Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
746
Views
0
Helpful
4
Replies

NAT on 6509 with Supervisor 2T

John Supple
Level 1
Level 1

‎08-12-2015 01:33 PM - edited ‎03-08-2019 01:20 AM

Need some help (I'm getting desperate) for setting up NAT on a 6509 with a sup 2T - I'd like to set up a couple of /21 private networks and NAT them out to a single public IP address.  I'd also like to use our central DHCP server for DHCP.

 

I'm having trouble finding good advice on this.  Anyone set this up recently?

 

Thanks

Labels:
0 Helpful
4 Replies 4

Mark Mc Nicholas
Level 1
Level 1

‎08-12-2015 02:32 PM

Hi John,

So I can provide a sample configure based on the following assumptions

  1. DHCP server is connected and working & configured for your new subnets 
  2. DHCP server's ip address is 10.0.0.1
  3. Your internet connection is already working
  4. Your public ip address terminates on Gi1/1
  5. I create two vlan's 11 & 12 with /21 ranges 
  6. I use standard acl 50 note the acl matches a /20 to aggregate the 2 x /21's

So you will need to change the above assumption in my sample to suit your needs

 

configure terminal

vlan 11 

name Private-Net1

vlan 12 

name Private-Net2

interface vlan 11

ip address 192.168.0.1 255.255.248.0

ip nat inside

ip helper-address 10.0.0.1

interface vlan 12

ip address 192.168.8.1 255.255.248.0

ip nat inside

ip helper-address 10.0.0.1

interface Gi1/1

ip nat outside

exit

access-list 50 permit 192.168.0.0 255.255.240.0

ip nat inside source list 50 interface Gi1/1 overload

 

If you have any questions please let me know, If you find this answer help and it you feel it's correct please remember to mark it as a correct answer to help future readers.

After the initial address translation the translation of subsequent packets in a flow should be translated in hardware, However if you find there is a performance impact as a result of performing NAT on the device then I would suggest reading 

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/63992-6k-high-cpu.html#Nat

0 Helpful

John Supple
Level 1
Level 1
In response to Mark Mc Nicholas

‎08-13-2015 06:18 AM

Thank you Mark.  Is it necessary for the public IP to be on a physical interface?  I'd like to have it NAT through an IP on a vlan.  Is that doable?

 

Thanks,


John

 

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to John Supple

‎08-13-2015 06:20 AM

John

Yes you should be able to use an SVI instead of a L3 port.

Jon

0 Helpful

Mark Mc Nicholas
Level 1
Level 1
In response to John Supple

‎08-14-2015 06:27 AM

Hi John

Yes you can use an SVI/Vlan interface as Jon has pointed out,

Just configure it as normal and add the ip nat inside statement to it

you would also need to change the line

ip nat inside source list 50 interface Gi1/1 overload

to something like

ip nat inside source list 50 interface Vlan88 overload

When Vlan 88 has your public ip

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card