CCENT Study Guide - California State University, Los Angeles

CCENT Study Guide - California State University, Los Angeles

CCENT Study Guide Chapter 13 Network Address Translation Chapter 13 Objectives The CCENT Topics Covered in this chapter include: 4.0 Infrastructure Services 4.7 Configure, verify, and troubleshoot inside source NAT.

4.7.a Static 4.7.b Pool 4.7.c PAT When Do We Use NAT? Network Address Translation (NAT) is similar to Classless InterDomain Routing (CIDR) in that the original intention for NAT was to slow the depletion of available IP address space by allowing multiple private IP addresses to be represented by a much smaller number of public IP addresses. Heres a list of situations when NAT can be especially helpful: When you need to connect to the Internet and your hosts dont have globally unique IP addresses

When youve changed to a new ISP that requires you to renumber your network When you need to merge two intranets with duplicate addresses Figure 13.1: Where to configure NAT You typically use NAT on a border router. For example, in Figure 13.1, NAT is used on the Corporate router connected to the Internet. Types of NAT Static NAT This type of NAT is designed to allow one-to-one mapping between local

and global addresses. Keep in mind that the static version requires you to have one real Internet IP address for every host on your network. Dynamic NAT This version gives you the ability to map an unregistered IP address to a registered IP address from out of a pool of registered IP addresses. You dont have to statically configure your router to map each inside address to an individual outside address as you would using static NAT, but you do have to have enough real, bona-fide IP addresses for everyone whos going to be sending packets to and receiving them from the Internet at the same time. Overloading This is the most popular type of NAT configuration. Understand that overloading really is a form of dynamic NAT that maps multiple

unregistered IP addresses to a single registered IP address (many-to-one) by using different source ports. Now, why is this so special? Well, because its also known as Port Address Translation (PAT), which is also commonly referred to as NAT Overload. Using PAT allows you to permit thousands of users to connect to the Internet NAT Terms Names Meaning Inside local Source host inside address before translationtypically an RFC 1918 address

Outside local Address from which source host is known on the Internet. This is usually the address of the router connected to ISPthe actual Internet address. Inside global Source host address used after translation to get onto Internet. This is also the actual Internet address. Outside global Address of outside destination host and, again, the real Internet address Figure 13.2: Basic NAT translation

In this figure, we can see host 10.1.1.1 sending an Internet-bound packet to the border router configured with NAT. The router identifies the source IP address as an inside local IP address destined for an outside network, translates the source IP address in the packet, and documents the translation in the NAT table. The packet is sent to the outside interface with the new translated source address. The external host returns the packet to the destination host, and the NAT router translates the inside global IP address back to the inside local IP address using the NAT table. This is as simple as it gets! Figure 13.3: NAT overloading example (PAT) With PAT, all inside hosts get translated to one single IP address, hence the term overloading. Again, the reason weve just run out

of available global IP addresses on the Internet is because of overloading (PAT). Static NAT Configuration Lets take a look at a simple example of a basic static NAT configuration: ip nat inside source static 10.1.1.1 170.46.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.46.2.1 255.255.255.0 ip nat outside

! In the preceding router output, the ip nat inside source command identifies which IP addresses will be translated. In this configuration example, the ip nat inside source command configures a static translation between the inside local IP address 10.1.1.1 to the outside global IP address 170.46.2.2. Dynamic NAT Configuration Basically, dynamic NAT really means we have a pool of addresses that well use to provide real IP addresses to a group of users on the inside. Because we dont use port numbers, we must have real IP addresses for every user whos trying to get outside the local network simultaneously.

Here is a sample output of a dynamic NAT configuration: ip nat pool todd 170.168.2.3 170.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool todd ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.168.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 !

PAT (Overloading) Configuration This is the typical form of NAT that we would use today. Its actually now rare to use static or dynamic NAT unless it is for something like statically mapping a server, for example. Here is a sample output of a PAT configuration: ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0 ip nat inside source list 1 pool globalnet overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside

! interface Serial0/0 ip address 170.168.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 Figure 13.4: NAT example To start, look at Figure 13.4 and ask yourself two things: Where would you implement NAT in this design, and what type of NAT would you configure? In Figure 13.4, the NAT configuration would be placed on the corporate router, just as I demonstrated with Figure 13.1, and the

configuration would be dynamic NAT with overload Figure 13.5: Another NAT example In the next NAT example, refer to Figure 13.5 and see if you can come up with the configuration needed. Actually, two different answers would both work here, but the following would be my first choice based on the exam objectives: ip nat pool Todd 192.1.2.109 192.1.2.109 netmask 255.255.255.248 access-list 1 permit 192.168.10.64 0.0.0.63 ip nat inside source list 1 pool Todd overload Written Labs and Review Questions

Read through the Exam Essentials section together in class. Open your books and go through all the written labs and the review questions. Review the answers in class. 14

Recently Viewed Presentations

  • Spiritual Principles of Mortification:

    Spiritual Principles of Mortification:

    Carnal Person Natural Person Perfect Sanctification The spiritual life of the believer is the life of Jesus Christ reproduced by the child of God by means of the Holy Spirit Not merely a decision, but a life of consecration. Not...
  • Ccsystem in Europe

    Ccsystem in Europe

    The technical standards on OTC Derivatives, Reporting to Trade Repositories and Requirements for Trade Repositories and Central Counterparties entered into force on 15 March 2013. Non-financial counterparties exceeding the clearing threshold have been required to notify since 15 March 2013.
  • Return Forecasting by Quantile Regression

    Return Forecasting by Quantile Regression

    Return Forecasting by Quantile Regression QWAFAFEW December 20101 Larry Pohlman and Lingjie Ma Outline The Math Examples Multivariate Model Results The Math and Code Model OLS Estimation QR Estimation R, S+, Stat, SAS What does QR do?
  • Outgoing Exchange Orientation Session - Carleton University

    Outgoing Exchange Orientation Session - Carleton University

    International Exchange application online and accessible via Carleton Central under Student Online Applications. Designed to make the process one stop - ease of use while away on exchange. Allows application review, updates and status changes. Application is available 24/7 via...
  • MAGIC, WITCHCRAFT, & RELIGION What are witchcraft, magic,

    MAGIC, WITCHCRAFT, & RELIGION What are witchcraft, magic,

    anthropology of religion themes co-existence of seemingly opposite processes/ phenomena: 4 arguments in anthropology of religion arguments in anthropology of religion 19th century thinking about religion 19th century thinking about religion 19th century thinking about religion shifts in the 20th...
  • Mining the data warehouse - Missouri State University

    Mining the data warehouse - Missouri State University

    Mining the data warehouse. ... A leader in premium pizza market. 130 full-service restaurants. 26 states, D.C., and 5 foreign countries. ... Illustrate why 100 percent accurate and complete information is impossible for Noodles & Company to obtain.
  • How to receive your travel/research funds

    How to receive your travel/research funds

    How to receive your travel/research funds. Using Concur for Travel ... What you can get money for from Psych? Research. Any justified expenses associated with your thesis research. Poster Printing. Up to 2 posters during 2 years in program. ......
  • SPIEGEL SOHMER INC. - RBC Wealth Management

    SPIEGEL SOHMER INC. - RBC Wealth Management

    [31] De la même manière que la personnalité juridique distincte d'une corporation ne peut être invoquée pour masquer une contravention à une règle intéressant l'ordre public, le patrimoine distinct de la fiducie ne peut lui non plus servir à contourner...