Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4285
Views
1
Helpful
5
Replies

9300 Switch NAT on VLAN interface

ira.miller
Level 1
Level 1

‎12-20-2021 01:54 PM

Is is possible to set the ip nat outside and ip nat inside on VLAN interfaces on a Cisco 9300 switch? I've not done NAT on a switch so it's a little different for me.

 

I have a need to connect different networks with duplicate IPs. We can't change the IPs and need to be able to reach them via a natted ip address. The inside addresses are on a vlan that is trunked between switches.

 

Example:

 

VLAN2

ip address 10.10.10.254 255.255.255.0

ip address outside

 

vlan 3

ip address 192.168.1.254 255.255

ip address inside

 

nat inside source 10.10.10.10 192.168.1.10

 

(this is not the exact configuration, just from memory. I can get the exact config I am trying to make work.)

Labels:
0 Helpful
5 Replies 5

paul driver
VIP
VIP

‎12-20-2021 02:19 PM

Hello

TBH it would just be the same way in the SVI that it would on routed interfaces, the 9300 looks like it supports nat44 both static/dynamic domain pat.

Obviously depending on your requirements it wont be as basic than in the below example:

vlan2

ip address outside

 

vlan 3

ip address inside

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 100 interface vlan 2 




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

omrra30
Level 1
Level 1
In response to paul driver

‎03-26-2024 05:14 PM - edited ‎03-26-2024 05:17 PM

I'm on a c9300 with IOS XE 17.05.01 and the Vlan Interfaces will not accept the term 'nat' and if you type 'ip address' the only acceptable input after that is an IP address.

So as aggravating, even infuriating as it is that this simple functionality isn't available, it appears MHM Cisco World is spot on. We'll have to burn 2 additional ports for no good reason to be able to NAT into a connected network with more than one usable IP in it.

My only solution currently is to configure one port as a routed port, and then plug it back into the switch on a vlan port and then back out to any additional connections in that network. 
Buyer beware! The c9300 is a crap choice as a WAN edge switch since you can't leverage a /29 handoff without sacrificing ports for no reason.

0 Helpful

ira.miller
Level 1
Level 1

‎12-22-2021 11:35 AM

Thanks for the input. I am still working on this issue. It appears the NAT is working but I have routing issues. 

 

This is part of a contract requirement to address duplicate IPs on connected networks without changing IP addresses to create unique IPs.

 

I will update when I get it working or have more questions.

 

 

0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to ira.miller

‎05-04-2022 12:17 PM

what was your routing issue? I am having the same issues with NAT.

0 Helpful
Customers Also Viewed These Support Documents