No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NAT Failed on ME60 V6R2 Because the Traffic-Policy Was Not Delivered Properly

Publication Date:  2013-09-30 Views:  114 Downloads:  0

Issue Description

Users subordinate to an ME60 (V600R002C02SPC200) enabled with NAT failed to ping an external network and no session was generated.

NAT configurations were as follows:

acl number 6100
 rule 1 permit ip source user-group pppoe destination ip-address any
traffic classifier 6100 operator or
 if-match acl 6100
traffic behavior 6100
 nat bind instance 1
traffic policy action
 classifier 6100 behavior 6100 precedence 1
nat instance 1
 add slot 2 master
 nat address-group 1 *.*.*.* (public network address)
 nat outbound any address-group 1
 domain ceshi
  authentication-scheme none
  accounting-scheme none
  ip-pool pool1
  user-group pppoe 
interface GigabitEthernet4/1/1.1998
 pppoe-server bind Virtual-Template 1
 traffic-policy action inbound
 user-vlan 1998

No session was generated.

<JCHDS-MC-CMNET-BS001>display nat session table  slot 2
  This operation will take a few minutes. Press 'Ctrl+C' to 

Handling Process

Huawei performed the following operations to address the problem:

1. Verified that the ME60 had been loaded with a license.

2. Verified that the upper-layer device was configured with routes for returned traffic to the nat address-group.

3. Checked configurations and found that the traffic-policy was applied to interfaces.
The traffic-policy for BAS-side services must be applied in global config mode rather than to interfaces. After the traffic-policy was delivered in global config mode, the problem was resolved. 

Root Cause

The traffic-policy for BAS-side services was applied to interfaces and failed to take effect.




On ME60 V6R2:

1. Apply the traffic-policy for BAS-side services (that is, services configured in domain mode) in global config mode. (The example in the related manual is incorrect.)

2. Apply the traffic policy to Layer 3 interfaces for Layer 3 traffic from the network side.

3. Apply the traffic policy to Layer 2 interfaces for Layer 2 traffic from the network side.