Foundry Networks Switch and Router Installation And Configuration Manual page 824

Foundry Switch and Router Installation and Configuration Guide
BigIron(config)# vlan 3 by port
BigIron(config-vlan-3)# untagged ethernet 1/1
BigIron(config-vlan-3)# router-interface ve 15
BigIron(config-vlan-3)# exit
The following command configures an ACL to identify the range of private addresses for which you want to
provide NAT services. This ACL identifies the private address range as 10.10.10.0 – 10.10.10.255.
BigIron(config)# access-list 9 permit 10.10.10.0 0.0.0.255
NOTE: The format of the network mask for an ACL uses zeroes to indicate a value that must match, and ones
(255 in decimal) as a wildcard. In this case, 0.0.0.255 means the first three parts of the IP address must match
exactly, but the fourth part can have any value.
The following command configures the NAT address pool. The Layer 3 Switch translates a client's address from
the private network to an address from this pool when the client sends traffic to a public network, in this case a
network located somewhere on the Internet.
BigIron(config)# ip nat pool np1 63.251.295.47 63.251.295.48 netmask 255.255.255.192
This command configures a pool named "np1", and adds public address range 63.251.295.47/26 –
63.251.295.48/26 to the pool. Generally, a pool contains more than two addresses, but this pool is small so that
this configuration can also demonstrate the Port Address Translation feature.
The following command associates the range of private addresses identified by the ACL with the pool, and in this
case also enables the Port Address Translation feature. Port Address Translation allows you to use an address
pool that contains fewer addresses than the number of NAT clients in the private network.
BigIron(config)# ip nat inside source list 9 pool np1 overload
The inside source list 9 portion of the command identifies the range of source addresses. The value "9" is the
number of the ACL configured above. The pool np1 portion of the command identifies the IP address pool
configured above. The overload parameter enables Port Address Translation. When this feature is enabled,
NAT associates a TCP or UDP port number with the public address for a client. In this case, there are four clients
but only two addresses in the pool. Port Address Translation allows NAT to provide translation addresses for all
four clients. When two translation clients have the same public IP address, the software can still distinguish
between the clients because each client has a unique TCP or UDP port number.
The following command configures a static default route to the Internet access router. The Layer 3 Switch uses
this route for traffic that is addressed to a destination for which the IP route table does not have an explicit route.
Typically, the IP route table does not have explicit routes to all destination networks on the Internet.
BigIron(config)# ip route 0.0.0.0 0.0.0.0 63.251.295.1
The address 0.0.0.0 0.0.0.0 is the standard notation for an IP default route. The 63.251.295.1 address is the
address of the next-hop gateway for the route. In this case, the next-hop gateway is the Layer 3 Switch's IP
interface with Internet access router.
The following commands configure an IP address on virtual interface 10, which is the virtual interface for the
private network, and enable inside NAT on the interface.
BigIron(config)# interface ve 10
BigIron(config-ve-10)# ip address 10.10.10.50 255.255.255.192
BigIron(config-ve-10)# ip nat inside
BigIron(config-ve-10)# exit
The following commands configure an IP address on virtual interface 15, which is the interface to the Internet
access router, and enable outside NAT on the interface.
BigIron(config)# interface ve 15
BigIron(config-ve-15)# ip address 63.251.295.46 255.255.255.192
BigIron(config-ve-15)# ip nat outside
BigIron(config-ve-15)# exit
20 - 18 December 2000