Network address translation (nat), Configuration overview – Rockwell Automation 1783-BMxxx Stratix 5700 Ethernet Managed Switches User Manual User Manual
Page 101
Rockwell Automation Publication 1783-UM004E-EN-P - June 2014
101
Switch Software Features Chapter 3
Network Address Translation
(NAT)
NAT is a service that translates one IP address to another IP address via a
NAT-configured switch. The switch translates the source and destination
addresses within data packets as traffic passes between subnets.
This service is useful if you need to reuse IP addresses throughout a network. For
example, NAT makes it possible for devices that share a single IP address on a
private subnet to be segmented into multiple identical private subnets while
maintaining unique identities on the public subnet.
(1)
The implementation of NAT in the Stratix 5700 switch is distinct in these ways:
• One-to-one NAT—The switch uses one-to-one NAT, rather than
one-to-many NAT. One-to-one NAT requires that each source address
translates to one unique destination address. Unlike one-to-many NAT,
multiple source addresses cannot share the same destination address.
• Layer 2 implementation—The switch’s implementation of NAT operates
at the Layer 2 (MAC) level. At this level, the switch can replace only
IP addresses and does not act as a router.
Configuration Overview
To configure NAT, you create one or more unique NAT instances. In a typical
implementation, only one instance is required. A NAT instance contains entries
that define each address translation, as well as other configuration parameters.
The translations you define depend on whether traffic is routed through a Layer 3
switch or router or a Layer 2 switch:
• If traffic is routed through a Layer 3 switch or router (
the following:
– A private-to-public translation for each device on the private subnet
that needs to communicate on the public subnet.
– A gateway translation for the Layer 3 switch or router.
You do not need to configure NAT for all devices on the private subnet.
For example, you can choose to omit some devices from NAT to increase
security, decrease traffic, or conserve public address space.
• If traffic is routed through a Layer 2 switch (
), you define the
following:
– A private-to-public translation for each device on the private subnet
that needs to communicate on the public subnet.
– A public-to-private translation for each device on the public subnet that
needs to communicate on the private subnet.
(1) Note that we use the terms private and public to differentiate the two networks on either side of the NAT device. This does not infer
that the public network must be internet routable.
IMPORTANT
As a best practice, we recommend you route traffic through a Layer 3
switch or router.