CCNA Notes
CompTIA LX103
Cisco ICND1
Cisco ICND2
Cisco CCNP Route
Various
Labs
CompTIA LX103
Cisco ICND1
Cisco ICND2
Cisco CCNP Route
Various
Labs
This is an old revision of the document!
Static NAT requires few configuration steps. Each static mapping between local and global addresses must be configured. Not unlike a static entry for every static IP address required. You must inform the router on which interfaces to use NAT
. Interface subcommands inform the router which interfaces are inside
/ outside
.
ip nat inside
command on an interface to specify inside.ip nat outside
command on an interface to specify outside.ip nat inside source static inside-local inside-global
from global config to configure the static mappings.Create an access list to match a group of source addresses as needed – why else would we overload?
R1(config-std-nacl)#permit 10.1.1.0 0.0.0.255 R1#sh access-lists Standard IP access list NAT 10 permit 10.1.1.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any
Then configure NAT to match against entries in the NAT list configured above. Specify OVERLOAD
to enable PAT.
ip nat inside source list MY_LIST int fa0/0 OVERLOAD
R1#sh ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: FastEthernet0/0, Serial0/0 Inside interfaces: FastEthernet0/1, Loopback0 Hits: 16 Misses: 2 CEF Translated packets: 18, CEF Punted packets: 0 Expired translations: 2 Dynamic mappings: -- Inside Source [Id: 2] access-list NAT interface FastEthernet0/0 refcount 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 2.2.2.1:1 10.1.1.1:1 2.2.2.2:1 2.2.2.2:1 icmp 2.2.2.1:11 10.1.1.3:11 2.2.2.2:11 2.2.2.2:11
Useful with dynamic NAT in the event you run out of dynamic addresses to translate to. Clearing translations will free up slots if the clearout timer isn't quick enough.
R1#clear ip nat translation *
Examine the following show command output on a router configured for dynamic NAT:
-- Inside Source access-list 1 pool fred refcount 2288 pool fred: netmask 255.255.255.240 start 200.1.1.1 end 200.1.1.7 type generic, total addresses 7, allocated 7 (100%), misses 965
Users are complaining about not being able to reach the Internet. Which of the following is the most likely cause?
The NAT pool does not have enough entries to satisfy all requests.
You answered this question correctly. ×
Explanation: The last line mentions that the pool has seven addresses, with all seven allocated, with the misses counter close to 1000 - meaning that close to 1000 new flows were rejected because of insufficient space in the NAT pool.
Which of the following summarized subnets represent routes that could have been created for CIDR’s goal to reduce the size of Internet routing tables?
200.1.0.0 255.255.0.0
You answered this question correctly. ×
Explanation: CIDR’s original intent was to allow the summarization of multiple Class A, B, and C networks to reduce the size of Internet routing tables. Of the answers, only 200.1.0.0 255.255.0.0 summarizes multiple networks.
With static NAT, performing translation for inside addresses only, what causes NAT table entries to be created?
Configuration using the ip nat inside source command
You answered this question correctly. ×
Explanation: With static NAT, the entries are statically configured. Because the question mentions translation for inside addresses, the inside keyword is needed in the command.
Which of the following are not private addresses according to RFC 1918? (Choose two answers.)
172.33.1.1
191.168.1.1
Select 2 answers
You answered this question correctly. ×
Explanation: RFC 1918 identifies private network numbers. It includes Class A network 10.0.0.0, Class B networks 172.16.0.0 through 172.31.0.0, and Class C networks 192.168.0.0 through 192.168.255.0.
NAT has been configured to translate source addresses of packets for the inside part of the network, but only for some hosts as identified by an access control list. Which of the following commands indirectly identifies the hosts?
ip nat pool barney 200.1.1.1 200.1.1.254 netmask 255.255.255.0
ip nat inside 200.1.1.1 200.1.1.2
ip nat inside
ip nat inside source list 1 pool barney
You answered this question correctly. ×
Explanation: The list 1 parameter references an IP ACL, which matches packets, identifying the inside local addresses.