Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
0
Helpful
5
Replies

Port forwarding 3850

AC11
Level 1
Level 1

‎07-16-2018 01:36 AM - edited ‎03-08-2019 03:41 PM

I have a WS-3850-24P,  ipbase with IOS-XE 16.3.5b

 

What I need to do is setup a port forward of UDP ports 5060 and 6000-40000 from a third party router (directly connected to the 3850) onto a LAN side IP (for example 10.1.1.1).  Is this possible at all?

I would assume I would need to use ip nat inside & ip nat outside to get this to work however the IOS mentioned above does not have ip nat as an available command.

 

Is the solution to use a different IOS version?

 

 

 

   

 

 

Labels:
0 Helpful
5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

‎07-16-2018 02:38 AM

 

Most Catalyst switches do not support NAT and the 3850 is one of them so unfortunately you won't be able to do that with your switch. 

 

Jon

0 Helpful

AC11
Level 1
Level 1
In response to Jon Marshall

‎07-16-2018 03:22 AM

I have a 3850 at a different location which has the ip nat cmd available however this is using sw version 3.6.5.  Are you sure its just not supported on the Denali IOS ? 

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to AC11

‎07-16-2018 03:36 AM

 

The commands are there but I don't think they will work. 

 

That said have a look at this thread where even Cisco employees seem to disagree with each other - 

 

https://supportforums.cisco.com/t5/lan-switching-and-routing/3850-nat/td-p/2479841

 

Jon

0 Helpful

AC11
Level 1
Level 1
In response to Jon Marshall

‎07-16-2018 05:58 AM

OK so how do we find out for sure either way ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to AC11

‎07-16-2018 08:43 AM

The link posted by Jon is very interesting and does have what seem to be definitive statements from Cisco employees on both sides of the question. I wonder if the person who confidently says that he has accomplished nat on 3850 says this on the basis of finding a version which accepts the commands, or did he actually test it and verify that nat is working?

 

It seems to me that the best way to find out is to try it on your switch. In global config or in interface config (for a vlan interface or routed port) do "show ip ?" and see if ip nat shows up as an alternative (or perhaps show ip n? which would produce shorter output). And if the commands show up as available then you need to configure and test to see if nat actually works (because it seems pretty obvious that some versions do accept the command but do not actually work).  And that only proves the point for the version that you are running and leaves open the possibility that some other version might support it.

 

In general Catalyst switches do not support nat. There are some exceptions but I am not optimistic that 3850  is one of them.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents