在 Cisco 路由器上添加了访客网络,但无法获取 NAT 空间

在 Cisco 路由器上添加了访客网络,但无法获取 NAT 空间

设备:Cisco SR520W-FE

我已经向此路由器添加了访客无线网络,但似乎无法让 nat 过载与新的空间配合使用。

LAN:192.168.5.0/24(VLAN 75)访客 WLAN:10.5.5.0/24(VLAN 50)

以下是我用于 NAT 过载的命令

interface FastEthernet0
 switchport access vlan 75

interface FastEthernet3
 switchport access vlan 50

 interface FastEthernet4
 ip address x.x.x.x 255.255.255.252
 ip nat outside
 ip virtual-reassembly

interface Vlan50
 ip address 10.5.5.1 255.255.255.0
 ip access-group 120 out
 ip nat inside

interface BVI75
 ip address 192.168.5.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly

ip nat inside source list 10 interface FastEthernet3 overload
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload

route-map SDM_RMAP_1 permit 1
 match ip address 101

access-list 10 remark PAT IP space for the guest WLAN
access-list 10 permit 10.5.5.0 0.0.0.255

access-list 101 deny   ip 192.168.5.0 0.0.0.255 192.168.76.0 0.0.0.255
access-list 101 permit ip 192.168.5.0 0.0.0.255 any

access-list 120 remark ACL to block guest wireless from LAN
access-list 120 deny   ip 10.5.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 120 permit ip 10.5.5.0 0.0.0.255 any

答案1

我已经很久没这样做了,如果我错过了一些显而易见的事情,我很抱歉,但是……你难道没有错过类似的东西吗?

ip nat pool“你的外部接口地址”?

答案2

问题在于,我“NAT”的是物理接口,而不是 SVI。一旦我这样做了,一切就都正常了。

相关内容