The source-address command specifies a source IP address in a NAT policy rule.
The undo source-address command removes a source IP address from a NAT policy rule.
source-address { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } [ description description ] | ipv6-address ipv6-prefix-length [ description description ] | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } [ description description ] | mac-address &<1-6> | any }
undo source-address { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } [ description ] | ipv6-address ipv6-prefix-length [ description ] | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } [ description ] | mac-address &<1-6> | all }
| Parameter | Description | Value |
|---|---|---|
address-set address-set-name |
Specifies the name of an address or address group. |
The address or address group must exist. A maximum of six addresses or address groups can be specified at a time. The value is a case-sensitive character string. The length of a name without spaces ranges from 1 to 32 characters. The length of a name with spaces ranges from 3 to 34 characters. If a name contains spaces, the name must be enclosed with quotation marks (for example, "user for test"). The name cannot contain any question marks (?), commas (,), or quotation marks ("). |
ipv4-address |
Specifies an IPv4 address. |
The value is in decimal dotted notation. |
ipv4-mask-length |
Specifies the mask length of an IPv4 address. |
The value is an integer ranging from 1 to 32. |
mask mask-address |
Specifies the mask of an IPv4 address. |
The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 255.0.255.0 is not a legitimate wildcard because its binary form is 11111111.00000000.11111111.00000000. In the binary form, digits 1 are to be matched, whereas digits 0 are not. For example, 192.168.1.1/255.0.255.0 indicates that only IP addresses of the 192.*.1.* form are to be matched. |
wildcard |
Specifies the wildcard of an IPv4 address. |
The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 0.255.0.255 is not a legitimate wildcard because its binary form is 00000000.11111111.00000000.11111111. In the binary form, digits 0 are to be matched, whereas digits 1 are not. For example, 192.168.1.1/0.255.0.255 indicates that only IP addresses of the 192.*.1.* form are to be matched. |
description description |
Specifies the description of an individual IPv4/IPv6 address or address segment. |
The value is a string of 1 to 128 characters. |
ipv6-address |
Specifies an IPv6 address. |
The value is 128 bits in eight groups, each of which consists of four hexadecimal numbers. The format is X:X:X:X:X:X:X:X. |
ipv6-prefix-length |
Specifies the length of an IPv6 prefix. |
The value is an integer ranging from 1 to 128. |
range |
Indicates an IP address range. |
- |
ipv4-start-address |
Specifies the start IPv4 address. |
The value is in decimal dotted notation. |
ipv4-end-address |
Specifies the end IPv4 address. |
The value is in decimal dotted notation. |
ipv6-start-address |
Specifies the start IPv6 address. |
The value is 128 bits in eight groups, each of which consists of four hexadecimal numbers. The format is X:X:X:X:X:X:X:X. |
ipv6-end-address |
Specifies the end IPv6 address. |
The value is 128 bits in eight groups, each of which consists of four hexadecimal numbers. The format is X:X:X:X:X:X:X:X. |
mac-address |
Specifies the MAC address.
|
The MAC address can be in one of the following formats:
The MAC address cannot be all 0s or all Fs (such as FFFF-FFFF-FFFF, 00:00:00:00:00:00, or 00-00-00-00-00-00) in any format. |
any |
Indicates any source address. |
- |
all |
Removes all source addresses from the NAT policy rule. |
- |