ccna training » ccna nat sim question 1

Type text to search here...

Home > CCNA NAT SIM Question 1

CCNA NAT SIM Question 1October 18th, 2010 Go to comments

Question

A network associate is configuring a router for the CCNA Training company to provide internet access. The ISP hasprovided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that needto access the internet simultaneously. The hosts in the CCNA Training company LAN have been assigned private spaceaddresses in the range of 192.168.100.17 – 192.168.100.30.

The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access forthe hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.

Configuration informationrouter name – Weaverinside global addresses – 198.18.184.105 198.18.184.110/29 inside local addresses – 192.168.100.17 – 192.168.100.30/28 number of inside hosts – 14

The following have already been configured on the router：

- The basic router configuration

- The appropriate interfaces have been configured for NAT inside and NAT outside

- The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.)

- All passwords have been temporarily set to “cisco”

Ads by Google CCNA Practice Exam Cisco CCNA 640 802 Exam Cisco CCNA Voice CCNA

1/2/2011 CCNA Training » CCNA NAT SIM Quest…

9tut.com/52-ccna-nat-sim-question 1/15

Solution:

The CCNA Training company has 14 hosts that need to access the internet simultaneously but we just have 6 public IPaddresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)

Double click on the Weaver router to open it

Router>enableRouter#configure terminal

First you should change the router’s name to Weaver

Router(config)#hostname Weaver

Create a NAT pool of global addresses to be allocated with their netmask (/29 = 255.255.255.248). There were reportsthat the simulator in the real exam did not accept “prefix-length” keryword so you should use “netmask” keyword.

Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248

Create a standard access control list that permits the addresses that are to be translated

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

Establish dynamic source translation, specifying the access list that was defined in the prior step

Weaver(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to198.18.184.110)

Cisco Biz TelePresence Maximize your ROI return with Cisco video conference. Free Demo Here! Cisco.com/Cisco_T

I passed the CCIE R&S Lab on my first attempt! Steve Clarkin - CCIE #25821 www.INE.com/CCIE

Pass ACCA Exams 1st Time Career Service, LSBF ACCA Tutors Team+ Fully funded MBA/MSc Degree www.CA-MB



Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using differentports

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.

This is how to configure the NAT inside and NAT outside, just for your understanding:

Weaver(config)#interface fa0/0Weaver(config-if)#ip nat inside

Weaver(config-if)#exit

Weaver(config)#interface s0/0Weaver(config-if)#ip nat outsideWeaver(config-if)#end

Finally, we should save all your work with the following command:

Weaver#copy running-config startup-config

Check your configuration by going to “Host for testing” and type:

C:\>ping 192.0.2.114

The ping should work well and you will be replied from 192.0.2.114

Other lab-sims on this site:

CCNA NAT SIM Question 1

CCNA NAT SIM Question 2

CCNA Frame Relay Sim

CCNA Configuration SIM Question (RIPv2 SIM)

CCNA VTP SIM

CCNA EIGRP LAB

CCNA Drag and Drop SIM

CCNA Implementation SIM

Comments

CCNA / CCNP Boot Camps in Kerala, the God's Own Country Best lab facilities, Best faculty www.ipsr.org

Adobe Premiere Pro CS4 $ 750 for 4 Days Includes Official Course, Exam, Hotel, Meals & more www.Koenig-Solutions

CISSP Exam Training Professional training by an expert and author of a popular CISSP book www.ChennaiNet.in/Trainin



Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

1. Abhishek BhardwajDecember 7th, 2010

After establishing the access list dont u think we should write “Access-list 1 deny any” command and one morething if i configure the interfaces Fa0/0 with nat inside and S0/0 with nat outsde command before configuring Accesslist and nat pool in that case will my configuration work????Plz help if possible…..

2. 9tutDecember 7th, 2010

Please remember that there is an implicit “deny any” at the end of each access list- this means that your access listwill deny all traffic that fails to match any of your access list lines. So you don’t need to write “access-list 1 denyany”

You can configure the interfaces Fa0/0 and S0/0 before configuring access list and nat pool. It will work well!

In fact, you don’t need to configure interfaces Fa0/0 and S0/0 because our question said: “the appropriateinterfaces have been configured for NAT inside and NAT outside”

3. Azeem javedDecember 7th, 2010

i am confused plz help meeIf i changed the command

Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248Changed belowWeaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.105 netmask 255.255.255.248

Tell me it works or not and why


It still works well because we used “overload” keyword (PAT). All your outgoing packages will have a source ipaddress of 198.18.184.105 but with different port numbers. But you should do what the question requested

5. StrangerInMoscowDecember 7th, 2010

is it ok to use the prefix-length 29 option with the “ip nat pool ” command instead of the netmask option

thanks


Yes, you can use “prefix-length 29″ instead of “netmask 255.255.255.248″

7. moroDecember 7th, 2010



i’m going to test on 29 & i can’t understand why we write

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15NOT

Weaver(config)#access-list 1 permit 192.168.100.17 0.0.0.15bec. the question is telling me that the inside local addresses 192.168.100.17 ????

8. BlazeDecember 7th, 2010

you cant write Weaver(config)#access-list 1 permit 192.168.100.17 0.0.0.15

you have to write the network number in the access-list configuration

192.168.100.17′s network address is 192.168.100.16

9. smileyDecember 7th, 2010

i think we shoud add :” access-list 1 deny 192.168.100.31 0.0.0.0″ because “access-list 1 permit 192.168.100.160.0.0.0″ includes the address 192.168.100.31 but the question requests only the address from 192.168.100.17 to192.168.100.30is it right???


No, we don’t need to add an access list of 192.168.100.31 because it is the broadcast address of this subnetwork

11. AllenDecember 7th, 2010

Shouldn’t you add a copy running-config startup-config after the:Weaver(config)#ip nat inside source list 1 pool mypool overload

as, no further configuration is needed?


We just need to use only one “copy running-config startup-config” command at the end of the process

13. toniDecember 7th, 2010

Hi 9tut,

on p4s Q397 as Hamid mention above it was on exam but there is no answer,

the question is:

which subnet mask it will be appropriate for a network address range to be subneted on up to 8 lans, with each lans



contaning 5 to 26 hosts

a: 0.0.0.244b:255.255.255.252c: 255.255.255.224

what i have worked out is answer C can you please give me a scond advice? many thanks for all you great supporton this side.

thankstoni


@toni: This question is not clear. But if we have to choose an answer, C is the best one!

15. brahamDecember 7th, 2010

can you apply access-list and then apply nat ,,, or both wat are ok ,,,or apply nat pool then acl…..thanks


You can do either first!

17. AsadDecember 7th, 2010

hi 9tut,

” Overload ” command should not be used here as it is reserved for PAT only that use to assign multiple ipaddresses into single ip.

as here is being asked to use the ” pool “, so we can just place the range of the pool as being told in the question.

like: ” ip nat inside source list 1 pool mypool ”

i guess it is enough to cover the whole question.

what you say? please answer as soon as possible as i have exams in coming days.

thanks

18. brahamDecember 7th, 2010

and for your question ,,, as far as i know ,,, just in case the pool got busier ,or can’t handle the traffic ,as the poolhave 5 addresses ,, overload option will be efficient to set ,,just trying to help ,,




Yes, we surely have to use “Overload” keyword because we have only 6 IP addresses for 30 hosts

20. chraDecember 7th, 2010

hey 9tut,

I think madhav is correct.access-list 1 permit 192.168.100.17 0.0.0.15


No, 192.168.100.16 is the network address, not 192.168.100.17

22. SupHackDecember 7th, 2010

Please I have my exam tomorrow and i’m very confuse by this problem.Are we obliged in the real exam to type : Weaver#, weaver(config), Weaver(config-if) as in the example thatfollow?

************************************************e.g:Weaver(config)#interface fa0/0Weaver(config-if)#ip nat insideWeaver(config-if)#exitWeaver(config)#interface s0/0Weaver(config-if)#ip nat outsideWeaver(config-if)#end

************************************************

or we can only type the command like this:

e-g:interface fa0/0ip nat insideexitinterface s0/0ip nat outsideend

***************************************************

Let me know if it can work in the real labs




Just type as your second part

24. yelizDecember 7th, 2010

Weaver(config)#ip nat inside source list 1 pool mypool overload

we have a nat pool ,we are doing dynamic nat so we don’t need ‘overload’,do we?

ı think we need ‘overload’ in nat overload/patıf we use nat overload/pat the command line will be like this:

Weaver(config)#ip nat inside source list 1 interface s 0/0

plese help me someone

25. crisDecember 7th, 2010

to yeliz: First if you don’t use overload can not be more than 6 users contacted to internet in the same time. The 7thone should wait until one connection is off. Overload means that you can use port number combined with ip addresswich allows more connections to internet in the same time. Without overload is a one to one connection ( one insideconnection to one global address)About using s0/0 means that your inside global address will be only one ip which is the interface ip. The interface ipcan be a diff. address than the addresses from pool. To get more connections to internet you should use overloadtoo : #ip nat inside source list 1 interface s0/0 overload

26. yelizDecember 7th, 2010

thanks to cris. I see, but I want to ask some moreCan I useWeaver(config)##ip nat inside source list 1 interface s0/0 overloadis ıt true for this question?Or should I create nat pool and use this:Weaver(config)#ip nat inside source list 1 pool mypool overload


You have to use “Weaver(config)#ip nat inside source list 1 pool mypool overload”, in which “mypool” is the poolyou created in previous step (“ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248″)

28. PaoL0December 7th, 2010

can we use the “?” in the CLI in the real exam?

i sometimes forget the exact structure of the codes for NAT.

is okay to use it? are there any deductions when you use the “?” ?

thanks in advance




@PaoL0: Yes, you can. But may be you will lose some points for it, so try to remember the commands. Good luckin your exam!

30. PaoL0December 7th, 2010

i have a question here.

when you created the acess-list 1 why did you use this code?

“Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15″

i noticed that you used “192.168.100.16″ where as in the example the starting ip address of the host is192.168.100.17?

and why is the wildcard bits used here is 0.0.0.15?my understanding on that is 16+15 (16 taken from the .16 of the first host) which will tell the router to permit ip’sstarting from .16 upto .31?

am i getting it right??


We have to use network address in the “access-list” command, although the first host is 192.168.100.17 but itsnetwork address is 192.168.100.16.

You can quickly figure out what the wildcard is by reversing the bits from the subnet mask. In this case the subnetmask is /28, its last octet is 1111 0000 so we reverse it into 0000 1111 = 15

32. ticonguyenDecember 8th, 2010

the easy way to find the reason for 0.0.0.15:You can use:255.255.255.255 – subnetmaskexample:255.255.255.255-255.255.255.240——————————–0 . 0. 0. 15Am I right? :D

33. rayanDecember 12th, 2010

hi, in nat sim, will tab work? it very hard to remember . ..



34. UthmanHassanDecember 13th, 2010

@ ryan

hi, in nat sim, will tab work? it very hard to remember . ..

————————————————————————

Two of my batchmates took the exam 2 weeks ago. They say in some questions IOS help, the “?” thing and the“tab” work and in some places they are unavailable. So you would need to remember these commands. They arenot very hard to learn.

Try this way:

To define a pool of inside global ip addresses try to say again and again:Router(config)#ip nat pool prefix-lengthORRouter(config)#ip nat pool netmask

It will ALWAYS be a SIMPLE STANDARD access-list to allow inside local addresses for NAT and you knowStandard ACL statement is simple enough:Router(config)#access-list permit

The final statement for enabling the PAT using above pool and ACL:Router(config)#ip nat inside source list pool overloadIn English it becomes:ip nat: I would like to natinside: from the inside of my networksource list 1: for the address permitted in source list 1pool mypool: to the addresses defined in the pool named mypooloverload: and also overload

Router(config)# I would like to nat, from the INSIDE of my network, for the address permitted in SOURCE LIST1, to the adress defined in POOL named mypool, and OVERLOAD as well

I myself had problems in remmebering this final nat command until I saw Jeremy Cioara describing the commmand“in English” like I mentioned above. I really like the way and used to apply command that way. Now I don’t evenneed the English translation.

Hope that helps.


HEY HEY HEY… READ MY POST NOW. The text editor removed all my greater than and less than symbolsand the stuff between them. Replacing them with parentheses now…

————————————————————-

Two of my batch mates took the exam 2 weeks ago. They say in some questions IOS help the “?” thing and the“tab” works and in some places they are unavailable. So you would need to remember these commands. They are



not very hard to learn.

Try this way:

To define a pool of inside global ip addresses try to say again and again:Router(config)#ip nat pool (pool_name) (pool address range) prefix-length (number)ORRouter(config)#ip nat pool (pool_name) (pool address range) netmask (subnet mask)

It will always be a SIMPLE access-list to allow inside local address and you know Standard ACL statement issimple enought:Router(config)#access-list (1-99) permit (network address) (wildcard mask)

The final statement for enabling the PAT using above pool and ACL:Router(config)#ip nat inside source list (ACL list number) pool (pool_name) overloadIn English it becomes:ip nat: I would like to natinside: from the inside of my networksource list 1: for the address permitted in access-list 1pool mypool: to the address defined in in the pool named mypooloverload: and also overload

Router(config)# I would like to nat, from the inside of my network, for the address permitted in ACL 1, to theadress defined in pool named mypool, and overload as well

I myself had problems in remmebering this final nat command until I saw Jeremy Cioara describing the commmand“in English” like I mentioned above. I really like the way and used to apply command that way. Now I don’t evenneed the English translation.

Hope that helps.


and if you don’t have a pool of public address (a pool of inside global address) but instead have only 1 public IP, itwould be configured on the edge serial interface say s0/0. In that case you don’t even need to define a pool.

After issuing “ip nat outside” command under s0/0 interface, go to global config prompt and type:Router(config)# I would like to NAT, from the INSIDE of my network, for the address permitted in SOURCELIST , to the address specified on INTERFACE , and OVERLOADRouter(config)#ip nat inside source list private_pool_1 interface serial 0/0 overload


O MY GOD… Sorry sorry. Admins would be frowning over my multiple posts for same thing but it again removedmy less than greater than symbols!

After issuing “ip nat outside” command under s0/0 interface, go to global config prompt and type:Router(config)# I would like to NAT, from the INSIDE of my network, for the address permitted in SOURCELIST (1-99 or name of ACL), to the address specified on INTERFACE (interface type) (interface number), andOVERLOAD



Router(config)#ip nat inside source list private_pool_1 interface serial 0/0 overload

Sorry 9tut. Will now remember that angled-brackets don’t work :-)


thanks uthman, i have exam in coming Thursday.. if u have latest dump plz do post on my mail id [email protected]. thanks a lot..

39. AnonymousDecember 14th, 2010

hello rayan ,if u get any dump plz forward to me plz my email id is [email protected] [email protected] plz send to me thanx


hi nayeem, posted mail..

rayan young.

41. Peter ColeDecember 14th, 2010

Hey 9Tut…Just wanted to say thanks for the great website…..

42. RobDecember 15th, 2010

hi all, got my exam tomorow… every one says that in the exam it will be only sims vtp, eigrp and ACL 2. so is therea chance this could be in the exam instead of one of the other sims???Kind regards

43. chaniDecember 18th, 2010

i have exam in coming wed…plss suggest me some last moment tips and topics to prepare before the exam…..

44. chaniDecember 18th, 2010

i have exam in coming wed…plss suggest me some last moment tips and topics to prepare before the exam…..plsshelp me out

45. sameheskDecember 19th, 2010

did any one try this sim on packet tracer?i tried it and i can’t ping , i don’t know why.

46. samehesk



December 19th, 2010

i found my mistake, i didn’t add the static routessorry

47. darkhorseDecember 19th, 2010

@SameheskI am trying this with Packet tracer, added static routes as follows:Weaver: ip route 0.0.0.0 0.0.0.0 Serial0/0/0ISP: ip route 198.18.184.0 255.255.255.248 Serial0/0/0

My pings don’t work, no route back from ISP to Weaver :-(Any pointers? — thanks

48. sameheskDecember 20th, 2010

@darkhorsejust make a static default route on isp to serial s0/1e.gip route 0.0.0.0 0.0.0.0 s0/1

49. RamiJanuary 1st, 2011

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

WHAT WILL HAPPEN IF I WRITE:Weaver(config)#access-list 1 permit any

ANY PROBLEM?IF I FORGOT TO CHANGE THE HOST NAME, WILL I LOOSE ALL THE MARK?

1. No trackbacks yet.

Add a Comment

Name

Website (not required)

Submit Comment

Subscribe to comments feedCCNA Configuration SIM Question 9tut.net for ICND 1 & ICND 2 has been launched!



CCNA 640-802

CCNA Lab SimCCNA – Access List QuestionsCCNA – WANCCNA – OSPF QuestionsCCNA – EIGRP QuestionsDHCP Group of Four QuestionsCCNA – Drag and Drop 1CCNA – Drag and Drop 2CCNA – Drag and Drop 3CCNA – Drag and Drop 4CCNA – HotspotCCNA – IPv6 QuestionsCCNA – SubnettingCCNA – Operations 1CCNA – Operations 2CCNA – Operations 3CCNA – Troubleshooting 1CCNA – Troubleshooting 2Share your CCNA Experience

CCNA Self-Study

Practice CCNA GNS3 LabsCCNA Knowledge

Network Resources

CCNA FAQs & TipsFree Router Simulators

ICND1/ICND2 Website

CCNP - ROUTE Website

CCNP - SWITCH Website

CCNP - TSHOOT Website

CCNA Voice Website

CCNA Security Website

CCDA Website



CCIE Written Website

Support 9tut

Your contribution will help keep this site updated!

TopCopyright © 2010 CCNA TrainingPrivacy Policy. Valid XHTML 1.1 and CSS 3.

Ads by Google

Get CCNA Certified

CCNA Video Training

Cisco IP Nat Outside

CCNA ICND 1



ccna training » ccna nat sim question 1

Documents