Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6578
Views
21
Helpful
2
Replies

NAT - Static IP Support feature

pkhatri
Level 11
Level 11

‎10-26-2005 08:52 PM - edited ‎03-03-2019 10:49 AM

Hi,

Does anyone know what the applicability for this feature is, enabled using the "ip nat allow-static-host" command. The docs state that it is used to support users configured with a static IP address. It does not say much beyond that ?

Thanks,

Paresh.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎11-03-2005 07:14 AM

Yes, this will be useful when DHCP server is not in use.

0 Helpful

mopaul
Cisco Employee
Cisco Employee

‎11-24-2009 05:11 PM


Hi Paresh,


I see that this is a 4 year old post. Many of you might now know what is Static NAT IP support, what is the purpose to use it. But this post is still tagged as unanswered , i am choosing to reply here only for those few of the networkers who are still not clear with this. And  "ip nat allow-static-host" is still a question for them....


Before i talk about the command "  "ip nat allow-static-host" "  I would prefer to give a background again to those who might have come across this concept / command for first time. Paresh,i am sure this would be a quick recap for you.


                                                                            [[[ NAT - Static IP Support ]]]


To configure the NAT - Static IP Support feature, you should understand the following concepts:


•Benefits of NAT - Static IP Support
•Public Wireless LAN
•RADIUS


Benefits of NAT - Static IP Support
---------------------------------------------------
The NAT - Static IP Support feature extends the capabilities of Public Wireless LAN providers to support
users configured with a static IP address. By configuring a router to support users with a static IP address,
Public Wireless LAN providers extend their services to a greater number of potential users, which can lead to
greater user satisfaction and additional revenue.


Public Wireless LAN
------------------------------
A Public Wireless LAN provides users of mobile computing devices with wireless connections to a public network,
such as the Internet.


RADIUS
------------
Remote Authentication Dial-In User Service (RADIUS) is a distributed client/server system that secures networks
against unauthorized access. Communication between a network access server (NAS) and a RADIUS server is based
on the User Datagram Protocol (UDP). Generally, the RADIUS protocol is considered a connectionless service.
Issues related to server availability, retransmission, and timeouts are handled by the RADIUS-enabled devices
rather than the transmission protocol.


RADIUS is a client/server protocol. The RADIUS client is typically a NAS, and the RADIUS server is usually a
daemon process running on a UNIX or Windows NT machine. The client passes user information to designated
RADIUS servers and acts on the response that is returned. RADIUS servers receive user connection requests,
authenticate the user, and then return the configuration information necessary for the client to deliver service
to the user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication
servers.


Configuration Steps
-------------------
1. enable
2. configure terminal
3. interface type number
4. ip nat inside
5. exit
6. ip nat allow-static-host
7. ip nat pool name start-ip end-ip netmask netmask accounting list-name
8. ip nat inside source list access-list-number pool name
9. access-list access-list-number deny ip source


ip nat allow-static-host :


Enables static IP address support.


•Dynamic Address Resolution Protocol (ARP) learning will be disabled on this interface, and NAT will control
the creation and deletion of ARP entries for the static-IP host.


[[[ Configuration Example ]]]


Configuring NAT - Static IP Support: Example
--------------------------------------------
The following example enables static IP address support for the router at 192.168.196.51:

interface ethernet 1

ip nat inside
ip nat allow-static-host
ip nat pool xyz 171.1.1.1 171.1.1.10 netmask 255.255.255.0 accounting WLAN-ACCT
ip nat inside source list 1 pool net-208

access-list 1 deny ip 192.168.196.51


Creating a RADIUS Profile for NAT - Static IP Support: Example
---------------------------------------------------------------
The following example shows how create a RADIUS profile for use with the NAT - Static IP Support feature.

aaa new-model

aaa group server radius WLAN-RADIUS

server 168.58.88.1 auth-port 1645 acct-port 1645
server 168.58.88.1 auth-port 1645 acct-port 1646

aaa accounting network WLAN-ACCT start-stop group WLAN-RADIUS
aaa session-id common
ip radius source-interface Ethernet3/0
radius-server host 168.58.88.1 auth-port 1645 acct-port 1646
radius-server key cisco

HTH...

Regards

M

P.S : For all users whenever you post your questions and the solution given to you works, please make sure you rate it. That helps other users with same query to get their answers in less time rather posting a new thread for same thing and waiting for answers. This saves time for both author and the person who replies to it.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card