Creating nat rules, Creating static and dynamic nat rules, Static nat rule example – Extreme Networks 200 Series User Manual

Page 141: Dynamic nat rule example, Creating portmap nat rules, Portmap nat rule example, Portmap min-max example

Advertising
background image

Creating NAT Rules

Summit 200 Series Switch Installation and User Guide

139

Creating NAT Rules

This section describes how to configure the various types of NAT (static, dynamic, portmap, and
auto-constrain). In the examples in this section, advanced port and destination matching options have
been removed. For information on how to use some of the more advanced rule matching features, refer
to “Advanced Rule Matching” on page 140.

Creating Static and Dynamic NAT Rules

To create static or dynamic NAT rules, use this command:

config nat [add | delete] vlan <outside_vlan> map source [any | <ipaddress> [/<bits> |

<netmask>]] to <ipaddress> [/<mask> | <netmask> | - <ipaddress>]

This is the simplest NAT rule. You specify the outside vlan name, and a subnet of inside IP addresses,
which get translated to the outside IP address using the specified mode (static in this case). For the
outside IP addresses, you can either specify an IP address and netmask or a starting and ending IP
range to determine the IP addresses the switch will translate the inside IP addresses to. If the netmask
for both the source and NAT addresses is /32, the switch will use static NAT translation. If the netmask
for both the source and NAT addresses are not both /32, the switch will use dynamic NAT translation.

Static NAT Rule Example

config nat add out_vlan_1 map source 192.168.1.12/32 to 216.52.8.32/32

Dynamic NAT Rule Example

config nat add out_vlan_1 map source 192.168.1.0/24 to 216.52.8.1 - 216.52.8.31

Creating Portmap NAT Rules

To configure portmap NAT rules, use this command:

config nat [add | delete] vlan <outside_vlan> map source [any | <ipaddress> [/<bits> |

<netmask>]] to <ip> [/<mask> | <netmask> | - <ipaddress>] {[tcp |udp | both]

portmap {<min> - <max>}}

The addition of an L4 protocol name and the

portmap

keyword tells the switch to use portmap mode.

Optionally, you may specify the range of L4 ports the switch chooses on the translated IP addresses, but
there is a performance penalty for doing this. Remember that portmap mode will only translate TCP
and/or UDP, so a dynamic NAT rule must be specified after the portmap rule in order to allow ICMP
packets through without interfering with the portmapping.

Portmap NAT Rule Example

config nat add out_vlan_2 map source 192.168.2.0/25 to 216.52.8.32 /28 both portmap

Portmap Min-Max Example

config nat add out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp

portmap 1024 - 8192

Advertising
Popular Brands
Popular manuals