cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3829
Views
5
Helpful
7
Replies

NAT & Cisco 3750

peterjohnes1985
Level 1
Level 1

Hello,

It seems that NAT and VRRP are not supported in on the Cisco 3750

Is it correct and if yes, do you know why?

Thanks

Peter

Open your Mind

http://www.openmaniak.com

7 Replies 7

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

Yes, both NAT and VRRP are not supported in any 3750 series. Feature differs by platform/IOS because it's not the main objective of the model design. In this case, 3750 main design is stackable, multilayer, high availabilitym security and advanced QoS. Also take note that HSRP can be configured on a maximum of 32 VLAN or routing interfaces.

This shows that machines still can't replace humans as they are not perfect :)

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_book09186a0080763466.html

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_qanda_item09186a00801b0971.shtml

stefan.jones
Level 1
Level 1

I was surprised to see these features missing as well. The processor and L3 switching hardware are similar enough to the an ISR that it wouldn't be much work to include them for a single switch. Implementing NAT, VRRP or GLBP in a stack may be more of a challenge, I don't know. Performance for NAT or VRRP to a 3rd party device would be limited and it might be too difficult to explain to users or support

The biggest reason is probably a lot more straightforward: Cisco wants to sell more 6500 switches and 7200 routers.

VRRP is at best a competitor to HSRP. VRRP while the standard, lacks some of the bells and whistles of HSRP.

Designing NAT into a lan is a poor practice. Any good network designer would NEVER do that. Just remember the 3750 is primarily a LAN switch. if you have to nat, a firewall is a far better place to do it. I'm glad Cisco didn't put these features in the 3750 line. Especially NAT.

Too much over lap is bad. But apart from the CSM doing lb nat, or a FWSM, a good design should not have nat on a 6500 either. 7200's? Well those are larger edge routers, perhaps nat would be required.

I have designed networks from the ground up, so I had my choice on what I wanted to do nat. I always found it best to do on a checkpoint or pix. its a smart way to break up the logical addressing change- at a firewall.

Following what you said

"Any good network designer would NEVER do that".

sorry, i would say better:

"Any good network designer would NEVER write that".

NAT & VRRP can be very useful in a test environnment because sometime it can happen that you don't have 6509s in your labo ...

For me there is no understandable reason why this basic features are not implemented into the 3750 even this is clear that a 3750 is no the best device to implement NAT.

REgards

Peter

******

Open your mind!

http://www.openmaniak.com

I was surprised to see someone GLAD that features were omitted from a particular model.

For someone with such vast experience to proclaim such ignorance is.. baffling. To each their own, I suppose. In the situation I find myself today, I could really use a NAT feature on the 3750 as any other device is days if not weeks away from a remote area where I'm hoping to train people on how to implement NAT.

 

Who cares if it is a permanent feature or temporary? Features are items that can be omitted from a configuration.

Sometime, you have to use NAT. Even for new network.

For example: if your VoIP and Data network are L2 & L3 isolated, using VLAN & VRF-lite, you may need to create a path between both virtualized network to permit softphone (PC) to communicate with the telephony servers. To keep routing tables isolated for both networks, you just need to NAT softphone communications.

The question you may have: why using 2 separate networks for Data & Voice. Then, when your WAN provider doesn't trust your QoS and ask you to provide unmarked packets to 2 different links instead, you have the choice to policy route at the edge of every WAN links of completely isolated both networks. I don't think policy routing is the prefered way to achieve the desired result.

Then, for 1 big building with only one organisation without ToIP, it's thinkable to using NAT only for Internet access. When you have 150 or more sites, deserving different organisations, everyone using ToIP & Data communications, it may arrives that you need to NAT for some specific needs. And in many of those remote sites, which may be small, I don't look to install Cat 65xx for obvious reasons.

Best regards

Ben

The 3750 also doesn't support Netflow ....

Pet

********

http://www.openmaniak.com

Review Cisco Networking for a $25 gift card