03-14-2012 11:47 AM - edited 03-07-2019 05:33 AM
Device: Cisco SR520W-FE
I have added a guest wireless network to this router but I can't seem to get nat overload to work with the new space.
LAN: 192.168.5.0/24 (VLAN 75) Guest WLAN: 10.5.5.0/24 (VLAN 50)
Here is the commands I'm using for the NAT overload:
interface FastEthernet0
switchport access vlan 75
interface FastEthernet3
switchport access vlan 50
interface FastEthernet4
ip address x.x.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly
interface Vlan50
ip address 10.5.5.1 255.255.255.0
ip access-group 120 out
ip nat inside
interface BVI75
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip nat inside source list 10 interface FastEthernet3 overload
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
route-map SDM_RMAP_1 permit 1
match ip address 101
access-list 10 remark PAT IP space for the guest WLAN
access-list 10 permit 10.5.5.0 0.0.0.255
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.76.0 0.0.0.255
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
access-list 120 remark ACL to block guest wireless from LAN
access-list 120 deny ip 10.5.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 120 permit ip 10.5.5.0 0.0.0.255 any
03-14-2012 12:12 PM
Hi,
Can you enter these commands in config mode:
do clear ip nat trans *
no ip nat inside source list 10 interface FastEthernet3 overload
ip nat inside source list 101 interface FastEthernet4 overload
no route-map SDM_RMAP_1
no access-list 10
access-list 101 permit ip 10.5.5.0 0.0.0.255 any
Regards.
Alain
03-14-2012 12:48 PM
Before I do that I have a few questions:
Why remove the "ip nat inside source list 10 interface FastEthernet3 overload"?
ip nat inside source list 101 interface FastEthernet4 overload
access-list 101 permit ip 10.5.5.0 0.0.0.255 any
Do that doesn't seem right. The Fa3 network is 10.5.5.0/24 and the Fa4 network is 192.168.5.0/24
03-15-2012 08:13 AM
Any thoughts on this?
03-15-2012 10:36 AM
Hi,
The Fa3 network is 10.5.5.0/24 and the Fa4 network is 192.168.5.0/24
interface FastEthernet3
switchport access vlan 50
So first fa3 is a L2 port and secondly you are natting from inside to outside so the interface you use for overload must be the nat outside interface( which has an IP) and the interfaces where you have nat inside must also be L3 interfaces( routed or SVI)
Regards.
Alain
03-15-2012 12:52 PM
A SVI is created for fa3 and is being used. I'm not sure what you are trying to say?
03-15-2012 01:22 PM
What I'm saying is that if you want to do nat overload then the interface you're specifying in the nat statement is a L3 interface which is configured as the nat outside interface and here it is fa4 as fa3 is a L2 interface where inside clients are connected. Is it clearer?
Regards.
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide