Switches, Hubs, and Modems
1748068 Members
5730 Online
108758 Solutions
New Discussion

Re: Static NAT through a 5304

 
SOLVED
Go to solution
Big Tom Davis
Advisor

Static NAT through a 5304

I have 2 vlans setup on my 5304xl
vlan 1
name "DEFAULT_VLAN"
untagged A2-A16,B1-B16
ip address 111.254.183.200 255.255.255.0
no untagged A1
ip igmp
exit
vlan 2
name "LAB"
untagged A1
ip address 222.26.255.1 255.255.0.0
ip igmp
exit

What I want to do is setup the LAB as a completely standalone network with a "LAB" PC natted to an address in the 111 network

Where do I start? If I turn on routing won't it route all addresses to/from the 222 net to the 111 net? I don't want any communicaiton to/from each net other than though the NAT...
1 REPLY 1
Matt Hobbs
Honored Contributor
Solution

Re: Static NAT through a 5304

You're correct, static NAT requires that ip routing be enabled, yet it will allow routing access between to the two VLANs for all addresses.

I think the easiest way to achieve what you need would be to use an ACL that permits only the address that is being NAT'd.

5304(config)# ip access-list standard 5304(config-std-nacl)# permit host 222.26.255.X
5304(config-std-nacl)# vlan 2
5304(vlan-2)# ip access-group 1 in

Configure the NAT'ing side as per the documentation:

ip nat static < private-ip > < public-ip >