundancy setup, use the show services redundancy command in EXEC mode.

show services redundancy {brief | detail | summary}location node-id

Syntax Description

brief

Displays a brief view of redundant nodes of instances.
detail

Displays a detailed view of redundant nodes of instances.
summary

Displays a summary of redundant nodes of instances.
location node-id

Specifies the location. The node-id argument is entered in the rack/slot/module notation.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 3.9.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example shows the sample output of show services redundancy command when the configured preferred active node 0/0/CPU0 is in Active state: 


RP/0/RP0/CPU0:routershow services redundancy

Service type     Name                    Pref. Active        Pref. Standby      
--------------------------------------------------------------------------------
ServiceInfra     ServiceInfra1           0/0/CPU0 Active    
ServiceInfra     ServiceInfra2           0/2/CPU0 Active    
ServiceCgn       cgn1                    0/0/CPU0 Active     0/2/CPU0 Standby

This example shows the sample output of show services redundancy command when the configured preferred standby node 0/2/CPU0 is in Active state: 


RP/0/RP0/CPU0:routershow services redundancy

Service type     Name                    Pref. Active        Pref. Standby      
--------------------------------------------------------------------------------
ServiceInfra     ServiceInfra1           0/0/CPU0 Active    
ServiceInfra     ServiceInfra2           0/2/CPU0 Active    
ServiceCgn       cgn1                    0/0/CPU0 Standby     0/2/CPU0 Active

show virtual-service

To display the output of the Virtual Machines (VM) of VSM, use the show virtual-service command in EXEC mode.

show virtual-services {detail | global | list}

Syntax Description

detail

Shows the output of the VMs in detail.

global

Shows the global information of the VMs.

list

Shows the list of service VMs.

Command Default

None

Command Modes

EXEC mode

Command History

Release Modification

Release 5.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read

Examples

This example shows a sample output of the show virtual-services command. 




RP/0/RSP0/CPU0:router#show virtual-service list
Virtual Service List:
Name             Status              Package Name
---------------------------------------------------------
cgn123          Installing        asr9k-vsm-cgv6.ova

RP/0/RSP0/CPU0:router#sh virtual-service list
Virtual Service List:
Name             Status              Package Name
---------------------------------------------------------
cgn123          Installed         asr9k-vsm-cgv6.ova






RP/0/RSP0/CPU0:router#show virtual-service detail  name cgn1 node 0/1/CPU0
Virtual Service cgn1 Detail
  State                   : Activated
  Node name               : 0/1/CPU0
  Node status             : Install Mgr Ready, SDR Mgr Ready
  Package information
    Name                  : asr9k-vsm-cgv6.ova
    Path                  : disk0:/asr9k-vsm-cgv6.ova
    Application
      Name                : CGv6
      Installed version   : 1.0
      Description         : Carrier Grade NAT
    Signing
      Key type            : Unknown Package
      Method              : SHA1
    Licensing
      Name                : Not Available
      Version             : Not Available

  Activated profile name  : None

  Resource reservation
   Disk   : 10000MB
   Memory : 32768MB
   CPU    : 75 (system CPU %)
   VCPU   : 60

  Attached devices
  #             Type Name      Alias
  1         Watchdog None      None
  2            CDROM hdc       ide0-1-0
  3              HDD hda       DD_10GB_UM_local
  4       Serial/aux None      serial1
  5     Serial/shell None      serial0
  6              NIC net1      net1
  7              NIC net1      net1
  8              NIC net1      net1
  9              NIC net1      net1
  10             NIC net1      net1
  11             NIC net1      net1
 12             NIC net1      net1
  13             NIC net1      net1
  14             NIC net1      net1
  15             NIC net1      net1
  16             NIC net1      net1
  17             NIC net1      net1

Network interfaces:
    Name
    TenGigE0/1/1/0
    TenGigE0/1/1/1
    TenGigE0/1/1/2
    TenGigE0/1/1/3
    TenGigE0/1/1/4
    TenGigE0/1/1/5
    TenGigE0/1/1/6
    TenGigE0/1/1/7
    TenGigE0/1/1/8
    TenGigE0/1/1/9
    TenGigE0/1/1/10
    TenGigE0/1/1/11

  Resource admission (without profile)
    Disk space            : 10000MB
    Memory                : 32768MB
    CPU                   : 100% system CPU 3:22 PM 





RP/0/RSP0/CPU0:router#show virtual-service global
Virtual Service Global State and Virtualization Limits:

Infrastructure version  :  1.5
Total virtual services installed  :  1
Total virtual services activated  :  1

Machine types supported  : KVM
Machine types disabled   : none

Node information:
Node name: 0/RSP0/CPU0
    State: Connected

    Resource virtualization limits:
    Name                   Quota    Committed    Available
    ------------------------------------------------------
    Unavailable

Node name: 0/1/CPU0
    State: Connected (Install Mgr Ready, SDR Mgr Ready)

    Maximum VCPUs per virtual service : 75

    Resource virtualization limits:
    Name                   Quota    Committed    Available
    ------------------------------------------------------
    VCPU                      75         60         15
    system CPU (%)            93         75         18
    memory (MB)            58368      32766      25602
    disk (MB)              49152      10000      39152
    network interface         14         12          2
    crypto engine              4          0          4

source-address (6rd)

To assign an ipv4 address as the tunnel source address, use the source-address command in 6RD configuration mode. To remove the source address assigned to the tunnel, use the no form of this command.

source-address address

Syntax Description

address

Indicates the Source IP address.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

For a 6RD tunnel, configure the ipv6-prefix , ipv4 source-address and unicast IPv6 address in a single commit operation. Once configured, the source-address cannot be deleted individually. It must be deleted along with all br tunnel configuration parameters.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the 6RD tunnel source-address:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# source-address 10.2.2.1

Related Commands

Command Description

ipv4 prefix (6rd)

 Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel. 

ipv4 suffix (6rd)

 Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel. 

ipv6-prefix (6rd)

 Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. 

unicast address (6rd)

 Assigns an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration. 

static-forward inside

To enable forwarding for the static port for an inside IPv4 address and inside port combination, use the static-forward inside command in CGN inside VRF NAT44 protocol configuration mode. To disable static forwarding, use the no form of this command.

static-forward inside

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

CGN inside VRF NAT44 protocol configuration

Command History

Release Modification
Release 3.9.1

This command was introduced.

Usage Guidelines

The static-forward inside command enters CGN inside VRF static port inside configuration mode.

If the static-forward inside command is executed successfully along with the inside IPv4 address and port information, CGN can dynamically allocate one free outside IPv4 address and outside port number from the outside address pool. A common use for static PAT is to allow Internet users from the public network to access a server located in the private network.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure static port forwarding:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# static-forward inside
RP/0/RP0/CPU0:router(config-cgn-ivrf-sport-inside)#

static-mapping-file direction

To configure static destination address translation, use the static-mapping-file direction command. To delete the existing configuration, use the no static-mapping-file direction command.

static-mapping-file direction i20-dst location of the .csv file

Syntax Description

direction

Specifies the direction of static mapping.

i20-dst

Specifies the destination mapping in the Inside-to-Outside direction.

location of the .csv file

Specifies the name of the static mapping configuration file and its path.

Command Default

None

Command Modes

CGN inside VRF NAT44 protocol configuration

Command History

Release Modification
Release 5.2.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure static port forwarding: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# map outside-vrf blue2 outsideServiceApp ServiceApp4 address-pool 119.0.0.0/19
RP/0/RP0/CPU0:router(config-cgn-invrf-afi)#  static-mapping-file direction i2o-dst /disk0:/ 30K.CSV

tcp mss (CGN)

Use the tcp mss command to adjust the TCP maximum segment size (MSS) value for a ServiceApp interface. To disable a particular service application interface, use the no form of this command.

tcp mss<28-1500>

Syntax Description

<28-1500>

Maximum segment size to be used in bytes.

Command Default

tcp mss value is disabled by default.

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

If this configuration does not exist, TCP determines the maximum segment size based on the settings specified by the application process, interface maximum transfer unit (MTU), or MTU received from Path MTU Discovery. This is a NAT64 stateless translation command to be applied for each NAT64 stateless CGN instance. This command enables rewriting of the tcp mss value in the translated IPv4 packet (getting translated from IPv6 to IPv4), if the incoming tcp mss value is greater than the value configured by this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure TCP MSS value as 1000 for a NAT64 stateless ServiceApp interface: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# interface ServiceApp 2
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv4
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# tcp mss 1000

Related Commands

Command Description

protocol (NAT44)

Enters the ICMP, TCP, and UDP protocol configuration mode.  

service cgn

Enables an instance for the CGN application. 

tcp-policy (Stateful NAT64)

To enable TCP policy that allows IPv4 initiated TCP sessions, use the tcp-policy command in NAT64 stateful configuration mode. To disable the policy, use the no form of this command.

tcp-policy

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enable TCP policy that allows IPv4 initiated TCP sessions for a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# tcp-policy
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)#

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

ubit-reserved (Stateful NAT64)

 Enables reserving ubits in an IPv6 address. 

timeout (DS-LITE)

To configure the timeout for the ICMP session for a DS-Lite instance, use the timeout command in DS-Lite configuration mode. To return to the default value of 60 seconds, use the no form of this command.

timeout seconds

Syntax Description

seconds

Timeout value. Range is from 1 to 65535.

Command Default

The default timeout value is 60 seconds

Command Modes

DS-Lite configuration mode

Command History

Release Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the timeout period for an ICMP session for a DS-Lite instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite-inst
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-ds-lite-proto)# timeout 999

timeout (DS-LITE Netflow9)

To configure the frequency at which the netflow9 template is refreshed or resent to the netflow9 server for a DS-Lite instance, use the timeout command in CGN DS-Lite external logging server configuration mode.

To return to the default value of 30 minutes, use the no form of this command.

timeout value

Syntax Description

value

Value, in minutes, for the timeout. Range is from 1 to 3600.

Command Default

value : 30

Command Modes

CGN DS-Lite external logging server configuration

Command History

Release

Modification
Release 4.2.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the timeout value as 50 for a DS-Lite instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type ds-lite ds-lite1
RP/0/RP0/CPU0:router(config-cgn-ds-lite)# external-logging netflow9
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-ds-lite-extlog-server)# timeout 50

Related Commands

Command Description

address (DS-LITE Netflow9)

  

path-mtu (DS-LITE Netflow9)

 Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. 

refresh rate (DS-LITE Netflow9)

  

timeout (NAT44)

To configure the timeout for the ICMP session for a CGN instance, use the timeout command in NAT44 protocol configuration mode. To return to the default value of 60 seconds, use the no form of this command.

timeout seconds

Syntax Description

seconds

Timeout value. Range is from 1 to 65535.

Command Default

The default timeout value is 60 seconds.

Command Modes

NAT44 protocol configuration

Command History

Release

Modification
Release 3.9.1

This command was introduced.
Release 4.3.0

Support for GRE data channels was added.

Usage Guidelines

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

This is a NAT44 service type specific command to be applied for each CGN instance. This command configures the initial and active timeout value in seconds for TCP or UDP sessions for a CGN instance. For ICMP and GRE, the user can configure only the timeout value.


Note

The destination port/destination address timeout configuration is not supported for ICMP and GRE.

For TCP and UDP, the per port active timeout session is prioritized according to these criteria, higher to lower precedence:

  1. A destination address and port combination

  2. A destination address

  3. A destination port

  4. Default protocol timeout

Enter up to 1000 timer entries (inclusive of port only, ip only or port/ip combo).

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the timeout value as 908 for the ICMP session: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol icmp
RP/0/RP0/CPU0:router(config-cgn-proto)# timeout 908

This example shows how to configure the destination address value as 600 for the tcp session:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf red
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# address 40.1.1.2 timeout 600

This example shows how to configure the destination port value as 600 for the tcp session:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf red
RP/0/RP0/CPU0:router(config-cgn-invrf)# protocol tcp
RP/0/RP0/CPU0:router(config-cgn-invrf-proto)# port 80 timeout 600
This example shows how to configure timeout values for a GRE session:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat44-1
RP/0/RP0/CPU0:router(config-cgn-nat44)# protocol gre
RP/0/RP0/CPU0:router(config-cgn-proto)# timeout 908

timeout (NAT44 Netflow Version 9)

To configure the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server, use the timeout command in CGN inside-VRF external logging server configuration mode.

To revert back to the default value of 30 minutes, use the no form of this command.

timeout value

Syntax Description

value

Value, in minutes, for the timeout. Range is from 1 to 3600.

Command Default

value : 30

Command Modes

CGN inside VRF external logging server configuration

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Usage Guidelines

After a certain amount of minutes has elapsed since the template was last sent, the timeout value is resent to the logging server.

The netflowv9 based logging requires that a logging template be sent to the server periodically. The timeout value implies that after that number of minutes has elapsed since the template was last sent, the template will be resent to the logging server. The refresh-rate value implies that after sending that number of packets to the server, the template will be resent. The timeout and refresh-rate values are mutually exclusive; that is, the one that expires first is the one considered for resending the template.


Note

Only when the ipv4 address and port number for the logging server has been configured, the configurations for path-mtu , refresh-rate and timeout are applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the timeout value as 50 for the NetFlow logging information for the NAT table entries: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat44 nat1
RP/0/RP0/CPU0:router(config-cgn-nat44)# inside-vrf insidevrf1
RP/0/RP0/CPU0:router(config-cgn-invrf)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog)# server
RP/0/RP0/CPU0:router(config-cgn-invrf-af-extlog-server)# timeout 50

Related Commands

Command Description

external-logging (NAT44 Netflow)

Enables external logging of a NAT44 instance.  

inside-vrf (NAT44)

Enters inside VRF configuration mode for a NAT44 instance.  

server (NAT44)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility. 

service cgn

Enables an instance for the CGN application. 

timeout (Stateful NAT64 Netflow Version 9)

To configure the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server, use the timeout command in NAT64 Stateful configuration mode.

To return to the default value of 30 minutes, use the no form of this command.

timeout value

Syntax Description

value

Value, in minutes, for the timeout. Range is from 1 to 3600.

Command Default

30 minutes

Command Modes

NAT64 Stateful configuration

Command History

Release

Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how to configure the timeout value as 50 for the NetFlow logging information for the NAT table entries: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# external-logging netflow version 9
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# server
RP/0/RP0/CPU0:router(config-cgn-nat64-extlog-server)# timeout 50

Related Commands

Command Description

address (Stateful NAT64 Netflow Version 9)

  

path-mtu (Stateful NAT64 Netflow Version 9)

 Sets the Maximum Transmission Unit (MTU) of the path to log NetFlow-based external logging information. 

refresh rate (Stateful NAT64 Netflow Version 9)

 Configures the refresh rate to log NetFlow-based external logging information. 

session-logging (Stateful NAT64 Netflow Version 9)

 Enables session logging for a NAT64 Stateful instance. 

tos (6rd)

To configure the IPv4 tunnel type of service, use the tos command in 6RD configuration mode. To disable the type of service, use the no form of this command.

tos value

Syntax Description

value

Value of the type of service to be set. The range is from 0 to 255.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the 6RD tunnel type of service: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# tos 25

traceroute (CGN)

To configure a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received, use the traceroute command. To remove the pool of IPv4 addresses used for mapping the non-translatable IPv6 source addresses, use the no form of this command.

traceroute translation address-pool <A.B.C.D/prefix IP subnet mask>algorithm | hash | random | ttl

Syntax Description

translation

Specifies the configuration related to translating traceroute addresses.

address-pool

Specifies the IPv4 address pool for traceroute addresses.

A.B.C.D/ prefix IP subnet

Indicates the start address and prefix for the address pool.

algorithm

Indicates the algorithm to translate IPv6 address to IPv4 address.

hash

Indicates the hashing algorithm.

random

Randomly generated algorithm.

ttl

Specifies time to live algorithm.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

These IPv4 addresses are not allowed to be configured through this command:

  1. 127.0.01

  2. 224.0.0.0 onwards

  3. All zero addresses

  4. Broadcast address

The value for prefix can range from 1 to 32. There is only one such map per instance of stateless ipv4 to ipv6 service-type. When there is no pool of IPv4 addresses to translate the non-translatable IPv6 source address, packets coming with non-translatable IPv6 source addresses are dropped.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the address-pool: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# traceroute translation address-pool 121.1.2.0/24

This example shows how to configure the random algorithm: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# traceroute translation algorithm Random

This example shows how to configure the hash algorithm: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# traceroute translation algorithm Hash

This example shows how to configure the TTL algorithm: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# traceroute translation algorithm TTL

Related Commands

Command Description

address-family ipv4 (Stateless NAT64)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (Stateless NAT64)

Enters the IPv6 address family configuration mode.  

ipv6-prefix (6rd)

Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. 

service cgn

Enables an instance for the CGN application. 

service-type nat64 (Stateless)

Creates a nat64 stateless application  

ubit-reserved (CGN)

Reserves the bits 64 to 71 for the IPv6 addresses.  

traceroute (MAP-T)

To configure traceroute translation algorithms, use the traceroute command in MAP-T configuration mode. To undo the configuration, use the no form of this command.

traceroute translation [ [address-pool address / subnet mask] | [algorithm {Hash | Random | TTL}]]

Syntax Description

translation

Specifies the configurations related to translating traceroute addresses.
address-pool

Specifies the IPv4 address pool for traceroute addresses.
address / subnet mask

Specifies the start address and prefix of the IPv4 address pool.
algorithm

Specifies the algorithm to translate IPv6 address to IPv4 address. Can be Hash, Random, or TTL (Time-to-Live) algorithms.
Hash

Specifies the Hash algorithm for translation.
Random

Specifies the random entries for translation.
TTL

Specifies the TTL entries.

Command Default

None

Command Modes

MAP-T configuration

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the traceroute translation algorithm:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type map-t map-t-inst
RP/0/RP0/CPU0:router(config-cgn-mapt)# traceroute translation algorithm hash

Related Commands

Command Description

address-family (MAP-T)

 Configures IPv4 or IPv6 address for a MAP-T instance.  

clear cgn map-t statistics

 Clears the statistics of a MAP-T instance. 

contiguous-ports (MAP-T)

 Configures the number of contiguous ports for a MAP-T instance.  

cpe-domain (MAP-T)

 Configures the Customer Premises Equipment (CPE ) domain parameters. 

external-domain (MAP-T)

 Configures the external domain's IPv6 prefix to convert IPv4 addresses into IPv6 addresses and vice versa. 

sharing-ratio (MAP-T)

 Configures the port sharing ratio. 

show cgn map-t statistics

 Displays the MAP-T instance statistics.  

traffic-class (CGN)

Use the traffic-class command to configure the traffic class value to be used when translating a packet from IPv4 to IPv6. To copy the traffic-class value from ipv4 packet, use the no form of this command.

traffic-class value

Syntax Description

value

The value of traffic class to be set. It ranges from 0 to 255.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the CGN-NAT64 traffic class value: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# address-family ipv6
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# interface ServiceApp 461
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless-afi)# traffic-class 20

Related Commands

Command Description

address-family ipv6 (Stateless NAT64)

Enters the IPv6 address family configuration mode.  

df-override (CGN)

Sets the do not fragment bit  

service cgn

Enables an instance for the CGN application. 

service-type nat64 (Stateless)

Creates a nat64 stateless application  

ttl (6rd)

To configure the ipv4 tunnel time to live (ttl) , use the ttl command. To undo the configuration, use the no form of this command.

ttl value

Syntax Description

value

Time-to-live value to be used for IPv4 tunnel. The range is from 1 to 255.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the 6RD tunnel time to live value: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router#(config)# service cgn cgn1
RP/0/RP0/CPU0:router#(config-cgn)service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# ttl 25

Related Commands

Command Description

address-family (6rd)

Binds an ipv4 or ipv6 ServiceApp interface to a 6rd instance.  

br (6rd)

Enables the Border Relay(BR) configuration. 

path-mtu (6rd)

Configures the ipv4 tunnel MTU (Maximum Transmission Unit) size for an IPv6 Rapid Deployment (6RD) instance.  

reassembly-enable (6rd)

Reassembles the fragmented packets.  

reset-df-bit (6rd)

Enables anycast mode.  
tos (6rd)  

ubit-reserved (CGN)

To reserve the bits 64 to 71 in the IPv6 addresses, use the ubit-reserved command. To cancel the IPv6 addresses from getting reserved to bits 64 to 71, use the no form of this command. They may be used to store IPv4 address octets as part of translation.

ubit-reserved

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

CGN-NAT64

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

This is a NAT64 stateless translation command to be applied for each instance of NAT64 stateless of a CGN instance. When this configuration is enabled bits 64 to 71 in the IPv6 addresses are reserved for purposes including U-Bit. These are not used for translation purposes.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the nat64 stateless ubit-reserved option: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateless xlat1
RP/0/RP0/CPU0:router(config-cgn-nat64-stateless)# ubit-reserved

Related Commands

Command Description

address-family ipv4 (Stateless NAT64)

Enters the IPv4 address family configuration mode.  

address-family ipv6 (Stateless NAT64)

Enters the IPv6 address family configuration mode.  

ipv6-prefix (6rd)

Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. 

service cgn

Enables an instance for the CGN application. 

service-type nat64 (Stateless)

Creates a nat64 stateless application  

traceroute (CGN)

Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received.  

ubit-reserved (Stateful NAT64)

To enable reserving ubits in an IPv6 address for a NAT64 stateful instance, use the ubit-reserved command in NAT64 stateful configuration mode. To disable, use the no form of this command.

ubit reserved

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

NAT64 stateful configuration mode

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to enable reserving ubits in IPv6 address for a NAT64 stateful instance:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn-inst
RP/0/RP0/CPU0:router(config-cgn)# service-type nat64 stateful nat64-inst
RP/0/RP0/CPU0:router(config-cgn-nat64-stateful)# ubit-reserved

Related Commands

Command Description

address-family (Stateful NAT64)

 Configures IPv4 or IPv6 address on a NAT64 instance. 

dynamic-port-range (Stateful NAT64)

 Configures ports dynamically. 

external-logging (Stateful NAT64 Netflow)

 Enables external logging of a NAT64 Stateful instance. 

fragment-timeout (Stateful NAT64)

 Specifies time interval to store packet fragments. 

ipv4 (Stateful NAT64)

 Assigns ipv4 address pool. 

ipv6-prefix (Stateful NAT64)

 Converts an IPv6 address to an IPv4 address. 

portlimit (Stateful NAT64)

 Restricts the number of ports used by an IPv6 address. 

protocol (Stateful NAT64)

 Enters the ICMP, TCP, and UDP protocol configuration mode. 

refresh-direction (Stateful NAT64)

 Specifies the outbound refresh direction. 

service-type nat64 (Stateful NAT64)

 Creates a NAT64 stateful instance. 

tcp-policy (Stateful NAT64)

 Enables TCP policy that allows IPv4 initiated TCP sessions. 

unicast address (6rd)

To assign an IPv6 address to be used for a IPv6 Rapid Deployment (6RD) Border Relay (BR) unicast configuration, use the unicast address command in 6RD configuration mode. To remove the assigned unicast address, use the no form of this command.

unicast address address

Syntax Description

address

IPv6 address used for unicast from IPv6 network.

Command Default

None

Command Modes

6RD configuration

Command History

Release Modification
Release 4.1.0

This command was introduced.

Usage Guidelines

For a 6RD tunnel, configure the br with ipv6-prefix, ipv4 source-address and unicast IPv6 address in a single commit operation. Once configured, the unicast address cannot be deleted individually. It must be deleted along with all br (Border Relay) tunnel configuration parameters.

The ipv6 unicast address is derived from these: ipv6 prefix, ipv6 prefix length, ipv4 prefix length and ipv4 suffix length, and tunnel source address.

Here's the formula to calculate the IPv6 unicast address:

ipv6 unicast address = <ipv6-prefix> + (remove ipv4 prefix length bits from starting and ipv4 suffix length bits from ending of tunnel source address) :: <number>

Task ID

Task ID Operation

cgn

read, write

Examples

This example shows how to configure the 6RD tunnel unicast address:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service cgn cgn1
RP/0/RP0/CPU0:router(config-cgn)# service-type tunnel v6rd 6rd1
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd)# br
RP/0/RP0/CPU0:router(config-cgn-tunnel-6rd-br)# unicast address 2001:db8:a02:102::1

Related Commands

Command Description

ipv4 prefix (6rd)

 Assigns a value for the ipv4-prefix length to be used as part of both ends of tunnel. 

ipv4 suffix (6rd)

 Assigns a value for the ipv4-suffix length to be used as part of both ends of a tunnel. 

ipv6-prefix (6rd)

 Generates the delegated ipv6 prefix for a IPv6 Rapid Deployment (6RD) application. 

source-address (6rd)

 Assigns an ipv4 address as the tunnel source address. 

virtual-service

To configure and activate a virtual service, use the virtual-service command. To disable the virtual service, use the no virtual-service command.

Command Behavior in Different Command Modes

You can run this command in both global configuration mode as well as EXEC mode.

virtual-service in Global Configuration Mode

virtual-service <virtual service name> enable

Syntax Description

<virtual service name>

Specifies the name of the virtual service.

enable

Enables the virtual service.

virtual-service in EXEC Mode

virtual-service {connect name virtual-service-name [aux console node node-name] | install name virtual-service-name | uninstall name virtual-service-name}

Syntax Description

connect name

Connects to the virtual service. The keyword name specifies the name of the appliance.

aux

Connects to the aux port.

console node

Connects to the console port of the particular card specified by the keyword node.

install name

Installs the virtual service. The keyword name specifies the name of the appliance.

uninstall name

Uninstalls the virtual service. The keyword name specifies the name of the appliance.

<virtual service name>

Specifies the name of the virtual service. The virtual service name can contain only alphanumeric characters (A to Z, a to z, or 0 to 9) or an underscore (_). All other special characters are not allowed.

<node name>

Specifies the name of the card.

Command Default

None

Command Modes

Global Configuration mode and EXEC mode

Command History

Release Modification

Release 5.1.1

This command was introduced.

Usage Guidelines


Note
Use Ctrl ^ e to disconnect from the VM.

Task ID

Task ID Operation
eem

read, write

Examples

RP/0/RSP0/CPU0:router(config)#virtual-service enable
 RP/0/RSP0/CPU0:router(config)#commit

Examples

The following is an example of the virtual-service connect command: 

RP/0/RSP0/CPU0:router #virtual-service connect name cgn1 console node 0/0/CPU0
 RP/0/RSP0/CPU0:router #commit

The following is an example of the virtual-service install command: 

RP/0/RSP0/CPU0:router #virtual-service install name cgn1 package disk0:/asr9k-vsm-cgv6-5.2.2.02.ova node 0/7/CPU0
 RP/0/RSP0/CPU0:router #commit

vrf (cgn)

Use the vrf command to configure a VPN routing and forwarding (VRF) instance. To disable the VRF, use the no form of this command.

vrf vrf-name

Syntax Description

vrf-name

The CGN application uses inside vrfs and outside vrfs exclusively. These names cannot be used: all, default, and global.

Command Default

None

Command Modes

CONFIG-IF

Command History

Release Modification

Release 4.1.0

This command was introduced.

Usage Guidelines


Note

The number of supported VRFs is platform specific. For the CGN application, use only these vrf-names: insidevrf1 and outsidevrf1. The CGN application uses inside vrfs and outside vrfs exclusively, and the user needs to name and use them accordingly.

Task ID

Task ID Operation

ip services

read, write

Examples

This example shows how to create an inside and outside VRF using the vrf command: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# vrf insidevrf1
RP/0/RP0/CPU0:router(config-vrf)# vrf outsidevrf1
RP/0/RP0/CPU0:router(config-vrf)# exit

Related Commands

Command Description

hw-module service cgn location

Enables a CGN service role on a specified location.  

interface ServiceApp

Enables the application SVI interface. 

interface ServiceInfra

Enables the infrastructure SVI interface. 

service cgn

Enables an instance for the CGN application.