The behavior for NAT policy changes via CoA for LSN and L2-Aware NAT is summarized in Table: NAT policy changes via CoA .
| Action | Outcome | Remarks | |
|---|---|---|---|
| L2-Aware | LSN | ||
CoA - replacing NAT policy |
Stale flows using the old NAT policy are cleared after 5 seconds. New flows immediately start using a new NAT policy. Restrictions: Allowed only when the previous change is completed (need to wait for a 5 second interval during which the stale mappings caused by previous CoA are purged). |
Stale flows using the old NAT policy continue to exist and are used for traffic forwarding until they are naturally timed-out or TCP- terminated. The exception to this is when the reference to the NAT policy in the filter was the last one for the inside VRF. In this scenario, the flows from the removed NAT policy are cleared immediately. New flows immediately start using new NAT policy. |
A NAT policy change via CoA is performed by changing the sub-profile for the ESM subscriber or by changing the ESM subscriber filter in the LSN case. 1 A sub-profile change alone does not trigger accounting messages in L2-Aware NAT and consequently the logging information is lost. To ensure timely RADIUS logging of the NAT policy change in L2-Aware NAT, each CoA must, in addition to the sub-profile change, also do one of the following:
Both of the above events trigger an accounting update at the time when CoA is processed. This keeps NAT logging current. |
(cont.)
|
|||
In non-ESM environments, the NAT policy can be changed by replacing the interface filter via CLI for LSN case.
The SLA profile has to be changed and not just refreshed. In other words, replacing the existing SLA profile with the same one does not trigger a new accounting message.