Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT NVI help

Hello Everyone,


     Looking at this configuration would it be correct to say that the subnet (Subinterface 50) would not be translated due to that it does not have the "ip nat enable" command when it exits fa0/1 (eventhough ip nat enable is turned on for this interface)? Or because of the command on fa0/1 does the address have to translate?

interface FastEthernet0/0
no ip address

interface FastEthernet0/0.1
description VLAN to xxxxxxx
encapsulation dot1Q 1 native
ip address
ip access-group 101 in

ip nat enable

interface FastEthernet0/0.5
description VLAN to yyyyyyy

encapsulation dot1Q 5
ip address
ip access-group 105 in
ip nat enable

interface FastEthernet0/0.50
description VLAN to Global Handoff
encapsulation dot1Q 50
ip address
ip access-group 150 in

interface FastEthernet0/0.99
description VLAN to zzzzzzzzz
encapsulation dot1Q 99
ip address
ip access-group 199 in
ip nat enable

interface FastEthernet0/1
ip address
ip nat enable


NAT NVI help

With nat, there has to be two interfaces involved. The two interfaces, that you have listed are fa0/0 and fa0/1 (minus the subinterfaces on fa0/0). That being said, the configuration that you have is not directional specific (the older way is using "ip nat inside" and "ip nat outside"). You have fa0/1 as nat enable, and according to what you're saying this is the exit interface. That's just half the puzzle. You still need an "inside" interface which is where "ip nat enable" would come into play on your subinterface. Since that doesn't exist, this interface would NOT nat out as the address.


*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
CreatePlease to create content