Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT with subintefaces??

Status
Not open for further replies.
myng94

myng94

Technical User
Sep 3, 2002
38
US
I'm trying to setup NAT with subinterfaces

Cisco 2691 Router-Fast0/0 ==> WAN
-int f0/1.1 ip 192.168.20.1/24
-int f0/1.2 ip 192.168.30.1/24
-int f0/1.3 ip 192.168.40.1/24

Here's the ???
to accomplish this shoud I:

1. int f0/1.1
ip nat source list 1
access-list 1 permit 192.168.20.0 0.0.0.255
(repeating this setup for each subinterface/access-list)

OR

2.ip nat source inside source list 1 interface Fast0/0 overload
(repeating this for each subinterface/access-list)
Any suggestions would be helpful.
 
Sort by date Sort by votes
i would do the following

interface fastether 0/0
ip nat outside

interface fastether 0/1
ip nat inside

then globally

ip nat inside source list 1 interface fastethernet 0/0 overload

access-list 1 permit 192.168.0.0 0.0.255.255

that will nat all addresses from the 192.168. networks

Good luck


Use debug ip nat detailed to view translations in real time
 
Upvote 0 Downvote
Thanks for the input, the following config worked for me, each sub-interface has to be designated as "ip nat inside":

interface FastEthernet0/1.1
encapsulation dot1Q 2
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.2
encapsulation dot1Q 3
ip address 192.168.30.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.3
encapsulation dot1Q 4
ip address 192.168.40.1 255.255.255.0
ip nat inside
!
ip nat inside source list 1 interface FastEthernet0/0 overload

access-list 1 permit 192.168.0.0 0.0.255.255
 
Upvote 0 Downvote
now that NAT and DHCP are working how can you keep the vlans from communicating
 
Upvote 0 Downvote
i didn't test that so i assume that you are right. the ip nat debug showed the native vlan translated so your config is probably right on. nice job. as for communication limiting between vlans you will need to specify access lists or issue private vlans that allow only communication with the default gatway. cool ain't it. but lets go with access lists for simplicity sake
from enable prompt

conf t
access-list 120 deny ip any 192.168.30.0 0.0.0.255
access-list 120 deny ip any 192.168.40.0 0.0.0.255
access-list 120 permit ip any any
access-list 130 deny ip any 192.168.20.0 0.0.0.255
access-list 130 deny ip any 192.168.40.0 0.0.0.255
access-list 130 permit ip any any
access-list 140 deny ip any 192.168.20.0 0.0.0.255
access-list 140 deny ip any 192.168.30.0 0.0.0.255
access-list 140 permit ip any any
interface fastethernet 0/1.1
ip access-group 120 out
interface fastethernet0/1.2
ip access-group 130 out
interface fastethernet0/1.3
ip access-group 140 out
exit
exit

test configuration and then save

have fun
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
362
CPM86
CPM86
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
690
BIS
BIS
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
279
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
369
Geraldine Souza
Geraldine Souza
Collab_Guy
  • Locked
  • Question
Anyone using automation with their CUCM?
Replies
1
Views
316
kyle555
kyle555

Part and Inventory Search

Sponsor

Back
Top