CCNA 640-802: NAT SIM
Question:
A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30 .
NAT SIM Configuration:
The following configuration translates between inside hosts (Weaver LAN) addressed from 192.168.100.16 /28 network (192.168.100.17 – 192.168.100.30) to the globally unique pool of address provided by ISP 198.18.184.105 – 198.18.184.110 /29.
Weaver>enable
Weaver#configure terminal
Before starting the NAT configuration verify that router hostname currently configured is weaver. If not change hostname to Weaver using the command
Router(config)#hostname weaver
Step1: Create an access-list to match all the Weaver LAN address that need to be the candidates for NAT translations
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Step2: Create a NAT Pool with pool name isp_adr and specify the pool address range provided by ISP with their netmask.
Weaver(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Step3: Packets that match access-list 10 will be translated to an address from the pool called "isp_adr".
Overload keyword specify to use Port based NATing to support all the Weaver LAN address range.
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
SIM Question already provides that appropriate interfaces have been configured for NAT Inside and NAT Outside statements.
For your information configuration would have been like this
Weaver(config)#interface fastethernet 0/0
Weaver(config-if)#ip nat inside
Weaver(config)#interface serial 0/0
Weaver(config-if)#ip nat outside
Functionality Test:
Our requirements are to allow the hosts (Weaver LAN) the ability to communicate with the Internet. For this test, we ping the Internet device (ISP router S0/1) from Host for testing.
Step1:
Go to host for testing:
C:\>ping 192.0.2.114
PING should be success to 192.0.2.114 since SIM question provides that static route is already configured on router.
Step2:
On console of router (Weaver) :
Issue show ip nat translation command to verify the NAT translations.
Sample output:
Considering host for testing IP address is 192.168.100.17
weaver# show ip nat translation
Pro Inside global Inside local Outside local Outside global
icmp 198.18.184.105:434 192.168.100.17:434 192.0.2.113:434 192.0.2.114:434
icmp 198.18.184.105:435 192.168.100.17:435 192.0.2.113:435 192.0.2.114:435
icmp 198.18.184.105:436 192.168.100.17:436 192.0.2.113:436 192.0.2.114:436
icmp 198.18.184.105:437 192.168.100.17:437 192.0.2.113:437 192.0.2.114:437
icmp 198.18.184.105:438 192.168.100.17:438 192.0.2.113:438 192.0.2.114:438
Side Question::: 0.0.0.15 is the wildcard mask for the host IP range
192.168.100.17 - 192.168.100.30
Explanation:
Method to identify the wildcard mask for above IP range is
First we need to find out the subnet mask for the above range.
Range has 14 valid hosts to get the subnet for this.
14+2(broadcast and network address) = 16
To get subnet mask we need to subtract 256 - 16 = 240
255.255.255.240 is the subnet mask
´
Simple method to calculate the Wildcard mask from known subnet is to
Reverse 1’s into 0’s and 0’s into 1’s from the binary representation of subnet.
For above example (240 = 11110000 subnet)
11110000 (subnet) = 00001111 (wildcard mask) last octet.
= 15 (wildcard mask) for last octet by converting it to decimal.
Converting the remaining first 3 octets of subnet into wildcard mask using above method
Resulted wildcard mask is 0.0.0.15
Side Question::: How about number of hosts = 30?
Explanation:
Similar method has we have done for 14 hosts
Explanation:
For 30 hosts..
30+2(broadcast and network address) = 32
To get subnet mask we need to subtract 256 - 32 = 224
255.255.255.224 is the subnet mask
´
Simple method to calculate the Wildcard mask from known subnet is to
Reverse 1’s into 0’s and 0’s into 1’s from the binary representation of subnet.
For above example (224 = 11100000 subnet)
11100000 (subnet) = 00011111 (wildcard mask) last octet.
= 31 (wildcard mask) for last octet by converting it to decimal.
Converting the remaining first 3 octets of subnet into wildcard mask using above method
Resulted wildcard mask is 0.0.0.31
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment