FPG Endpoint Agnostic Port Allocation

When the Endpoint Agnostic Port Allocation feature is configured, an entry is added to the Symmetric Port Database. If the entry is already available, the port listed in the Symmetric Port Database is used and the packet is sent. This feature is only required if you need to configure NAT with pool overload or interface overload. Endpoint Agnostic Port Allocation is also known as Symmetric Port Allocation.

Information About Endpoint Agnostic Port Allocation

When a packet is being transmitted, the Symmetric Port Database is checked to see if the requested port is already allocated. If it has been allocated, it is checked if the source computer entry in the database matches the computer requesting the port. If this is true, the port listed in the Symmetric Port Database is used and the packet is sent.

If the computers do not match or if the requested port is not in the Symmetric Port Database, the feature continues checks to the NAT Port database for an entry matching the requested port. If no entry is found, this means that the port is available. A new entry is added to the NAT Port database, and to the existing NAT database, allocating the port to the requesting computer, and the packet is sent.

If no matching entry in the NAT Port database is found, it means that the port is busy, or otherwise unavailable. The next available port is found, which is allocated to the requesting computer. An entry is added to the NAT Port database with the requesting computer and the available port. An entry is added to the Symmetric Port database, with the requesting computer, the allocated port and the requested port and the packet is sent.

This feature is only required if you need to configure NAT with pool overload or interface overload. This feature is not applicable for other NAT configurations.

How to Configure Endpoint Agnostic Port Allocation

Configuring Endpoint Agnostic Port Allocation

Perform this task to configure NAT to support the Endpoint Agnostic Port Allocation feature.


Note

This feature must be enabled by the user. It should be enabled before NAT is enabled. If it is enabled later, it will not translate the previously established connection. When this feature is disabled, it will not be seen in the output of the show running-config command.

>

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface interface name
  4. ip nat inside
  5. exit
  6. access list 1 permit ip address mask
  7. ip nat inside source list 1 interface interface name
  8. ip nat service enable-sym-port
  9. exit

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

interface interface name

Example:


Router (config)# interface Ethernet 0/0

Configures the Ethernet 0/0 interface.

Step 4

ip nat inside

Example:


Router (config-if)# ip nat inside

Enables Network Address Translation (NAT) for the inside address.

Step 5

exit

Example:


Router (config-if)# exit

Exits interface configuration mode.

Step 6

access list 1 permit ip address mask

Example:


Router (config)# access list 1 permit 172.18.192.0.0.0.0.255

Creates an access list called 1.

Step 7

ip nat inside source list 1 interface interface name

Example:


Router (config)# ip nat inside source list 1 interface Ethernet 0/0

Enables NAT for the inside source for access list 1 which is attached to the Ethernet interface.

Step 8

ip nat service enable-sym-port

Example:


Router (config)# ip nat service enable-sym-port

Enables the symmetric port allocation.

Step 9

exit

Example:


Router(config)# exit

Exits global configuration mode.

Verifying Endpoint Agnostic Port Support

To verify the Endpoint Agnostic Port Support feature, use the following command.

SUMMARY STEPS

  1. show ip nat translations

DETAILED STEPS

show ip nat translations

Example:


Router# show ip nat translations
 
NAT Symmetric Port Database: 1 entries
public ipaddr:port [tableid] | port# [refcount][syscount] | localaddr:localport [flags]
172.18.192.69:1024 [0] | 1025 [1] [0] | 172.18.192.69:1024 [0]

Configuration Examples for Endpoint Agnostic Port Allocation

Configuring Endpoint Allocation Example


interface Ethernet0/0
	ip nat inside
	exit
access list 1 permit 172.18.192.0.0.0.255
ip nat inside source list 1 interface Ethernet0/0
ip nat service enable-sym-port
end

Additional References

Related Documents

Related Topic

Document Title

NAT configuration tasks

“Configuring NAT for IP Address Conservation” module

NAT maintenance

“Monitoring and Maintaining NAT” module

NAT commands: complete command syntax, command mode, command history, usage guidelines, and examples

Cisco IOS IP Addressing Services Command Reference

Standards

Standard

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

_

MIBs

MIB

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

_

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Endpoint Agnostic Port Allocation

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for NAT Endpoint Agnostic Port Allocation

Feature Name

Releases

Feature Information

FPG: Endpoint Agnostic Port Allocation

12.4(24)T

This feature was introduced.