08 lab 3 network address translation
TRANSCRIPT
16 Boson NetSim for CCNP Lab Manual
Lab 3: Network Address TranslationObjectivesConfi gure NAT on P1R1 to translate the private IP address 10.30.1.6 to a public address. You will use static NAT translation, dynamic NAT translation, and PAT (overloading). You will be able to ping and telnet from P1R2 to all other routers using NAT.
Lab TopologyFor this lab, your network design will include two pods of devices. Pod 2 will be confi gured upon the initial loading of the lab. You will be responsible for confi guring Pod 1. The Pod 2 devices will be confi gured with the same IP addressing scheme as those in Pod 1. For all labs that require more than one pod, your pod will be represented as Pod 1, and the remote pod will be Pod 2.
The Topology diagram below represents the NetMap in the Simulator. To access each of the devices from within the Simulator, select the device name from the appropriate menu in the Simulator. For example, to access P1R1, click the eRouters button and select P1R1 from the drop-down menu.
10.40.1.1
10.40.1.2
10.30.1.610.10.1.1
10.20.1.1
10.30.1.5
10.100.100.1
Subnet Mask255.255.255.0
Fast Ethernet 0/0
Fast Ethernet 0/0
Loopback 0
Loopback 0
Fast Ethernet 0/0
Serial 0/0
Serial 0/0
Backbone
P1R2
P1R1
P1R3
Switch 1
BSCI LAB 3Network Address Translation
17Boson NetSim for CCNP Lab Manual
Command SummaryCommand Description
ip nat pool pool_name start_address end_address netmask subnet_mask
creates an address pool
access-list list_number permit address wildcard creates an access list to be referenced by the NAT statement
ip nat inside source static inside_local_address inside_global_address
creates a static NAT translation
ip nat inside source list access_list_number pool pool_name
translates anything matching the access list to an address in the pool
ip nat inside source list access_list_number interface type number overload
translates anything matching the access list to the IP address of the interface specifi ed; overload indicates that PAT will be used
ip nat inside defi nes the inside interface for NAT
ip nat outside defi nes the outside interface for NAT
router rip changes to router confi guration mode
network network_address allows a routing protocol to route for a directly connected network
no auto-summary disables automatic route summary for a routing protocol
show users displays users currently logged in to the router
show ip nat translations displays the NAT translation table
clear ip nat translation * clears the NAT translation table
Settings on All RoutersProperty Your Setting
Router host names see diagramEnable password ciscoEnable secret password ciscoVirtual terminal password cisco
Lab TasksTask 1: Preparing for NAT
1. On P1R1, change the Loopback 0 IP address to 172.16.1.1 /24.2. On P1R1, confi gure RIP to route for the new network.3. On P1R1, disable RIP auto summary. 4. Verify that you can ping P2R1’s Loopback 0 IP address.
Task 2: Confi guring Static NAT1. Enter the command on P1R1 that makes the serial 0/0 interface an inside NAT interface. 2. Enter the command on P1R1 that makes the FastEthernet 0/0 interface an outside NAT
interface.
Network Address TranslationBSCI LAB 3
18 Boson NetSim for CCNP Lab Manual
3. Enter the command on P1R1 that statically translates 10.30.1.6 (P1R2’s serial 0/0 interface) to 172.16.1.100.
4. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface. The ping should be successful.
5. From P1R2, telnet to the P2R1 FastEthernet 0/0 interface (the password is cisco). Issue the show users command on P2R1. The source IP address of the VTY session should be the statically translated IP address.
6. On P1R1, display the NAT translation table. Do you see the translation? If you do not see the translation, it may have timed out. Try to ping again.
Task 3: Confi guring Dynamic NAT1. On P1R1, remove the static NAT statement, and clear the NAT table.2. On P1R1, create a NAT pool named bigpool. This pool should contain a single address of
172.16.1.100. 3. Create a standard access list 1 that will permit the entire 10.30.1.0 /24 network.4. Enter the command that confi gures NAT to allow the hosts identifi ed in access list 1 to
access the outside world using the IP address identifi ed by bigpool. 5. If it is not already, make the P1R1 serial 0/0 interface an inside NAT interface.6. If it is not already, make the P1R1 FastEthernet 0/0 interface an outside NAT interface.7. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface to ensure that you
can reach it. Next, telnet to the P2R1 router and log in. Both ping and telnet should work.8. While in the Telnet session of P2R1, issue the show users command. What does it show
as your source IP address: the real or the translated IP address? ______________________________________________________________
9. On P1R1, execute the show ip nat translations command. Can you identify an inside local address that matches P1R2? What inside global address is associated with P1R2?
______________________________________________________________
Task 4: NAT Overloading (PAT)1. On P1R1, clear the NAT translation table. Remove the dynamic NAT statement and the
pool that it references. Do not remove the access list. 2. On P1R1, ensure that serial 0/0 is an inside NAT interface and that FastEthernet 0/0 is
an outside NAT interface.3. On P1R1, create a NAT statement that allows hosts matching access list 1 to access the
outside world using the IP address of P1R1’s FastEthernet 0/0 interface. 4. From P1R2, ping the IP address of the P2R1 FastEthernet 0/0 interface to ensure that you
can reach it. Next, telnet to P2R1 and log in. Both ping and telnet should work.5. On P1R1, execute the show ip nat translations command. Can you identify an inside
local address that matches P1R2? ______________________________________________________________6. Optional: Save a copy of your confi guration fi le to a text fi le named nat.txt.
Network Address TranslationBSCI LAB 3
19Boson NetSim for CCNP Lab Manual
Lab SolutionsTask 1: Preparing for NAT
1. P1R1(confi g)#interface loopback 0P1R1(confi g-if)#ip address 172.16.1.1 255.255.255.0
2. P1R1(confi g)#router ripP1R1(confi g-router)#network 172.16.0.0
3. P1R1(confi g)#router ripP1R1(confi g-router)#no auto-summary
4. P1R1#ping 172.16.2.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Task 2: Confi guring Static NAT1. ip nat inside
2. ip nat outside
3. ip nat inside source static 10.30.1.6 172.16.1.100
4. P1R2#ping 10.100.100.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms
5. P1R2#telnet 10.100.100.2Trying 10.100.100.2 ... Open
User Access Verifi cation
Password:P2R1>enablePassword:P2R1#sh usersLine User Host(s) Idle Location0 con 0 idle 00:00:59*2 vty 1 idle 00:00:09 172.16.1.100
6. P1R1#show ip nat translationsPro Inside global Inside local Outside local Outside global--- 172.16.1.100 10.30.1.6 --- ---
BSCI LAB 3Network Address Translation
20 Boson NetSim for CCNP Lab Manual
Task 3: Confi guring Dynamic NAT1. P1R1#conf t
Enter confi guration commands, one per line. End with CNTL/Z.P1R1(confi g)#no ip nat inside source static 10.30.1.6 172.16.1.100P1R1#clear ip nat translation *P1R1#show ip nat translations
2. P1R1(confi g)#ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask 255.255.255.0
3. P1R1(confi g)#access-list 1 permit 10.30.1.0 0.0.0.255
4. P1R1(confi g)#ip nat inside source list 1 pool bigpoolP1R1(confi g)#
5. ip nat inside
6. ip nat outside
7. P1R2#ping 10.100.100.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 msP1R2#telnet 10.100.100.2Trying 10.100.100.2 ... Open
User Access Verifi cation
Password:P2R1>
8. The translated IP address should appear. P2R1>show usersLine User Host(s) Idle Location0 con 0 idle 00:16:58* 2 vty 0 idle 00:00:00 172.16.1.100
9. The inside local address is 10.30.1.6; the inside global address is 172.16.1.100.P1R1#show ip nat translationsPro Inside global Inside local Outside local Outside globalicmp 172.16.1.100 10.30.1.6 10.100.100.2:9392 10.100.100.2:9392
Task 4: NAT Overloading (PAT)1. P1R1#clear ip nat translation *
P1R1#confi gure terminalEnter confi guration commands, one per line. End with CNTL/Z.P1R1(confi g)#no ip nat inside source list 1 pool bigpoolP1R1(confi g)#no ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask 255.255.255.0
Network Address TranslationBSCI LAB 3
21Boson NetSim for CCNP Lab Manual
2. P1R1#show runCurrent confi guration : 1056 bytes!interface FastEthernet0/0 ip address 10.100.100.1 255.255.255.0 ip nat outside!interface Serial0/0 ip address 10.30.1.5 255.255.255.0 ip nat inside clock rate 64000!
3. P1R1(confi g)#ip nat inside source list 1 interface FastEthernet 0/0 overload
4. P1R2#ping 10.100.100.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.100.100.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms
P1R2#telnet 10.100.100.2Trying 10.100.100.2 ... Open
User Access Verifi cation
Password:P2R1>
5. The inside local address is 10.30.1.6. P1R1#show ip nat translations
Pro Inside global Inside local Outside local Outside globalicmp 10.100.100.1:8367 10.30.1.6:8367 10.100.100.2:8367 10.100.100.2:8367icmp 10.100.100.1:8368 10.30.1.6:8368 10.100.100.2:8368 10.100.100.2:8368icmp 10.100.100.1:8369 10.30.1.6:8369 10.100.100.2:8369 10.100.100.2:8369icmp 10.100.100.1:8370 10.30.1.6:8370 10.100.100.2:8370 10.100.100.2:8370icmp 10.100.100.1:8371 10.30.1.6:8371 10.100.100.2:8371 10.100.100.2:8371
Network Address TranslationBSCI LAB 3
22 Boson NetSim for CCNP Lab Manual
Sample Confi guration Script:Static NAT
P1R1hostname P1R1!interface Loopback0 ip address 172.16.1.1 255.255.255.0!interface FastEthernet0/0 ip address 10.100.100.1 255.255.255.0 ip nat outside!interface Serial0/0 ip address 10.30.1.5 255.255.255.0 ip nat inside clock rate 64000!router rip network 10.0.0.0 network 172.16.0.0 no auto-summary!ip nat inside source static 10.30.1.5 172.16.1.100!
Sample Confi guration Script:Dynamic NAT
P1R1hostname P1R1!interface Loopback0 ip address 172.16.1.1 255.255.255.0!interface FastEthernet0/0 ip address 10.100.100.1 255.255.255.0 ip nat outside!interface Serial0/0 ip address 10.30.1.5 255.255.255.0 ip nat inside clock rate 64000!router rip network 10.0.0.0 network 172.16.0.0 no auto-summary!ip nat pool bigpool 172.16.1.100 172.16.1.100 netmask 255.255.255.0ip nat inside source list 1 pool bigpool!access-list 1 permit 10.30.1.0 0.0.0.255!
Network Address TranslationBSCI LAB 3
23Boson NetSim for CCNP Lab Manual
Sample Confi guration Script:NAT Overloading
P1R1hostname P1R1!interface Loopback0 ip address 172.16.1.1 255.255.255.0!interface FastEthernet0/0 ip address 10.100.100.1 255.255.255.0 ip nat outside!interface Serial0/0 ip address 10.30.1.5 255.255.255.0 ip nat inside clock rate 64000!router rip network 10.0.0.0 network 172.16.0.0 no auto-summary!ip nat inside source list 1 interface FastEthernet 0/0 overload!access-list 1 permit 10.30.1.0 0.0.0.255!
BSCI LAB 3Network Address Translation