Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
627
Views
0
Helpful
2
Replies

NAT problem - VLAN.dat can't be fetched due to NAT'd IP address of PI

gabor.rozsa
Level 1
Level 1

‎06-23-2015 06:07 AM

Hi,

 

My PI2.2 is behind a Firewall where my local IP address (192.168.1.2) is translated to an outside global IP address (12x.xx.xx.xx):

                                                        
                                                                           
                                                                           
                        +---+                                              
                        |   |                                              
+------+ 192.168.1.2    | F | 12x.xx.xx.xx     +--------+      +----------+
|PI 2.2+----------------+ W +------------------+ cloud  +------+  device  |
+------+                |   |                  +--------+      +----------+
                        |   |                                              
                        +---+                                              

                              

 

My problem is that I can see that PI can't download the vlan.dat file from the remote switch via TFTP as it tries with the pre-NAT'd IP as the destination server not the NAT'd address. The following output is an assembled wireshark Telnet session when PI tries to download the vlan.dat file:

switch#terminal length 0
switch#terminal width 0
switch#
switch#
switch#show privilege
Current privilege level is 15
switch#
switch#copy flash:vlan.dat tftp:
Address or name of remote host []? 192.168.1.2
Destination filename [vlan.dat]? 20150618231154954-12x.xx.xx.xx.cfg
.....
%Error opening tftp://192.168.1.2/20150618231154954-12x.xx.xx.xx.cfg (Timed out)
switch#
switch#
switch#

 

I'm not suprised it times out as the remote host address should be 12x.xx.xx.xx not 192.168.1.2.

Is there a way to force Prime Infrastructure to use the NAT'd address in such cases? I was told in LMS there is an option but I couldn't find any in PI.

 

Thanks,

Gabor

 

 

 

 

Labels:
0 Helpful
2 Replies 2

rosaho
Level 3
Level 3

‎06-24-2015 03:50 PM

This discussion has been modified to comply to the CSC terms of use conditions.

0 Helpful

gabor.rozsa
Level 1
Level 1

‎06-25-2015 07:09 AM

Update

This problem is present from earlier versions of PI as it was reported 13 months ago in this support forum discussion:

https://supportforums.cisco.com/discussion/12180876/cisco-prime-infrastructure-and-vlan-fetch

 

Unfortunately the issues is still in PI2.2 and this was confirmed by TAC engineer. Two options are:

1. Make the actual IP address of PI routable from the device.

2. Open PER request to add this in coming PI versions . 

 

I can accept this however I think it would be great to read it somewhere in the Admin and/or design guide of PI that you are not supposed to use PI behind any network device NATing PI's IP address.

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card