Showing results for 
Search instead for 
Did you mean: 

NAT - Static IP Support feature



Does anyone know what the applicability for this feature is, enabled using the "ip nat allow-static-host" command. The docs state that it is used to support users configured with a static IP address. It does not say much beyond that ?



2 Replies 2


Yes, this will be useful when DHCP server is not in use.

Cisco Employee
Cisco Employee

Hi Paresh,

I see that this is a 4 year old post. Many of you might now know what is Static NAT IP support, what is the purpose to use it. But this post is still tagged as unanswered , i am choosing to reply here only for those few of the networkers who are still not clear with this. And  "ip nat allow-static-host" is still a question for them....

Before i talk about the command "  "ip nat allow-static-host" "  I would prefer to give a background again to those who might have come across this concept / command for first time. Paresh,i am sure this would be a quick recap for you.

                                                                            [[[ NAT - Static IP Support ]]]

To configure the NAT - Static IP Support feature, you should understand the following concepts:

•Benefits of NAT - Static IP Support
•Public Wireless LAN

Benefits of NAT - Static IP Support
The NAT - Static IP Support feature extends the capabilities of Public Wireless LAN providers to support
users configured with a static IP address. By configuring a router to support users with a static IP address,
Public Wireless LAN providers extend their services to a greater number of potential users, which can lead to
greater user satisfaction and additional revenue.

Public Wireless LAN
A Public Wireless LAN provides users of mobile computing devices with wireless connections to a public network,
such as the Internet.

Remote Authentication Dial-In User Service (RADIUS) is a distributed client/server system that secures networks
against unauthorized access. Communication between a network access server (NAS) and a RADIUS server is based
on the User Datagram Protocol (UDP). Generally, the RADIUS protocol is considered a connectionless service.
Issues related to server availability, retransmission, and timeouts are handled by the RADIUS-enabled devices
rather than the transmission protocol.

RADIUS is a client/server protocol. The RADIUS client is typically a NAS, and the RADIUS server is usually a
daemon process running on a UNIX or Windows NT machine. The client passes user information to designated
RADIUS servers and acts on the response that is returned. RADIUS servers receive user connection requests,
authenticate the user, and then return the configuration information necessary for the client to deliver service
to the user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication

Configuration Steps
1. enable
2. configure terminal
3. interface type number
4. ip nat inside
5. exit
6. ip nat allow-static-host
7. ip nat pool name start-ip end-ip netmask netmask accounting list-name
8. ip nat inside source list access-list-number pool name
9. access-list access-list-number deny ip source

ip nat allow-static-host :

Enables static IP address support.

•Dynamic Address Resolution Protocol (ARP) learning will be disabled on this interface, and NAT will control
the creation and deletion of ARP entries for the static-IP host.

[[[ Configuration Example ]]]

Configuring NAT - Static IP Support: Example
The following example enables static IP address support for the router at

interface ethernet 1

ip nat inside
ip nat allow-static-host
ip nat pool xyz netmask accounting WLAN-ACCT
ip nat inside source list 1 pool net-208

access-list 1 deny ip

Creating a RADIUS Profile for NAT - Static IP Support: Example
The following example shows how create a RADIUS profile for use with the NAT - Static IP Support feature.

aaa new-model

aaa group server radius WLAN-RADIUS

server auth-port 1645 acct-port 1645
server auth-port 1645 acct-port 1646

aaa accounting network WLAN-ACCT start-stop group WLAN-RADIUS
aaa session-id common
ip radius source-interface Ethernet3/0
radius-server host auth-port 1645 acct-port 1646
radius-server key cisco




P.S : For all users whenever you post your questions and the solution given to you works, please make sure you rate it. That helps other users with same query to get their answers in less time rather posting a new thread for same thing and waiting for answers. This saves time for both author and the person who replies to it.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: