Foundry Switch and Router Installation and Configuration Guide
20 - 8
December 2000
Each NAT entry remains in the NAT translation table until the entry ages out. The age timers apply globally to all
interfaces on which NAT is enabled.
•
Dynamic timeout – This age timer applies to all entries (static and dynamic) that do not use Port Address
Translation. The default is 120 seconds.
•
UDP timeout – This age timer applies to entries that use Port Address Translation based on UDP port
numbers. The default is 120 seconds.
•
TCP timeout – This age timer applies to entries that use Port Address Translation based on TCP port
numbers. The default is 120 seconds.
NOTE:
This timer applies only to TCP sessions that do not end “gracefully”, with a TCP FIN or TCP RST.
•
TCP FIN/RST timeout – This age timer applies to TCP FIN (finish) and RST (reset) packets, which normally
terminate TCP connections. The default is 120 seconds.
NOTE:
This timer is not related to the TCP timeout. The TCP timeout applies to packets to or from a host
address that is mapped to an global IP address and a TCP port number (Port Address Translation feature).
The TCP FIN/RST timeout applies to packets that terminate a TCP session, regardless of the host address or
whether Port Address Translation is used.
•
DNS timeout – This age timer applies to connections to a Domain Name Server (DNS). The default is 120
seconds.
To change the timeout for a dynamic entry type, use the following CLI method.
USING THE CLI
To change the age timeout for all entries that do not use Port Address Translation to 1800 seconds (one half hour),
enter a command such as the following at the global CONFIG level of the CLI:
BigIron(config)# ip nat timeout 1800
Syntax:
[no] ip nat translation timeout | udp-timeout | tcp-timeout | finrst-timeout | dns-timeout <secs>
Use one of the following parameters to specify the dynamic entry type:
•
timeout
– All entries that do not use Port Address Translation. The default is 120 seconds.
•
udp-timeout
– Dynamic entries that use Port Address Translation based on UDP port numbers. The default
is 120 seconds.
•
tcp-timeout
– Dynamic entries that use Port Address Translation based on TCP port numbers. The default is
120 seconds.
•
finrst-timeout
– TCP FIN (finish) and RST (reset) packets, which normally terminate TCP connections. The
default is 120 seconds.
•
dns-timeout
– Connections to a Domain Name Server (DNS). The default is 120 seconds.
The <secs> parameter specifies the number of seconds. For each entry type, you can enter a value from 1 –
3600.
Displaying the Active NAT Translations
To display the currently active NAT translations, display the NAT translation table using the following CLI method.
NOTE:
For information about the aging timer for NAT translation entries, see “Changing Translation Table
Timeouts” on page 20-7.
USING THE CLI
To display the currently active NAT translations, enter the following command at any level of the CLI:
Summary of Contents for Switch and Router
Page 2: ...December 2000 Copyright 2000 by Foundry Networks Inc ...
Page 26: ...Foundry Switch and Router Installation and Configuration Guide xxvi December 2000 ...
Page 64: ...Foundry Switch and Router Installation and Configuration Guide 2 34 December 2000 ...
Page 162: ...Foundry Switch and Router Installation and Configuration Guide 5 38 December 2000 ...
Page 196: ...Foundry Switch and Router Installation and Configuration Guide 6 34 December 2000 ...
Page 208: ...Foundry Switch and Router Installation and Configuration Guide 7 12 December 2000 ...
Page 236: ...Foundry Switch and Router Installation and Configuration Guide 8 28 December 2000 ...
Page 258: ...Foundry Switch and Router Installation and Configuration Guide 9 22 December 2000 ...
Page 420: ...Foundry Switch and Router Installation and Configuration Guide 13 32 December 2000 ...
Page 442: ...Foundry Switch and Router Installation and Configuration Guide 14 22 December 2000 ...
Page 554: ...Foundry Switch and Router Installation and Configuration Guide 15 112 December 2000 ...
Page 574: ...Foundry Switch and Router Installation and Configuration Guide 16 20 December 2000 ...
Page 626: ...Foundry Switch and Router Installation and Configuration Guide 17 52 December 2000 ...
Page 682: ...Foundry Switch and Router Installation and Configuration Guide 18 56 December 2000 ...
Page 826: ...Foundry Switch and Router Installation and Configuration Guide 20 20 December 2000 ...
Page 994: ...Foundry Switch and Router Installation and Configuration Guide 26 10 December 2000 ...
Page 1004: ...Foundry Switch and Router Installation and Configuration Guide B 6 December 2000 ...
Page 1044: ...Foundry Switch and Router Installation and Configuration Guide C 40 December 2000 ...
Page 1048: ...Foundry Switch and Router Installation and Configuration Guide D 4 December 2000 ...
Page 1070: ...Foundry Switch and Router Installation and Configuration Guide Index 18 December 2000 ...