Simple .. perhaps stupid NAT and Routing Questions

sorry .. for (perhaps) stupid questions .. but until now i never needed Routing an NAT .

We are a little public School in germany and into the last 15 years we had a pure public Network, every printserver had a public address because we have a full class C net with 254 addresses.

Now we want to divide the Network into 2 parts and I want to use only private addresses for students und teachers.

I got a new SSA150 Switch and want to use this device for Routing and NAT, i will explain our Network short... of course I changed the real addresses a little bit 🙂

Public Network : /24 with a cisco border router and his IP
On the Cisco there is a VLAN 30 defined with the IP
Cisco LAN Port is Cicso Static Access VLAN 30) .. that means Enterasys "untagged"

Future : 2 private Networks with /24 for Teacher and /24 for Students

On the Cisco WAN side there is a additional Transfer Network with BGP (we have two 155Mbit Connecions terminated on that router)
Because the BGP and WAN Side is managed by the Provider T-Systems.. i can not change anything on this side.

Here is my Config for the SSA15 :

set vlan create 30
set vlan create 200
set vlan create 201
set port vlan ge.1.1 30 (Port for connect Cisco Border Router )

interface vlan 200
>ip address
interface vlan 201
>ip address

*** NAT Config
interface vlan 30
->ip nat outside

interface vlan 200
->ip nat inside

interface vlan 201
->ip nat inside


access-list standard 200 permit host -
access-list standard 201 permit host -

ip nat pool naptpool200 netmask
ip nat pool naptpool201 netmask

ip nat inside source list 200 pool naptpool200 overload
ip nat inside source list 201 pool naptpool201 overload

2 Questions now :

1. Will this config work or are there Basic Errors in this Config ?

2. which Routing rule do in Need to Forward the Network packets from the nat

pool IP´s (outside) to the router address .... ??

Thx for any help


0 replies

Be the first to reply!