Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5474
Views
5
Helpful
5
Replies

Using VRF and NAT at catalyst 9300

WangSteven02215
Level 1
Level 1

‎02-24-2021 09:02 AM

Hi everyone,

 

I always appreciate for technical support.

 

In order to transmit syslog and Windows event log to the cyber security operation center, I have plan to connect 20 independent systems with Catalyst 9300.

 

Since the IP address of each independent system cannot be changed, there is same IP address space.

Network Diagram.JPG

 

To solve this problem, I would like to use VRF on the basis of URL below:

https://infrastructureadventures.wordpress.com/2010/12/14/network-virtualization-beyond-vlans-%E2%80%93-part-5-virtual-routing-and-forwarding-vrf/

VRF.JPG

 

If I use VRF, Is there any problem in transmitting logs? Also, If 20 VRFs are used in the Catalyst 9300, is there any performance problem?

 

I would like to change duplicated IP address for distinguishment in the cyber security operation center.

 

Can I change duplicated IP address through the NAT in the catalyst 9300?


If there is a problem with the solution I was thinking of, please let me know what solution would be suitable.

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎02-24-2021 09:09 AM - edited ‎02-24-2021 09:09 AM

You can use VRF to ship the Logs there is no performance issue here. ( you need to network advantage License for Cat 9300 to create VRF).

 

 

Can I change duplicated IP address through the NAT in the catalyst 9300?

Cat 9300 is switch.

 

May be you can ship the Logs with host-name - you need network level Log shipper which can translate the IP to Host-name, So your central SIEM get a host-name.

 

as i remember you have posted same question few months back we have clarified the same i guess.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

WangSteven02215
Level 1
Level 1
In response to balaji.bandi

‎02-24-2021 09:43 AM - edited ‎02-24-2021 09:45 AM

Are you saying that there is no problem in transmitting logs even if I don't use NAT?

 

I am asking the question again because your answer is unclear.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to WangSteven02215

‎02-24-2021 09:55 AM 

Are you saying that there is no problem in transmitting logs even if I don't use NAT?

When you send the Logs with out NAT, you get duplicate co-relation, If you do NAT - how will you preserv the orginal IP address.

 

what my suggestion was each site make a Log shipper which can convert IP to hostname to differentiate where the Logs come from.

 

is this make sense ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame

‎02-24-2021 11:59 AM

Hi,

For this design, since you are using the same IP segments for multiple locations, you can use VRF-lite. Create one vrf per system on the 9300, and then use a sub-interface or vlan for each VRF on the connection between the 9300 and the 9500. Once the traffic reached the 9500 in each VRF, you would have to leak each VRF to the global routing table to reach the log server. Is this what you have in mind?

 

HTH

paul driver
VIP
VIP

‎02-24-2021 04:28 PM

Duplicate post
https://community.cisco.com/t5/switching/question-about-vrf-and-nat/m-p/4296508#M501188

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card