Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1575
Views
0
Helpful
2
Replies

Nat for host with no default-gateway

mkahanek1970
Level 1
Level 1

‎11-23-2015 01:25 PM - edited ‎03-08-2019 02:48 AM

Folks,

I am attempting to set up some sort of NAT that would allow me to reach a host in the field that has erroneously been set back to its factory default address that has no gateway.  The challenge is that the default address fall in a network that is in use on our network that can not be changed easily.

Here is the scenario.  I have 90 routers in the field.  I have up to 9 small IP printers hanging off one sub-interface on all of these routers.  These printers fail frequently given we have 100's and our vendor often sends them out without changing them to DHCP first.

The default address of these printers is 192.168.192.168 with no default gateway.  The vlan they are on will have an address of say 10.101.2.0/24.  I can assign a secondary IP to these interfaces of 192.168.192.X/24 and not advertise the route if that would facilitate.

What I would like is to have a well known address that my level one folks can hit with a web browser that would nat to an address in the 192.168.192.0/24 broadcast domain of the site in question so they can set the printer to DHCP.

I have attempted to nat addresses and advertise these addresses and have gotten as far as pings responding, but have not been able to browse these hosts.

below are the configuration elements of interest that at least allow me to ping (pings stop when I turn off host):

Any help or suggestions on how to deal with this another way would be appreciated.

interface GigabitEthernet0/0.3 (this is the interface where the printers will reside off of)
description POSI
encapsulation dot1Q 3
ip dhcp relay information trusted
ip address 192.168.192.254 255.255.255.0 secondary
ip address 10.101.98.1 255.255.255.0
no ip redirects
no ip unreachables
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security ZONE-WAN
no cdp enable

interface GigabitEthernet0/1 (this would be the WAN interface my requests would enter)
description WAN
bandwidth 100000
ip address 172.18.20.6 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
ip verify unicast reverse-path
zone-member security ZONE-WAN
ip ospf network broadcast
duplex auto
speed auto
no mop enabled

route-map natprinter, permit, sequence 10 - Route-map to select the traffic allowed to admin these printers
Match clauses:
ip address (access-lists): natprinter

Extended IP access list natprinter
10 permit ip host 10.0.100.127 host 192.168.191.98
20 permit ip host 10.0.100.127 host 172.18.20.6
30 permit ip host 10.0.100.127 host 192.168.192.168

commands needed to advertise the unique IP address that would be assigned to each store to browse to that I am trying to NAT the 192.168.192.168 address to.

ip route 192.168.191.0 255.255.255.0 GigabitEthernet0/1

router eigrp 500
network 172.18.20.4 0.0.0.3
network 172.18.20.20 0.0.0.3
redistribute connected
redistribute static route-map rdstatic   -   defining the one unique address mentioned above
neighbor 172.18.20.21 Serial0/0/0
neighbor 172.18.20.5 GigabitEthernet0/1
passive-interface default
no passive-interface Serial0/0/0
no passive-interface GigabitEthernet0/1

Labels:
0 Helpful
2 Replies 2

paul driver
VIP
VIP

‎11-24-2015 12:31 AM

Hello

I did some testing on this and found I could establish connectiivty uisng dominaless -nat ( nvi nat)

Please see attached results

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Preview file
2 KB
0 Helpful

mkahanek1970
Level 1
Level 1
In response to paul driver

‎11-24-2015 12:40 PM

Paul,

Thank you for your response.   Unfortunately this isn't 100% what I had in mind.  My hope was to put a loopback address on every router and use thsoe addresses as opposed to the address of the WAN interface.  Unfortunately my level one folks are not technical as much as they are script readers.  They would need addresses that are easy to figure out.  for instance concept 1 store 12 would be 192.168.191.12   concept 2 store 7 would be 192.168.192.7 and so forth.

I was hoping there was a way to advertise that 192.168.19X.Y address.  Http to that and be able to nat that address statically the the non gateway host of 192.168.192.168.  Obviously the  address presented to the printer would need to be a 192.168.192.0 address since it can't get to anything past its own broadcast domain.

0 Helpful
Customers Also Viewed These Support Documents