Configuring an LSNAT Virtual Server describes how to configure an LSNAT virtual server.
Step | Task | Command(s) |
---|---|---|
1 | In global router configuration command mode, specify a name for this IPv4 or IPv6 virtual server. The virtual server IP address context must match the client context. | {ip | ipv6} slb vserver vserver-name |
2 | In SLB virtual server configuration command mode, optionally specify a match source port to virtual server binding behavior. Any is not supported by IPv6. (Default = exact). | binding match source-port {any | exact} |
3 | In SLB virtual server configuration command mode, associate this IPv4 or IPv6 virtual server with a server farm. The server farm IP address context can be either IPv4 or IPv6. | serverfarm serverfarm-name |
4 | In SLB virtual server configuration command mode, configure the virtual server IP address (VIP) or proceed to the next step and configure a range of virtual server IP addresses. You must specify whether the VIP uses TCP or UDP. For TCP ports you can optionally specify the FTP service; for UDP ports you can optionally specify the TFTP service. The virtual IP address type must agree with the client IP address type. | virtual ip-address {tcp | udp} port [service service-name] [all-vrfs] |
5 | In SLB virtual server configuration command mode, if you did not configure a VIP in the preceding step, configure a range of virtual server IP addresses. You must specify whether the VIPs will use TCP or UDP. For TCP ports you can optionally specify the FTP service; for UDP ports you can optionally specify TFTP service. The virtual IP address type must agree with the client IP address type. | virtual-range start-address end-address {tcp | udp} port [service service-name] [all-vrfs] |
6 | In SLB virtual server configuration command mode, optionally configure a client source NAT pool to source NAT the traffic through the virtual server with the IP addresses from the NAT pool for an LSNAT44 configuration. For any IPv6 LSNAT configuration (LSNAT46, LSNAT64, or LSNAT66) you must configure a source NAT pool specifying an IP address and prefix length. | source nat pool {poolname | ip-address/prefix-len} |
7 | In SLB virtual server configuration command mode, optionally set the number of seconds of idle time to elapse before a binding will be deleted for both an IPv4 or IPv6 virtual server configuration. (Default = 240 seconds). | idle timeout timeperiod |
8 | In SLB virtual server configuration command mode, enable the virtual server for service | inservice |
9 | In SLB virtual server configuration command mode, optionally configure this IPv4 or IPv6 virtual server to participate in VRRP state changes. Specify the VLAN on which the VRRP is configured and the virtual router ID associated with the routing interface for this VRRP. | vrrp vlan vlan vrid |
10 | In SLB virtual server configuration command mode, optionally restrict access to this IPv4 or IPv6 virtual server to configured clients. In an IPv6 virtual server context an ACL list must be specified. | client {ip-address network-mask | ip-address/prefixlength | acl-list} |
11 | In SLB virtual server configuration command mode, optionally configure UDP application connections to delete the binding when the reply packet is received. Bindings created by UDP-one-shot will not result in the installation of a hardware connection. | udp-one-shot |
12 | In SLB virtual server configuration command mode, optionally configure the stickiness type. | sticky type [sip | sip dip-dport] |
13 | In SLB virtual server configuration command mode optionally configure the sticky entry timeout value for this virtual server. | sticky timeout timeperiod |
14 | Exit the SLB virtual server configuration command mode to get to global configuration command mode. | exit |
15 | In global configuration command mode, optionally allow specific clients to access the load balancing IPv4 or IPv6 real servers in a particular LSNAT server farm without address translation. | ip slb real-server access client {ip-address mask | ip-prefix/length | acl-list} ipv6 slb real-server access client acl-list |
16 | In global configuration command mode, allow all clients to access the IPv4 or IPv6 real servers directly without restriction. | {ip | ipv6} slb real-server access unrestricted |
17 | In global configuration command mode, configure the router to return a TCP RST (reset) packet when a client tries to access an IPv4 or IPv6 real server directly on a TCP port used by LSNAT. | {ip | ipv6} slb real-server access tcp-reset |
18 | Optionally clear sticky entries or remove bindings. | clear ip slb {sticky | bindings} {all | id id | match {sip | *} {sport | *} {dip | *} {dport | *}} |