Untagged subinterface NAT

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Untagged subinterface NAT

L2 Linker

Hello all,

 

I've been reading on untagged subinterfaces and I'm not sure this scenario would even work for what I want to do. Basically I want to segment different two zones coming over the same interface. I usually accomplish this by creating a virtual-router on the core and running cables to different ports. License and hardware limitations prevent it in this scenario.

 

The basic setup:

 

ethernet1/1: 1.2.3.4 (WAN IP)

ethernet1/2.10: 10.10.10.1/24 (LAN Zone)

ethernet1/2.99: 10.10.99.1/24 (Guest Zone)

 

LAN and Guest would not be able to talk. Both zones would NAT to the internet over the same WAN IP.

 

I know you have to do source NAT with subinterfaces, but will this scenario even work for untagged? Would I need to add an IP address to the base ethernet1/2 and NAT to that? I've tried several different NAT configurations with no success.

3 REPLIES 3

L2 Linker

 @ClintL, is your switch trunking to eth1/1?  If so, its egress port or interface is sending traffic with vlan tags and you would need to receive/send that tagged traffic on tagged sub-interfaces.  usually, the only interface untagged is the non-sub-interface in your case eth 1/1 where all sub-interfaces carry tagged traffic.  If it is not trunking, there would be no way to diff the traffic across the link.  the same would go with vWires.

Douglas Elliott
Security Implementation Engineer
delliott@sayers.com

No trunking. It's a very simple network at a remote site. That's what I figured, but I was still racking my brain for a solution. I appreciate the response and thank you!

L2 Linker

I think your other option is to add another physical interface (if avail) for Guest with separate IP for gateway.  Could add to a new virtual-router and add a default-route to next-vr.

Douglas Elliott
Security Implementation Engineer
delliott@sayers.com
  • 1652 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!