Creating ACL and configuring NAT on a layer 3 Switch

Wynpou2015 · ‎09-28-2015

Hi .

i have a network setup with a server giving up DHCP Address but i hve Three CISCO switches configure with Vlans in range of Vlan 10 192.168.101.1, vlan 20 192.168.102.1...... all the way to vlan 10. now my ISP give me my WAN cable for internet with the following Addresses

( IP Address: 41.86.6.42)

(Sub net mask: 255.255.255.192)

(Gateway: 41.86.6.1)

(DNS 66.28.0.45)

i only want the WAN connection to give internet to my Users in my various Vlans. and not to issue DHCP address because my server is already do it.

Can i get step by step direction to guide me in the process of creating the Access list and configuring the inbond rule?

Reza Sharifi · ‎09-28-2015

Hi,

The ISP is just giving a range of public IP to use for NAT and if you have any other device requiring a public IP address. They are not doing DHCP for you.

HTH

tbo2 · ‎09-28-2015

Hello,

This is a guide for creating ACLs:

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

Please refer to this guide for configuring NAT:

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

Since you didn't specify which ports you were using, I believe a standard ACL is most suitable for what you're doing. You would need to summarize each subnet individually or collectively in a statement and deny other traffic at the end.

Jon Marshall · ‎09-28-2015

What model switches ?

Be aware most Cisco L3 switches do not support NAT although some of the larger models do.

Jon