09-27-2019 02:33 AM
Hi,
I have a problem with basic 1:1 NAT configuration on my IE-2000-8TC-G-N. My network:
I connected Host1 to port FastEthernet1/2 and Host2 to port FastEthernet1/3. Then I configured switch with commands according to this guide:
l2nat instance basic_translation
inside from host 192.168.1.4 to 10.10.1.4
outside from host 10.10.1.3 to 192.168.1.3
The only thing I skipped was application of l2nat instance to a VLAN, but in such case the instance should be applied to the native VLAN. All of the ports on my switch are in VLAN 1, so if I understand correctly, translation should work on all ports.
However, hosts cannot ping each other. Does anyone know what the problem may be? Is my understanding of how NAT works incorrect or something is missing from the configuration?
My running config:
! vlan internal allocation policy ascending ! lldp run ! l2nat instance basic_translation instance-id 1 fixup all outside from host 10.10.1.3 to 192.168.1.3 inside from host 192.168.1.4 to 10.10.1.4 ! ! ! ! interface FastEthernet1/1 ! interface FastEthernet1/2 ! interface FastEthernet1/3 ! interface FastEthernet1/4 ! interface FastEthernet1/5 ! interface FastEthernet1/6 ! interface FastEthernet1/7 ! interface FastEthernet1/8 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 10.10.0.50 255.0.0.0 cip enable ! ip default-gateway 10.0.0.1 ip forward-protocol nd ip http server ip http authentication local ip http secure-server
09-27-2019 04:37 AM
Hi,
Have you applies this Layer 2 NAT instance to the port / VLAN on the interface?
Check this guide:
09-27-2019 05:44 AM
No, I said in my post I skipped this step. The guide you linked (I linked the same one) contains this information:
l2nat instance_name [vlan | vlan_range] Applies the specified Layer 2 NAT instance to a VLAN or VLAN range. If this parameter is missing, the Layer 2 NAT instance applies to the native VLAN.
From my understanding, if NAT instance is not applied to any interface, it's applied by default to VLAN 1. So if all ports on my switch belong to this VLAN, shouldn't it work on all of them?
Also, I don't really understand why you can apply NAT instance to Gigabit Ethernet ports only, can you explain?
09-27-2019 06:45 AM - edited 09-27-2019 06:57 AM
you still need to apply it to a port
if you ommit the vlan number it effects the native vlan of this port, which by default is VLAN1 !
and I do not think you need to read it that L2nat can only be applied to gigabit ports,
but this device (IE2000) has two gigabit UPLINK ports, these port have different electronics (ASIC) than the other ports
if it only works on those two ports, it probably has to do with the internal architecture of this switch, not 10/100/1000 property.
10-02-2019 12:34 AM
Hi, thanks for the explanation.
So I created another VLAN I would like NAT to happen in and added some ports to it. Then I applied my l2nat instance to one of them (uplink port). My current config:
! vlan internal allocation policy ascending ! lldp run ! l2nat instance basic_translation instance-id 1 fixup all outside from host 10.10.1.3 to 192.168.1.3 inside from host 192.168.1.4 to 10.10.1.4 ! ! ! ! interface FastEthernet1/1 ! interface FastEthernet1/2 ! interface FastEthernet1/3 ! interface FastEthernet1/4 ! interface FastEthernet1/5 switchport access vlan 100 switchport mode access ! interface FastEthernet1/6 switchport access vlan 100 switchport mode access ! interface FastEthernet1/7 ! interface FastEthernet1/8 ! interface GigabitEthernet1/1 switchport access vlan 100 l2nat basic_translation 100 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 10.10.0.50 255.0.0.0 cip enable ! ip default-gateway 10.0.0.1 ip forward-protocol nd ip http server ip http authentication local ip http secure-server
I connected Host1 to GigabitEthernet1/1 and Host2 to FastEthernet1/5. They sill cannot ping each other. Any idea what am I doing wrong?
10-02-2019 06:15 AM
your information is incomplete!, I can make a guess, but better is you confirm this first
is Host1 to GigabitEthernet1/1 IP: 10.10.1.3 ?
and Host2 to FastEthernet1/5 IP: 192.168.1.4 ?
from host1 (10.10.1.3) you ping to 10.10.1.4 ? (l2nat translates to 192.168.1.4 and forward the packet)
from host2 (192.168.1.4) you ping to 192.168.1.3 ? (…. translates to 10.10.1.3 ….)
the document you reference mentions l2nat needs the "enhanced LAN base feature set"
did you check what version is running on your switch?
and please check if a local firewall on those hosts does not block these packets.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide