设备:Cisco SR520W-FE
我已经向此路由器添加了访客无线网络,但似乎无法让 nat 过载与新的空间配合使用。
LAN:192.168.5.0/24(VLAN 75)访客 WLAN:10.5.5.0/24(VLAN 50)
以下是我用于 NAT 过载的命令
interface FastEthernet0
switchport access vlan 75
interface FastEthernet3
switchport access vlan 50
interface FastEthernet4
ip address x.x.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly
interface Vlan50
ip address 10.5.5.1 255.255.255.0
ip access-group 120 out
ip nat inside
interface BVI75
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip nat inside source list 10 interface FastEthernet3 overload
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
route-map SDM_RMAP_1 permit 1
match ip address 101
access-list 10 remark PAT IP space for the guest WLAN
access-list 10 permit 10.5.5.0 0.0.0.255
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.76.0 0.0.0.255
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
access-list 120 remark ACL to block guest wireless from LAN
access-list 120 deny ip 10.5.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 120 permit ip 10.5.5.0 0.0.0.255 any
答案1
我已经很久没这样做了,如果我错过了一些显而易见的事情,我很抱歉,但是……你难道没有错过类似的东西吗?
ip nat pool“你的外部接口地址”?
答案2
问题在于,我“NAT”的是物理接口,而不是 SVI。一旦我这样做了,一切就都正常了。