How Do I Configure Batch Port Mapping?

AR Router Troubleshooting Guide

Methods to Obtain Help
About This Document
Instructions for Maintenance Engineers
- Precautions
- Data Backup
- Troubleshooting Process
Using eDesk for Network Maintenance and Troubleshooting
Using the Troubleshooting Insights for Fault Diagnosis and Rectification
Routine Maintenance
- Routine Maintenance Overview
- Checking the Device Operating Environment
- Checking the Basic Device Information
- Checking the Device Running Status
- Checking the Interface Information
- Checking Services
Hardware Maintenance
- Replacing a Card
- Replacing a Power Module
- Replacing a Fan Module
- Replacing an Optical Module
- Replacing a SIM Card (on a Card)
Troubleshooting: Common Information Collection and Fault Diagnostic Commands
- display Commands
- reset Commands
- Ping and Tracert
- Alarms
- Logs
- Packet Headers Obtaining
Troubleshooting: Forgetting Passwords
- Recovering the Console Port Password
- Recovering the Telnet Login Password
- Recovering the BootROM Password
Troubleshooting: System Maintenance Methods
- Using the RESET or RST Button on an AR Router to Restore Its Default Configuration
- Restoring the Default Settings Using the Configuration File
- Restarting the Device
- Upgrading the Device
- Transferring Files Using FTP/TFTP
Troubleshooting: Startup Failures
- A Terminal Does Not Display Anything or Displays Garbled Characters
- Device Restarts Unexpectedly
Troubleshooting: Hardware
- Data Cannot Be Written into the SD Card
- A Card Fails to Be Registered
- Troubleshooting Cases for Hardware
Troubleshooting: Basic Configuration
- CPU Usage Is High
- A User Fails to Log In to the Server Through Telnet
- A User Fails to Log In to the Server Through SSH
- An FTP Connection Fails to Be Set Up
- Troubleshooting Cases for Basic Configuration
Troubleshooting: Network Management
- Monitoring Device Does Not Receive Any Mirrored Packet After Port Mirroring Is Configured
- Monitoring Device Does Not Receive Any Mirrored Packets After Traffic Mirroring Is Configured
- PSE Cannot Detect a PD
- PSE Cannot Provide Power for a PD
- An SNMP Connection Cannot Be Established
- The NMS Fails to Receive Trap Messages from the Host
- NM Cannot Receive RMON Alarms
- A UDP Jitter Test Instance Fails to Be Started
- A Drop Record Exists in the UDP Jitter Test Result
- A Busy Record Exists in the UDP Jitter Test Result
- A Timeout Record Exists in the UDP Jitter Test Result
- The UDP Jitter Test Result Is "Failed", "No Result" or "Packet Loss"
- Clock Is Not Synchronized
- Failed to Manage the Device Using CWMP
- The Ping Operation Fails
- Troubleshooting Cases for Network Management
Troubleshooting: Interface Management
- Eth-Trunk Interface Cannot Forward Traffic
- Statistics on Sent and Received Data Packets Are Incorrect on the Serial Interface
- E1/T1 Interface in Up State Fails to Correctly Send and Receive Data
- Packets Fail to Be Forwarded on an ADSL Interface Working in ATM Mode
- Packets Fail to Be Forwarded on a G.SHDSL Interface Working in ATM Mode
- Dialup Parameters Are Correctly Configured but 3G/LTE/5G Calls Fail
- Troubleshooting Cases for Interface Management
Troubleshooting: LAN
- Users in a VLAN Cannot Communicate with Each Other
- Correct MAC Address Entries Cannot Be Generated
- MSTP Topology Change Leads to Service Interruption
- Layer 2 Traffic Forwarding in a Bridge Group Fails
- Traffic Forwarding in IP Routing of Bridge Groups Fails
Troubleshooting: WAN
- FR Frequently Flaps or Cannot Become Up
- Local Device Fails to Ping the Remote Device When the Link Protocol Status of Their Connected FR Interfaces Is Up
- Traffic Forwarding Fails on an FR Link
- Local Device Fails to Ping the Remote Device When the Link Protocol Status of Their Connected MFR Interfaces Is Up
- Failed to Initiate Calls
- Failed to Receive Calls
- Link Failed to Be Established on ISDN Interfaces
- PPPoE Dialup Fails
- Protocol Status of a PPP Interface Is Down
- Troubleshooting Cases for WAN
Troubleshooting: IP Service
- A Client Cannot Obtain an IP Address (the device Functions as the DHCP Server)
- A Client Cannot Obtain an IP Address (the device Functions as the DHCP Relay Agent)
- DHCP Troubleshooting
- Troubleshooting Internet Access Failures
- Troubleshooting Slow Internet Access Issues
- Internal Host with a Conflicting IP Address Fails to Access an External Server
- Troubleshooting Cases for IP Service
Troubleshooting: IP Routing
- Device Does Not Receive Some or All RIP Routes
- Device Does Not Send Some or All RIP Routes
- The OSPF Neighbor Relationship Is Down
- The OSPF Neighbor Relationship Cannot Reach the Full State
- The BGP Peer Relationship Fails to Be Established
- BGP Public Network Traffic Is Interrupted
- BGP Private Network Traffic Is Interrupted
- Troubleshooting Cases for IP Routing
Troubleshooting: IP Multicast
- Users in User VLANs Fail to Receive Multicast Packets (IGMP snooping)
- Multicast Traffic Is Interrupted
- The PIM Neighbor Relationship Remains Down
- The RPT on a PIM-SM Network Fails to Forward Data
- The SPT on a PIM-SM Network Fails to Forward Data
- MSDP Peers Cannot Generate Correct (S, G) Entries
- The Multicast Device Cannot Generate IGMP Entries or MLD Entries
Troubleshooting: QoS
- Traffic Policy Fails to Take Effect
- Packets Enter Incorrect Queues
- Priority Mapping Results Are Incorrect
- Interface-based Traffic Policing Results Are Incorrect
- Queue-based Traffic Shaping Results Are Incorrect
- Congestion Avoidance Fails to Take Effect
- Congestion Management Fails to Take Effect
Troubleshooting: Security
- Packet Filtering Firewall Fails Because of Invalid ACL Configuration
- SYN Flood Attacks Are Detected on a Network
- The ARP Entry of an Authorized User Is Maliciously Modified
- The Gateway Address Is Maliciously Changed
- User Traffic Is Interrupted by a Large Number of Bogus ARP Packets
- IP Address Scanning Occurs
- ARP Learning Fails
- ARP Troubleshooting
- Users Fail to Go Online After DHCP Snooping Is Configured
- Failed to Obtain a CA Certificate
- Failed to Obtain a Local Certificate
- Failed to Obtain a CRL
- Troubleshooting Cases for Security
Troubleshooting: Access Authentication
- Troubleshooting Roadmap
- 802.1X Authentication Fails
  - Possible Causes
  - Collecting Information
- 802.1X Authentication Users Are Disconnected Unexpectedly
  - Possible Causes
  - Collecting Information
- MAC Address Authentication Fails
  - Possible Causes
  - Collecting Information
- MAC Address Authentication Users Are Disconnected Unexpectedly
  - Possible Causes
  - Collecting Information
- Portal Authentication Page Fails to Be Displayed
- Portal Authentication Failures
- After Portal Authentication Is Successful, the Authentication Page Is Still Displayed When Users Access the Network (Unexpected Disconnection of Portal Authentication Users)
  - Possible Causes
  - Collecting Information
Troubleshooting: Reliability
- Interface Backup Fails to Take Effect
- BFD Session Cannot Go Up
- Interface Forwarding Is Interrupted After a BFD Session Detects a Fault and Goes Down
- Changed BFD Session Parameters Do Not Take Effect
- Dynamic BFD Session Fails to Be Created
Troubleshooting: MPLS
- LDP Session Flapping
- LDP Session Goes Down
- LDP LSP Flapping
- LDP LSP Goes Down
Troubleshooting: VPN
- Failed to Ping the IP Address of the Remote Tunnel Interface
- A Tunnel Interface Is Unstable
- VPN Users Cannot Communicate
- GRE over IPSec Fails
- A PC Fails Ping to a Remote PC Using L2TP Dialup Software
- A Spoke Fails to Register with a Hub
- Spokes Fail to Learn Routes from Each Other
- Spokes Fail to Communicate When They Have Only Summarized Routes to a Hub
- Troubleshooting Roadmap for a VLL Fault
- Troubleshooting Roadmap for a Ping Failure
- Troubleshooting Cases for VPN
Troubleshooting: SD-WAN EVPN
- An EVPN Connection Fails to Be Established
- An EVPN Connection Is Established Successfully but Does Not Go Up
- EVPN Connections Frequently Alternate Between Up and Down States
Troubleshooting: IPSec
- Troubleshooting Roadmap
- Troubleshooting Guide
- Troubleshooting Cases
- Appendix
Troubleshooting: WLAN
- A STA Fails to Discover Radio Signals
- WLAN Users Are Frequently Logged Out
- An STA Cannot Associate with an AP
- A STA Fails to Go Online on an AP
- Troubleshooting AP Join Failures
- How to Increase the Wi-Fi Speed (WLAN FaT AP)
- How to Increase WiFi Speed (WLAN AC)
- WLAN Faults Occur
Troubleshooting: Internet Access
- The AR Directly Connects to a PC, but the Ping Operation Fails
- Packet Filtering Does Not Take Effect When the External Network Is Pinged on the AR
- An AR1220 Cannot Communicate with a Remote Device Connected Through a Leased E1 Line
- In AR Multi-Egress Scenarios, the Internet Access Speed Is Slow After NAT Is Configured on an Interface of a High-End LAN Card
- Users Fail Portal Authentication Through an AR Router
- Internet Access Through an AR Router Fails
- An AR Router Fails to Push the Portal Authentication Page
- Portal Authentication Associated with RADIUS Fails to Be Configured on an AR Router
- Slow Web Page Access on a PC Connected to an AR
FAQs
- Hardware
- Basic Configuration
- Device Management
- Interface Management
- Ethernet Switching
- WAN Interconnection
- IP Service
- IP Routing
- IP Multicast
- MPLS
- VPN
- WLAN
- Voice Service
- Reliability
- Security
- QoS
- Network Management and Monitoring
Collecting Information and Contacting Technical Support

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

How Do I Configure Batch Port Mapping?

When a private IP address and a range of consecutive port numbers need to be mapped to a public IP address and a range of consecutive port numbers, you can reference an ACL to complete batch port mapping configuration.

On the private network shown in Figure 31-21, ports 2000 to 4000 and port 5000 of a server need to be opened to users on the public network. The private IP address of the server is 192.168.2.2/24 and its public IP address is 11.11.11.11/24. The interconnected IP address on the carrier network is 11.11.11.10.Ports 2000-4000, port 5000 and the private IP address of the internal server need to be mapped to public IP address 11.11.11.11 and corresponding ports.

Figure 31-21 Network diagram for batch port mapping configuration

Procedure

Configure IP addresses for interfaces.

<Huawei> system view
[Huawei] sysname Router
[Router] vlan 100
[Router-vlan100] quit
[Router] interface vlanif 100
[Router-Vlanif100] ip address 192.168.2.1 24
[Router-Vlanif100] quit
[Router] interface ethernet 2/0/0
[Router-Ethernet2/0/0] port link-type access 
[Router-Ethernet2/0/0] port default vlan 100
[Router-Ethernet2/0/0] quit 
[Router] interface Gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] ip address 11.11.11.12 24
[Router-GigabitEthernet1/0/0] quit

Create an ACL that matches the port numbers to be mapped.

[Router] acl number 3001
[Router-acl-adv-3001] rule 5 permit tcp destination-port range 2000 4000
[Router-acl-adv-3001] rule 10 permit tcp destination-port eq 5000
[Router-acl-adv-3001] quit

Configure NAT server and reference the ACL.

[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] nat server global 11.11.11.11 inside 192.168.2.2 acl 3001
[Router-GigabitEthernet1/0/0] quit

Configure a default route on the router, with 11.11.11.10 as the next-hop address.
```
[Router] ip route-static 0.0.0.0 0.0.0.0 11.11.11.10
```

More information

Batch port mapping configuration using an ACL completes the mapping of consecutive port numbers at one time, without the need to run the nat server command multiple times. This significantly reduces the configuration workload. Additionally, to change the range of port numbers, you only need to change the ACL rules, simplifying configuration maintenance. One public IP address can be used for batch port mapping configuration only once and cannot be used in other nat server port mapping configurations after that. If other internal servers need to provide services for public network users, use other public IP addresses for port mapping configuration.

Translation

简体中文

Download

Updated: 2022-05-18

Document ID: EDOC1000079719

Downloads: 8949

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Related Version

Related Documents

Digital Signature File