Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1962
Views
0
Helpful
5
Replies

Simple Static NAT on Cisco 3850

GeneWilson8589
Level 1
Level 1

‎11-22-2019 07:10 AM

I have a Cisco 3850.  I have read the discussions on whether or not they do NAT.  It appears people have got them to do so.  I am needing mine to nat between 192.168.125.x(inside) and 10.10.9.x.(outside).  I am needing to be able to hit a device on the inside by going to 10.10.9.101 and reaching 192.168.125.101.  I think i have been close but not been able to get over the hump.  Would appreciate any help.

 

 

WTPAB3850#sh runn
Building configuration...

Current configuration : 5075 bytes
!
! Last configuration change at 14:37:26 UTC Fri Nov 22 2019
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname WTPAB3850
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$xo4H$EwE.rDc3BRJYNAd9G6ts60
enable password 7 13061F01382F250E0A
!
username plcadmin privilege 15 password 7 1511031F37090A000972
username gwilson privilege 15 secret 5 $1$rH1W$br98SjTvB7OTx4uQWhZQu.
no aaa new-model
switch 1 provision ws-c3850-24s
!
!
!
!
!
!
no ip domain-lookup
ip domain-name CHS-PLC
!
!
qos queue-softmax-multiplier 100
password encryption aes
!
crypto pki trustpoint TP-self-signed-289714166
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-289714166
revocation-check none
rsakeypair TP-self-signed-289714166
!
!
crypto pki certificate chain TP-self-signed-289714166
certificate self-signed 02
30820229 30820192 A0030201 02020102 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383937 31343136 36301E17 0D313931 31313531 39303135
355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3238 39373134
31363630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
DE2B3B1F D27A85D1 58969F00 C5EC8A67 0EB9016E 9B9F6895 5993541D 4047941D
6707268E 10A9534C F486805B E754E3E0 73C972AA 1B538060 2DF312E4 CBB3BA89
3EF12651 27205D01 95330B72 ACD41BFD F088A845 011651A4 216F3770 2175DD70
3005CEAA 7B256852 525694BF D588AB57 23619FB9 0F75AD18 FE7FD70F D656E939
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014AA 4CB98932 C715DEE1 10A5F756 86F8F8EB AEBAA030 1D060355
1D0E0416 0414AA4C B98932C7 15DEE110 A5F75686 F8F8EBAE BAA0300D 06092A86
4886F70D 01010505 00038181 00410982 A51EB8A4 D8E25264 F7DD30D2 48520A1A
69A45B91 4C08E00A 31993C87 7B313549 3135F43E CBE03236 A451C130 5A0D07CC
553A91D2 40231B38 39B522AE DDE29B7A 14FAAF10 6BB0F0DB F02EF708 DF48C026
68F9859F DD295CBD D339BDD4 45540A51 B755EB24 67DAA01C 49306839 27377110
09031DEE 74874D30 FDE9D5DF A1
quit
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
description BWR_CAB_MOXA
!
interface GigabitEthernet1/0/2
description CW_CAB_MOXA
!
interface GigabitEthernet1/0/3
duplex auto
!
interface GigabitEthernet1/0/4
description CW_I/O
duplex full
!
interface GigabitEthernet1/0/5
description BWR_I/O
duplex full
!
interface GigabitEthernet1/0/6
description NF_I/O
duplex full
!
interface GigabitEthernet1/0/7
duplex auto
!
interface GigabitEthernet1/0/8
speed nonegotiate
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
description BF
duplex full
!
interface GigabitEthernet1/0/11
duplex auto
!
interface GigabitEthernet1/0/12
duplex auto
!
interface GigabitEthernet1/0/13
description RO
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
description WAN
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
ip address 192.168.125.246 255.255.255.0
ip nat inside
!
interface Vlan2
ip address 10.10.9.254 255.255.255.0
ip nat outside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
!
line con 0
logging synchronous
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 03075318352C00686F48
login local
transport input ssh
line vty 5 15
password 7 094F461A2A2636362A4D
login
!
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap group default-group
end

 

0 Helpful
5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

‎11-22-2019 07:34 AM

 

You don't seem to have a NAT statement  - 

 

"ip nat inside source static 192.168.25.101 10.10.9.101" 

 

it may or may not work because as you say seems to be some debate as to whether NAT is supported and/or works on those switches. 

 

Jon

0 Helpful

Georg Pauwen
VIP
VIP
In response to Jon Marshall

‎11-22-2019 09:51 AM

Hello,

 

to add to the 'debate': the 3850 does support NAT if you run an XE release (e.g. 3.07.00E)...

0 Helpful

GeneWilson8589
Level 1
Level 1
In response to Jon Marshall

‎11-22-2019 01:08 PM

I should of left that as a note as well.  When I try that command it does not accept the "static"  I get invalid input

0 Helpful

Georg Pauwen
VIP
VIP
In response to GeneWilson8589

‎11-22-2019 01:24 PM

Hello,

 

I think you need to have 'IP Services' installed...can you verify which feature pack you are running (sh lic) ?

0 Helpful

paul driver
VIP
VIP

‎11-22-2019 10:54 AM - edited ‎11-22-2019 11:07 AM

Hello
FYI - Nat seems applicable to work on 3850
Image cat3k-caa-universalk9
Sw 03.7.00e


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card