Solved: Re: PAT for Many Subinterfaces on the Router

Jahidur Rahman · ‎08-13-2023

How do I make PAT if there is too many subinterfaces on the router.

For say, subinterfaces are

fa0/0.10, fa0/0.20, fa0/0.30

For PAT configuration I have enter each subinterface to configure

ip nat inside

Like this,


interface fa0/0.20
ip nat inside
exit
interface fa0/0.30
ip nat inside
exit

So, this is a time consuming if I have too many subinterfaces.
So how can I do this shortly on the router interfacce?

this is my simple topology.
Note, I want to do PAT instead of static NAT or dynamic NAT and I don't want to use Layer 3 switches.

julijime · ‎08-14-2023

Hi @Jahidur Rahman,

In order to do PAT on your topology and want to reduce time, you can create an ACL that will match your Inside subnets, for example:

ip access-list standard 10
10 permit 192.168.0.0 0.0.255.255

Then you need to specify the Outside interface that will perform PAT and bind it with the ACL created earlier, for example:

ip nat inside source list 10 interface serial0/0/0 overload

After that you just need to define the Inside and Outside interfaces, unfortunately this is something that you would not be able to avoid:

interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
!
interface Serial0/0/0
 ip nat outside
end

Regards

View solution in original post

M02@rt37 · ‎08-13-2023

Hello @Jahidur Rahman,

Do you try this?

ip nat inside source list 1 interface fa0/0 overload

With

access-list 1

that matches the subnets you want to perform PAT:

access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.30.0 0.0.0.255

If you want to apply PAT to multiple subinterfaces, you need to configure the

ip nat inside

command on each individual subinterface that needs NAT.

This would perform PAT on all the subinterfaces matching the specified subnets and use the

fa0/0

interface as the outgoing interface for translation.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Richard Burts · ‎08-13-2023

When you enter configuration interface mode to create the subinterface and assign an IP address you also add the command

ip nat inside

If you have many subinterfaces to configure you probably would want to create a template for subinterface configuration to include subinterface ID, IP address,

 ip nat inside

and any other commands, copy and paste, and update appropriate parameters.

HTH

Rick

julijime · ‎08-14-2023

Hi @Jahidur Rahman,

In order to do PAT on your topology and want to reduce time, you can create an ACL that will match your Inside subnets, for example:

ip access-list standard 10
10 permit 192.168.0.0 0.0.255.255

Then you need to specify the Outside interface that will perform PAT and bind it with the ACL created earlier, for example:

ip nat inside source list 10 interface serial0/0/0 overload

After that you just need to define the Inside and Outside interfaces, unfortunately this is something that you would not be able to avoid:

interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
!
interface Serial0/0/0
 ip nat outside
end

Regards

Jahidur Rahman · ‎08-15-2023

Thanks @julijime your solution seems useful.

There is another way of doing that, I can configure IP addresses to each VLAN on the switch (Layer 3) rather than configuring on the router on each subinterfaces. For that I need to make one

switchport to no switchport

and then assign a IP address from the switch to router interface and another IP from the router to switch interface. And then enable IP routing.

But

no switchport

works only on Layer 3 switches. For cost minimization I wanted to use a layer 2 switch( Csico 2960).

If you find any way to use one of the layer2

switchport to no switchport

please let me know.

Thanks again for your contribution to the community.