Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Added a guest network to a Cisco router, can't get the space to NAT overload

Device: Cisco SR520W-FE

I have added a guest wireless network to this router but I can't seem to get nat overload to work with the new space.

LAN: 192.168.5.0/24 (VLAN 75) Guest WLAN: 10.5.5.0/24 (VLAN 50)

Here is the commands I'm using for the NAT overload:

interface FastEthernet0

switchport access vlan 75

interface FastEthernet3

switchport access vlan 50

interface FastEthernet4

ip address x.x.x.x 255.255.255.252

ip nat outside

ip virtual-reassembly

interface Vlan50

ip address 10.5.5.1 255.255.255.0

ip access-group 120 out

ip nat inside

interface BVI75

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip nat inside source list 10 interface FastEthernet3 overload

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload

route-map SDM_RMAP_1 permit 1

match ip address 101

access-list 10 remark PAT IP space for the guest WLAN

access-list 10 permit 10.5.5.0 0.0.0.255

access-list 101 deny   ip 192.168.5.0 0.0.0.255 192.168.76.0 0.0.0.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

access-list 120 remark ACL to block guest wireless from LAN

access-list 120 deny   ip 10.5.5.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 120 permit ip 10.5.5.0 0.0.0.255 any

Everyone's tags (1)
6 REPLIES
Purple

Added a guest network to a Cisco router, can't get the space to

Hi,

Can you enter these commands in config mode:

do clear ip nat trans *

no ip nat inside source list 10 interface FastEthernet3 overload

ip nat inside source list 101 interface FastEthernet4 overload

no route-map SDM_RMAP_1

no access-list 10

access-list 101 permit ip 10.5.5.0 0.0.0.255 any

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Added a guest network to a Cisco router, can't get the space to

Before I do that I have a few questions:

Why remove the "ip nat inside source list 10 interface FastEthernet3 overload"?

ip nat inside source list 101 interface FastEthernet4 overload

access-list 101 permit ip 10.5.5.0 0.0.0.255 any

Do that doesn't seem right. The Fa3 network is 10.5.5.0/24 and the Fa4 network is 192.168.5.0/24

New Member

Added a guest network to a Cisco router, can't get the space to

Any thoughts on this?

Purple

Added a guest network to a Cisco router, can't get the space to

Hi,

The Fa3 network is 10.5.5.0/24 and the Fa4 network is 192.168.5.0/24

interface FastEthernet3

switchport access vlan 50

So first fa3 is a L2 port and secondly you  are natting from inside to outside so the interface you use for overload must be the nat outside interface( which has an IP) and the interfaces where you have nat inside must also be L3 interfaces( routed or SVI)

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Added a guest network to a Cisco router, can't get the space to

A SVI is created for fa3 and is being used. I'm not sure what you are trying to say?

Purple

Added a guest network to a Cisco router, can't get the space to

What I'm saying is that if you want to do nat overload then the interface you're specifying in the nat statement is  a L3 interface which is configured as the nat outside interface and here it is fa4 as fa3 is a L2 interface where inside clients are connected. Is it clearer?

Regards.

Alain

Don't forget to rate helpful posts.
3291
Views
0
Helpful
6
Replies