The nat discard logging enable command enables the function of logging packet discarding due to NAT port conflicts and NAT UNRs.
The undo nat discard logging enable command disables the function of logging packet discarding due to NAT port conflicts and NAT UNRs.
The port number available for a public IP address ranges from 256 to 65535. If there are a large number users or an attack is ongoing, all port numbers are in use. In this case, if users keep accessing public networks, the system discards packets due to NAT port conflicts. After the nat discard logging enable command is configured, you can learn packet discarding information over ports. If public IP addresses are insufficient or an attack is ongoing, the system generates logs, facilitating source tracing.
UNRs can be configured in source NAT or NAT server mode to prevent route loops. In source NAT mode, if packets are sent from an external network to access public IP addresses and match UNRs, these packets are discarded. In NAT server mode, if packets do not comply with protocols or ports, the packets are discarded. In these scenarios, if the nat discard logging enable has been configured, the system generates logs so that users can determine whether an attack is ongoing and trace attack sources.
The function of sending packet discarding logs is disabled by default.