Advanced Configuration and Management Guide

These commands configure a standard ACL for the private sub-net 10.10.10.x/24, then enable inside NAT for the sub-net. Make sure you specify permit in the ACL, rather than deny. If you specify deny, the HP device will not provide NAT for the addresses.

Example with Port Address Translation Enabled

To configure dynamic NAT with the Port Address Translation feature enabled, enter commands such as the following at the global CONFIG level of the CLI:

HP9300(config)# access-list 1 permit 10.10.10.0/24

HP9300(config)# ip nat pool OutAdds 209.157.1.2 209.157.1.254 prefix-length 24 HP9300(config)# ip nat inside source list 1 pool OutAdds overload

These commands are the same as the ones in “Example with Port Address Translation Disabled”, except the ip nat inside source command uses the overload parameter. This parameter enables the Port Address Translation feature.

Command Syntax

Syntax: [no] ip nat pool <pool-name> <start-ip> <end-ip> netmask <ip-mask> prefix-length <length>

This command configures the address pool.

The <pool-name> parameter specifies the pool name. The name can be up to 255 characters long and can contain special characters and internal blanks. If you use internal blanks, you must use quotation marks around the entire name.

The <start-ip> parameter specifies the IP address at the beginning of the pool range. Specify the lowest­ numbered IP address in the range.

The <end-ip> parameter specifies the IP address at the end of the pool range. Specify the highest-numbered IP address in the range.

NOTE: The address range cannot contain any gaps. Make sure you own all the IP addresses in the range. If the range contains gaps, you must create separate pools containing only the addresses you own.

The netmask <ip-mask> prefix-length<length> parameter specifies a classical sub-net mask (example: netmask 255.255.255.0) or the length of a Classless Interdomain Routing prefix (example: prefix-length 24).

NOTE: The maximum number of global IP addresses you can configure depends on how much memory the routing switch has and whether you enable the Port Address Translation feature. Regardless of the amount of memory, you cannot configure more than 256 global IP addresses.

Syntax: [no] ip nat inside source list <acl-name-or-num> pool <pool-name> [overload]

This command associates a private address range with a pool of Internet addresses and optionally enables the Port Address Translation feature.

The inside source parameter specifies that the translation applies to private addresses sending traffic to global addresses (Internet addresses).

The list <acl-name-or-num> parameter specifies a standard or extended ACL. You can specify a numbered or named ACL.

NOTE: For complete standard and extended ACL syntax, see “Using Access Control Lists (ACLs)” on page 3-1.

The pool <pool-name> parameter specifies the pool. You must create the pool before you can use it with this command.

The overload parameter enables the Port Address Translation feature. Use this parameter if the IP address pool does not contain enough addresses to ensure NAT for each private address. The Port Address Translation feature conserves Internet addresses by mapping the same Internet address to more than one private address and using a TCP or UDP port number to distinguish among the private hosts. The device supports up to 50 global IP addresses with this feature enabled.

11 - 6