Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!
Mauro Crociara

IP NAT inside command doesn't exists

Hello, I just configured DNS server on my cisco 1941. From the router, i can translate and ping the world. As a switch I have the EHWIC-D-8ESG-P and the EHWIC-VA-DSL-A as modem. The machines can comunicate from each other:

  • sun (the default gateway / the router)
  • printer (the printer)
  • jupiter (the nas)
  • venus (a laptop)
  • mars (another laptop)

The problem is that the machines can't communicate with the router and comunicate with the world. The router can't comunicate with the machines, but can comunicate with the world. I tried to use this commands to set the NAT on the EHWIC-D-8ESG-P:

  • int range gigabitethernet 0/1/0 - 7
  • ip nat inside

The command "ip nat inside" doesn't exists, why? If i have figured out the NAT, I have to set the NAT inside/outside for each interface. In my case the NAT outside is the Dealer0 (my modem) with negotiated IP and all inside NAT are the interfaces on the switch from gigabitethernet 0/1/0 to 7.

Why it doesn't works?

Mauro Crociara

Partially solved... the Cisco EtherSwitch EHWICs support the layer 3 features as NAT, QoS and other services with VSI and not directly. Here fe features list. In other word to use nating on modules you have to create a vlan interface and assign the interface to the gigabitethernet interface of the switch.


conf t
vlan 10
int vlan 10
ip address 192.168.1.x
no shutdown
int range gi0/1/0 - 7
sw mode access
sw acc vlan 10
no shutdown

Now from the router i'm able to translate all address, ping the machines inside the LAN and outside the WAN. The router can talk with all, but the LAN machines aren't still able to talk with the WAN. A vlan can have the same IP of the gateway?


I created an access list like this:

access-list 1 permit

And natted on it:

ip nat inside source list 1 interface dialer 0 overload


Stil looking for the answer to solve the problem. How can contact the WAN from LAN machines?



So it looks to me that you have your pcs printers etc connected to the

By default these will be layer 2 ports and depend on a virual interface of vlan 1.

So try something like ths

interface vlan 1
ip address
ip nat inside
ip nat pool MYPOOL netmask
ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit


Regards, Alex. Please rate useful posts.

Hi Alex,


Firts of all, thanks for the reply. While you answered i was writing :)


I tried your suggestions and I edited my config, but I'm still not able to go on the WAN. The first problem is to ping the router How can I assign an IP address to the router?  This is my config:

During the config:

ip nat pool MYPOOL netmask

I obtained two warnings:

pool ovrld mask too small; should be at least
start and end addresses on different subnets



Hi Alex, I have attached my last config, and some test as you can see belove. I'm still not able to reach the WAN from the LAN.

  • The routing table from mars.homenetwork
realnot@mars ~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface     sun.homenetwork UGH   0      0        0 enp0s25     *        U     0      0        0 enp0s25
  • SSH access from mars.homenetwork (the laptop) to sun.homenetwork(the router)
realnot@mars ~ $ ssh sun
Welcome to SUN. You are connected via SSH to line #132 on sun.homenetwork.
The access is restricted for personal purpose only. All activity are monitored
and logged for secirity reasons.
  • The routing table on the router
sun#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is to network

S* [1/0] via, Dialer0 is subnetted, 1 subnets
C is directly connected, Dialer0
 * is variably subnetted, 2 subnets, 2 masks
C* is directly connected, Vlan10
L is directly connected, Vlan10 is subnetted, 1 subnets
C is directly connected, Dialer0
  • Some ping test from the router (to LAN and WAN)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
sun#ping jupiter
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
sun#ping mars
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
  • Checking IP NAT translations
sun#show ip nat translations


I have attached my last running-config. Thanks for the the support.

Hi Alex, this morning i solved the problem. Was caused by a wrong config of dhcpd.conf, dns, static routing on the end terminals. The router was configured properly.

Thanks for the support.