Foundry Networks Switch and Router Installation And Configuration Manual page 822

Foundry Switch and Router Installation and Configuration Guide
The address 0.0.0.0 0.0.0.0 is the standard notation for an IP default route. The 63.251.295.1 address is the
address of the next-hop gateway for the route. In this case, the next-hop gateway is the Layer 3 Switch's IP
interface with Internet access router.
The following commands change to the configuration level for port 1/24, configure an IP address on the port, and
enable inside NAT on the port. Port 1/24 connects the Layer 3 Switch to the Layer 2 Switch, which is connected to
the private network containing the NAT clients.
BigIron(config)# interface ethernet 1/24
BigIron(config-if-1/24)# ip address 10.10.10.50 255.255.255.192
BigIron(config-if-1/24)# ip nat inside
BigIron(config-if-1/24)# exit
The following commands change to the configuration level for port 4/1, configure an IP address on the port, and
enable outside NAT on the port. Port 4/1 connects the Layer 3 Switch to the Internet access device.
BigIron(config)# interface ethernet 4/1
BigIron(config-if-4/1)# ip address 63.251.295.46 255.255.255.192
BigIron(config-if-4/1)# ip nat outside
BigIron(config-if-4/1)# exit
The following command saves all the configuration changes above to the Layer 3 Switch's startup-config file on
flash memory. The Layer 3 Switch applies NAT configuration information as soon as you enter it into the CLI.
Saving the changes to the startup-config file ensures that the changes are reinstated following a system reload.
BigIron(config)# write memory
Private NAT Clients Connected Directly to the Layer 3 Switch
Figure 20.3 shows an example of a NAT configuration in which the NAT clients on the private network are directly
connected to the Layer 3 Switch. The configuration commands are similar to those for the configuration in
"Private NAT Clients Connected to the Layer 3 Switch by a Layer 2 Switch" on page 20-14, except the inside NAT
and outside NAT interfaces are virtual routing interfaces (called virtual interfaces or "VEs") instead of physical
ports.
Since all the clients are in the same sub-net, the Layer 3 Switch is configured with a virtual interface to serve as
the inside NAT interface, the Layer 3 Switch's IP interface for the NAT clients who have private addresses.
The virtual interface is required because you cannot configure IP addresses in the same sub-net on multiple
physical interfaces on the Layer 3 Switch. A virtual interface is a logical interface that allows you to associate the
same IP address (the IP address of the virtual interface) with multiple physical ports.
You can use a virtual interface for routing only when you add the interface to a port-based VLAN. A port-based
VLAN is a separate Layer 2 broadcast domain, a logical Layer 2 Switch within the Foundry device. The Layer 3
Switch uses virtual interfaces to route Layer 3 traffic between port-based VLANs. Thus, this configuration also
includes configuration of separate port-based VLANs for the clients' inside NAT interface and for the outside NAT
interface.
20 - 16 December 2000