Академический Документы
Профессиональный Документы
Культура Документы
Version)
Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Device
Gateway
Interface
IP Address
Subnet Mask
Default Gateway
G0/1
192.168.1.1
255.255.255.0
N/A
S0/0/1
209.165.201.18
255.255.255.252
N/A
S0/0/0 (DCE)
209.165.201.17
255.255.255.252
N/A
Lo0
192.31.7.1
255.255.255.255
N/A
PC-A
NIC
192.168.1.20
255.255.255.0
192.168.1.1
PC-B
NIC
192.168.1.21
255.255.255.0
192.168.1.1
PC-C
NIC
192.168.1.22
255.255.255.0
192.168.1.1
ISP
Objectives
Part 1: Build the Network and Verify Connectivity
Part 2: Configure and Verify NAT Pool Overload
Part 3: Configure and Verify PAT
Background / Scenario
In the first part of the lab, your company is allocated the public IP address range of 209.165.200.224/29 by
the ISP. This provides the company with six public IP addresses. Dynamic NAT pool overload uses a pool of
IP addresses in a many-to-many relationship. The router uses the first IP address in the pool and assigns
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 12
Required Resources
2 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
3 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
Console cables to configure the Cisco IOS devices via the console ports
g. Configure logging synchronous to prevent console messages from interrupting the command entry.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 12
Step 1: Define an access control list that matches the LAN private IP addresses.
ACL 1 is used to allow the 192.168.1.0/24 network to be translated.
Gateway(config)# access-list 1 permit 192.168.1.0 0.0.0.255
209.165.200.230
Step 3: Define the NAT from the inside source list to the outside pool.
Gateway(config)# ip nat inside source list 1 pool public_access overload
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 12
c.
Inside local
192.168.1.20:1
192.168.1.21:1
192.168.1.22:1
Outside local
192.31.7.1:1
192.31.7.1:1
192.31.7.1:1
Outside global
192.31.7.1:0
192.31.7.1:1
192.31.7.1:2
Note: Depending on how much time has elapsed since you performed the pings from each PC, you may
not see all three translations. ICMP translations have a short timeout value.
How many Inside local IP addresses are listed in the sample output above? __________ 3
How many Inside global IP addresses are listed? __________ 1
How many port numbers are used paired with the Inside global addresses? _________ 3
What would be the result of pinging the Inside local address of PC-A from the ISP router? Why?
____________________________________________________________________________________
____________________________________________________________________________________
The ping would fail because the router knows the location of the Inside global address in its routing table
but the Inside local address is not advertised.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 12
Step 4: Remove the NAT translation from inside source list to outside pool.
Gateway(config)# no ip nat inside source list 1 pool public_access overload
c.
Inside local
192.168.1.20:1
192.168.1.21:1
192.168.1.22:1
Outside local
192.31.7.1:1
192.31.7.1:1
192.31.7.1:1
Outside global
192.31.7.1:3
192.31.7.1:1
192.31.7.1:4
Reflection
What advantages does PAT provide?
_______________________________________________________________________________________
Answers will vary, but should include that PAT minimizes the number of public addresses needed to provide
Internet access, and that PAT, like NAT, serves to hide private addresses from outside networks.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 12
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router Gateway (After Part 2)
Gateway# show run
Building configuration...
Current configuration : 1790 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
memory-size iomem 15
!
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 12
Router ISP
ISP# show run
Building configuration...
Current configuration : 1487 bytes
!
version 15.2
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 12