01-10-2020 12:01 PM
Hello everyone,
I am trying to configure L2 NAT on a Cisco IE2000 and I am having a connectivity related issue. The IE2000 has trunk link to my private LAN (172.16.173.0/24) and an Access link to my PLC LAN. And I am trying to NAT between 172.16.173.51 and 192.168.163.239. And 192.168.163.240 to 172.16.173.61. The default gateway for the Private LAN is 172.16.173.1
l2nat instance PLCMessage
instance-id 1
fixup all
inside from host 172.16.173.51 to 192.168.163.239
outside from host 192.168.163.240 to 172.16.173.61
interface GigabitEthernet1/1
description To Public LAN 192.168.163.239 and 192.168.163.240
switchport access vlan 173
switchport mode access
no cdp enable
l2nat PLCMessage
interface GigabitEthernet1/2
description Trunk Link to Private LAN
switchport trunk allowed vlan 1,173
switchport trunk native vlan 173
switchport mode trunk
NAT seems to be working but the connectivity issue I am having is that I can not reach any devices on VLAN 173 that are connected to this IE2000 remotely from another device on a different VLAN like VLAN 1.
Thanks in advance !!! I appreciate any inputs / suggestions !!!
Danny
01-10-2020 02:14 PM
Hi,
by default the native vlan is 1 and that is defined on the trunk port . So, you don't need to make vlan 173 native as well.
Try removing this command and test
switchport trunk native vlan 173
no switchport trunk native vlan 173
HTH
01-10-2020 02:20 PM
Hello Reza, thanks for your response !!!
I will give it a shot and let you know.
Thanks !!!
Danny
01-10-2020 02:31 PM
Hello Reza,
I removed the native vlan 173 under the trunk port and the result is the same.
Thanks !!
Danny
01-10-2020 03:59 PM
Hi,
Where is the gateway (IP 172.16.173.51) located?
Is the router connected to a switch for the lan segment?
Is the router the gateway for all subnets involved?
I also want to let you know that I am not familiar with the IE series routers. So, if I say something that does not make sense, please ignore.
HTH
01-13-2020 10:59 AM
Hello Reza, please see my response below,
The router / default gateway is connected the switch on the private LAN side, handling inter-vlan routing at the site.
Where is the gateway (IP 172.16.173.51) located?
Is the router connected to a switch for the lan segment?
Is the router the gateway for all subnets involved?
01-30-2020 02:24 PM
The config is at the beginning of this thread,
01-31-2020 07:09 AM
This might be a silly question but does the uplink have to be a trunk port? I haven't seen any configs using an access port, but shouldn't I be able to use access ports?
Thanks,
Tom
01-31-2020 08:46 AM
Uplink port can be a trunk or access port depending on your needs. In my case all my devices that are connected to my downstream switch are all in the same vlan, therefore no need for trunk uplink.
hope that helps !!!
Danny
01-31-2020 11:20 AM
01-10-2020 04:50 PM
Hello
@dtran wrote:
NAT seems to be working but the connectivity issue I am having is that I can not reach any devices on VLAN 173 that are connected to this IE2000 remotely from another device on a different VLAN like VLAN 1.
interface GigabitEthernet1/1
l2nat PLCMessage 173
01-13-2020 11:01 AM
Hello Paul, thanks in advance for your help !!!
I will try the change you recommended and will let you know.
l2nat PLCMessage 173
Thanks Paul !!!
Danny
01-30-2020 12:50 PM
Did his solution work?
I'm curious because the Cisco docs on this subject are really poor and there is almost nothing on the Internet about how to config it.
Thanks, Tom
01-30-2020 01:31 PM
Hi there,
My issue turns out to be spanning-tree related. My L2 NAT config is working fine.
01-30-2020 02:03 PM
Would you be willing to share it? I'm just about bald from all the hair I've pulled out. :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide