This article provides information about a sample working configuration for CGNAT (NAT44).
Information about a sample working configuration for CGNAT (NAT44).
The configuration is as follows:
dynamic-profiles {
pppoe1 {
interfaces {
pp0 {
unit "$junos-interface-unit" {
ppp-options {
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
unnumbered-address lo0.0;
}
}
}
}
}
autovlan-unicast-pppoe1 {
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
family pppoe {
dynamic-profile pppoe1;
}
}
}
}
}
CGNAT { > Need to apply the service via Radius
interfaces {
pp0 {
unit "$junos-interface-unit" {
family inet {
service {
input {
service-set sset-1;
}
output {
service-set sset-1;
}
}
}
}
}
}
}
}
interfaces {
sp-3/0/0 {
services-options {
cgn-pic;
}
unit 0 {
family inet {
address 172.27.73.209/32;
}
}
unit 1 {
service-domain inside;
}
unit 2 {
service-domain outside;
}
}
ge-1/2/9 {
description uplink;
unit 0 {
family inet {
address 12.1.1.1/30;
}
}
}
ge-1/3/1 {
description downlink;
hierarchical-scheduler maximum-hierarchy-levels 2;
flexible-vlan-tagging;
auto-configure {
stacked-vlan-ranges {
dynamic-profile autovlan-unicast-pppoe1 {
accept [ inet pppoe ];
ranges {
any,any;
}
}
}
}
encapsulation flexible-ethernet-services;
}
}
services {
service-set sset-1 {
service-set-options;
nat-rules r1;
interface-service {
service-interface sp-3/0/0;
}
}
nat {
pool p1 {
address-range low 129.0.0.1 high 129.0.0.250;
port {
range low 8000 high 64000;
rule r1 {
match-direction input;
term t1 {
from {
source-address {
192.168.0.0/16; > Subscriber address pool
}
}
then {
translated {
source-pool p1;
translation-type {
napt-44;
}
}
}
}
}
}
}
The working flow is as follows:
jtac@ERX-MX-480-2-RE0# run show subscribers Interface IP Address/VLAN ID User Name LS:RI ge-1/3/1.1073741828 0x8100.3051 0x8100.1 default:default pp0.1073741830 192.168.0.10 [email protected] default:default jtac@ERX-MX-480-2-RE0# run show services stateful-firewall flows extensive Interface: sp-3/0/0, Service set: sset-1 Flow State Dir Frm count UDP 12.1.1.2:5000 -> 129.0.0.1:8027 Forward O 0 NAT dest 129.0.0.1:8027 -> 192.168.0.10:5000 Byte count: 0 Flow role: Responder, Timeout: 28 UDP 192.168.0.10:5000 -> 12.1.1.2:5000 Forward I 255924 NAT source 192.168.0.10:5000 -> 129.0.0.1:8027 Byte count: 12283440 Flow role: Master, Timeout: 30