Scribd Logo
Upload

Welcome to Scribd!

  • CH 27

    Uploaded by

    Abebe Tesfaye
    21 views23 pages
    CCNA study material

    Original Title

    Ch27

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CCNA study material

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views23 pages

    CH 27

    Uploaded by

    Abebe Tesfaye
    CCNA study material

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    Interconnecting Cisco Networking

    Devices Part 1
    ICND1 100-101

    Instructor
    Paul A. Parker

    1
    Chapter 27

    Network Address Translation

    2
    Chapter 27
    Foundation Topics
    v Perspectives on IPv4 Address Scalability
    ▼ In the early to mid-1990s, it became apparent that the Internet
    was growing so fast that all IP network numbers would be
    assigned by the mid-1990s! Concern arose that the available
    networks would be completely assigned, and some organizations
    would not be able to connect to the Internet.
    ▼ The main long-term solution to the IP address scalability problem
    was to increase the size of the IP address. This one fact was the
    most compelling reason for the advent of IP version 6 (IPv6).
    ▼ CIDR is a global address assignment convention that defines
    how the Internet Assigned Numbers Authority (IANA), its
    member agencies, and ISPs should assign the globally unique
    IPv4 address space to individual organizations.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 3


    Chapter 27
    Perspectives on IPv4 Address Scalability
    v Route Aggregation for Shorter Routing Tables
    ▼ If Internet routers had to list every classful network in their
    routing tables, the routers would require a lot of memory, and
    routing table searches would require a lot of processing power.
    ▼ CIDR defines a route aggregation or summarization strategy for
    the routes to public IPv4 addresses in the Internet. This strategy
    relies on a worldwide IPv4 address assignment strategy, as well
    as some simple math to replace many routes for smaller ranges
    of addresses with one route for a larger range of addresses.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 4


    Chapter 27
    Perspectives on IPv4 Scalability
    v Private Addressing
    ▼ Some computers might never be connected to the Internet.
    These computers’ IP addresses could be duplicates of registered
    IP addresses in the Internet.
    ▼ When building a private network that will have no Internet
    connectivity, you can use IP network numbers called private
    internets, as defined in RFC 1918.
    ▼ Instead of using someone else’s registered network numbers,
    you can use numbers in a range that are not used by anyone
    else in the public Internet.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 5


    Chapter 27
    Network Address Translation Concepts
    v NAT, defined in RFC 3022, allows a host that does not
    have a valid, registered, globally unique IP address to
    communicate with other hosts through the Internet.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 6


    Chapter 27
    Network Address Translation Concepts
    v Static NAT
    ▼ Static NAT works by statically mapped a one IP address to
    anther.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 7


    Chapter 27
    Network Address Translation Concepts
    v Static NAT Terminology

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 8


    Chapter 27
    Network Address Translation Concepts
    v Static NAT Terminology
    ▼  Inside local: In a typical NAT design, the term inside refers to an
    address used for a host inside an enterprise. An inside local is the actual
    IP address assigned to a host in the private enterprise network. A more
    descriptive term might be inside private, because oftentimes (but not
    always), the inside addresses are also private addresses.
    ▼  Inside global: NAT uses an inside global address to represent the
    inside host as the packet is sent through the outside network, typically
    the Internet. A NAT router changes the source IP address of a packet
    sent by an inside host from an inside local address to an inside global
    address as the packet goes from the inside to the outside network. A
    more descriptive term might be inside public, because when using RFC
    1918 addresses in an enterprise, the inside global address represents
    the inside host with a public IP address that can be used for routing in
    the public Internet.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 9


    Chapter 27
    Network Address Translation Concepts
    v Static NAT Terminology
    ▼  Outside global: In a typical NAT design, the term outside refers to an
    address used for a host outside an enterprise—in other words, in the
    Internet. An outside global address is the actual IP address assigned to
    a host that resides in the outside network, typically the Internet. A more
    descriptive term might be outside public, because the outside global
    address represents the outside host with a public IP address that can be
    used for routing in the public Internet.
    ▼  Outside local: NAT can translate the outside IP address. When a NAT
    router forwards a packet from the inside network to the outside, when
    using NAT to change the outside address, the IP address that represents
    the outside host as the destination IP address in the packet header is
    called the outside local IP address. A more descriptive term might be
    outside private, because when using RFC 1918 addresses in an
    enterprise, the outside local address represents the outside host with a
    private IP address from RFC 1918.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 10


    Chapter 27
    Network Address Translation Concepts
    v Dynamic NAT
    ▼ Dynamic NAT sets up a pool of possible inside global addresses
    and defines matching criteria to determine which inside local IP
    addresses should be translated with NAT.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 11


    Chapter 27
    Network Address Translation Concepts
    v Overloading NAT with Port Address Translation (PAT)
    ▼ Overloading allows NAT to scale to support many clients with
    only a few public IP addresses.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 12


    Chapter 27
    Network Address Translation Concepts
    v DHCP and NAT/PAT Roles in a Consumer Router
    ▼ By using DHCP on both the LAN and WAN sides, a consumer
    router has created a perfect match of IP addresses to use PAT.
    The computers on the LAN all have private IP addresses, and the
    one WAN port has a public IP address.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 13


    Chapter 27
    NAT Configuration and Troubleshooting
    v Static NAT Configuration
    ▼ Step 1. Configure interfaces to be in the inside part of the NAT
    design using the ip nat inside interface subcommand.
    ▼ Step 2. Configure interfaces to be in the outside part of the NAT
    design using the ip nat outside interface subcommand.
    ▼ Step 3. Configure the static mappings with the ip nat inside
    source static inside-local inside-global global configuration
    command.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 14


    Chapter 27
    NAT Configuration and Troubleshooting
    v Dynamic NAT Configuration
    ▼  Step 1. As with static NAT, configure interfaces to be in the inside
    part of the NAT design using the ip nat inside interface
    subcommand.
    ▼  Step 2. As with static NAT, configure interfaces to be in the outside
    part of the NAT design using the ip nat outside interface
    subcommand.
    ▼  Step 3. Configure an ACL that matches the packets entering inside
    interfaces for which NAT should be performed.
    ▼  Step 4. Configure the pool of public registered IP addresses using
    the ip nat pool name first-address last-address netmask subnet-
    mask global configuration command.
    ▼  Step 5. Enable dynamic NAT by referencing the ACL (Step 3) and
    pool (Step 4) with the ip nat inside source list acl-number pool
    pool-name global configuration command.
    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 15
    Chapter 27
    NAT Configuration and Troubleshooting
    v NAT Overload (PAT) Configuration
    ▼ Use the same steps for configuring dynamic NAT, as outlined in
    the previous section, but include the overload keyword at the
    end of the ip nat inside source list global command.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 16


    Chapter 27
    NAT Configuration and Troubleshooting
    v NAT Troubleshooting
    ▼ Ensure that the configuration includes the ip nat inside and ip
    nat outside interface subcommands. These commands enable
    NAT on the interfaces, and the inside/outside designation is
    important.
    ▼ For static NAT, ensure that the ip nat inside source static
    command lists the inside local address first and the inside global
    IP address second.
    ▼ For dynamic NAT, ensure that the ACL configured to match
    packets sent by the inside hosts match that host’s packets,
    before any NAT translation has occurred. For example, if an
    inside local address of 10.1.1.1 should be translated to 200.1.1.1,
    ensure that the ACL matches source address 10.1.1.1, not
    200.1.1.1.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 17


    Chapter 27
    NAT Configuration and Troubleshooting
    v NAT Troubleshooting
    ▼ For dynamic NAT without PAT, ensure that the pool has enough
    IP addresses. Symptoms of not having enough addresses include
    a growing value in the second misses counter in the show ip
    nat statistics command output, as well as seeing all the pool
    addresses already in the NAT table.
    ▼ For PAT, it is easy to forget to add the overload option on the ip
    nat inside source list command. Without it, NAT works, but
    PAT does not, often resulting in users’ packets not being
    translated and hosts not being able to get to the Internet.
    ▼ Perhaps NAT has been configured correctly, but an ACL exists on
    one of the interfaces, discarding the packets. Note that IOS
    processes ACLs before NAT for packets entering an interface, and
    after translating the addresses for packets exiting an interface.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 18


    Chapter 27
    NAT Configuration and Troubleshooting
    v NAT Troubleshooting
    ▼ Make sure that some user traffic is entering the NAT router on an
    inside interface, triggering NAT to do a translation. NAT reacts to
    packets that come in an interface, and then matches the logic
    referenced in the NAT configuration. The NAT configuration can
    be perfect, but if no inbound traffic occurs that matches the NAT
    configuration, NAT does nothing.

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 19


    Chapter 27
    Exam Preparation Tasks

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 20


    Chapter 27
    Command Reference
    v Configuration Commands

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 21


    Chapter 27
    Command Reference
    v EXEC Commands

    CCENT/CCNA ICND1 Interconnecting Cisco Networking Devices Part 1 22


    Questions?

    23

    You might also like