Creating NAT Rules
Summit 200 Series Switch Installation and User Guide 139
Creating NAT Rules
This section describes how to configure the various types of NAT (static, dynamic, portmap, and
auto-constrain). In the examples in this section, advanced port and destination matching options have
been removed. For information on how to use some of the more advanced rule matching features, refer
to “Advanced Rule Matching” on page 140.
Creating Static and Dynamic NAT Rules
To create static or dynamic NAT rules, use this command:
config nat [add | delete] vlan <outside_vlan> map source [any | <ipaddress> [/<bits> |
<netmask>]] to <ipaddress> [/<mask> | <netmask> | - <ipaddress>]
This is the simplest NAT rule. You specify the outside vlan name, and a subnet of inside IP addresses,
which get translated to the outside IP address using the specified mode (static in this case). For the
outside IP addresses, you can either specify an IP address and netmask or a starting and ending IP
range to determine the IP addresses the switch will translate the inside IP addresses to. If the netmask
for both the source and NAT addresses is /32, the switch will use static NAT translation. If the netmask
for both the source and NAT addresses are not both /32, the switch will use dynamic NAT translation.
Static NAT Rule Example
config nat add out_vlan_1 map source 192.168.1.12/32 to 216.52.8.32/32
Dynamic NAT Rule Example
config nat add out_vlan_1 map source 192.168.1.0/24 to 216.52.8.1 - 216.52.8.31
Creating Portmap NAT Rules
To configure portmap NAT rules, use this command:
config nat [add | delete] vlan <outside_vlan> map source [any | <ipaddress> [/<bits> |
<netmask>]] to <ip> [/<mask> | <netmask> | - <ipaddress>] {[tcp |udp | both]
portmap {<min> - <max>}}
The addition of an L4 protocol name and the portmap keyword tells the switch to use portmap mode.
Optionally, you may specify the range of L4 ports the switch chooses on the translated IP addresses, but
there is a performance penalty for doing this. Remember that portmap mode will only translate TCP
and/or UDP, so a dynamic NAT rule must be specified after the portmap rule in order to allow ICMP
packets through without interfering with the portmapping.
Portmap NAT Rule Example
config nat add out_vlan_2 map source 192.168.2.0/25 to 216.52.8.32 /28 both portmap
Portmap Min-Max Example
config nat add out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp
portmap 1024 - 8192
To Next Page
Loading...
Need help?
General
