Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Which of the following co...

Which of the following commands is used to displays NAT information?

Created: Jan 29, 2022 08:21:51Latest reply: Jan 31, 2022 14:34:32 148 7 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Which of the following commands is used to displays NAT information? (single answer)


O A. display firewall session table

O B. display nat

O C. display nat translation

O D. display firewall server-map




Like (0) Dislike (0) Favorite(0) Share Report
Previous: how to enable SSH to meth IP
Next: In RSTP, which of the following ports are not put in the forwarding state?
Featured Answers

Best answer

(1) (0)
faysalji
Author Created Jan 29, 2022 09:36:44

D.display firewall server-map


https://support.huawei.com/enterprise/fr/doc/EDOC1000057173?section=j00m


19.3.2   display firewall server-map

Function

Using the display firewall server-map command, you can view information about the server map table.

Format

display firewall server-map [ dynamic | ip ip-address | static | no-pat | slb ] [ vpn-instance { vpn-instance-name | public } ]

Parameters

ParameterDescriptionValue
dynamicDisplays server map table entries that are dynamically generated.-
ip-addressDisplays server map table entries that include the specified IP address.The value is in dotted decimal notation.
staticDisplays server map table entries that are manually generated.-
no-patDisplays server map table entries that are generated in NO-PAT mode.-
slbDisplays server map table entries that are generated in SLB mode.-
vpn-instance vpn-instance-name

Specifies the VPN instance name .

The value is a string in the range of 1 character to 31 characters.
public

Displays the server map entries of the public VPN instance.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

In the case of the user-defined ASPF, information about server map table entries is generated only when actual traffic exists.

Example

# Displays the server map table.

<sysname> display firewall server-mapserver-map 6 item(s)

 ------------------------------------------------------------------------------

 ASPF: 10.0.0.5 -> 10.0.0.10:2165 , Zone: ---

   Protocol: tcp(Appro: ftp-data), Left-Time: 00:00:05, Addr-Pool: ---

   VPN: public --> public


 STUN : any -> 10.0.0.10:4967, Zone: ---

   Protocol: udp(Appro: ---), Left-Time: 00:00:05,Addr-Pool: ---

   VPN: public --> public


 Nat Server,  any -> 10.10.1.100:21[10.1.1.2:21],  Zone:---

   Protocol: tcp(Appro: ftp),  Left-Time:---,  AddrPool: ---

   VPN: public --> public


 Nat Server Reverse,  10.1.1.2[10.10.1.100] -> any,  Zone:---

   Protocol: any(Appro: ---),  Left-Time:---,  AddrPool: ---

   VPN: public --> public


 No-Pat: 10.1.1.2[10.10.1.100] -> any, Zone: untrust

   Protocol: any(Appro: ---), Left-Time: 00:00:03, Addr-Pool: 61

   VPN: public --> public


 No-Pat Reverse, any -> 10.10.1.100[10.1.1.2], Zone: untrust

   Protocol: any(Appro: ---), Left-Time: 00:00:03, Addr-Pool: ---

   VPN: public --> public

# The format of the server map entry is as following:

 TYPE: SRCADDR -> DSTADDR, Zone: ZONE-NAME

  Protocol: PROTOCOL(Appro: APPPRO), Left-Time: HH:MM:SS, Addr-Pool: POOLID

  Vpn: SRCVPN -> DSTVPN

Table 19-11  Description of the display firewall server-map command output

Item

Description

TYPE

There are the following types of server map entries:

  • ASPF: Indicates the entry generated when the ASPF function is adopted to forward the traffic of multi-channel protocols.

  • STUN: Indicates the forward entry generated when the ASPF function is adopted to forward the traffic of STUN protocols.

  • STUN Reverse: Indicates the reverse entry generated when the ASPF function is adopted to forward the traffic of STUN protocols.

  • NAT Server: Indicates the forward entry generated when the NAT policy server mapping function is adopted.

  • NAT Server Reverse: Indicates the reverse entry generated when the NAT policy server mapping function is adopted.

  • No-Pat: Indicates the forward entry generated when the NAT No-PAT function is adopted.

  • No-Pat Reverse: Indicates the reverse entry generated when the NAT No-PAT function is adopted.

  • SLB: Indicates the entry generated when the server load balancing function is adopted.

  • SLB Reverse: Indicates the reverse entry generated when the server load balancing function is adopted.

  • Unknown: Indicates the entry of an unknown type.

SRCADDR -> DSTADDR

Specifies the source and destination IP addresses of the entry. If this parameter is not specified, any is displayed.

The IP address format is x.x.x.x:portx[y.y.y.y:porty]. portx and porty
indicate the source
and destination port numbers respectively. Content in square brackets
indicates the IP address after NAT. If no NAT is implemented, the
content in square brackets is not displayed. If the port is not required
or translated, :port is not displayed.

NOTE:

For
the entry of the SLB type, a destination IP address may be translated
into multiple addresses. Therefore, obverse entries generated when the
server load balancing function is enabled do not display the post-NAT
addresses.
And the format of destination IP address is x.x.x.x:port[---].

Zone: ZONE-NAME

Indicates
the name of the security zone, which is specified for the global IP
address of NAT policy server mapping, for the entry of the NAT policy
server mapping.

For the entry of the NAT No-PAT type, the name of the security zone
where the destination IP address is displayed.

For the server map entry of another type, the name of the security zone is displayed as ---.

Protocol: PROTOCOL(Appro: APPPRO)

Indicates the protocol adopted by the entry. PROTOCOL specifies the transport-layer protocol, and APPPRO specifies the application-layer protocol.

If no protocol is specified, any is displayed.

Left-Time: HH:MM:SS

Indicates the remained aging time of the entry.

The entry that does not age is displayed as ---.

Addr-Pool: POOLID

Indicates the ID of the address pool adopted during NAT.

The ID is displayed in the forward entry of the NAT No-PAT type, and --- are displayed in the entries of other types.

Vpn: SRCVPN -> DSTVPN

Indicates the names of the source and destination VPN instances for NAT.

View more
  • x
  • convention:

user_4397771
user_4397771 Created Jan 30, 2022 04:36:49 (0) (0)
 

Recommended answer

(2) (0)
jason_hu
Admin Created Jan 29, 2022 08:25:29

Hi friend!
The answer is D.
View more
  • x
  • convention:

user_4397771
user_4397771 Created Jan 30, 2022 04:36:42 (0) (0)
 
All Answers
(0) (0)
2#
fuzi_yao
fuzi_yao Admin Created Jan 29, 2022 08:22:08

Hello, dear.
It's nice to meet you in the community.
We're working on getting the right answer for you. Please rest assured that we'll be back with an answer shortly.
View more
  • x
  • convention:
(2) (0)
3#
jason_hu
jason_hu Admin Created Jan 29, 2022 08:25:29

Hi friend!
The answer is D.
View more
  • x
  • convention:

user_4397771
user_4397771 Created Jan 30, 2022 04:36:42 (0) (0)
 
(1) (0)
4#
faysalji
faysalji Author Created Jan 29, 2022 09:36:44

D.display firewall server-map


https://support.huawei.com/enterprise/fr/doc/EDOC1000057173?section=j00m


19.3.2   display firewall server-map

Function

Using the display firewall server-map command, you can view information about the server map table.

Format

display firewall server-map [ dynamic | ip ip-address | static | no-pat | slb ] [ vpn-instance { vpn-instance-name | public } ]

Parameters

ParameterDescriptionValue
dynamicDisplays server map table entries that are dynamically generated.-
ip-addressDisplays server map table entries that include the specified IP address.The value is in dotted decimal notation.
staticDisplays server map table entries that are manually generated.-
no-patDisplays server map table entries that are generated in NO-PAT mode.-
slbDisplays server map table entries that are generated in SLB mode.-
vpn-instance vpn-instance-name

Specifies the VPN instance name .

The value is a string in the range of 1 character to 31 characters.
public

Displays the server map entries of the public VPN instance.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

In the case of the user-defined ASPF, information about server map table entries is generated only when actual traffic exists.

Example

# Displays the server map table.

<sysname> display firewall server-mapserver-map 6 item(s)

 ------------------------------------------------------------------------------

 ASPF: 10.0.0.5 -> 10.0.0.10:2165 , Zone: ---

   Protocol: tcp(Appro: ftp-data), Left-Time: 00:00:05, Addr-Pool: ---

   VPN: public --> public


 STUN : any -> 10.0.0.10:4967, Zone: ---

   Protocol: udp(Appro: ---), Left-Time: 00:00:05,Addr-Pool: ---

   VPN: public --> public


 Nat Server,  any -> 10.10.1.100:21[10.1.1.2:21],  Zone:---

   Protocol: tcp(Appro: ftp),  Left-Time:---,  AddrPool: ---

   VPN: public --> public


 Nat Server Reverse,  10.1.1.2[10.10.1.100] -> any,  Zone:---

   Protocol: any(Appro: ---),  Left-Time:---,  AddrPool: ---

   VPN: public --> public


 No-Pat: 10.1.1.2[10.10.1.100] -> any, Zone: untrust

   Protocol: any(Appro: ---), Left-Time: 00:00:03, Addr-Pool: 61

   VPN: public --> public


 No-Pat Reverse, any -> 10.10.1.100[10.1.1.2], Zone: untrust

   Protocol: any(Appro: ---), Left-Time: 00:00:03, Addr-Pool: ---

   VPN: public --> public

# The format of the server map entry is as following:

 TYPE: SRCADDR -> DSTADDR, Zone: ZONE-NAME

  Protocol: PROTOCOL(Appro: APPPRO), Left-Time: HH:MM:SS, Addr-Pool: POOLID

  Vpn: SRCVPN -> DSTVPN

Table 19-11  Description of the display firewall server-map command output

Item

Description

TYPE

There are the following types of server map entries:

  • ASPF: Indicates the entry generated when the ASPF function is adopted to forward the traffic of multi-channel protocols.

  • STUN: Indicates the forward entry generated when the ASPF function is adopted to forward the traffic of STUN protocols.

  • STUN Reverse: Indicates the reverse entry generated when the ASPF function is adopted to forward the traffic of STUN protocols.

  • NAT Server: Indicates the forward entry generated when the NAT policy server mapping function is adopted.

  • NAT Server Reverse: Indicates the reverse entry generated when the NAT policy server mapping function is adopted.

  • No-Pat: Indicates the forward entry generated when the NAT No-PAT function is adopted.

  • No-Pat Reverse: Indicates the reverse entry generated when the NAT No-PAT function is adopted.

  • SLB: Indicates the entry generated when the server load balancing function is adopted.

  • SLB Reverse: Indicates the reverse entry generated when the server load balancing function is adopted.

  • Unknown: Indicates the entry of an unknown type.

SRCADDR -> DSTADDR

Specifies the source and destination IP addresses of the entry. If this parameter is not specified, any is displayed.

The IP address format is x.x.x.x:portx[y.y.y.y:porty]. portx and porty
indicate the source
and destination port numbers respectively. Content in square brackets
indicates the IP address after NAT. If no NAT is implemented, the
content in square brackets is not displayed. If the port is not required
or translated, :port is not displayed.

NOTE:

For
the entry of the SLB type, a destination IP address may be translated
into multiple addresses. Therefore, obverse entries generated when the
server load balancing function is enabled do not display the post-NAT
addresses.
And the format of destination IP address is x.x.x.x:port[---].

Zone: ZONE-NAME

Indicates
the name of the security zone, which is specified for the global IP
address of NAT policy server mapping, for the entry of the NAT policy
server mapping.

For the entry of the NAT No-PAT type, the name of the security zone
where the destination IP address is displayed.

For the server map entry of another type, the name of the security zone is displayed as ---.

Protocol: PROTOCOL(Appro: APPPRO)

Indicates the protocol adopted by the entry. PROTOCOL specifies the transport-layer protocol, and APPPRO specifies the application-layer protocol.

If no protocol is specified, any is displayed.

Left-Time: HH:MM:SS

Indicates the remained aging time of the entry.

The entry that does not age is displayed as ---.

Addr-Pool: POOLID

Indicates the ID of the address pool adopted during NAT.

The ID is displayed in the forward entry of the NAT No-PAT type, and --- are displayed in the entries of other types.

Vpn: SRCVPN -> DSTVPN

Indicates the names of the source and destination VPN instances for NAT.

View more
  • x
  • convention:

user_4397771
user_4397771 Created Jan 30, 2022 04:36:49 (0) (0)
 
(1) (0)
5#
Saqibaz
Saqibaz Created Jan 29, 2022 14:23:56

D is correct answer
View more
  • x
  • convention:
(1) (0)
6#
Unicef
Unicef MVE Created Jan 31, 2022 14:34:32

Good answer
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.