Cisco Catalyst 9300 Series Switch Guest Shell External Access Configuration Guide

Configuring External Access for Services on Cisco Catalyst 9300 Series Switch

Prev Question Next Question

Question

On a Cisco Catalyst 9300 Series Switch, the guest shell is being used to create a service within a container.

Which change is needed to allow the service to have external access?

Answers

A. Apply ip nat overload on VirtualPortGroup0.

B. Apply ip nat inside on Interface VirtualPortGroup0.

C. Apply ip nat outside on Interface VirtualPortGroup0.

D. Apply ip nat inside on Interface GigabitEthernet1.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The correct answer is C. Apply ip nat outside on Interface VirtualPortGroup0.

The guest shell is a Linux container that allows users to install and run their own Linux applications on Cisco Catalyst 9300 Series Switches. When a service is created within a container in the guest shell, by default, it is isolated from the external network and cannot be accessed from outside the switch.

To allow external access to the service, network address translation (NAT) needs to be configured. NAT is a technique used to map one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. In this case, we need to configure NAT on the Cisco Catalyst 9300 Series Switch to translate the internal IP address of the container to a public IP address that can be accessed from outside the switch.

Option A, "Apply ip nat overload on VirtualPortGroup0," is incorrect because VirtualPortGroup0 is not an interface on the Cisco Catalyst 9300 Series Switch. It is a logical interface that represents a group of physical interfaces.

Option B, "Apply ip nat inside on Interface VirtualPortGroup0," is incorrect because VirtualPortGroup0 is not an outside interface. It is an inside interface that connects to the guest shell container.

Option D, "Apply ip nat inside on Interface GigabitEthernet1," is incorrect because GigabitEthernet1 is not the interface that connects to the guest shell container. It is one of the physical interfaces that can be part of VirtualPortGroup0.

Option C, "Apply ip nat outside on Interface VirtualPortGroup0," is the correct answer because VirtualPortGroup0 is the interface that connects to the external network. By configuring NAT on this interface, the internal IP address of the container can be translated to a public IP address that can be accessed from outside the switch.

Therefore, the correct answer is C. Apply ip nat outside on Interface VirtualPortGroup0.

Prev Question Next Question