Solved: Re: NAT issue on 3850

sivam siva · ‎08-30-2019

HI

Can anyone help me to solve the nat issue?

below is a simple diagram that I used. (all real cisco equipment Router: cisco asr 1k, SW: 3850 Version 03.07.05.E ) SW config: I have configured G1/0/1 and G1/0/2 as L3 port and assigned IP address as per the diagram, IP routing is enabled, and no static and dynamic routing.

Router config: enabled g0/0/1 and assigned IP.

PC config: assigned IP as per the diagram and G1/0/1 is the gateway of PC.

Below is the NAT config:

I have tried to check the NAT from the switch (by pinging the router from 192.168.20.1):

The address was translated and so router replied to 121.241.200.238, there is no issue, everything was working fine!.

When I tried to ping from PC:

request timed out, NAT is not working.

Is this bug?

Please refer below running-config if needed.

Switch#
Switch#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

121.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 121.241.200.236/30 is directly connected, GigabitEthernet1/0/2
L 121.241.200.238/32 is directly connected, GigabitEthernet1/0/2
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, GigabitEthernet1/0/1
L 192.168.20.1/32 is directly connected, GigabitEthernet1/0/1
Switch#
Switch#sh run
Building configuration...
version 15.2
boot system switch all flash:cat3k_caa-universalk9.SPA.03.07.05.E.152-3.E5.bin
switch 1 provision ws-c3850-12x48u
!
ip routing
!
interface GigabitEthernet1/0/1
no switchport
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet1/0/2
no switchport
ip address 121.241.200.238 255.255.255.252
ip nat outside
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
ip address 10.0.0.1 255.0.0.0
!
ip nat inside source list LAN interface GigabitEthernet1/0/2 overload
!
ip access-list standard LAN
permit 192.168.20.0 0.0.0.255
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login

Thanks

Siva

Reza Sharifi · ‎08-30-2019

Hi,

Are running NAT on the 3850 switch? The 3850 series switches don't support NAT even though the commands are available,

HTH

View solution in original post

luis_cordova · ‎08-30-2019

Hi,

You are absolutely right @Reza Sharifi
I had not noticed the model of the device.
This was discussed in another discussion as well:

https://community.cisco.com/t5/switching/3850-nat/td-p/2479841

Regards

View solution in original post

network_geek · ‎08-30-2019

The standard access-list you have configured. Where have you applied it?

luis_cordova · ‎08-30-2019

Hi @sivam siva ,

Try this:

Switch(config)#ip route 0.0.0.0 0.0.0.0 121.241.200.237

Regards

sivam siva · ‎08-30-2019

@network_geek

Thanks for the reply

you can see in the "sh ip nat statistics" output, that I have called ACL for NAT.

@luis_cordova

Thanks for the reply

I'm trying to reach the destination which is directly connected to the switch, also you can verify in the "sh ip route" output that switch has a route to 121.241.200.236/30.

Regards

Siva

Reza Sharifi · ‎08-30-2019

Hi,

Are running NAT on the 3850 switch? The 3850 series switches don't support NAT even though the commands are available,

HTH

luis_cordova · ‎08-30-2019

Hi,

You are absolutely right @Reza Sharifi
I had not noticed the model of the device.
This was discussed in another discussion as well:

https://community.cisco.com/t5/switching/3850-nat/td-p/2479841

Regards