Options

Using NAT

MrPuzzlezMrPuzzlez Member Posts: 89 ■□□□□□□□□□
in CCNA & CCENT
Is it possible to use NAT without a router? In other words, use a multilayer switch and try to configure NAT by using multiple Vlans?
· Share on FacebookShare on Twitter

Comments

  • Options
    networker050184networker050184 Mod Posts: 11,962 Mod
    What exactly are you trying to accomplish? VLANs do not translate IP addresses. Most L3 switches do not support NAT either.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • Options
    MrPuzzlezMrPuzzlez Member Posts: 89 ■□□□□□□□□□
    What I was trying to do was use a multilayer switch for 2 things. 1, connect all hard-wired hosts to one vlan and 2, Translate the IP of that vlan to a routable address without using a router. But from the looks of it, it can't be done without some type of serial connection to connect to the demarc.
    · Share on FacebookShare on Twitter
  • Options
    IristheangelIristheangel Mod Posts: 4,133 Mod
    There are SOME switches that can use NAT. For example, the 6500 series: NAT in Catalyst 6500/6000 Switches Configuration Example - Cisco

    It just not something you see often or that I would recommended. If I were you, I'd either let the router or the firewall do the NATing.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    · Share on FacebookShare on Twitter
  • Options
    MrPuzzlezMrPuzzlez Member Posts: 89 ■□□□□□□□□□
    That's cool. Sounds much simpler just using a router. But with an enterprise, wouldn't that pose as a bottleneck, even for gigabit ethernet?
    · Share on FacebookShare on Twitter
  • Options
    HeeroHeero Member Posts: 486
    You typically only NAT when you are traversing to an external network. In those cases, your bandwidth requirements are typically not too high compared to the rest of your network.

    Like it was mentioned earlier, only very high performance L3 switches can do NAT. It just is not a feature that a switch typically needs to have since it is performed a network boundaries where you are probably going to want to use a firewall anyways.
    · Share on FacebookShare on Twitter
  • Options
    IristheangelIristheangel Mod Posts: 4,133 Mod
    It's not the bottleneck that I would be worried about. Most routers have a 1GE connection anyways and they hardly perform at 1GE when you turn on additional features like QoS, ZBFW, etc. I don't usually see many enterprises with above a 1GE connection or even 500MB connection to the internet anyways. The Layer 3 switch is there to do efficient inter-VLAN routing and keep Layer 2 features going. A router is designed to handle traffic across the edge network and usually most Cisco routers had additional security features depending on the model/licensing like CBAC, ZBFW, VPN, etc. You can get some modules for some switches to do this but in general, a router is WAY cheaper than one of the larger L3 switches with all the modules needed. Plus I like the idea of segmenting my edge with the use of a router and a separate firewall for additional security and to offload some of the features. It does make for a bigger footprint but it decreases the load by not having everything on just one or two devices.

    When in doubt, check out the Cisco Design Zone page for best practices and validated designs.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    · Share on FacebookShare on Twitter
  • Options
    Magic JohnsonMagic Johnson Member Posts: 414
    I was in a scenario where we were going to use NAT on a switch used for port redundancy between a router that was managed by another ISP and the customer's firewall.

    It turned out the switch they were adament was L3 was only L2 with some L3 functionality, NAT was not one of them.

    Bit of a pointless story but thought I'd put it out there, you have to try and do some weird and wonderful things when you don't manage a customer's router.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.