Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT and VLAN

Status
Not open for further replies.
acollard83

acollard83

IS-IT--Management
May 1, 2005
179
US
Is it possible to make the ip nat outside on a VLAN interface? If so, how would I go about doing it? I've tried using just that command to no avail. I have a Cisco 6509 with dual SUP2-MSFC. We have a 100M ethernet coming in with a /23 routed to us. I currently have both public and private vlans on the same switch and have the outside nat statement on the "serial" interface (our ethernet link). We are currently upgrading to a 500M ethernet (different circuit/port on the switch) and I would prefer to have the outside NAT statements be on VLAN on our /23 instead of the "serial" interface. Any help would be appreciated, even a pointer in the right direction.
 
Sort by date Sort by votes
yes, you should be able to do that; however, understand that the NAT process happens in software on the SupII so your throughput may be suspect. Have you thought about placing a router in front of the 6509??

 
Upvote 0 Downvote
Thanks for the reply. Yes, we have thought of putting a router in front of the 6509 and in fact will be, but I beleive the NATing will still be done on the switch if I'm not mistaken. We have about 7 different private VLANs that use NAT and, so far, 25 public VLANs. As for the NAT on the 6509 with a VLAN, how would I do that. I tried setting the nat outside to the VLAN interface, same with the source list statement. It didn't work. What am I missing?
 
Upvote 0 Downvote
so, does it throw you an error when you try to configure it?? what version of code are you running??

 
Upvote 0 Downvote
What type of NATting are you implimenting?

As in:

Pool
Interface
Destination
Source

Are you just trying to impliment overload:-

ip nat inside
ip nat outside

access list 101 permit ip xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx etc etc

And then utilising the access list in the NAT statement as follows:-

ip nat inside source list 100 interface serial 0/0 overload

If so, this should be all that is required on the subinterface that the addresses are being translated to. However, an "ip nat inside" statement will be required on EVERY subinterface that require the translation.
 
Upvote 0 Downvote
Unless it is for a tiny amount of traffic you should not be performing NAT on the Cat 6500. You should configure NAT on your edge device (router) and include the subnets/networks that you want to perform NAT on there.
Typically you will have networks/subnets that are behind or terminated on the 6500, this will then have a layer-3 interface to your WAN router(s). The WAN router will know about the networks reachable via the 6500 via routing protocols or possibly static routes. The WAN router will be configured to NAT these networks out of its connection to your ISP.

Andy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
273
Lccarter
Lccarter
cheikhdtn
  • Locked
  • Question
VLAN
Replies
3
Views
147
iggsterman
iggsterman
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
145
acabezas2014
acabezas2014
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
138
mikey789
mikey789
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
155
mrdom
mrdom

Part and Inventory Search

Sponsor

Back
Top