Ruijie Community

Title: Command refference guide for EG3250 [Print this page]
Author: dmitry@bairoff.    Time: 2023-2-17 23:50
Title: Command refference guide for EG3250
Hi team, i can not find CLI command reference guide for EG3250. Right now i'm looking for the way to configure unusual NAT using CLI, there's no info about it. Please help.
Author: GTAC-Patrick    Time: 2023-2-20 10:46
Really sorry for your inconvenience.
Now we dont have a CLI commands guide for gateway.
May I know which type of NAT you want to configure? Could you elaborate more about this?
Author: dmitry@bairoff.    Time: 2023-2-20 15:42
Edited by Dmitry Bairoff at 2023-2-20 15:50

Patrick replied at 2023-2-20 10:46
Really sorry for your inconvenience.
Now we dont have a CLI commands guide for gateway.
May I know w ...
Hi Patrik, i am trying to create a simple overload nat according to instructions from RCNA course.
int g0/2
ip addres 192.168.20.1 255.255.255.0
ip nat outside
int g0/6
ip addres 192.168.60.1 255.255.255.0
ip nat inside


access-list 10 permit 192.168.60.1 255.255.255.0
access-list 10 permit
172.16.0.0 255.255.0.0




access-list 10 permit 10.1.0.0 255.255.0.0



#### this is because i have several routed networks behind this EG3250, and i test from all of them, not working



ip nat inside source list 10 interface g0/6 overload

##### I'm not sure if it's important or not, my config also has these lines:
sys-mode gateway
!
specify interface GigabitEthernet 0/0 lan
specify interface GigabitEthernet 0/1 wan
specify interface GigabitEthernet 0/2 lan
specify interface GigabitEthernet 0/3 lan
specify interface GigabitEthernet 0/4 lan
specify interface GigabitEthernet 0/5 lan
specify interface GigabitEthernet 0/6 lan
specify interface GigabitEthernet 0/7 lan
specify interface GigabitEthernet 0/9 lan
specify interface TenGigabitEthernet 0/0 lan








show ip nat translations command shows nothing. And i have no ideas how else can i check what's wrong.




Author: GTAC-Patrick    Time: 2023-2-20 17:18
Dmitry Bairoff replied at 2023-2-20 15:42
Patrick replied at 2023-2-20 10:46
Really sorry for your inconvenience.
Now we dont have a CLI comma ...

1."ip nat outside" --- this command should be used in the WAN port of EG.
In your case, the g0/2 is LAN port. Please confirm again.
2.The format for ACLs is wrong, the wildcard should be this: 0.0.0.255 --- for /24.
such as: access-list 10 permit 192.168.60.0 0.0.0.255

3."ip nat inside source list 10 interface g0/6 overload" --- the interface in this command should be the nat outside port (WAN port)


For checking commands, you also can use these:
show access-list xxx --- xxx is the ACL number, check the ACL config
show run int g x/y  --- x/y is the port number, you can use this command to check the configuration of physical ports
Author: dmitry@bairoff.    Time: 2023-2-20 17:37
Patrick replied at 2023-2-20 17:18
1."ip nat outside" --- this command should be used in the WAN port of EG.
In your case, the g0/2 i ...

I'm not besides the device now, can't perform checks, will be there on next monday. I was typing commands here as i remember them. Now checked again with the dump of config file:
specify interface GigabitEthernet 0/0 lan
specify interface GigabitEthernet 0/1 wan
specify interface GigabitEthernet 0/2 lan
specify interface GigabitEthernet 0/3 lan
specify interface GigabitEthernet 0/4 lan
specify interface GigabitEthernet 0/5 lan
specify interface GigabitEthernet 0/6 lan
specify interface GigabitEthernet 0/7 lan
specify interface GigabitEthernet 0/9 lan
specify interface TenGigabitEthernet 0/0 lan

ip access-list standard 10
10 permit 172.16.10.0 0.0.0.255
20 permit 192.168.60.0 0.0.0.255
30 permit 192.168.70.0 0.0.0.255

interface GigabitEthernet 0/1
ip address dhcp
ip nat outside

interface GigabitEthernet 0/6
ip address 192.168.60.1 255.255.255.0
ip nat inside

ip nat inside source list 10 interface GigabitEthernet 0/1 overload


Author: GTAC-Patrick    Time: 2023-2-20 18:09
Dmitry Bairoff replied at 2023-2-20 17:37
I'm not besides the device now, can't perform checks, will be there on next monday. I was typing c ...

The config is okay.
Now you only need to make sure that the ip route is correct.
When the users under EG can get ip and access Internet, then you can check the nat translation table.
Author: dmitry@bairoff.    Time: 2023-2-20 19:04
Patrick replied at 2023-2-20 18:09
The config is okay.
Now you only need to make sure that the ip route is correct.
When the users un ...

but it's not working :-( i haven't tried sh ip route after obtaining ip on Ge0/1, i'm sure i was able to ping interner from this EG3250. I'll return back to the router in a week and let you know the result of test.
Author: GTAC-Patrick    Time: 2023-2-20 21:47
Dmitry Bairoff replied at 2023-2-20 19:04
but it's not working :-( i haven't tried sh ip route  after obtaining ip on Ge0/1, i'm sure i was  ...

Yes, please make sure there is an default route pointed to your ISP modem on EG.
If on EG, you can ping Internet with its WAN port, then you may check the downlink devices of EG.




Welcome to Ruijie Community (https://community.ruijienetworks.com/) Powered by Discuz! X3.2