Table: Modifying active NAT prefix list or NAT classifier describes the outcome when the active NAT prefix list or NAT classifier is modified using CLI.
| Action | Outcome | Remarks | |
|---|---|---|---|
| L2-Aware | LSN | ||
CLI – Modifying prefix in the NAT prefix list |
Existing flows are always checked whether they comply with the NAT prefix list that is currently applied in the sub-profile for the subscriber. If the flows do not comply with the current NAT prefix list, they are cleared after 5 seconds. The new flows immediately start using the updated settings. |
Changing the prefix in the NAT prefix list internally re-subnets the outside IP address space. |
Nat-prefix list is used with multiple NAT policies in L2-Aware NAT and for downstream internal subnet in dNAT-only scenario for LSN. Prefix can be modified (added, removed, remapped) at any time in the NAT prefix list, while the NAT policy must be first shut down via CLI. |
CLI – Modifying the NAT classifier |
Existing flows are always checked whether they comply with the NAT classifier that is currently applied in the active NAT policy for the subscriber. If the flows do not comply with the current NAT classifier, they are cleared after 5 seconds. The new flows immediately start using the updated settings. |
Changing the NAT classifier has the same effect as in L2-Aware NAT; all existing flows using the NAT classifier are checked to see whether they comply with this classifier. |
The NAT classifier is used for dNAT. The NAT classifier is referenced in the NAT policy. |
CLI - Removing/adding NAT policy in nat-prefix-list |
Blocked |
Not Applicable |
— |
CLI - Removing/adding/replacing NAT policy in sub-profile |
Blocked |
Not Applicable |
— |
CLI - Removing/adding/replacing NAT prefix-list under the rtr/nat/inside/dnat-only |
Not Applicable |
Internally re-subnet, no effect on the flows |
— |