Step
Configuring AFT logging
For security auditing, you can configure AFT logging to record AFT session information. AFT
sessions refer to sessions whose source and destination addresses have been translated by AFT.
To configure AFT logging:
Step
1.
Enter system view.
2.
Enable AFT logging.
Setting the ToS field to 0 for translated IPv4
packets
Step
1.
Enter system view.
2.
Set the ToS field to 0 for IPv4
packets translated from IPv6
packets.
Setting the Traffic Class field to 0 for translated
IPv6 packets
Step
1.
Enter system view.
2.
Set the Traffic Class field to 0
for IPv6 packets translated
from IPv4 packets.
Displaying and maintaining AFT
Execute display commands in any view and reset commands in user view.
Command
•
Configure an IPv4-to-IPv6 source address
dynamic translation policy:
aft v4tov6 source acl { number acl-number |
name acl-name } prefix-nat64 prefix-nat64
prefix-length [ vpn-instance
vpn-instance-name6 ] }
•
Configure a NAT64 prefix:
aft prefix-nat64 prefix-nat64 prefix-length
Command
system-view
aft log enable
Command
system-view
aft turn-off tos
Command
system-view
aft turn-off traffic-class
437
Remarks
Remarks
N/A
By default, AFT logging is
disabled.
Remarks
N/A
By default, the ToS field value of
translated IPv4 packets is the
same as the Traffic Class field
value of original IPv6 packets.
Remarks
N/A
By default, the Traffic Class field
value of translated IPv6 packets is
the same as the ToS field value of
original IPv4 packets.