| NAT |
| Changes the private IP addresses to publicly registered IP address inside each IP packet |
| Static NAT: Configures a 1-1 mapping between the private address and the registered address that is used on its behalf. |
| :Inside local = private address Inside Global = public address |
| Dynamic NAT: 1-1 mapping between inside local and inside global address. However, this mapping occurs dynamically. |
| 1. Sets up pool of possible inside global addresses |
| 2. Router applies criteria to determine if NAT should be applied |
| 3. If it should be applied, add entry to NAT table |
| 4. Translate source IP address and forward the packet |
| *Dynamic mappings cleared out after set timeout expires with no activity, or you can use the command: clear ip nat translation * command |
| Port Address Translation (PAT) |
| Allows more internal IP addresses than there are Outside IP addresses. Without PAT, Nat only supports internally the number available externally. |
| -> If just NAT used, and all IPs already assigned, discard packet. User must try again until a NAT entry becomes available |
| Overloading NAT with PAT |
| Allows scaling to support many client machines, and access to the internet with only a few public addresses. |
| * NAT table retains internal IP and port, and translates to global IP and port. |
| * Since port field is 16 bits, support more than 65,000 port numbers |
| * Can also translate overlapped/inappropriately assigned network numbers. |
| * Must translate both source and destination if used |
NAT Configuration
| Command |
| ip nat [inside | outside] |
| ip nat inside source |
| ip nat outside source |
| ip nat inside destination list |
| ip nat pool |
| ip nat inside source list |
| Command | Description |
| show ip nat statistics | Lists counters for packets and NAT table entries |
| show ip nat translations | Displays the NAT table |
| clear ip nat translation | Clears some/all of the dynamic entries |
| debug ip nat | Issues a log message describing each packet whose IP address is translated with NAT |
Assume Router NAT performs the translation: config tnterface FastEthernet 0/0 ip address [address][mask] ip nat inside exit interface Serial 0/0 ip address [address][mask] ip nat outside exit ip nat inside source static 10.1.1.1 200.1.1.1 ip nat inside source static 10.1.1.2 200.1.1.2 show ip nat translations Displays inside global/inside local IP addresses show ip nat statistics Displays total active translations, outside/inside interfaces |
Dynamic NAT Configuration
Each interface still needs to be designated as either inside or outside, but static entries no longer needed.
ip nat pool [pool name] [start address] [end address] netmask [subnet mask]
ip nat inside source list [ACL #] pool [pool name]
|
ip nat inside source list [list #] interface serial 0/0 overload
Misc TCP/IP Topics
ICMP: Provides a variety of information about network’s health and operational status.
- Actual messages sit inside IP packet.
- Echo request/echo reply sent and received by ping command
- (Refer to Ultimate CCNA INTRO Guide for additional information)
- Sets TTL to 1, so next hop sets it to 0 and replies with time exceeded. This is how trace learns, or "traces", the route. Next packet sent, increment the TTL to learn the next hop.
Secondary Addressing
If running out of subnets/addresses, you have the ability to use multiple subnets of the same interface in order to increase the number of supported devices on that subnet/segment.
If you were to issue a show running-config command:
ip address 10.1.7.252 255.255.255.0 secondary
ip address 10.1.2.252 255.255.255.0
0 comments:
Post a Comment