Using NAT address translation to avoid multiple site visits for transport equipment deployment

9

Question:
During the deployment of transport equipment, site supervisors often fail to correctly configure IP address or the subnet mask of the equipment according to the original plan, resulting in the remote NMS failing to log in the equipment normally. When sites are far away, a second site visit consumes much time and labor.
Analysis:
None
Root cause:
None
Answer:
Transport equipment usually connects to the centralized NMS through external DCN networks. You can use SSH to log in the router of the DCN network from the remote NMS server, and configure NAT on the router to translate the address of the NMS server to one that is in the same network segment as the local transport equipment. After the translation, the NMS server will be able to connect to the equipment normally, and reconfigure the communication parameters to the planned ones. Finally, you can log in the router and delete the NAT translation commands, and the network will become normal.
A(U2000) - A (router)----DCN----B (router) - B (router)
For example, the IP address of the U2000 NMS server of site A is 192.168.1.2/255.255.255.240. The planned IP address of the newly deployed OSN 8800 equipment is 192.168.1.4/255.255.255.240 when communicating with the U2000 through external DCN networks. The site supervisor only set the equipment ID to 9-20, but left the IP address as the default 129.9.0.20/255.255.0.0. For U2000 at site A to communicate normally with the OSN 8800 equipment of site B, NAT must be performed on the router of site B, mapping 192.168.1.2 to 129.9.0.22. When the OSN 8800 is loaded on the U2000 and its communication parameters are reconfigured to the planned ones, the original DCN settings can be restored.

Other related questions:
Whether USG2000&5000 series devices support virtual addresses in NAT Outbound (source NAT) and NAT Server (virtual server) address translation in hot standby deployment
Whether the device supports virtual addresses in NAT Outbound (source NAT) and NAT Server (virtual server) address translation If firewall hot standby is implemented at the enterprise edge, VRRP is enabled, and the virtual address is used for communication with the carrier, NAT Outbound and NAT Server cannot use physical addresses of firewall interfaces. Otherwise, after the active firewall is switched as the standby firewall, the network may be interrupted.

Method used to configure static NAT on the AR
Huawei AR routers support static NAT. Use either of the following methods to configure static NAT: Method 1: Configure static mapping in the interface view. Translate the combination of the public IP address 202.10.10.1 and port 200 in TCP packets to the combination of the private IP address 10.10.10.1 and port 300. [Huawei] interface gigabitethernet 1/0/0 [Huawei-GigabitEthernet1/0/0] nat static protocol tcp global 202.10.10.1 200 inside 10.10.10.1 300 Method 2: Configure static mapping in the system view. Translate the combination of Loopback 4 interface address and port 43 in TCP packets to private address 192.168.2.55. [Huawei] nat static protocol tcp global interface loopback 4 43 inside 192.168.2.55 netmask 255.255.255.255 For details on the static NAT configuration, see "NAT Configuration->Configuring NAT->Configuring Static NAT" in Configuration Guide - IP Service.

How to deploy TE50
For details about the TE50 site deployment guide, see Deployment Guide.

Can the AR router translate source and destination IP addresses simultaneously using NAT
The AR router can use NAT to translate source and destination IP addresses simultaneously.

E9000 network configuration
For details about the typical networking configurations, see http://support.huawei.com/enterprise/en/doc/DOC1000038842/?idPath=7919749%7C9856522%7C21782478%7C19955021%7C19961380.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top