Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2900xl/3500xl - NAT?

Status
Not open for further replies.
Pluttur

Pluttur

Programmer
Feb 20, 2005
5
SE
Hi!

While wandering around in the switch, I found
(config)#ip nat ?
inside Inside address translation
service Special translation for application using non-standard port
translation NAT translation entry configuration

Is my switch actually capable of NAT, or is it leftovers from something else?

I've tried to play around with it but havn't got it to work.. (have no clue how to config at all) any hints?

Currently running
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.4)WC(1), MAINTENANCE INTERIM SOFTWARE
 
Sort by date Sort by votes
No, not a chance. To perform NAT you need to be able to route and the 2900/3500XL is only a layer-2 switch. I can't understand why Cisco has left these commands in but probably an oversight when the code was ported.
That is quite an old switch now, however none of the newer Catalysts support NAT either. Only the Catalyst 6500 supports NAT, however even on that it's done in software and isn't recommended unless there is no other option.

Andy
 
Upvote 0 Downvote
Could ip nat inside be configured for the SVI?
Click to expand...

Why? You can only have one active SVI on these switches so I can't see why you would ever need it, however.....

I have just had a quick look on CCO in the EoS & EoL documentation section and NAT was used when 'clustering' switches. This was purely a management thing as there is no proprietary stacking capability with these switches (unlike the 3750). It allowed you to manage a group of switches through a browser with a single IP address (not really for telnet).


I vaguely remember this, however it was cr4p and it was better to manage them individually.

Andy
 
Upvote 0 Downvote
That's exactly what I was wondering about---hitting the SVI over the web, so it would have to be NATted. Very insecure, I agree. I have a VPN set up for mine, and then ssh to it from within the LAN.

Burt
 
Upvote 0 Downvote
hitting the SVI over the web, so it would have to be NATted.
Click to expand...

No, its not real NAT, it wasn't for management over the Internet. It was a proprietary thing used in the daft Cluster Management they had for these and the earlier 2800 series Catalysts. It NAT'd on MAC addresses or something silly so that you only actually configured one IP address, however you could have a few switches that all appeared under the one IP address in the Web management image. I think the 'cluster master' discovered the neighbors via CDP then added the NAT statements to the config automatically.

Believe me it was rubbish.

Andy

 
Upvote 0 Downvote
I'll bet...thanks for clearing that up. I'll bet for the time period, it was a good idea...kind of like Bill Gates not seeing any computer needing more than what...650MB hard drive space, or 64MB RAM...something like that? Of course, there was Windows ME...lol

Burt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

darktriad
  • Locked
  • Question
Cisco ASA 9.4: Configuring NAT
Replies
0
Views
91
darktriad
darktriad
netguy2000
  • Locked
  • Question
Cisco router 1841 NAT/PAT problem
Replies
0
Views
63
netguy2000
netguy2000
ngtri
  • Locked
  • Question
Please, need your help to check my configurations. NAT and HSRP
Replies
0
Views
60
ngtri
ngtri
DarthPanda
  • Locked
  • Question
No Telnet after NAT outside
Replies
2
Views
74
DarthPanda
DarthPanda
jmkelly
  • Locked
  • Question
Partly-dynamic / partly-static NAT
Replies
2
Views
73
jmkelly
jmkelly

Part and Inventory Search

Sponsor

Back
Top