Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Natting on Sub-Interfaces.

Hi, I would like to enable natting on my 4 sub-interfaces f0/1.1,f0/1.2,f0/1.3,f0/1.4, the ranges I would like to configure on each sub-interface is 192.168.1.0,2.0,3.0 & 4.0.

The exit interface for the traffic is f0/0 which is directly connected to my ISP. Can someone please guide me on this? I have attached the configuration plus I am posting it below:

#sh run

Building configuration...

Current configuration : 2211 bytes

!

! Last configuration change at 14:55:37 UTC Sat Oct 28 2006

! NVRAM config last updated at 14:57:14 UTC Sat Oct 28 2006

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret xxx

!

aaa new-model

!

!

!

aaa session-id common

!

resource policy

!

ip subnet-zero

!

!

ip cef

!

!

ip domain name yourdomain.com

!

username admin privilege 15 secret xxx

!

!

!

interface FastEthernet0/0

ip address 194.54.x.2 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 2201

ip address 194.54.x.5 255.255.255.252

no snmp trap link-status

!

interface FastEthernet0/1.2

encapsulation dot1Q 2202

ip address 194.54.x.9 255.255.255.252

no snmp trap link-status

!

interface FastEthernet0/1.3

encapsulation dot1Q 2203

ip address 194.54.x.13 255.255.255.252

no snmp trap link-status

!

interface FastEthernet0/1.4

encapsulation dot1Q 2204

ip address 194.54.x.17 255.255.255.252

no snmp trap link-status

!

interface FastEthernet0/1.5

description **NMS**

encapsulation dot1Q 2205

ip address 194.54.x.21 255.255.255.252

no snmp trap link-status

!

ip classless

ip route 0.0.0.0 0.0.0.0 194.54.x.1

!

1 REPLY

Re: Natting on Sub-Interfaces.

The config could look like this:

interface FastEthernet0/0

ip address 194.54.x.2 255.255.255.252

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 2201

ip address 194.54.x.5 255.255.255.252

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1.2

encapsulation dot1Q 2202

ip address 194.54.x.9 255.255.255.252

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1.3

encapsulation dot1Q 2203

ip address 194.54.x.13 255.255.255.252

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1.4

encapsulation dot1Q 2204

ip address 194.54.x.17 255.255.255.252

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1.5

description **NMS**

encapsulation dot1Q 2205

ip address 194.54.x.21 255.255.255.252

no snmp trap link-status

!

ip classless

ip route 0.0.0.0 0.0.0.0 194.54.x.1

ip nat pool Sub1 192.168.1.1 192.168.1.254 prefix-length 24

ip nat pool Sub2 192.168.2.1 192.168.2.254 prefix-length 24

ip nat pool Sub3 192.168.3.1 192.168.3.254 prefix-length 24

ip nat pool Sub4 192.168.4.1 192.168.4.254 prefix-length 24

ip nat inside source route-map Nat4vlan2201 pool Sub1

ip nat inside source route-map Nat4vlan2202 pool Sub2

ip nat inside source route-map Nat4vlan2203 pool Sub3

ip nat inside source route-map Nat4vlan2204 pool Sub4

route-map Nat4vlan2201 permit 10

match ip address 101

route-map Nat4vlan2202 permit 10

match ip address 102

route-map Nat4vlan2203 permit 10

match ip address 103

route-map Nat4vlan2204 permit 10

match ip address 104

access-list 101 permit ip 10.1.0.0 0.0.255.255 any

access-list 102 permit ip 10.2.0.0 0.0.255.255 any

access-list 103 permit ip 10.3.0.0 0.0.255.255 any

access-list 104 permit ip 10.4.0.0 0.0.255.255 any

This assumes the IP addresses are 10.x/16 behind f0/1.x

You will need to adjust this and other numbers like ACLs to your environment.

Hope this helps! Please rate all posts.

Regards, Martin

107
Views
0
Helpful
1
Replies