[c-nsp] VSS NAT ?

Adrian Turcu adriant at domeit.net
Thu May 12 09:01:26 EDT 2011 

Are you referring to Cat6500 VSS 1440 system?
If yes, I am using them in a few production and non-production environments and do NAT on them too.
Here's my setup, trimmed to outline the NAT:

!
interface Loopback1001                                                                                     
 description Static NAT to  jumpoff01 server - 10.160.161.142                                             
 ip address aaa.aaa.aaa.31 255.255.255.255
!
interface Loopback1002                                                                                     
 description NAT OVERLOAD                                                                                  
 ip address aaa.aaa.aaa.29 255.255.255.255                                                                  
!  
interface Vlan31                                                                
 description Global -> topVRF
 mac-address 0000.0000.0031
 ip address aaa.aaa.aaa.227 255.255.255.254                                                             
 ip nat outside                                                                                            
!
interface Vlan161                                                                                          
 description Private LAN Segment - gateway                                                                        
 mac-address 0000.0000.0161                                                                                
 ip address 10.160.161.1 255.255.255.0                                                                                      
 ip nat inside                                                                    
!
ip access-list extended PrivLANNet                                                                     
 remark Private LAN for NAT Overload
 permit ip 10.160.161.0 0.0.0.255 any
!
route-map NAT-OVRLD-RM permit 10                                                                           
 match ip address PrivLANNet                                                           
! 
ip nat inside source static 10.160.161.141 interface Loopback1001
!
ip nat inside source route-map NAT-OVRLD-RM interface Loopback1002 overload
!

The above works for me on the following images (worked on SXH too):
- s72033-advipservicesk9_wan-mz.122-33.SXI2a.bin
- s72033-advipservicesk9_wan-mz.122-33.SXI4a.bin

Question: why do you need HSRP once you have VSS? Unless you have more than one VSS (pair of 6500s). Or I understood you wrong, i.e instead of VSS, you went back to standalone and HSRP. Because, NAT also works  in that config (HSRP) for me on the 6500-Sup32.



Regards,
Adrian

On 6 May 2011, at 14:16, Renelson Panosky wrote:

> I am trying to set up a network using VSS and NAT in the same box  but i am
> having a lot of problem making NAT inside working with VSS.  I contacted
> Cisco and they worked on it for several hours and they could not make it
> work either they say it's some kind of coding error they will try to
> research and get to me.  We are doing HSRP for the mean time but the problem
> with HSRP is that it's not really working for this set up becuase we have
> DHCP set in one of the box and we can't run DHCP in both box at the same
> time.  So if anybody is Running VSS and NAT please let me know how the set
> up.  I would greatly appreciate if you can send me a copy of your config
> minus any personal info.
> 
> Panocisco
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list