Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
0
Helpful
5
Replies

L2nat on IE5000

dpeterson309
Level 1
Level 1

‎03-12-2024 06:54 AM

I have an IE5000 (Stratix 5410, but firmware identifies it as a rebranded IE5000). I am trying to set up a NAT for a single device on a single port to a vlan on the 5410. What I am trying to accomplish is this:

192.168.2.2 (vendor supplied PLC. Trying not to change IP) <-> Gi1/20 <-> VLAN 203 (which is routed on other interfaces). There is no other device connected to this port. 

This is my nat instance

dpeterson309_0-1710251204602.png

Port setup

dpeterson309_1-1710251301958.png

dpeterson309_3-1710251444521.png

Vlan setup

dpeterson309_2-1710251340835.png

I'm not sure what I am doing wrong here. I have also tried making a 192.168.2.0/24 vlan and translating one to the other. That did not work either. Can someone please explain to me what I am doing wrong wtih this configuration?

 

 

Labels:
0 Helpful
5 Replies 5

Lanman70
Level 1
Level 1

‎03-12-2024 08:04 AM

config for entire subnet.  You might have inside and outside ip addresses reversed.

l2nat instance 239
instance-id 1
fixup all
inside from network 10.10.10.0 to 10.200.125.0 mask 255.255.255.0
outside from host 10.200.125.254 to 10.10.10.254 gateway
 There are you applying the translation with the l2nat MainSub 203 command ??

0 Helpful

dpeterson309
Level 1
Level 1
In response to Lanman70

‎03-12-2024 09:51 AM

I thought they might be backward as well. The web interface lists them in the opposite order, which is how they ended up that way (might be a bug?) I have switched them and it does not seem to make a difference 

dpeterson309_0-1710262143443.png

I have applied the translation with both l2nat MainSub 203 and just l2nat MainSub (doing no l2nat inst MainSub in between). Neither seems to work. I do know the downstream device works correctly as I can plug into it with a laptop and access its web interface. It does not respond to ping, so I am testing solely by trying to load the web interface.

0 Helpful

paul driver
VIP
VIP

‎03-12-2024 02:03 PM

Hello
You need to give the inside host a outside reachable ip and any outside host an ip of the inside subnet.

Example:

l2nat instance MainSub
instance-id 1
fixup arp (default)
fixup icmp (default)
inside from host 192.168.2.2 to 192.168.203.203
outside from host 192.168.203.204 to 192.168.2.4

int vlan 203
l2nat MainSub

Host 192.168.2.2
ping 192.168.2.4


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

dpeterson309
Level 1
Level 1
In response to paul driver

‎03-19-2024 01:09 PM

OK. I tried to change it as follows

dpeterson309_0-1710878793711.png

Where 203.20 and 202.20 are both PC's. The 202.20 is routed to the 203 network, so that might be an issue. I was not able to add the l2nat instance to VLAN 203 as it was an invalid option. I am guess this is because a vlan is not an L2 port device? Either way, it still does not work. 

0 Helpful

Lanman70
Level 1
Level 1

‎03-20-2024 09:30 AM

!
l2nat instance MainSub
instance-id 1
permit all
fixup all

outside from host 10.10.91.50 to 192.168.2.5
inside from host 192.168.2.2 to 10.10.91.200

inter gi1/2

l2nat MainSub

 

my computer is 10.10.91.50, my plc is 192.168.2.2, i can ping 10.10.91.200 from my pc (which is the plc). I can ping from the plc to my pc @ 192.168.2.5.    pc is connected to port gi1/2 and the plc is on port gi1/3  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card