cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1748
Views
3
Helpful
20
Replies

L2NAT within Same switch

Hello,

I need to deal with the situation with L2NAT on the same switch. Where 2 PC are on same L2 Switch with different range of IP Address and I want PCB to be seen as 10.0.0.1 to PCA, can anyone let me know, is it possible to do that, I believe no, but wants feedback on this

 

Himanshu_Dwivedi_1-1705038536813.png

 

 

2 Accepted Solutions

Accepted Solutions

Thanks for your suggestion, it now worked as per below topology and below configuration

Himanshu_Dwivedi_1-1705217642497.png

l2nat instance TEST

instance-id 1

fixup arp

fixup icmp

inside from host 192.168.1.1 to 10.0.0.2

outside from host 10.0.0.1 to 192.168.1.2

int G1/2

l2nat TEST

 

 

 

 

View solution in original post

I am testing PC TO PC and PCÀ is connected to Fa1/1 Port. Presentl

I believe there is limitation fas1/1 port to use for the solution you looking to deploy, check the document it only works Gi1/1 and 1/2 i guess.

But  Glad you able to resolve the issue, suggestion was helpful.  if this is resolve - kindly mark as resolved so future any community member having issue  can refer this solution. thank you for sharing the solution

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

20 Replies 20

Hello,

interesting question. What happens if you create an instance and use both IP addresses, one as inside and the other as outside ? Do you get an error message ?

Hello,

I tried to do below config,

l2nat instance TEST
inside from host 192.168.1.1 to 10.0.0.1
outside from host 10.0.0.2 to 192.168.1.2

interface G1/1
l2nat TEST

int G1/1 is connected to PCB

But the I can see the packets are being discarded.

Hello
Those two hosts already have non duplicate ip addressing so not sure why you want to use L2NAT.
Also as they in differing subnets connected to the IE switch so are these two hosts able to communicate with each other at present, then if so then what is performing the L3 function for that communication to happen? - is it the IE switch even though you state its an L2 switch or do you have an upstream L3 switch, 

Can you elaborate on the topology a little more please , as simple question would be why not just change host PC B to 10.0.0,1 or are you unable to do so?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Paul, thanks for your suggestion.

Presently customer don't have L3 switch and IE4010 is acting as L2 switch. Customer want to check the functionality of L2 NAT within a switch.

 

As said by you that both the PC are not same subnet and IP, now what will happen if both the PC have same IP address, then it would work or not?

Hello @Himanshu_Dwivedi 
First question that comes to mind is do you need to have those hosts on the IE switch(s) requiring external reachability, and/or do you have multiple IE host/ switches that are using the same ip subnet range internally that need to communicate with each other and an external network, If you do not have this then L2NAT isn't required


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

There is only single IE which do not have a connection to L3 switch and do not required external reachability. However in future it will have connection to L3 SWITCH. But as for now we need to take a scenario suppose if we have 2 end device with same IP address and both of them want to communicate with each other, is that possible through L2NAT.

Hello
Then yes it is, the l3 switch of the LAN can become the zone switch between the two IE switch that have hosts using the same ip address.

So this routed L2NAT will be able to communication between the two internal hosts but also external hosts if required, plus the add benefit of negating unwarranted L2 broadcasted traffic as now you have a routed connection between the zone and IE switch(s)


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Addition to this I check on cisco website and as per screenshot it should work. But same thing is configured but didn't worked. I am not sure whether the LC and PC in this screenshot is directly connected to a single switch or there is another intermediate switch on which LC is connected.

 

Screenshot_20240113_155707.jpg

Both PC not in same Subnet!! Sure that case otherwise why we use l2nat.

Can you give me time to analysis issue reply you tonight or tomorrow.

Thanks 

MHM

L2nat instance name

Instance-id x

Permit all 

Fixup all

Outside  from host xxxxx to xxxxx gateway 

Inside from host xxxx to xxxxx 

Check this way 

MHM

Let me try, but have only single switch which is a L2 will that work?

 

I can try on packet tracer but unfortunately there is no gateway command available 

Please consider @paul driver note about permit all

Thanks 

MHM

Hello @MHM Cisco World 
FYI  - when you do L2 forwarding for L2 NAT then obviously its not routed access, so you need to be careful with the broadcast and not to allow the "permit all" (default) otherwise you can bring down you entire L2 network

So for L2nat to work at at L2 forwarding perspective you would still need a device that has access to inside/outside network thats connected to the IE/Zone switch because of the following:.

"Outside  from host xxxxx to xxxxx gateway"  =  this is the external GW
"Outside  from host xxxxx to xxxxx gateway"  = this is the internal GW

"Inside from host xxxx to xxxxx" =  this is the internal host ip 
"Inside from host xxxx to xxxxx" =  this is the external translated host ip


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

As I understood from this, that we need some connection to IE/Zone switch, if we dont have the connection It will not work within the single switch?

Review Cisco Networking for a $25 gift card