Re: Nat with Multilayer switch

davidthang121 · ‎05-25-2023

Hi I am just a starter in CCNA. I want to configure Nat in R1 according to below typology. I do not know how to configure between Multilayer switches that act as a router. I need help. PLEASE help me. I will accept any suggestions.

Flavio Miranda · ‎05-25-2023

Hi

NAT is not complicate to setup but you need to know what you want to do with NAT.

The basic config o NAT could look like

On your L3 switch:

interface FastEthernet0/0 (The interface to the router)
ip address x.x.x.x 255.255.255.0 (Use your IP)
ip nat outside
!
interface FastEthernet0/1 (The interface to the local access switch )
ip address x.x.x.x 255.255.255.0 (Use your IP )
ip nat inside
!
access-list 1 permit x.x.x. 0.0.0.255 (The network you are assigning to your PCs)

ip nat inside source list 1 interface FastEthernet0/0 overload (On the interface where you put "ip nat outside")

With that config, all PC from your Lan will get to the routers using the IP address from the interface FastEthernet0/0

Just keep in mind that this is just an example. I did not see your devices and ip address.

davidthang121 · ‎05-30-2023

Thanks U. Let me explain what my teacher want me to have configure in this scenario. I configure ospf between L3 switch and Router1 (I do include serial link IP address). Default route between Router1 and Router2.

my teacher want me to configure NAT on Router 1 and she want me to think Router 2 as a ISP. I can configure Nat on Router1 but the lan side can not ping with Router 2 because Multilayer switches don't how to get to Router 2. To be able to ping I need to redistribute default route into multilayer switches from ROUTER 1. But I wonder, do I need Nat in this scenario. Without NAT I can ping to Router 2 because I redistribute default route.

Thanks again

Flavio Miranda · ‎05-30-2023

Got it. Your teacher probably is trying to simulate what happen on the real world network where the local IP address dont leave to the internet. Then make sense to have a NAT on R1.

On the R1 interfaces to ISP you use the command "ip nat outside"

On the interface between R1 and and both layer3 switches you add "ip nat inside"

Then, you can create on the R1 the access-list matching the traffic that comes from Core switches.

And lastly you add the NAT statement

You can do a static NAT or you can do overload. If the assignment did not say which, use

ip nat inside source list 1 interface {here the interface where you added "ip nat outside"} overload

Try this and if not work, attach you project here. You just need to zip it first.

davidthang121 · ‎05-30-2023

Here is my pkt file

https://drive.google.com/file/d/1e3NenwNm2veUoxja-UnP-bPLRSOjT1QJ/view?usp=drivesdk

Flavio Miranda · ‎05-30-2023

Let me check

Flavio Miranda · ‎05-30-2023

Hello @davidthang121

Here is the file. Test and let me know.

Just to show that here it worked, this is the ping to router ISP from PC0

C:\>ping 200.0.0.1

Pinging 200.0.0.1 with 32 bytes of data:

Reply from 200.0.0.1: bytes=32 time=1ms TTL=253

Reply from 200.0.0.1: bytes=32 time=12ms TTL=253

Ping statistics for 200.0.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 12ms, Average = 3ms

and here is the NAT happening

R1#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 200.0.0.2:50 192.168.20.2:50 200.0.0.1:50 200.0.0.1:50

icmp 200.0.0.2:51 192.168.20.2:51 200.0.0.1:51 200.0.0.1:51

icmp 200.0.0.2:52 192.168.20.2:52 200.0.0.1:52 200.0.0.1:52

icmp 200.0.0.2:53 192.168.20.2:53 200.0.0.1:53 200.0.0.1:53

icmp 200.0.0.2:54 192.168.20.2:54 200.0.0.1:54 200.0.0.1:54

icmp 200.0.0.2:55 192.168.20.2:55 200.0.0.1:55 200.0.0.1:55

icmp 200.0.0.2:56 192.168.20.2:56 200.0.0.1:56 200.0.0.1:56

icmp 200.0.0.2:57 192.168.20.2:57 200.0.0.1:57 200.0.0.1:57

paul driver · ‎05-25-2023

Hello

You do not mention what type of switch you are using, I would assume they are not Cat9Ks as such NAT will NOT be supported , in any case based on your topology I would apply your NAT on the rtr.

Example:
conf t
int x/z
description -WAN
ip nat outside

int x/x
description -LAN1
ip nat inside

int x/y
description -LAN2
ip nat inside

Ip route 0.0.0.0 0.0.0.0 interface x/z 200.0.0.1 name default-route-towards-wan

Ip access-list extended NAT
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any

ip nat inside source-list NAT interface x/z

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

davidthang121 · ‎05-30-2023

Thank you for your answer

My switches doesn't support NAT but the switches are L3. I can configure eigrp and rip but not ospf. Now I wonder, will the switches know how to get to wan router ? If I configure default route on the router that connects to wan router according to my topology.

Thanks U

But Can I configure Nat on router.