HP (Hewlett-Packard) 6308M-SX Switch User Manual


 
Network Address Translation
A Pool of public (Internet) address to use for translation of the private addresses
An association of the ACL for the private addresses with the pool for translation
A default route that has the Internet access router as the routes next-hop gateway
The commands also enable inside NAT and outside NAT on the virtual interfaces and save the configuration
changes to the startup-config file. All the commands are entered on the routing switch.
The following commands access the configuration level of the CLI, then configure port-based VLAN 2 and add
virtual interface 10 to the VLAN.
HP9300> en
HP9300# configure terminal
HP9300(config)# vlan 2 by port
HP9300(config-vlan-2)# untagged ethernet 8/1 to 8/24
HP9300(config-vlan-2)# router-interface ve 10
HP9300(config-vlan-2)# exit
These commands add ports 8/1 through 8/24 as untagged ports to port-based VLAN 2. Generally, unless a port
is a member of more than one port-based VLAN, you do not need to tag the port. The router-interface 10
command adds virtual interface 10. At this point the virtual interface does not have an IP address associated with
it.
The following commands add port-based VLAN 3 and add virtual interface 15 to the VLAN.
HP9300(config)# vlan 3 by port
HP9300(config-vlan-3)# untagged ethernet 1/1
HP9300(config-vlan-3)# router-interface ve 15
HP9300(config-vlan-3)# exit
The following command configures an ACL to identify the range of private addresses for which you want to provide
NAT services. This ACL identifies the private address range as 10.10.10.0 10.10.10.255.
HP9300(config)# access-list 9 permit 10.10.10.0 0.0.0.255
NOTE: The format of the network mask for an ACL uses zeroes to indicate a value that must match, and ones
(255 in decimal) as a wildcard. In this case, 0.0.0.255 means the first three parts of the IP address must match
exactly, but the fourth part can have any value.
The following command configures the NAT address pool. The routing switch translates a clients address from
the private network to an address from this pool when the client sends traffic to a public network, in this case a
network located somewhere on the Internet.
HP9300(config)# ip nat pool np1 63.251.295.47 63.251.295.48 netmask 255.255.255.192
This command configures a pool named np1, and adds public address range 63.251.295.47/26 63.251.295.48/
26 to the pool. Generally, a pool contains more than two addresses, but this pool is small so that this configuration
can also demonstrate the Port Address Translation feature.
The following command associates the range of private addresses identified by the ACL with the pool, and in this
case also enables the Port Address Translation feature. Port Address Translation allows you to use an address
pool that contains fewer addresses than the number of NAT clients in the private network.
HP9300(config)# ip nat inside source list 9 pool np1 overload
The inside source list 9 portion of the command identifies the range of source addresses. The value 9 is the
number of the ACL configured above. The pool np1 portion of the command identifies the IP address pool
configured above. The overload parameter enables Port Address Translation. When this feature is enabled, NAT
associates a TCP or UDP port number with the public address for a client. In this case, there are four clients but
only two addresses in the pool. Port Address Translation allows NAT to provide translation addresses for all four
clients. When two translation clients have the same public IP address, the software can still distinguish between
the clients because each client has a unique TCP or UDP port number.
11 - 17