< Home

destination-address (NAT policy rule view)

Function

The destination-address command specifies a destination IP address in a NAT policy rule.

The undo destination-address command deletes a destination IP address specified in a NAT policy rule.

Format

destination-address { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } [ description description ] | ipv6-address ipv6-prefix-length [ description description ] | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } [ description description ] | mac-address &<1-6> | domain-set domain-set &<1-6> | any }

undo destination-address { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } [ description ] | ipv6-address ipv6-prefix-length [ description ] | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } [ description ] | mac-address &<1-6> | domain-set domain-set &<1-6> | all }

Parameters

Parameter Description Value

address-set address-set-name

Specifies the name of an address or address group.

The address or address group must exist. A maximum of six addresses or address groups can be specified at a time. The value is a case-sensitive character string. The length of a name without spaces ranges from 1 to 32 characters. The length of a name with spaces ranges from 3 to 34 characters. If a name contains spaces, the name must be enclosed with quotation marks (for example, "user for test"). The name cannot contain any question marks (?), commas (,), or quotation marks (").

ipv4-address

Specifies an IPv4 address.

The value is in decimal dotted notation.

ipv4-mask-length

Specifies the mask length of an IPv4 address.

The value is an integer ranging from 1 to 32.

mask mask-address

Specifies the mask length of an IPv4 address. The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 255.0.255.0 is not a legitimate wildcard because its binary form is 11111111.00000000.11111111.00000000. In the binary form, digits 1 are to be matched, whereas digits 0 are not. For example, 192.168.1.1/255.0.255.0 indicates that only IP addresses of the 192.*.1.* form are to be matched.

The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 255.0.255.0 is not a legitimate wildcard because its binary form is 11111111.00000000.11111111.00000000. In the binary form, digits 1 are to be matched, whereas digits 0 are not. For example, 192.168.1.1/255.0.255.0 indicates that only IP addresses of the 192.*.1.* form are to be matched.

wildcard

Specifies the wildcard of an IPv4 address.

The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 0.255.0.255 is not a legitimate wildcard because its binary form is 00000000.11111111.00000000.11111111. In the binary form, digits 0 are to be matched, whereas digits 1 are not. For example, 192.168.1.1/0.255.0.255 indicates that only IP addresses of the 192.*.1.* form are to be matched.

description description

Specifies the description of an individual IPv4/IPv6 address or address segment.

The value is a string of 1 to 128 characters.

ipv6-address

Specifies an IPv6 address.

The value is 128 bits in eight groups, each of which consists of four hexadecimal numbers. The format is X:X:X:X:X:X:X:X.

ipv6-prefix-length

Specifies the length of an IPv6 prefix.

The value is an integer ranging from 1 to 128.

range

Indicates an IP address range.

-

ipv4-start-address

Specifies the start IPv4 address.

The value is in decimal dotted notation.

ipv4-end-address

Specifies the end IPv4 address.

The value is in decimal dotted notation.

ipv6-start-address

Specifies the start IPv6 address.

The value is 128 bits in eight groups, each of which consists of four hexadecimal numbers. The format is X:X:X:X:X:X:X:X.

ipv6-end-address

Specifies the end IPv6 address.

The value is 128 bits in eight groups, each of which consists of four hexadecimal numbers. The format is X:X:X:X:X:X:X:X.

mac-address

Specifies the MAC address.

The MAC address can be in one of the following formats:

  • H-H-H (Each H is a 4-digit hexadecimal number, such as 00e0 and fc01. If an H contains less than four bits, it means that the first bits contained in the H are 0s. For example, if an H is e0, it is equal to 00e0.)
  • XX:XX:XX:XX:XX:XX (Each X is a 1-digit hexadecimal number.)
  • XX-XX-XX-XX-XX-XX (Each X is a 1-digit hexadecimal number.)

The MAC address cannot be all 0s or all Fs (such as FFFF-FFFF-FFFF, 00:00:00:00:00:00, or 00-00-00-00-00-00) in any format.

domain-set domain-set-name

Specifies the name of a domain group.

The value must be the name of an existing domain group. A maximum of six domain groups can be referenced each time.

NOTE:

When an IP address corresponds to multiple domain names, an IP address can be used to search for a maximum of 16 domain names. If the domain name to be searched is not in the policy rule, the policy cannot be matched. You are advised to configure multiple domain names with the same IP address in the same policy rule.

any

Indicates any destination address.

-

all

Removes all destination addresses from a NAT policy rule.

-

Views

NAT policy rule view

Default Level

2: Configuration level

Usage Guidelines

By default, no destination IP address is configured in a NAT policy rule.

Example

# Set the destination address to 192.168.1.0/24 in a NAT policy rule named abc.

<sysname> system-view
[sysname] nat-policy 
[sysname-policy-nat] rule name abc 
[sysname-policy-nat-rule-abc] destination-address 192.168.1.0 24
Parent Topic: NAT Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >