Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSummit Summit4
111112113114115116117118119120
114 Summit24e3 Switch Installation and User Guide
Network Address Translation (NAT)
Configuring NAT
The behavior of NAT is determined by the rules you create to translate the IP addresses. You must
attach each rule to a specific VLAN. All rules are processed in order. The options specified on the NAT
rule determine the algorithm used to translate the inside IP addresses to the outside IP addresses. For
outgoing (inside to outside) packets, the first rule to match is processed. All following rules are ignored.
All return packets must arrive on the same outside VLAN on which the session went out. For most
configurations, make sure that the outside IP addresses specified in the rule are part of the outside
VLAN s subnet range, so that the switch can proxy the address resolution protocol (ARP) for those
addresses.
To enable NAT functionality, use the following command:
enable nat
Configuring NAT Rules
To configure NAT rules, use the commands listed in Table 27.
Creating NAT Rules
This section describes how to configure the various types of NAT (static, dynamic, portmap, and
auto-constrain). In the examples in this section, advanced port and destination matching options have
been removed. For information on how to use some of the more advanced rule matching features, refer
to Advanced Rule Matching on page 116.
Table 27: NAT Configuration Commands
Command Description
config nat add vlan <outside_vlan> map source
[any | <ipaddress> [/<bits>| <netmask>]]
{l4-port [any | <number> {- <number>}]}
{destination <ipaddress>/<mask> {l4-port
[any | <number> { - <number>}]}} to <ipaddress>
[/<mask> | <netmask> | - <ipaddress>]
{[tcp | udp | both] [portmap {<min> - <max>} |
auto-constrain]}
Adds a NAT translation rule that translates
private IP addresses to public IP addresses
on the outside VLAN. The first IP address
specifies private side IP addresses and the
sccond IP address specifies the public side
IP address. Use portmap to specify port
translations and specify either TCP or UDP
port translation, or both.
The range of number is 1 to 65535. The
default setting for min is 1024. The default
setting for max is 65535.
config nat delete vlan <outside_vlan> map source
[any | <ipaddress> [/<bits>| <netmask>]]
{l4-port [any | <number> {- <number>}]}
{destination <ipaddress>/<mask> {l4-port
[any | <number> { - <number>}]}} to <ipaddress>
[/<mask> | <netmask> | - <ipaddress>]
{[tcp | udp | both] [portmap {<min> - <max>} |
auto-constrain]}
Deletes a NAT translation rule.