Howdy,
I'm looking for a switch of maybe 16 ports that will do static NAT on _every_ port for a very specific application. I am aware there are alternative topologies, but a 1-to-1 translation is optimal for this specific application.
Recommendations?
-Thanks
-Matt
What line rates?
Is the problem you are trying to solve that you have overlapping subnets that you need to have talk to each other?
Is this a multi-DMZ + WAN type of situation, or is this a situation in which each port needs to be able to talk to the translated version of each other port?
Address translation is a layer 3 function, not a layer 2 function, so a traditional "switch" cannot do this task. A "layer 3 switch" (i.e., a restricted router) -might- be able to do it (but none of Cisco's "Layer 3" or "multilayer" switches appear to). Though there is Cisco's insistance on marketing the Cat 6000 as a "switch".
Devices that will *not* handle this include:
- Cisco Cat 29x0, Cat 35x0, Cat 37x0 (no NAT)
- Cisco PIX, ASA 55x0 (not enough ports)
- Cisco Cat 400x (no NAT)
- Most Cisco Cat 450x (no NAT)
Devices that have a chance include:
- Cisco Cat 4500 with AGM
- Cisco Cat 600x with most supervisors
But whether these devices -are- usable would depend on exactly what you are trying to do: if the IP ranges overlap, it gets much more difficult.
Maybe the 6500 does hardware assisted NAT, I have no idea.
Otherwise you are in software.
16 x 100M is a LOT of nat!!I would consider
2800/3800 with switch module e.g. NM-16ESW= depending on performance required. There are also 32 port modules.These modules can have each port configured for routing OR L2 switching, just like say a 3750 or 6500 or whatever.
Yeah, but at the moment we don't know if the OP wants 16 x 10 or 16 x 1000 or 16 x 200 (full duplex) or 16 x only around 2K byte/s..
Where you perchance thinking of the NMD-36ESW, which is an HDSM with
36 ports? (I don't know why 36...)The NMD-36ESW requires a 2851, 3660, 3700, or 3800.
The NM-16ESW requires a 2600, 2800 (not 2801), 3600, 3700, or 3800. (One document says not on any 3600, and only on 2691 of the 2600 family)
Looks like the etherswitch modules use the router for layer 3, which would drastically reduce the available throughput in those model series (few of which can handle 100 Mbit/s of routing of short packets.)
I do not see NAT listed amongst the available features for these modules, but I have no experience with them and it is plausible that NAT would be supported via the router.
This could be done with a Cat6500 and the FWSM, combined with any line card you need.
Brian
Walter Robers> >
Sorry if I was not clear.
Yes NAT on the router.
I looked at the 16 and the smaller ones, we bought the 16. Very nice.
I now recall that I was told that the 36 had hardware L3. Don't know though since we were not really considering it.
As I say the 16 + router looks like a 6500 from a configuration standpoint. I guess it does L2 on board and L3 on the router. Our other option was a 3845 and a 2950, say, with trunking between them.
Maybe 100Mbit on the backplane total.
The latter.
They overlap. I am looking at a few dozen sites many of which use duplicates of RFC1918 netblocks. It is a hub and spoke topology. The spokes do not need to communicate between them, but the hub needs to be able to talk to all of the spokes. The overlapping addressing presents the problem.
I know there are other vendors who do this, I've seen one that had a switch that did static NAT on every port but that was a few years ago and I don't remember who it was.
Any ideas?
-Matt
Cisco keywords that might lead somewhere: BBSM, SSG, hospitality
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.