ccna training » ccna nat sim question 1
TRANSCRIPT
Type text to search here...
Home > CCNA NAT SIM Question 1
CCNA NAT SIM Question 1October 18th, 2010 Go to comments
Question
A network associate is configuring a router for the CCNA Training company to provide internet access. The ISP hasprovided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that needto access the internet simultaneously. The hosts in the CCNA Training company LAN have been assigned private spaceaddresses in the range of 192.168.100.17 – 192.168.100.30.
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access forthe hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration informationrouter name – Weaverinside global addresses – 198.18.184.105 198.18.184.110/29 inside local addresses – 192.168.100.17 – 192.168.100.30/28 number of inside hosts – 14
The following have already been configured on the router:
- The basic router configuration
- The appropriate interfaces have been configured for NAT inside and NAT outside
- The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.)
- All passwords have been temporarily set to “cisco”
Ads by Google CCNA Practice Exam Cisco CCNA 640 802 Exam Cisco CCNA Voice CCNA
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 1/15
Solution:
The CCNA Training company has 14 hosts that need to access the internet simultaneously but we just have 6 public IPaddresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it
Router>enableRouter#configure terminal
First you should change the router’s name to Weaver
Router(config)#hostname Weaver
Create a NAT pool of global addresses to be allocated with their netmask (/29 = 255.255.255.248). There were reportsthat the simulator in the real exam did not accept “prefix-length” keryword so you should use “netmask” keyword.
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Establish dynamic source translation, specifying the access list that was defined in the prior step
Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to198.18.184.110)
Cisco Biz TelePresence Maximize your ROI return with Cisco video conference. Free Demo Here! Cisco.com/Cisco_T
I passed the CCIE R&S Lab on my first attempt! Steve Clarkin - CCIE #25821 www.INE.com/CCIE
Pass ACCA Exams 1st Time Career Service, LSBF ACCA Tutors Team+ Fully funded MBA/MSc Degree www.CA-MB
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 2/15
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using differentports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Weaver(config)#interface fa0/0Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0Weaver(config-if)#ip nat outsideWeaver(config-if)#end
Finally, we should save all your work with the following command:
Weaver#copy running-config startup-config
Check your configuration by going to “Host for testing” and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA NAT SIM Question 1
CCNA NAT SIM Question 2
CCNA Frame Relay Sim
CCNA Configuration SIM Question (RIPv2 SIM)
CCNA VTP SIM
CCNA EIGRP LAB
CCNA Drag and Drop SIM
CCNA Implementation SIM
Comments
CCNA / CCNP Boot Camps in Kerala, the God's Own Country Best lab facilities, Best faculty www.ipsr.org
Adobe Premiere Pro CS4 $ 750 for 4 Days Includes Official Course, Exam, Hotel, Meals & more www.Koenig-Solutions
CISSP Exam Training Professional training by an expert and author of a popular CISSP book www.ChennaiNet.in/Trainin
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 3/15
1. Abhishek BhardwajDecember 7th, 2010
After establishing the access list dont u think we should write “Access-list 1 deny any” command and one morething if i configure the interfaces Fa0/0 with nat inside and S0/0 with nat outsde command before configuring Accesslist and nat pool in that case will my configuration work????Plz help if possible…..
2. 9tutDecember 7th, 2010
Please remember that there is an implicit “deny any” at the end of each access list- this means that your access listwill deny all traffic that fails to match any of your access list lines. So you don’t need to write “access-list 1 denyany”
You can configure the interfaces Fa0/0 and S0/0 before configuring access list and nat pool. It will work well!
In fact, you don’t need to configure interfaces Fa0/0 and S0/0 because our question said: “the appropriateinterfaces have been configured for NAT inside and NAT outside”
3. Azeem javedDecember 7th, 2010
i am confused plz help meeIf i changed the command
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248Changed belowWeaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.105 netmask 255.255.255.248
Tell me it works or not and why
4. 9tutDecember 7th, 2010
It still works well because we used “overload” keyword (PAT). All your outgoing packages will have a source ipaddress of 198.18.184.105 but with different port numbers. But you should do what the question requested
5. StrangerInMoscowDecember 7th, 2010
is it ok to use the prefix-length 29 option with the “ip nat pool ” command instead of the netmask option
thanks
6. 9tutDecember 7th, 2010
Yes, you can use “prefix-length 29″ instead of “netmask 255.255.255.248″
7. moroDecember 7th, 2010
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 4/15
i’m going to test on 29 & i can’t understand why we write
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15NOT
Weaver(config)#access-list 1 permit 192.168.100.17 0.0.0.15bec. the question is telling me that the inside local addresses 192.168.100.17 ????
8. BlazeDecember 7th, 2010
you cant write Weaver(config)#access-list 1 permit 192.168.100.17 0.0.0.15
you have to write the network number in the access-list configuration
192.168.100.17′s network address is 192.168.100.16
9. smileyDecember 7th, 2010
i think we shoud add :” access-list 1 deny 192.168.100.31 0.0.0.0″ because “access-list 1 permit 192.168.100.160.0.0.0″ includes the address 192.168.100.31 but the question requests only the address from 192.168.100.17 to192.168.100.30is it right???
10. 9tutDecember 7th, 2010
No, we don’t need to add an access list of 192.168.100.31 because it is the broadcast address of this subnetwork
11. AllenDecember 7th, 2010
Shouldn’t you add a copy running-config startup-config after the:Weaver(config)#ip nat inside source list 1 pool mypool overload
as, no further configuration is needed?
12. 9tutDecember 7th, 2010
We just need to use only one “copy running-config startup-config” command at the end of the process
13. toniDecember 7th, 2010
Hi 9tut,
on p4s Q397 as Hamid mention above it was on exam but there is no answer,
the question is:
which subnet mask it will be appropriate for a network address range to be subneted on up to 8 lans, with each lans
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 5/15
contaning 5 to 26 hosts
a: 0.0.0.244b:255.255.255.252c: 255.255.255.224
what i have worked out is answer C can you please give me a scond advice? many thanks for all you great supporton this side.
thankstoni
14. 9tutDecember 7th, 2010
@toni: This question is not clear. But if we have to choose an answer, C is the best one!
15. brahamDecember 7th, 2010
can you apply access-list and then apply nat ,,, or both wat are ok ,,,or apply nat pool then acl…..thanks
16. 9tutDecember 7th, 2010
You can do either first!
17. AsadDecember 7th, 2010
hi 9tut,
” Overload ” command should not be used here as it is reserved for PAT only that use to assign multiple ipaddresses into single ip.
as here is being asked to use the ” pool “, so we can just place the range of the pool as being told in the question.
like: ” ip nat inside source list 1 pool mypool ”
i guess it is enough to cover the whole question.
what you say? please answer as soon as possible as i have exams in coming days.
thanks
18. brahamDecember 7th, 2010
and for your question ,,, as far as i know ,,, just in case the pool got busier ,or can’t handle the traffic ,as the poolhave 5 addresses ,, overload option will be efficient to set ,,just trying to help ,,
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 6/15
19. 9tutDecember 7th, 2010
Yes, we surely have to use “Overload” keyword because we have only 6 IP addresses for 30 hosts
20. chraDecember 7th, 2010
hey 9tut,
I think madhav is correct.access-list 1 permit 192.168.100.17 0.0.0.15
21. 9tutDecember 7th, 2010
No, 192.168.100.16 is the network address, not 192.168.100.17
22. SupHackDecember 7th, 2010
Please I have my exam tomorrow and i’m very confuse by this problem.Are we obliged in the real exam to type : Weaver#, weaver(config), Weaver(config-if) as in the example thatfollow?
************************************************e.g:Weaver(config)#interface fa0/0Weaver(config-if)#ip nat insideWeaver(config-if)#exitWeaver(config)#interface s0/0Weaver(config-if)#ip nat outsideWeaver(config-if)#end
************************************************
or we can only type the command like this:
e-g:interface fa0/0ip nat insideexitinterface s0/0ip nat outsideend
***************************************************
Let me know if it can work in the real labs
23. 9tutDecember 7th, 2010
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 7/15
Just type as your second part
24. yelizDecember 7th, 2010
Weaver(config)#ip nat inside source list 1 pool mypool overload
we have a nat pool ,we are doing dynamic nat so we don’t need ‘overload’,do we?
ı think we need ‘overload’ in nat overload/patıf we use nat overload/pat the command line will be like this:
Weaver(config)#ip nat inside source list 1 interface s 0/0
plese help me someone
25. crisDecember 7th, 2010
to yeliz: First if you don’t use overload can not be more than 6 users contacted to internet in the same time. The 7thone should wait until one connection is off. Overload means that you can use port number combined with ip addresswich allows more connections to internet in the same time. Without overload is a one to one connection ( one insideconnection to one global address)About using s0/0 means that your inside global address will be only one ip which is the interface ip. The interface ipcan be a diff. address than the addresses from pool. To get more connections to internet you should use overloadtoo : #ip nat inside source list 1 interface s0/0 overload
26. yelizDecember 7th, 2010
thanks to cris. I see, but I want to ask some moreCan I useWeaver(config)##ip nat inside source list 1 interface s0/0 overloadis ıt true for this question?Or should I create nat pool and use this:Weaver(config)#ip nat inside source list 1 pool mypool overload
27. 9tutDecember 7th, 2010
You have to use “Weaver(config)#ip nat inside source list 1 pool mypool overload”, in which “mypool” is the poolyou created in previous step (“ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248″)
28. PaoL0December 7th, 2010
can we use the “?” in the CLI in the real exam?
i sometimes forget the exact structure of the codes for NAT.
is okay to use it? are there any deductions when you use the “?” ?
thanks in advance
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 8/15
29. 9tutDecember 7th, 2010
@PaoL0: Yes, you can. But may be you will lose some points for it, so try to remember the commands. Good luckin your exam!
30. PaoL0December 7th, 2010
i have a question here.
when you created the acess-list 1 why did you use this code?
“Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15″
i noticed that you used “192.168.100.16″ where as in the example the starting ip address of the host is192.168.100.17?
and why is the wildcard bits used here is 0.0.0.15?my understanding on that is 16+15 (16 taken from the .16 of the first host) which will tell the router to permit ip’sstarting from .16 upto .31?
am i getting it right??
31. 9tutDecember 7th, 2010
We have to use network address in the “access-list” command, although the first host is 192.168.100.17 but itsnetwork address is 192.168.100.16.
You can quickly figure out what the wildcard is by reversing the bits from the subnet mask. In this case the subnetmask is /28, its last octet is 1111 0000 so we reverse it into 0000 1111 = 15
32. ticonguyenDecember 8th, 2010
the easy way to find the reason for 0.0.0.15:You can use:255.255.255.255 – subnetmaskexample:255.255.255.255-255.255.255.240——————————–0 . 0. 0. 15Am I right? :D
33. rayanDecember 12th, 2010
hi, in nat sim, will tab work? it very hard to remember . ..
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 9/15
34. UthmanHassanDecember 13th, 2010
@ ryan
hi, in nat sim, will tab work? it very hard to remember . ..
————————————————————————
Two of my batchmates took the exam 2 weeks ago. They say in some questions IOS help, the “?” thing and the“tab” work and in some places they are unavailable. So you would need to remember these commands. They arenot very hard to learn.
Try this way:
To define a pool of inside global ip addresses try to say again and again:Router(config)#ip nat pool prefix-lengthORRouter(config)#ip nat pool netmask
It will ALWAYS be a SIMPLE STANDARD access-list to allow inside local addresses for NAT and you knowStandard ACL statement is simple enough:Router(config)#access-list permit
The final statement for enabling the PAT using above pool and ACL:Router(config)#ip nat inside source list pool overloadIn English it becomes:ip nat: I would like to natinside: from the inside of my networksource list 1: for the address permitted in source list 1pool mypool: to the addresses defined in the pool named mypooloverload: and also overload
Router(config)# I would like to nat, from the INSIDE of my network, for the address permitted in SOURCE LIST1, to the adress defined in POOL named mypool, and OVERLOAD as well
I myself had problems in remmebering this final nat command until I saw Jeremy Cioara describing the commmand“in English” like I mentioned above. I really like the way and used to apply command that way. Now I don’t evenneed the English translation.
Hope that helps.
35. UthmanHassanDecember 13th, 2010
HEY HEY HEY… READ MY POST NOW. The text editor removed all my greater than and less than symbolsand the stuff between them. Replacing them with parentheses now…
————————————————————-
Two of my batch mates took the exam 2 weeks ago. They say in some questions IOS help the “?” thing and the“tab” works and in some places they are unavailable. So you would need to remember these commands. They are
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 10/15
not very hard to learn.
Try this way:
To define a pool of inside global ip addresses try to say again and again:Router(config)#ip nat pool (pool_name) (pool address range) prefix-length (number)ORRouter(config)#ip nat pool (pool_name) (pool address range) netmask (subnet mask)
It will always be a SIMPLE access-list to allow inside local address and you know Standard ACL statement issimple enought:Router(config)#access-list (1-99) permit (network address) (wildcard mask)
The final statement for enabling the PAT using above pool and ACL:Router(config)#ip nat inside source list (ACL list number) pool (pool_name) overloadIn English it becomes:ip nat: I would like to natinside: from the inside of my networksource list 1: for the address permitted in access-list 1pool mypool: to the address defined in in the pool named mypooloverload: and also overload
Router(config)# I would like to nat, from the inside of my network, for the address permitted in ACL 1, to theadress defined in pool named mypool, and overload as well
I myself had problems in remmebering this final nat command until I saw Jeremy Cioara describing the commmand“in English” like I mentioned above. I really like the way and used to apply command that way. Now I don’t evenneed the English translation.
Hope that helps.
36. UthmanHassanDecember 13th, 2010
and if you don’t have a pool of public address (a pool of inside global address) but instead have only 1 public IP, itwould be configured on the edge serial interface say s0/0. In that case you don’t even need to define a pool.
After issuing “ip nat outside” command under s0/0 interface, go to global config prompt and type:Router(config)# I would like to NAT, from the INSIDE of my network, for the address permitted in SOURCELIST , to the address specified on INTERFACE , and OVERLOADRouter(config)#ip nat inside source list private_pool_1 interface serial 0/0 overload
37. UthmanHassanDecember 13th, 2010
O MY GOD… Sorry sorry. Admins would be frowning over my multiple posts for same thing but it again removedmy less than greater than symbols!
After issuing “ip nat outside” command under s0/0 interface, go to global config prompt and type:Router(config)# I would like to NAT, from the INSIDE of my network, for the address permitted in SOURCELIST (1-99 or name of ACL), to the address specified on INTERFACE (interface type) (interface number), andOVERLOAD
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 11/15
Router(config)#ip nat inside source list private_pool_1 interface serial 0/0 overload
Sorry 9tut. Will now remember that angled-brackets don’t work :-)
38. rayanDecember 13th, 2010
thanks uthman, i have exam in coming Thursday.. if u have latest dump plz do post on my mail id [email protected]. thanks a lot..
39. AnonymousDecember 14th, 2010
hello rayan ,if u get any dump plz forward to me plz my email id is [email protected] [email protected] plz send to me thanx
40. rayanDecember 14th, 2010
hi nayeem, posted mail..
rayan young.
41. Peter ColeDecember 14th, 2010
Hey 9Tut…Just wanted to say thanks for the great website…..
42. RobDecember 15th, 2010
hi all, got my exam tomorow… every one says that in the exam it will be only sims vtp, eigrp and ACL 2. so is therea chance this could be in the exam instead of one of the other sims???Kind regards
43. chaniDecember 18th, 2010
i have exam in coming wed…plss suggest me some last moment tips and topics to prepare before the exam…..
44. chaniDecember 18th, 2010
i have exam in coming wed…plss suggest me some last moment tips and topics to prepare before the exam…..plsshelp me out
45. sameheskDecember 19th, 2010
did any one try this sim on packet tracer?i tried it and i can’t ping , i don’t know why.
46. samehesk
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 12/15
December 19th, 2010
i found my mistake, i didn’t add the static routessorry
47. darkhorseDecember 19th, 2010
@SameheskI am trying this with Packet tracer, added static routes as follows:Weaver: ip route 0.0.0.0 0.0.0.0 Serial0/0/0ISP: ip route 198.18.184.0 255.255.255.248 Serial0/0/0
My pings don’t work, no route back from ISP to Weaver :-(Any pointers? — thanks
48. sameheskDecember 20th, 2010
@darkhorsejust make a static default route on isp to serial s0/1e.gip route 0.0.0.0 0.0.0.0 s0/1
49. RamiJanuary 1st, 2011
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
WHAT WILL HAPPEN IF I WRITE:Weaver(config)#access-list 1 permit any
ANY PROBLEM?IF I FORGOT TO CHANGE THE HOST NAME, WILL I LOOSE ALL THE MARK?
1. No trackbacks yet.
Add a Comment
Name
Website (not required)
Submit Comment
Subscribe to comments feedCCNA Configuration SIM Question 9tut.net for ICND 1 & ICND 2 has been launched!
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 13/15
CCNA 640-802
CCNA Lab SimCCNA – Access List QuestionsCCNA – WANCCNA – OSPF QuestionsCCNA – EIGRP QuestionsDHCP Group of Four QuestionsCCNA – Drag and Drop 1CCNA – Drag and Drop 2CCNA – Drag and Drop 3CCNA – Drag and Drop 4CCNA – HotspotCCNA – IPv6 QuestionsCCNA – SubnettingCCNA – Operations 1CCNA – Operations 2CCNA – Operations 3CCNA – Troubleshooting 1CCNA – Troubleshooting 2Share your CCNA Experience
CCNA Self-Study
Practice CCNA GNS3 LabsCCNA Knowledge
Network Resources
CCNA FAQs & TipsFree Router Simulators
ICND1/ICND2 Website
CCNP - ROUTE Website
CCNP - SWITCH Website
CCNP - TSHOOT Website
CCNA Voice Website
CCNA Security Website
CCDA Website
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 14/15
CCIE Written Website
Support 9tut
Your contribution will help keep this site updated!
TopCopyright © 2010 CCNA TrainingPrivacy Policy. Valid XHTML 1.1 and CSS 3.
Ads by Google
Get CCNA Certified
CCNA Video Training
Cisco IP Nat Outside
CCNA ICND 1
1/2/2011 CCNA Training » CCNA NAT SIM Quest…
9tut.com/52-ccna-nat-sim-question 15/15