Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
3
Helpful
5
Replies

nat for vlans

gilel2004
Level 1
Level 1

‎04-11-2005 03:56 AM - edited ‎03-02-2019 10:25 PM

I have 2 vlans on a single switch with the same IP address range (I must use the same) 10.101.11.0/24.

the switch is connected to a router. I want to use NAT for both vlans with a single public address, how do I do it?

Labels:
0 Helpful
5 Replies 5

sachinraja
Level 9
Level 9

‎04-11-2005 11:52 PM

you can use a nat overload command with access-lists .. on the access-list specify both the networks which are on the inside... for eg... if u have 2 inside networks:

10.10.10.0/24 & 20.20.20/0/24 and one IP on the outside (outside IP of the router)

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

access-list 101 permit ip 20.20.20.0 0.0.0.255 any

ip nat inside source list 101 interface serial1/0 overload

or

ip nat inside source list 101 pool natpool overload

interface serial1/0

ip nat outside

interface ethernet1/0

ip nat inside

hope this helps..all the best.. rate replies if found useful..

Raj

0 Helpful

gilel2004
Level 1
Level 1
In response to sachinraja

‎04-12-2005 12:12 AM

in your answer you refered to 2 networks with differentd IPs, I have two networks with the same IP (different VLAN ID), what do I do in this case?

0 Helpful

sachinraja
Level 9
Level 9
In response to gilel2004

‎04-12-2005 12:26 AM

you need to then add your internal subnet on the ACL, and do an overload for that subnet.. ACL 101 will have your internal network.. natting is done on layer 3.. VLANs work on layer 2.. so, how many ever vlans u have on the inside, its only the ip addresses which are gonna matter for NATing.. so, have your single internal network on ACL 101 and do a nat overload as given in my previous post..

let me know if you have any problems

Raj

0 Helpful

gilel2004
Level 1
Level 1
In response to sachinraja

‎04-12-2005 12:38 AM

Sorry, but I think I'm missing something.

can I use single NAT for two identical networks?

lets say address 10.101.11.2 from network 1 & 10.101.11.2 from network 2 is trying to go out - what will happen?

0 Helpful

sachinraja
Level 9
Level 9
In response to gilel2004

‎04-12-2005 01:40 AM

why do you want to have 2 vlans with the same IP addressing range ??? you will lead to a lot of problems in this case... the pix/router will think of it as duplicate IPs.. when you have 2 pcs with the same IP going out , the second one will not be able to go out to internet, as the router will have the arp of the first PC on its table.. only when the first pc is disconnected and the arp table is cleared can the second go out...

have different IP addressing range for these different vlans.. dont have identical networks... even if u have identical networks, dont have the same IP addresses assigned to more than one PC.

hope this helps.. rate replies if found useful..

Raj

Customers Also Viewed These Support Documents