Re: L2 NAT with Cisco IE2000

dtran · ‎01-10-2020

Hello everyone,

I am trying to configure L2 NAT on a Cisco IE2000 and I am having a connectivity related issue. The IE2000 has trunk link to my private LAN (172.16.173.0/24) and an Access link to my PLC LAN. And I am trying to NAT between 172.16.173.51 and 192.168.163.239. And 192.168.163.240 to 172.16.173.61. The default gateway for the Private LAN is 172.16.173.1

l2nat instance PLCMessage
instance-id 1
fixup all
inside from host 172.16.173.51 to 192.168.163.239

outside from host 192.168.163.240 to 172.16.173.61

interface GigabitEthernet1/1
description To Public LAN 192.168.163.239 and 192.168.163.240
switchport access vlan 173
switchport mode access
no cdp enable
l2nat PLCMessage

interface GigabitEthernet1/2
description Trunk Link to Private LAN
switchport trunk allowed vlan 1,173
switchport trunk native vlan 173
switchport mode trunk

NAT seems to be working but the connectivity issue I am having is that I can not reach any devices on VLAN 173 that are connected to this IE2000 remotely from another device on a different VLAN like VLAN 1.

Thanks in advance !!! I appreciate any inputs / suggestions !!!

Danny

Reza Sharifi · ‎01-10-2020

Hi,

by default the native vlan is 1 and that is defined on the trunk port . So, you don't need to make vlan 173 native as well.

Try removing this command and test

switchport trunk native vlan 173

no switchport trunk native vlan 173

HTH

dtran · ‎01-10-2020

Hello Reza, thanks for your response !!!

I will give it a shot and let you know.

Thanks !!!

Danny

dtran · ‎01-10-2020

Hello Reza,

I removed the native vlan 173 under the trunk port and the result is the same.

Thanks !!

Danny

Reza Sharifi · ‎01-10-2020

Hi,

Where is the gateway (IP 172.16.173.51) located?

Is the router connected to a switch for the lan segment?

Is the router the gateway for all subnets involved?

I also want to let you know that I am not familiar with the IE series routers. So, if I say something that does not make sense, please ignore.

HTH

dtran · ‎01-13-2020

Hello Reza, please see my response below,

The router / default gateway is connected the switch on the private LAN side, handling inter-vlan routing at the site.

Where is the gateway (IP 172.16.173.51) located?

Is the router connected to a switch for the lan segment?

Is the router the gateway for all subnets involved?

dtran · ‎01-30-2020

The config is at the beginning of this thread,

tearl42 · ‎01-31-2020

This might be a silly question but does the uplink have to be a trunk port? I haven't seen any configs using an access port, but shouldn't I be able to use access ports?

Thanks,

Tom

dtran · ‎01-31-2020

Uplink port can be a trunk or access port depending on your needs. In my case all my devices that are connected to my downstream switch are all in the same vlan, therefore no need for trunk uplink.

hope that helps !!!

Danny

tearl42 · ‎01-31-2020

Awesome, thanks!

As soon as I get a working config, I'll post...

Thanks,
tom

paul driver · ‎01-10-2020

Hello

@dtran wrote:

NAT seems to be working but the connectivity issue I am having is that I can not reach any devices on VLAN 173 that are connected to this IE2000 remotely from another device on a different VLAN like VLAN 1.

interface GigabitEthernet1/1
l2nat PLCMessage 173

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

dtran · ‎01-13-2020

Hello Paul, thanks in advance for your help !!!

I will try the change you recommended and will let you know.

l2nat PLCMessage 173

Thanks Paul !!!

Danny

tearl42 · ‎01-30-2020

Did his solution work?

I'm curious because the Cisco docs on this subject are really poor and there is almost nothing on the Internet about how to config it.

Thanks, Tom

dtran · ‎01-30-2020

Hi there,

My issue turns out to be spanning-tree related. My L2 NAT config is working fine.

tearl42 · ‎01-30-2020

Would you be willing to share it? I'm just about bald from all the hair I've pulled out. :-)