cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1132
Views
15
Helpful
8
Replies

what does it mean when you put Nat pool,right after "match-in-vrf"

jwangCisco
Level 1
Level 1

Hi,

 

I had always learned very insightful stuff from the brilliant minds in our cisco community, thank you for taking your time to shed lights:  

 

I am trying to get a thorough understanding on the "match-in-vrf" expression, as in the example given by Cisco in the following format : 

 

ip nat inside source static 192.168.11.10 10.11.11.10 vrf 1 match-in-vrf pool natpool1

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/iosxe/qualified-cli-command-reference-guide/m-NAT-commands.html

 

Basiclaly, I understand what it means to have the keyword "match-in-vrf",  right at the very end of the IP Nat Inside Source statement;  I believe, it means, you wanted both IL and IG addresses to be of the same vrf traffic.

 

But what does it mean when you put the Keyword "pool name", just right after "match-in-vrf" ?

 

I am guessing, does it mean, IG address must also come from the specified Nat pool natpool1, so that both IL and IG can belong to the same vrf ? Many thanks !

 

8 Replies 8

Hello

you are correct regards the match-vrf it is specified to accommodate when your nat domains inside/outside interfaces  are associated within the same vrf

 

As for the pool statement

A nat pool is something you would create to nat your internal users towards

a “pool” or ip range of public address (inside global) when nat is to occur.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

jwangCisco
Level 1
Level 1

Thank you v much Paul !

 

But there is one thing, I am still lost,  what does "Match-in-vrf pool natpool1" mean ?

 

ie when you put two expressions together one after another , and especially in this order , ie "Mtach-in-Vrf" first, then immediately followed by "pool natpool1" , what does it mean  ?

 

From Cisco documentation, It's a bit hard to find out the cumulative effects of these NAT parameters....

 

Many thanks in advance for your lending a hand

Hello


@jwangCisco wrote:

Thank you v much Paul !

 

But there is one thing, I am still lost,  what does "Match-in-vrf pool natpool1" mean ?

 

ie when you put two expressions together one after another , and in this order , ie "Natpool" , imemediately right after "match-in-vrf" , what does it mean  ?


I see what you mean, Unfortunately thats not applicable, I beleive its the way you are interpreting it from that document, What you see are available options to a nat statement, it doesnt mean they are applied in the order shown

ip nat outside source static local-ip global-ip [ vrf name ] [ match-in-vrf [ pool name ] | pool name no-payload { match-in-vrf [ pool name ] | pool name } | [extendable] { [ match-in-vrf [ pool name ] ] | pool name no-payload { match-in-vrf [ pool name ] | pool name } } ]

 

example:

ip vrf stan

int x/x
ip nat outside
ip vrf fowarding stan

 

int x/y
ip nat inside
ip vrf fowarding stan

 

ip nat pool nat-pool 1.1.1.10 1.1.1.20 prefix-length 24
ip nat inside source list 10 pool nat-pool vrf stan match-in-vrf


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

jwangCisco
Level 1
Level 1

Below was the Ip Nat Inside Source , as given by Cisco as an example :

ip nat inside source static 192.168.11.10 10.11.11.10 vrf 1 match-in-vrf pool natpool1 

 

Thus, I see your good suggestion Paul,  that "natpool1" was an option for "match-in-vrf".

 

But, why do we need the parameter "pool natpool1" at the very end of that IP Nat  Inside Source Statement... I am hoping to find out what was the effects on "match-in-vrf" ? 

 

mmm... why do we need to use the keyword "natpool1" , in that particular statement ?

 

Had it been, " ip nat inside source static 192.168.11.10 10.11.11.10 vrf 1 match-in-vrf" , ( ie with the removal of the option "natpool1"  ) , then that would be a piece of cake to understand.

 

Where can we read more info regarding the syntax and the use case of its options

  

Many thanks Paul for your time

Hello

Take your example appending "pool"after the match-in-vrf wont be applicable
ip nat inside source static 192.168.11.10 10.11.11.10 vrf 1 match-in-vrf pool natpool1<---not applicable
ip nat inside source static 192.168.11.10 10.11.11.10 vrf 1 match-in-vrf  <---applicable
ip nat inside source list x pool natpool vrf 1 match-in-vrf  <---applicable


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

jwangCisco
Level 1
Level 1

Thank you Paul, you nailed it !! you understood what I was saying.

 

Hence, If that kind of command was not applicable, I was wondering , why would Cisco print it on their official article ?

( see link :  https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/iosxe/qualified-cli-command-reference-guide/m-NAT-commands.html  )

 

mmm.... I think, Cisco is normally very precise, very unlikely to see Cisco making such a mistake, uh, but this time, shall we close the case, and accept that as some kind of "printing typo" perhaps ?

Hello
Its not a printing mistake I would say its how the document is interpreted.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

jwangCisco
Level 1
Level 1

mmm...I totally agreed with you peter.

 

Those examples were purposefully set out, thus extremely unlikely for Cisco not to spot the printing typo. ( ie if it was really a typo at all )

 

Somewhere along the line,  I probably need to further comprehend Cisco documentation just a bit more, for me to fully appreciate the hidden gem

 

 

Review Cisco Networking for a $25 gift card