Internet Ip Addressing; Configuring Vlans For Nat - Extreme Networks 200 Series Installation And User Manual

Network Address Translation (NAT)
You can configure NAT to conserve IP address space by mapping a large number of inside (private)
addresses to a much smaller number of outside (public) addresses.
In implementing NAT, you must configure at least two separate VLANs involved. One VLAN is
configured as inside, and corresponds to the private IP addresses you would like to translate into other
IP addresses. The other type of VLAN is configured as outside, which corresponds to the public
(probably Internet) IP addresses you want the inside addresses translated to. The mappings between
inside and outside IP addresses are done via rules that specify the IP subnets involved and the
algorithms used to translate the addresses.
NOTE
The NAT modes in ExtremeWare support translating traffic initiating only from inside addresses.
NAT rules are associated with a single outside VLAN. Multiple rules per outside VLAN are allowed.
The rules take effect in the order they are displayed using the
VLANs can use a single outside VLAN, assuming that you have created proper rules. Similarly, a single
inside VLAN can use any number of different outside VLANs, assuming that the rules and routing are
set up properly.
Both TCP and UDP have Layer 4 port numbers ranging from 1 to 65535. These Layer 4 ports, in
combination with the IP addresses, form a unique identifier which allows hosts (as well as the NAT
switch) to distinguish between separate conversations. NAT operates by replacing the inside IP packet's
source IP and Layer 4 port with an outside IP and Layer 4 port. The NAT switch maintains a connection
table to map the return packets on the outside VLAN back into their corresponding inside sessions.

Internet IP Addressing

When implementing NAT in an Internet environment, it is strongly recommended that you use one of
the reserved private IP address ranges for your inside IP addresses. These ranges have been reserved
specifically for networks not directly attached to the Internet. Using IP addresses within these ranges
prevents addressing conflicts with public Internet sites to which you want to connect. The ranges are as
follows:
• 10.0.0.0/8—Reserved Class A private address space
• 172.16.0.0/12—Reserved Class B private address space
• 192.168.0.0/16—Reserved Class C private address space

Configuring VLANs for NAT

You must configure each VLAN participating in NAT as either an inside or outside VLAN. To configure
a VLAN as an inside or outside VLAN, use the following command:
config nat vlan <name> [inside | outside | none]
When a VLAN is configured to be
translated only if it has a matching NAT rule. Any unmatched traffic will be routed normally and not be
translated. Because all traffic destined for an
(CPU), it cannot run at line-rate.
136
, traffic from that VLAN destined for an
inside
VLAN runs through the central processing unit
outside
command. Any number of inside
show
outside
Summit 200 Series Switch Installation and User Guide
VLAN is