Is the network disconnected after the ACL in the NAT configuration of the AR router is modified


To modify an ACL that is associated with the IP address of an outbound interface, you must first run the undo nat outbound acl-number command to disassociate the ACL from the IP address, resulting in network interruption.

Other related questions:
When modify the ACL of NAT configuration on AR router, whether the network will be broken?
AR router access control list ACL and interface address are associated, the NAT must be disabled by using command "undo NAT outbound acl-number" and then the ACL configuration can be can modified, it will lead network be broken.

How do I configure and check the aging time of the NAT session table on the AR router
The firewall-nat session aging-time command on the Huawei AR router sets the aging time of session entries. The display nat session all command displays the NAT session table. The reset nat session all command deletes NAT mapping entries. For example: Set the aging time of FTP session entries to 60 seconds. [Huawei] firewall-nat session ftp aging-time 60

Explain the nat overlap-address command on the AR router
The nat overlap-address command configures the mapping between an overlapping address pool and a temporary address pool. When IP addresses of internal and external hosts overlap, the mapping between the overlapping address pool and the temporary address pool needs to be configured. After the mapping is configured, the overlapping address is translated into a unique temporary address to ensure correct packet forwarding. Outbound NAT needs to be configured to implement bidirectional NAT.

What is the difference between the Static NAT and NAT Server on AR router?
The difference between NAT Server and NAT Static configuration is: NAT Server to access the Internet from intranet, only do address replace, but NAT Static for network address; active access outside the network will also replace the address and port number.

Example of configuring VRRP active/standby backup on an AR router
The roadmap of configuring VRRP active/standby backup on an AR router to implement gateway redundancy is as follows: 1. Configure IP addresses and routing protocols for different device interfaces to enable network-layer connection among different devices. 2. Configure a VRRP group on Router A and Router B, respectively. Configure a high priority and set preemption delay to 20s on Router A and configure Router A as a master device to bear and forward traffic. Configure a low priority and configure Router B as a backup device to implement gateway redundancy. Configure a VRRP group. # Create VRRP 1 on Router A, set its priority to 120, and set the preemption delay to 20s. [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip //Configure a virtual IP address. [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 priority 120 //Set priority to 120. [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 preempt-mode timer delay 20 //Set the preemption delay to 20s. [RouterA-GigabitEthernet2/0/0] quit # Create VRRP 1 on Router B, and set its priority to a default value 100. [RouterB] interface gigabitethernet 2/0/0 [RouterB-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip [RouterB-GigabitEthernet2/0/0] quit For details about the configuration, see the URL: Example for Configuring a VRRP Group in Active/Standby Mode.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top