VRF & NAT in Catalyst 9300

WangSteven02215 · ‎10-14-2021

Hi everyone,

I always appreciate the support of Cisco community.

We need to connect the networks with the same network address to L3 switch (Catalyst 9300) to communicate with the destination server. Also, the communication between Network A and B must be prohibited.

We thought that it would be possible to implement by utilizing the NAT and VRF of C9300. I would like to tell you how to configure network.

First, Network A is connected to the Port 1, and Network B is connected to the Port 3. Then, we try to change the IP address of Network A as shown in the table below by means of NAT.

No.	Inside	Outside
1	192.168.1.5	192.168.3.5
2	192.168.1.6	192.168.3.6
3	192.168.1.7	192.168.3.7
4	192.168.1.8	192.168.3.8

Next, we build connection between Port 2 and 4, and configure VRF as below to prevent communication between Network A and Network B.

- VRF 1 Routing Table

Network number	Outbound Interface	Next hop
192.168.3.0/24	Fa0/4	10.10.0.5

- VRF 2 Routing Table

Network number	Outbound Interface	Next hop
192.168.1.0/24	Fa0/3	10.10.0.5

The detailed connection is shown in the picture below.

Like this, I wonder if there is any problem with configuring the network I said.

The answers from experts would be very helpful for me. Thank you very much indeed!

balaji.bandi · ‎10-14-2021

As remember you already open thread with this information, we have addressed most of the issue there.

In Terms of NAT, Cat 9300 is switch (most case it may not do NAT, some execptional case as per the document) and read the releae notes and License required to do NAT.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-10/configuration_guide/ip/b_1610_ip_9300_cg/configuring_nat.html#concept_sbt_vnk_cz

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

WangSteven02215 · ‎10-14-2021

Thank you for your answer. I haven't been able to solve this problem and trying to find a solution. The link below showed that the Catalyst 9300 supports NAT.

https://www.reddit.com/r/Cisco/comments/aupo7k/catalyst_9300_switches_support_nat_on_1610x/

balaji.bandi · ‎10-14-2021

yes the above document show you how to configure NAT on cat 9300, just focus on the requirement (make sure you have correct License to make the config work)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

WangSteven02215 · ‎10-14-2021

I've already read the release notes you said. As you know, we cannot find an answer to my question in there. Is it impossible to answer my question? If so, I will wait until other expert answer.

balaji.bandi · ‎10-14-2021

have you got a chance to review the suggestion done on the last post?

https://community.cisco.com/t5/routing/question-about-vrf-virtual-routing-amp-forwarding/td-p/4479036

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎10-15-2021

Hello
I suggested a solution to this in duplicate post by yourself here

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul