Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

can you nat with a 6500?

Hi all. I want to use an external ip address on my 6500 switch, and use nat to hide my inside networks. Is this possible with the 6500?

3 REPLIES

Re: can you nat with a 6500?

Yes, NAT is supported if you have Sup720 or later versions of Supervisor card in use.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_qanda_item09186a0080159963.shtml

http://www.cisco.com/en/US/products/hw/modules/ps2797/products_qanda_item0900aecd80350bfc.shtml

It appears the MSFC2 and MSFC does support NAT but NATting is done in software and that's something you might want to take into account.

HTH

Sundar

Re: can you nat with a 6500?

Hi,

Yes it is, the 6500 it can support NATing, check this document for more details on your hardware:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008011c629.shtml

HTH, please rate if it does,

Mohammed Mahmoud.

Re: can you nat with a 6500?

Hi,

To add more ,sometimes NAT is performed in HW and sometimes it is performed in SW.

1.Software performs the NAT function on the Catalyst 6500/6000 with a Supervisor Engine 1/2 and MSFC/MSFC2. There is no support in the hardware path.

2.When you use the NAT router feature on a Catalyst 6500 with Supervisor Engine 1/2 and MSFC/MSFC2, packets that traverse the NAT outside interface can (in certain configurations) undergo software routing instead of Layer 3 (L3) switching. The software routing can occur regardless of whether the packets require translation. For packets that traverse the NAT outside interface, the redirection to MSFC for software routing should occur for only those packets that require NAT. Cisco IOS Software only translates traffic that traverses from NAT inside interfaces to NAT outside interfaces. Create the access control list (ACL) for use with NAT to be more specific. Have the ACL limit the software-handled packets to only those packets that require NAT translation. For example, if you use a general ACL, such as permit ip any any, to specify the traffic that requires NAT, all traffic inbound or outbound on the NAT outside interface is software routed. Traffic that does not originate in the NAT inside interfaces or have the NAT inside interfaces as a destination is also software routed. If you use a more specific ACL, such as permit ip 192.168.1.0 0.0.0.255 any, only the NAT outside traffic that matches the ACL is software routed.

3.The NAT function is performed in hardware for unicast packets on a Catalyst 6500 with Supervisor Engine 720 and MSFC3 when you run Cisco IOS Software Release 12.2(14)SX or later.

HTH, please rate if it does help,

Mohammed Mahmoud.

336
Views
9
Helpful
3
Replies
CreatePlease to create content