03-17-2023
02:09 AM
- last edited on
03-17-2023
02:24 AM
by
CiscoKoreaModer
Hi, all. Please help me on this.
I have been setting up the L2/L3 configuration with the i86bi_linux_l2-adventerprisek9-ms.SSA.high_iron_20190423.bin image in the EVE-NG virtual environment.
I'd like to use NAT on the switch in the image, but there is a problem that it does not work properly.
To be precise, when I tried to communicate from the network connected by nat inside interface to the network of nat outside, NAT is not working. However, if I try to communicate by specifying the source as inside on the device where I set NAT, it works okay.
You can see the pings that occurred at 192.168.141.41 do not travel on the NAT, so the communication is not performed, but the communication is normal at outside.
If I specify the source when debug is enabled, I can confirm that NAT is working normally.
I'd like to know if it's the problem with the image or if I misunderstood and set it wrong. Please kindly check below.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
R1#show run
Building configuration...
Current configuration : 1552 bytes
!
! Last configuration change at 01:22:59 UTC Tue Dec 20 2022
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no switchport
ip address 192.168.141.1 255.255.255.0
ip nat inside
ip ospf 1 area 0
!
interface Ethernet0/1
no switchport
ip address 123.11.22.2 255.255.255.252
ip nat outside
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet1/0
!
interface Ethernet1/1
!
interface Ethernet1/2
!
interface Ethernet1/3
!
interface Ethernet2/0
!
interface Ethernet2/1
!
interface Ethernet2/2
!
interface Ethernet2/3
!
router ospf 1
default-information originate always
!
router bgp 31112
bgp log-neighbor-changes
neighbor 123.11.22.1 remote-as 65100
!
ip nat inside source route-map ISP-65100 interface Ethernet0/1 overload
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 123.11.22.1
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list extended NAT-R1
permit ip 192.168.0.0 0.0.255.255 any
!
!
route-map ISP-65100 permit 10
match ip address NAT-R1
match interface Ethernet0/1
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
!
!
!
end
03-17-2023 02:40 AM
what is the image version and file name you using on this lab ? some image have some issues.
Try below 2 solution and see if that works ?
Option 1 :
no ip nat inside source route-map ISP-65100 interface Ethernet0/1 overload
ip nat inside source list 100 interface Ethernet0/1 overload
ip access-list 100 Permit 192.168.0.0 0.0.255.255 any
Option2 :
try remove ip cef and test it
no ip cef
03-17-2023 03:42 AM
not all SW support NAT in real network,
so I prefer use router in Stick instead of using SW and config NAT in router.
this better
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide