NAT solutions with CBS350 L3 routing

bakerjw · ‎08-29-2023

We have a handful of trunk interconnected CBS350 switches that comprise a test network of multiple private IP addresses using VLANs. e.g.

192.168.0.0/24 gateway 192.168.0.1
192.168.1.0/24 gateway 192.168.1.1
192.168.2.0/24 gateway 192.168.2.1
192.168.100.0/24 gateway 192.168.100.1
192.168.101.0/24 gateway 192.168.101.1
172.16.0.0/16 gateway 172.16.0.1
etc...

Our main switch is configured as a layer 3 router. Routing works great between all networks and properly configured devices.

We have a need for certain devices to access an external subnet (example) 123.123.123.0/24. We cannot allow routing, STP, bridge packets, etc... to appear on the 123.123.123.0/24 network.

I set up a static route to point to a router address of 192.168.255.25 which was very straightforward.

I do not believe that the CBS350 does NAT so I am looking for some recommended solutions. We are working with opnsense but it has been proving to be problematic.

Any guidance or advice? Thanks.

M02@rt37 · ‎08-29-2023

hello @bakerjw,

You're right none of the CBS and entry-level Cisco switches does support NAT.

Since you mentioned that you're using opnsense, you can configure NAT rules on the opnsense router to achieve this.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

balaji.bandi · ‎08-29-2023

CBS350 is switch -(latest models only have NAT feature like Cat 9300)

if you looking NAT - Looks some RV series router does all for you (but they going end of Life soon).

Buy any Rasberry Pi works as expected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

bakerjw · ‎08-29-2023

Many thanks for the responses.

For our needs, the CBS350 switch running as L3 works great for our needs. opnsense has proven problematic to get set up though. I'll keep plodding that way.

Again, thanks!

bakerjw · ‎08-29-2023

What is a low end Cisco router that does NAT? My managers are pretty tight with the budget but I might be able to run a router and shift routing from the CBS350.

balaji.bandi · ‎08-29-2023

cisco 800 routers is smallest one can do the job for you - check the requirement and EOL statement before buying.

https://www.cisco.com/c/en/us/products/routers/product-listing.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

bakerjw · ‎08-29-2023

Many thanks for the insight.

If we go with a new router to replace the L3 routing of the CBS350, it cannot be EOL. One of our other internal groups has a lot of $$$ in their budget and I might be able to talk them into getting us something decent and supported for a while.

balaji.bandi · ‎08-29-2023

Sure you need to look for the budget - I run my Home Small Rasberry Pi with simple NAT works for years - if you like to save money only for NAT.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

M02@rt37 · ‎08-29-2023

@bakerjw,

If budget is not a problem, have look to C9300.

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9300-series-switches/nb-06-cat9300-ser-data-sheet-cte-en.html

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

bakerjw · ‎08-29-2023

LOL... that would certainly fit the bill.

Something a little more mid range would be preferred though to keep any sticker shock down.

thanks

balaji.bandi · ‎08-30-2023

what costing we consiering here . rather playing numbers to get approve some time from business is difficult.

I have this in the past with small company - so for them i run any used PC with daul Ethernet Linux with NAT should fix the issue. (if you can not able to spend money).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

bakerjw · ‎08-30-2023

One last question.

Our Cisco supplier has recommended get a C1111-8P router. It seems to be a very capable piece of equipment and I wondered if anyone had thoughts pro or con about the device.

Many thanks.