02-17-2011 11:48 PM - edited 03-06-2019 03:37 PM
Hello all,
I have a customer who has ordered ISR-G2 seriese router which is expected to be delivered after 3 or 4 weeks.
So at this moment i need to position an alternative for him to get basic internet connection.
They have 20 users who need internet connection immediately. Right away I dont have any router in stock so I was just wondering whether I can Position a WS-C3750G-24TS-E1U switch which has IP Services software image in it.
I just need two routed ethernet ports one for internet connectivity and one for LAN switch.
But I believe that 3750 does not suport NATing even though it supports routing.
Is there any alternative, can we do some workaround here (some magic) to connect all 20 users to internet tempororily using the exising 3750G series switch?
Thanks,
Raghavedra
02-18-2011 01:42 AM
Hi,
there is no NAT support on the Catalyst 3750 or 3560 Series, so there would be no workarround.
You need a Router with NAT support, the only way would be to buy a new SoHo router like linksys or something else, or you find an old router or Pix Firewall.
Regards Martin
02-18-2011 01:55 AM
Hi Raghavedra,
Please try like below may help you...
int
ip nat outside
int
ip nat inside
int
ip nat inside
ip nat inside source list 1 int
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
Please rate the helpfull posts.
Regards,
Naidu.
02-18-2011 02:32 AM
Thnaks a lot for your replies.
I think 3750 IOS does not support NAT itself.
I have one more 2610XM series router which has only one fast ethernet port.
Can I combine these 3750 and this 2610XM and do the NATing in 2610XM ?
If the above is possible Can you please through some light on configuration to acheive this.
Thanks,
Raghavendra
02-18-2011 02:39 AM
Well you can but you need to do NAT on a stick. Take a look at this:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml
Your internet connection and your 2610 will be connected to your 3750. The 2610 will be your default gateway for you users and then do the NAT for internet access.
Regards,
Ian
02-18-2011 03:17 AM
Hi Vasanth,
Please find the below examle config for your 2600.
#sh run
Building configuration...
Current configuration : 1946 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot system flash c2600-Advsecurityk9-Mz.123-5a.bin
boot-end-marker
!
logging buffered 64000 debugging
!
no aaa new-model
ip subnet-zero
!
!
ip cef
ip audit notify log
ip audit po max-events 100
no ip domain lookup
ip domain name Sullivan.org
no ftp-server write-enable
!
!
interface ATM0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0/0
ip address 10.0.0.25 255.255.255.252
ip nat inside
speed 10
half-duplex
!
interface Serial0/0
ip address 192.168.1.50 255.255.255.0
ip nat inside
clockrate 1000000
!
interface Dialer0
ip address negotiated
ip access-group BORDER_PATROL in
ip mtu 1452
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxx@dodo.com
ppp chap password xxxxxxxxxxxxxxxx
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.4 0.0.0.3 area 0
network 10.0.0.16 0.0.0.3 area 0
network 10.0.0.25 0.0.0.0 area 40
!
ip nat inside source list ALLOWED_NAT interface Dialer0 overload
ip nat inside source static tcp 192.168.1.100 23 xxx.xxx.xxx.xxx 23 extendable
ip nat inside source static tcp 192.168.1.100 22 xxx.xxx.xxx.xxx 22 extendable
no ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http secure-server
!
ip access-list standard ALLOWED_NAT
permit any
!
dialer-list 1 protocol ip permit
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password xxxxxxxxxxxxxxxxxx
logging synchronous
login
line aux 0
exec-timeout 0 0
password xxxxxxxxxxxxxxxx
logging synchronous
login
line vty 0 4
exec-timeout 0 0
privilege level 15
password xxxxxxxxxxxxxxx
logging synchronous
login
transport preferred ssh
transport input telnet ssh
transport output telnet ssh
!
!
!
end
Please rate the helpfull posts.
Regards,
Naidu.
02-18-2011 03:22 AM
Thank you!!
So I should do NAT on a stick in Router Ethernet interface.
But do i need more than one public IP-addresses? one on router ethernet inetrface and another on switch interfae/vlan where the ineternet link will be terminated?
Sorry for asking too many doubts!! but I have only one public IP given by the service provider.
Raghavndra
02-18-2011 03:41 AM
Hi Raghavndra,
You need to connect your internet link on to your router ethernet interface.
And you need to have two public IP address, so that you can send all default route through the one IP (ethernet interface IP) and another IP you can use for NAT.
Now your router will connect to your switch 3750, you will point all default route in 3750 to router ethernet interface like 0.0.0.0 0.0.0.0 202.203.206.254
Please rate the helpfull posts.
Regards,
Naidu.
02-18-2011 03:58 AM
No no no no. He said he only has ONE ethernet interface on his 2610. No serial. Not two interfaces. Just one. So you have to do NAT on a stick and you only need ONE public IP address.
Your loopback on your 2610 should be the public IP address that your provider gave you. The ethernet on your 2610 should be your internal network and your default gateway for users. Apply the nat commands and your good to go.
The default root on your 2610 should be to your service provider.
Regards,
Ian
02-18-2011 04:06 AM
Hi,
an easier way would be to setup an vlan (layer2) connect the WAN link to the swi acc port.
Trunk the vlan to the 2600router and build up a subinterface with your public ip on the router, set this up as the ip nat outside.
Add your internal VLAN to the another subinterface on the router, allow it on the trunklink of the switch and everthing is fine ;-)
If you have any questions to the design ask me...
Regards Martin
02-18-2011 04:11 AM
Fair point, but I don't think it's 'easier'. Either way (yours or mine) will work
02-18-2011 04:37 AM
Thanks Martin and Ian,
I think I am good to go now..
Will try both the mehthods.
Raghavendra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide