Port Nat; Configuring Acl Using Cli; Configure An Ip Standard Acl/Ip Extended Acl Or Mac Extended Acl - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

10-6 WS5100 Series Switch Migration Guide

IP Protocol and Port options are valid only for Destination NAT. This helps the switch administrator to host

servers ( HTTP, FTP and DNS servers) in the inside network and map all of them to a single public IP address.

Use Destination NAT translation to request a connection to public IP Address and HTTP port and map it to an

internal HTTP server.

The NAT port option is used when the server in the inside network is listening on some non-standard port.

Source NAT is when a host on the inside network is trying to access a host on the public network.

If both, Static and Port NAT translation are defined for the same host IP address, then Static NAT takes a

higher precedence and packets from that host are NATed as defined by the NAT translation.

10.3.2 Port NAT

Port NAT is also known as NAPT or PAT. PAT ensures that a different TCP port number is used for each client

session with a server on the Internet. When the response comes back from the server, the source port

number, which becomes the destination port number on the return trip, determines which user to route the

packets to.

Multiple local addresses are mapped to single global address and a dynamic port number. The user is not

required to configure any NAT IP address. Instead IP address of the public interface of the switch is used to

NAT packets going out from private network and vice versa for packets entering private network.

The following parameters are required to configuring a port NAT translation:

• ACL Identifier— This is used for deciding which packets to NAT. Only Standard IP ACLs and Extended IP

ACLs can be specified.

Packets matching a permit ACE within the ACL are NATed and the ones matching deny ACE are forwarded

without performing NAT.

• Outgoing VLAN interface name— This is the public interface and defines the NAT IP address which will

be used to NAT source IP address of packets.

NOTE: Port NAT can not be configured for NATing destination IP address or port.

10.4 Configuring ACL using CLI

The following sequence has to be followed to configure and ACL:

Configure an IP Standard ACL/IP Extended ACL or MAC Extended ACL

Applying ACLs to Interfaces

10.4.1 Configure an IP Standard ACL/IP Extended ACL or MAC Extended ACL

ACLs control access to the network through a set of rules. Each rule specifies an action which is taken when

a packet matches it within the given set of rules. If the action is deny, the packet is dropped and if the action

is permit, the packet is allowed. WS5100 switch supports the following types of ACLs:

• IP Standard ACLs

• IP Extended ACLs

• MAC Extended ACLs

Table of Contents

Port Nat; Configuring Acl Using Cli; Configure An Ip Standard Acl/Ip Extended Acl Or Mac Extended Acl - Motorola WS5100 Series Migration Giude

10.3.2 Port NAT

10.4 Configuring ACL using CLI

Configure an IP Standard ACL/IP Extended ACL or MAC Extended ACL

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents