When modify the ACL of NAT configuration on AR router, whether the network will be broken?


AR router access control list ACL and interface address are associated, the NAT must be disabled by using command "undo NAT outbound acl-number" and then the ACL configuration can be can modified, it will lead network be broken.

Other related questions:
Whether AR router support to add a network segment through NAT to Internet ?
Yes, it is supported.

Whether the NAT interface of AR router can be configured multicast?
Configure NAT on AR router interface can be configured multicast, but the configuration of the NAT only effect on unicast packets, multicast packets are not supported in NAT.

Do interfaces conflict when the NAT server and outbound NAT are configured on the AR router
Interfaces do not conflict when the NAT server and outbound NAT are configured on the AR router.

Is the network disconnected after the ACL in the NAT configuration of the AR router is modified
To modify an ACL that is associated with the IP address of an outbound interface, you must first run the undo nat outbound acl-number command to disassociate the ACL from the IP address, resulting in network interruption.

How to configure the ACL when clients connect to the Internet through the NAT function on the AR
An ACL needs to be configured to permit or deny Internet access of some users when NAT is used on the AR for Internet access. The nat outbound command is used to associate an ACL with a NAT address pool. In this manner, the addresses specified in the ACL can be translated by using the NAT address pool. This command can only be configured on the Layer 3 interface of the AR, excluding loopback and NULL interfaces.
For example, select the addresses between and in NAT address pool 1 and configure hosts on the network segment to use addresses in address pool 1 for many-to-one translation (use TCP/UDP port information).
<Huawei> system-view
[Huawei] acl number 2001
[Huawei-acl-basic-2001] rule permit source
[Huawei-acl-basic-2001] quit
[Huawei] nat address-group 1
[Huawei] interface gigabitethernet 1/0/0 
[Huawei-GigabitEthernet1/0/0] nat outbound 2001 address-group 1

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top