User Tools

Site Tools


icnd1:nat

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
icnd1:nat [2024/03/14 07:58]
114.119.155.78 old revision restored (2023/09/25 11:02)
icnd1:nat [2024/04/27 08:10] (current)
52.211.143.139 old revision restored (2023/11/01 22:20)
Line 19: Line 19:
 ip nat inside source list MY_LIST int fa0/0 OVERLOAD ip nat inside source list MY_LIST int fa0/0 OVERLOAD
 </code> </code>
 +
 +===== Verify NAT =====
 +<code>
 +R1#sh ip nat statistics 
 +Total active translations: 0 (0 static, 0 dynamic; 0 extended)
 +Outside interfaces:
 +  FastEthernet0/0, Serial0/0
 +Inside interfaces: 
 +  FastEthernet0/1, Loopback0
 +Hits: 16  Misses: 2
 +CEF Translated packets: 18, CEF Punted packets: 0
 +Expired translations: 2
 +Dynamic mappings:
 +-- Inside Source
 +[Id: 2] access-list NAT interface FastEthernet0/0 refcount 0
 +Appl doors: 0
 +Normal doors: 0
 +Queued Packets: 0
 +
 +R1#sh ip nat translations 
 +Pro Inside global      Inside local       Outside local      Outside global
 +icmp 2.2.2.1:        10.1.1.1:        2.2.2.2:         2.2.2.2:1
 +icmp 2.2.2.1:11        10.1.1.3:11        2.2.2.2:11         2.2.2.2:11
 +
 +
 +</code>
 +==== Clear NAT Translations ====
 +Useful with dynamic NAT in the event you run out of dynamic addresses to translate to. Clearing translations will free up slots if the clearout timer isn't quick enough.
 +<code>
 +R1#clear ip nat translation *
 +</code>
 +
 +===== Chapter Questions =====
 +==== One ====
 +Examine the following show command output on a router configured for dynamic NAT:
 +<code>
 +-- Inside Source
 +
 +access-list 1 pool fred refcount 2288
 +
 + pool fred: netmask 255.255.255.240
 +
 +    start 200.1.1.1 end 200.1.1.7
 +
 +    type generic, total addresses 7, allocated 7 (100%), misses 965
 +Users are complaining about not being able to reach the Internet. Which of the following is the most likely cause?
 +</code>
 + 
 +The NAT pool does not have enough entries to satisfy all requests.
 +
 +The problem is not related to NAT, based on the information in the command output.
 +
 +The command output does not supply enough information to identify the problem.
 +
 +Standard ACL 1 cannot be used; an extended ACL must be used.
 +You answered this question correctly. ×
 +
 +Explanation:
 +The last line mentions that the pool has seven addresses, with all seven allocated, with the misses counter close to 1000 - meaning that close to 1000 new flows were rejected because of insufficient space in the NAT pool.
icnd1/nat.1710403109.txt.gz · Last modified: 2024/03/14 07:58 by 114.119.155.78