how to delete a section from nat

Created: Feb 10, 2020 11:50:46Latest reply: Feb 18, 2020 09:51:33 152 11 0 0
  Rewarded HiCoins: 0 (problem resolved)

Hi,


Kindly suggest how to delete a section from nat 


HUAWEI NE40E-X8

VRP (R) software, Version 5.170 (NE40E&80E V600R009C20SPC600)


[]nat instance GT_NAT_1 id 1

[nat-instance-GT_NAT_1] nat address-group groupname1 group-id 1

[nat-instance-GT_NAT_1-nat-address-group-groupname1]undo  section 0

Error: Failed to delete the section because online users exist.


  • x
  • convention:

Featured Answers

Recommended answer

HaseebAkhtar
Created Feb 10, 2020 12:05:54 Helpful(0) Helpful(0)

 To delete an address segment from a NAT address pool, 
 1) run the section <section-num> lock command to lock the address segment first.
 2) Then cut the users using cut access-user , after all the users using the public IP address in the address segment go offline,  
 or 
  use reset nat session table  source { inside inside-address | global global-address  } | destination { inside inside-     address | global global-address  } to clear NAT entries

3) run the undo section <section-num> command to delete the address segment.

(if you are not using AAA then you've to wait for all NAT users to go offline before running undo section command. )
  • x
  • convention:

Vijaykumar
Vijaykumar Created Feb 10, 2020 12:19:01
I have a lock section since last 10 days but NAT session not remove from section 0 Pools.

section 0 lock  
HaseebAkhtar
HaseebAkhtar Reply Vijaykumar  Created Feb 10, 2020 12:24:53
dear @vijay you can reset nat session table to remove NAT entries  
All Answers
Popeye_Wang
Popeye_Wang Admin Created Feb 10, 2020 11:58:07 Helpful(0) Helpful(0)

Hello,

Before using the undo section command, you can use the cut access-user command to forcibly disconnecting the online users.


  • x
  • convention:

Vijaykumar
Vijaykumar Created Feb 10, 2020 12:05:24
This command for AAA users. Not NAT session users  
HaseebAkhtar
HaseebAkhtar Created Feb 10, 2020 12:05:54 Helpful(0) Helpful(0)

 To delete an address segment from a NAT address pool, 
 1) run the section <section-num> lock command to lock the address segment first.
 2) Then cut the users using cut access-user , after all the users using the public IP address in the address segment go offline,  
 or 
  use reset nat session table  source { inside inside-address | global global-address  } | destination { inside inside-     address | global global-address  } to clear NAT entries

3) run the undo section <section-num> command to delete the address segment.

(if you are not using AAA then you've to wait for all NAT users to go offline before running undo section command. )
  • x
  • convention:

Vijaykumar
Vijaykumar Created Feb 10, 2020 12:19:01
I have a lock section since last 10 days but NAT session not remove from section 0 Pools.

section 0 lock  
HaseebAkhtar
HaseebAkhtar Reply Vijaykumar  Created Feb 10, 2020 12:24:53
dear @vijay you can reset nat session table to remove NAT entries  
Vijaykumar
Vijaykumar Created Feb 11, 2020 06:06:59 Helpful(0) Helpful(0)

I have rest NAT session but again nat session established.
  • x
  • convention:

HaseebAkhtar
HaseebAkhtar Created Feb 12, 2020 06:38:42
If section is locked then it cannot establish NAT sessions, can you please share bit of your configurations..  
Vijaykumar
Vijaykumar Reply HaseebAkhtar  Created Feb 12, 2020 08:10:55
Kindly find below NAT config.

nat instance GT_NAT_1 id 1
service-instance-group 1
nat address-group groupname1 group-id 1
section 0 172.16.16.0 mask 24
section 0 lock
section 1 172.17.17.0 mask 27
section 2 172.17.18.0 mask 27
section 3 172.17.19.0 mask 27
section 4 172.17.20.0 mask 27
section 5 172.17.21.0 mask 28
section 6 172.17.22.0 mask 28
section 7 172.17.23.0 mask 27
section 8 172.17.24.0 mask 27
section 9 172.17.25.0 mask 27
nat outbound any address-group groupname1
nat 
Vijaykumar
Vijaykumar Created Feb 12, 2020 08:10:19 Helpful(0) Helpful(0)

Kindly find below NAT config.

nat instance GT_NAT_1 id 1
service-instance-group 1
nat address-group groupname1 group-id 1
section 0 172.16.16.0 mask 24
section 0 lock
section 1 172.17.17.0 mask 27
section 2 172.17.18.0 mask 27
section 3 172.17.19.0 mask 27
section 4 172.17.20.0 mask 27
section 5 172.17.21.0 mask 28
section 6 172.17.22.0 mask 28
section 7 172.17.23.0 mask 27
section 8 172.17.24.0 mask 27
section 9 172.17.25.0 mask 27
nat outbound any address-group groupname1
nat session-limit tcp 1500
nat session-limit udp 1500
nat alg all
nat log session enable netstream
  • x
  • convention:

Vijaykumar_Yadav
Vijaykumar_Yadav Created Feb 13, 2020 15:19:55 Helpful(0) Helpful(0)

HUAWEI NE40E-X8
VRP (R) software, Version 5.170 (NE40E&80E V600R009C20SPC600)
  • x
  • convention:

Vijaykumar
Vijaykumar Created Feb 18, 2020 09:51:33 Helpful(0) Helpful(0)

The issue still remain.
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login