CCNA NAT SIM Question 1
Question
A network associate is configuring a router for the CCNA Training company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the CCNA Training company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration information
router name – Weaver
inside global addresses – 198.18.184.105 198.18.184.110/29
inside local addresses – 192.168.100.17 – 192.168.100.30/28
number of inside hosts – 14
|
The following have already been configured on the router: - The basic router configuration - The appropriate interfaces have been configured for NAT inside and NAT outside - The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.) - All passwords have been temporarily set to “cisco” |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download this sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The CCNA Training company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it
Router>enable
Router#configure terminal
First you should change the router’s name to Weaver
Router(config)#hostname Weaver
Create a NAT pool of global addresses to be allocated with their netmask (/29 = 255.255.255.248). There were reports that the simulator in the real exam did not accept “prefix-length” keryword so you should use “netmask” keyword.
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Establish dynamic source translation, specifying the access list that was defined in the prior step
Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Finally, we should save all your work with the following command:
Weaver#copy running-config startup-config
Check your configuration by going to “Host for testing” and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
I wrote my CCNA yesterday and I failed , need you help now. EIGRP routing protocol question. if there
Hi Tarun! You are correct buddy.
The /29 mask will give us these network and broadcast addresses, which are unusable:
Networks– 0,8,16,24,32,…,104,112,120,…
Broadcast– 7,15,23,31,….,103,111,119,…
So the usable host address 2^3-2=6 within one of the subnetworks of /29 ranges from 105-110.
After copy running-config startup config command in NAT what is the next step please help….
“The appropriate interfaces have been configured for NAT inside and NAT outside”
….it appears I had to set these manually in order for the pings to work.
@Rachus
yes u r correct we hav to configure ip nat inside and outside commands on interfaces to make it work…….thanks u r comments guided me
In Nat sim do we need to apply at Interface.
Gotta love these questions. Unless you were hosting on the inside you wouldn’t need that many IPs for 14 hosts only.
hello 9tut please help me with this query
the pool should include 198.18.184.105 198.18.184.110 but with the netmask of 255.255.255.248 it gives subnets as follows
198.18.184.0 – 7
198.18.184.8 – 15 and so on
so from the above mask it is clear that 198.18.184.105 and 198.18.184.110 are on different subnets so how it works….. im thinking 255.255.255.240 will be the correct mask …… please help with me this soon …….
- that was the correct subnetmask… it came from /29
0.
.8
.
.
.104
.112
so 105 -110 is included to 104-112
@E
as you wrote the subnets as follows:
198.18.184.0 – 7
198.18.184.8 – 15
.
.
.
198.18.184.104 – 111 <—(so: 198.18.184.105 & 198.18.184.110 are on the same subnets)
198.18.184.112 – 120
.
.
@9tut
@all
routerA#show ip nat translations
pro inside global inside local
1.1.128.1 10.18.14.90
1.1.129.107 10.18.14.91
.
.
.
.
.
.
1.1.135.174 10.20.122.240
****
which commandd would allow the translations to be created on the router?
A.ip nat pool mynats 1. 1. 128. 1 1. 1. 135. 254 prefix-length 19
B.ip nat outside mynats 1. 1. 128. 1 1. 1. 135. 254 prefix-length 19
C.ip nat pool mynats 1. 1. 128. 1 1. 1. 135. 254 prefix-length 18
D.ip nat outside mynats 1. 1. 128. 1 1. 1. 135. 254 prefix-length 18
it says that the correct answer is A (tk v218)
but i feel it should be C
help me
thanx
pro inside global——-inside local
1.1.128.1 ————–10.18.14.90
1.1.129.107————-10.18.14.91
.
.
.
1.1.135.174————-10.20.122.240
1.1.123.1 ~ 1.1.135.254
subnetting prifix=19
because
1.1.1000 0000.X~ 1.1.1000 0111.X
1.1.128.X ~ 1.1.135.X
but prifix=18
1.1.0000 0000.X~ 1.1.1111 1111.X
1.1.0.1~1.1.254.254 = more usefulless
@Kaz, @Patrick
Shouldn’t be /21? Why /19?
/19=1.1.128.0-1.1.159.255
Just A quick noob question.. im taking CCNA Exam this month.. may i know how many items are there on the exam? and how much time do they give you to finish it..also on simulations.. are you going to build your config then answer question.. or when you save the configuration, thats pretty much it.. sorry i have to ask..
@gio
feel free to ask anything, there is no such thing as a “noob question”.
try this link for some answers:
http://www.9tut.com/ccna-faqs-a-tips
@xallax
in this nat sim, shouldnt the access-list be applied on the interface (e.g access-group 1 out)?please reply
@ayaj
you’re not filtering traffic per access-list, you’re translating LAN IPs to public IPs. that’s why we don’t apply the access-list to the interface using the *access-group* command.
@xallax
ok.thanks a lot
is the Nat sim used anymore…most people say acl2 eigrp and Vtp…has anyone taken the exam recently with this Nat sim in it?? or even RIP sim??
i took the exam and got 801. failed by one question.. forgot to do the command copy run start for access list.. how cruel life can be. i even realised it midway. but our great cisco rule of cant go back made sure i missed it by 24 marks.. all the sims.. access list. eigrp, and vtp were totally ambush questions……… by totally changing the questions even though the diagram was same.. i am feeling very low.. good luck to everyone else…
Do we need not bind the access list to any interface while using it for NAT over load? In the above example, they haven’t done any binding of the access list to any interface. Kindly confirm
@Bala: No, we don’t have to bind ACL to the interface in case of NAT. AFAIK, it used to define a range of inside local IP addresses allowed to map on the inside global.
@Bala: ACL uses in this command:
ip nat inside source list 1 pool pool_name [overload]
^^^
list 1 => access-list 1 permit network mask
I can imagine, my question is totally stupid, but I just want to pass the exam.
Does the name of the nat pool matter or can I name it as I like to?
@goincna you can give it any name but check first to see if u are instructed to use a particular name in the question..cheers!!
hey guy is that give the same answer or not pleas replay any one——
Router(config)#hostname Weaver
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
weaver(cofing)#access-list 1 deny any
ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Happyfeet … you don’t need to put ….access-list 1 deny any ….because all access lists end with an implicit deny any.
And of course watch about -Weaver(config)#ip nat inside source list 1 pool mypool overload
I passed my CCNA today.. Thanks to 9tut and examcollection
thanks sovy..
Can any one tell me what is the passing score out of 1000
@lovely: Please read http://www.9tut.com/ccna-faqs-a-tips
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Why is this the command and not
Weaver(config)#access-list 1 permit 192.168.100.17 0.0.0.15
since 192.168.100.17 is the starting address? Why is it 16?
@john
because that wildcard mask would filter for
192.168.100.0 – 192.168.100.15
192.168.100.16 – 192.168.100.31
192.168.100.32 – 192.168.100.47
and so on
What does 15 mean ?
in this >>>> 0.0.0.15
What I know is that it checks the first 24-bit which they are network IDs . But (15) !!?
i am taking up my exams in 2 days, can u people suggest me how to get prepared for labs? i am really getting messed up with that..
me suggest me on simulations, my id is sush_suhas@yahoo.co.in
@khalid
0.0.0.15 means
check a block of 16 IPs
example:
200.200.200.0 _ 0.0.0.15
check from .0 to .15
192.192.192.128 _ 0.0.0.15
check from .128 to .143
Weaver#copy running-config startup-config
Destination filename [startup-config]?
how to copy the file !!!please help
@Abhi
Weaver#copy running-config startup-config
Destination filename [startup-config]?
This means, you are instructing the system to save the running-config to startup-config(NVRAM).
The system then comes back and verify, confirm: Destination filename [startup-config]?
You just have to press the enter key to confirm.
I hope this helps. Thanks.
hi all please i have practices a lot but i don’t know what the exam like
please, could anyone send me the latest CCNA dumps.Thanks . owaboyeooluwasanjo@yahoo.com
plz sand me last dumpes ccna
my email. add .abhishekmhadn@gmail.com
Pls, when configuring the pool name, must we use “my pool” or anything that appeals more.
@ ugo
not necessarily “my pool”
@Ugo
The “pool” cannot be change, but you can change “my” to whatever you wish. ie. “the pool”, “john pool”, “ted pool” etc. But remember, you got to be consistent all the way.
@all
is these labs are still valid or some changes have been occur???
The configuration has to be apply to the serial interface so/o in order to be completed.
Am I wrong or right?
Hi all..
just one question, is it neccessary to put the “overload” at the end of the statement..i mean it will work just fine even without it..
i.e
ip nat inside source list 1 pool mypool
instead of
ip nat inside source list 1 pool mypool overload
Why i am saying this is bcoz we have a pool of public ip addresses not one public ip address (for overload)..so in this case, why r we using overload..and if we r using overload then dont u guys think we should use this statement..
ip nat inside source list 1 interface s0/0 overload
Plz correct me if i am wrong.
@Ciscotic: We must use the keyword “overload” because the pool is not enough for all hosts to access internet at the same time. Notice that the pool only has 6 public IP addresses (from 198.18.184.105 to 198.18.184.110) while we have 14 hosts (from 192.168.100.17 to 192.168.100.30).