Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3668
Views
0
Helpful
6
Replies

Added a guest network to a Cisco router, can't get the space to NAT overload

jgeorge
Level 1
Level 1

‎03-14-2012 11:47 AM - edited ‎03-07-2019 05:33 AM

Device: Cisco SR520W-FE

I have added a guest wireless network to this router but I can't seem to get nat overload to work with the new space.

LAN: 192.168.5.0/24 (VLAN 75) Guest WLAN: 10.5.5.0/24 (VLAN 50)

Here is the commands I'm using for the NAT overload:

interface FastEthernet0

switchport access vlan 75

interface FastEthernet3

switchport access vlan 50

interface FastEthernet4

ip address x.x.x.x 255.255.255.252

ip nat outside

ip virtual-reassembly

interface Vlan50

ip address 10.5.5.1 255.255.255.0

ip access-group 120 out

ip nat inside

interface BVI75

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip nat inside source list 10 interface FastEthernet3 overload

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload

route-map SDM_RMAP_1 permit 1

match ip address 101

access-list 10 remark PAT IP space for the guest WLAN

access-list 10 permit 10.5.5.0 0.0.0.255

access-list 101 deny   ip 192.168.5.0 0.0.0.255 192.168.76.0 0.0.0.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

access-list 120 remark ACL to block guest wireless from LAN

access-list 120 deny   ip 10.5.5.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 120 permit ip 10.5.5.0 0.0.0.255 any

Labels:
0 Helpful
6 Replies 6

cadet alain
VIP Alumni
VIP Alumni

‎03-14-2012 12:12 PM

Hi,

Can you enter these commands in config mode:

do clear ip nat trans *

no ip nat inside source list 10 interface FastEthernet3 overload

ip nat inside source list 101 interface FastEthernet4 overload

no route-map SDM_RMAP_1

no access-list 10

access-list 101 permit ip 10.5.5.0 0.0.0.255 any

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

jgeorge
Level 1
Level 1
In response to cadet alain

‎03-14-2012 12:48 PM

Before I do that I have a few questions:

Why remove the "ip nat inside source list 10 interface FastEthernet3 overload"?

ip nat inside source list 101 interface FastEthernet4 overload

access-list 101 permit ip 10.5.5.0 0.0.0.255 any

Do that doesn't seem right. The Fa3 network is 10.5.5.0/24 and the Fa4 network is 192.168.5.0/24

0 Helpful

jgeorge
Level 1
Level 1
In response to jgeorge

‎03-15-2012 08:13 AM

Any thoughts on this?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to jgeorge

‎03-15-2012 10:36 AM

Hi,

The Fa3 network is 10.5.5.0/24 and the Fa4 network is 192.168.5.0/24

interface FastEthernet3

switchport access vlan 50

So first fa3 is a L2 port and secondly you  are natting from inside to outside so the interface you use for overload must be the nat outside interface( which has an IP) and the interfaces where you have nat inside must also be L3 interfaces( routed or SVI)

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

jgeorge
Level 1
Level 1
In response to cadet alain

‎03-15-2012 12:52 PM

A SVI is created for fa3 and is being used. I'm not sure what you are trying to say?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to jgeorge

‎03-15-2012 01:22 PM

What I'm saying is that if you want to do nat overload then the interface you're specifying in the nat statement is  a L3 interface which is configured as the nat outside interface and here it is fa4 as fa3 is a L2 interface where inside clients are connected. Is it clearer?

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card