Scribd Logo
Importer

Bienvenue sur Scribd !

  • 08 Lab 3 Network Address Translation

    Transféré par

    Caro Cruz
    308 vues8 pages
    The document describes a lab on configuring Network Address Translation (NAT) on router P1R1. The objectives are to configure static NAT, dynamic NAT, and Port Address Translation (PAT). Tasks include changing P1R1's loopback address, enabling RIP, configuring static NAT to translate 10.30.1.6 to 172.16.1.100, dynamic NAT using an address pool, and PAT overloading using P1R1's interface address. Successful pings and telnet sessions validate the different NAT configurations.

    Description originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    The document describes a lab on configuring Network Address Translation (NAT) on router P1R1. The objectives are to configure static NAT, dynamic NAT, and Port Address Translation (PAT). Tasks include changing P1R1's loopback address, enabling RIP, configuring static NAT to translate 10.30.1.6 to 172.16.1.100, dynamic NAT using an address pool, and PAT overloading using P1R1's interface address. Successful pings and telnet sessions validate the different NAT configurations.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    308 vues8 pages

    08 Lab 3 Network Address Translation

    Transféré par

    Caro Cruz
    The document describes a lab on configuring Network Address Translation (NAT) on router P1R1. The objectives are to configure static NAT, dynamic NAT, and Port Address Translation (PAT). Tasks include changing P1R1's loopback address, enabling RIP, configuring static NAT to translate 10.30.1.6 to 172.16.1.100, dynamic NAT using an address pool, and PAT overloading using P1R1's interface address. Successful pings and telnet sessions validate the different NAT configurations.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 8

    BSCI LAB 3

    Network Address Translation

    Lab 3: Network Address Translation


    Objectives
    Configure NAT on P1R1 to translate the private IP address 10.30.1.6 to a public address. You will
    use static NAT translation, dynamic NAT translation, and PAT (overloading). You will be able to
    ping and telnet from P1R2 to all other routers using NAT.

    Lab Topology
    For this lab, your network design will include two pods of devices. Pod 2 will be configured upon
    the initial loading of the lab. You will be responsible for configuring Pod 1. The Pod 2 devices will
    be configured with the same IP addressing scheme as those in Pod 1. For all labs that require
    more than one pod, your pod will be represented as Pod 1, and the remote pod will be Pod 2.
    The Topology diagram below represents the NetMap in the Simulator. To access each of the devices
    from within the Simulator, select the device name from the appropriate menu in the Simulator. For
    example, to access P1R1, click the eRouters button and select P1R1 from the drop-down menu.

    P1R3
    Fast Ethernet 0/0 10.40.1.2

    Switch 1

    Fast Ethernet 0/0 10.40.1.1 Subnet Mask


    Loopback 0
    255.255.255.0

    P1R2
    10.10.1.1 Serial 0/0 10.30.1.6

    Serial 0/0 10.30.1.5


    Loopback 0

    P1R1
    10.20.1.1
    Fast Ethernet 0/0 10.100.100.1

    Backbone

    16 Boson NetSim for CCNP Lab Manual


    BSCI LAB 3
    Network Address Translation

    Command Summary
    Command Description
    ip nat pool pool_name start_address creates an address pool
    end_address netmask subnet_mask
    access-list list_number permit address wildcard creates an access list to be referenced by the NAT statement
    ip nat inside source static creates a static NAT translation
    inside_local_address inside_global_address
    ip nat inside source list access_list_number translates anything matching the access list to an address in
    pool pool_name the pool
    ip nat inside source list access_list_number translates anything matching the access list to the IP address of
    interface type number overload the interface specified; overload indicates that PAT will be used
    ip nat inside defines the inside interface for NAT
    ip nat outside defines the outside interface for NAT
    router rip changes to router configuration mode
    network network_address allows a routing protocol to route for a directly connected network
    no auto-summary disables automatic route summary for a routing protocol
    show users displays users currently logged in to the router
    show ip nat translations displays the NAT translation table
    clear ip nat translation * clears the NAT translation table

    Settings on All Routers


    Property Your Setting
    Router host names see diagram
    Enable password cisco
    Enable secret password cisco
    Virtual terminal password cisco

    Lab Tasks
    Task 1: Preparing for NAT
    1. On P1R1, change the Loopback 0 IP address to 172.16.1.1 /24.
    2. On P1R1, configure RIP to route for the new network.
    3. On P1R1, disable RIP auto summary.
    4. Verify that you can ping P2R1’s Loopback 0 IP address.
    Task 2: Configuring Static NAT
    1. Enter the command on P1R1 that makes the serial 0/0 interface an inside NAT interface.
    2. Enter the command on P1R1 that makes the FastEthernet 0/0 interface an outside NAT
    interface.

    Boson NetSim for CCNP Lab Manual 17


    BSCI LAB 3
    Network Address Translation

    3. Enter the command on P1R1 that statically translates 10.30.1.6 (P1R2’s serial 0/0
    interface) to 172.16.1.100.
    4. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface. The ping should
    be successful.
    5. From P1R2, telnet to the P2R1 FastEthernet 0/0 interface (the password is cisco). Issue
    the show users command on P2R1. The source IP address of the VTY session should be
    the statically translated IP address.
    6. On P1R1, display the NAT translation table. Do you see the translation? If you do not see
    the translation, it may have timed out. Try to ping again.
    Task 3: Configuring Dynamic NAT
    1. On P1R1, remove the static NAT statement, and clear the NAT table.
    2. On P1R1, create a NAT pool named bigpool. This pool should contain a single address of
    172.16.1.100.
    3. Create a standard access list 1 that will permit the entire 10.30.1.0 /24 network.
    4. Enter the command that configures NAT to allow the hosts identified in access list 1 to
    access the outside world using the IP address identified by bigpool.
    5. If it is not already, make the P1R1 serial 0/0 interface an inside NAT interface.
    6. If it is not already, make the P1R1 FastEthernet 0/0 interface an outside NAT interface.
    7. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface to ensure that you
    can reach it. Next, telnet to the P2R1 router and log in. Both ping and telnet should work.
    8. While in the Telnet session of P2R1, issue the show users command. What does it show
    as your source IP address: the real or the translated IP address?
    ______________________________________________________________
    9. On P1R1, execute the show ip nat translations command. Can you identify an inside local
    address that matches P1R2? What inside global address is associated with P1R2?
    ______________________________________________________________
    Task 4: NAT Overloading (PAT)
    1. On P1R1, clear the NAT translation table. Remove the dynamic NAT statement and the
    pool that it references. Do not remove the access list.
    2. On P1R1, ensure that serial 0/0 is an inside NAT interface and that FastEthernet 0/0 is
    an outside NAT interface.
    3. On P1R1, create a NAT statement that allows hosts matching access list 1 to access the
    outside world using the IP address of P1R1’s FastEthernet 0/0 interface.
    4. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface to ensure that you
    can reach it. Next, telnet to P2R1 and log in. Both ping and telnet should work.
    5. On P1R1, execute the show ip nat translations command. Can you identify an inside
    local address that matches P1R2?
    ______________________________________________________________
    6. Optional: Save a copy of your configuration file to a text file named nat.txt.

    18 Boson NetSim for CCNP Lab Manual


    BSCI LAB 3
    Network Address Translation

    Lab Solutions
    Task 1: Preparing for NAT
    1. P1R1(config)#interface loopback 0
    P1R1(config-if)#ip address 172.16.1.1 255.255.255.0
    2. P1R1(config)#router rip
    P1R1(config-router)#network 172.16.0.0
    3. P1R1(config)#router rip
    P1R1(config-router)#no auto-summary
    4. P1R1#ping 172.16.2.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
    Task 2: Configuring Static NAT
    1. ip nat inside
    2. ip nat outside
    3. ip nat inside source static 10.30.1.6 172.16.1.100
    4. P1R2#ping 10.100.100.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms
    5. P1R2#telnet 10.100.100.2
    Trying 10.100.100.2 ... Open
    User Access Verification
    Password:
    P2R1>enable
    Password:
    P2R1#sh users
    Line User Host(s) Idle Location
    0 con 0 idle 00:00:59
    *2 vty 1 idle 00:00:09 172.16.1.100
    6. P1R1#show ip nat translations
    Pro Inside global Inside local Outside local Outside global
    --- 172.16.1.100 10.30.1.6 --- ---

    Boson NetSim for CCNP Lab Manual 19


    BSCI LAB 3
    Network Address Translation

    Task 3: Configuring Dynamic NAT


    1. P1R1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    P1R1(config)#no ip nat inside source static 10.30.1.6 172.16.1.100
    P1R1#clear ip nat translation *
    P1R1#show ip nat translations
    2. P1R1(config)#ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask
    255.255.255.0
    3. P1R1(config)#access-list 1 permit 10.30.1.0 0.0.0.255
    4. P1R1(config)#ip nat inside source list 1 pool bigpool
    P1R1(config)#
    5. ip nat inside
    6. ip nat outside
    7. P1R2#ping 10.100.100.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms
    P1R2#telnet 10.100.100.2
    Trying 10.100.100.2 ... Open
    User Access Verification
    Password:
    P2R1>
    8. The translated IP address should appear.
    P2R1>show users
    Line User Host(s) Idle Location
    0 con 0 idle 00:16:58
    * 2 vty 0 idle 00:00:00 172.16.1.100
    9. The inside local address is 10.30.1.6; the inside global address is 172.16.1.100.
    P1R1#show ip nat translations
    Pro Inside global Inside local Outside local Outside global
    icmp 172.16.1.100 10.30.1.6 10.100.100.2:9392 10.100.100.2:9392
    Task 4: NAT Overloading (PAT)
    1. P1R1#clear ip nat translation *
    P1R1#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    P1R1(config)#no ip nat inside source list 1 pool bigpool
    P1R1(config)#no ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask
    255.255.255.0

    20 Boson NetSim for CCNP Lab Manual


    BSCI LAB 3
    Network Address Translation

    2. P1R1#show run
    Current configuration : 1056 bytes
    !
    interface FastEthernet0/0
    ip address 10.100.100.1 255.255.255.0
    ip nat outside
    !
    interface Serial0/0
    ip address 10.30.1.5 255.255.255.0
    ip nat inside
    clock rate 64000
    !
    3. P1R1(config)#ip nat inside source list 1 interface FastEthernet 0/0
    overload
    4. P1R2#ping 10.100.100.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms
    P1R2#telnet 10.100.100.2
    Trying 10.100.100.2 ... Open
    User Access Verification
    Password:
    P2R1>
    5. The inside local address is 10.30.1.6.
    P1R1#show ip nat translations
    Pro Inside global Inside local Outside local Outside global
    icmp 10.100.100.1:8367 10.30.1.6:8367 10.100.100.2:8367 10.100.100.2:8367
    icmp 10.100.100.1:8368 10.30.1.6:8368 10.100.100.2:8368 10.100.100.2:8368
    icmp 10.100.100.1:8369 10.30.1.6:8369 10.100.100.2:8369 10.100.100.2:8369
    icmp 10.100.100.1:8370 10.30.1.6:8370 10.100.100.2:8370 10.100.100.2:8370
    icmp 10.100.100.1:8371 10.30.1.6:8371 10.100.100.2:8371 10.100.100.2:8371

    Boson NetSim for CCNP Lab Manual 21


    BSCI LAB 3
    Network Address Translation

    Sample Configuration Script:


    Static NAT
    P1R1
    hostname P1R1
    !
    interface Loopback0
    ip address 172.16.1.1 255.255.255.0
    !
    interface FastEthernet0/0
    ip address 10.100.100.1 255.255.255.0
    ip nat outside
    !
    interface Serial0/0
    ip address 10.30.1.5 255.255.255.0
    ip nat inside
    clock rate 64000
    !
    router rip
    network 10.0.0.0
    network 172.16.0.0
    no auto-summary
    !
    ip nat inside source static 10.30.1.5 172.16.1.100
    !

    Sample Configuration Script:


    Dynamic NAT
    P1R1
    hostname P1R1
    !
    interface Loopback0
    ip address 172.16.1.1 255.255.255.0
    !
    interface FastEthernet0/0
    ip address 10.100.100.1 255.255.255.0
    ip nat outside
    !
    interface Serial0/0
    ip address 10.30.1.5 255.255.255.0
    ip nat inside
    clock rate 64000
    !
    router rip
    network 10.0.0.0
    network 172.16.0.0
    no auto-summary
    !
    ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask
    255.255.255.0
    ip nat inside source list 1 pool bigpool
    !
    access-list 1 permit 10.30.1.0 0.0.0.255
    !

    22 Boson NetSim for CCNP Lab Manual


    BSCI LAB 3
    Network Address Translation

    Sample Configuration Script:


    NAT Overloading
    P1R1
    hostname P1R1
    !
    interface Loopback0
    ip address 172.16.1.1 255.255.255.0
    !
    interface FastEthernet0/0
    ip address 10.100.100.1 255.255.255.0
    ip nat outside
    !
    interface Serial0/0
    ip address 10.30.1.5 255.255.255.0
    ip nat inside
    clock rate 64000
    !
    router rip
    network 10.0.0.0
    network 172.16.0.0
    no auto-summary
    !
    ip nat inside source list 1 interface FastEthernet 0/0 overload
    !
    access-list 1 permit 10.30.1.0 0.0.0.255
    !

    Boson NetSim for CCNP Lab Manual 23

    Vous aimerez peut-être aussi