CCNA NAT SIM Question 1
Question
A network associate is configuring a router for the CCNA Training company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the CCNA Training company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration information
router name – Weaver
inside global addresses – 198.18.184.105 198.18.184.110/29
inside local addresses – 192.168.100.17 – 192.168.100.30/28
number of inside hosts – 14
|
The following have already been configured on the router: - The basic router configuration - The appropriate interfaces have been configured for NAT inside and NAT outside - The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.) - All passwords have been temporarily set to “cisco” |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download this sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The CCNA Training company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it
Router>enable
Router#configure terminal
First you should change the router’s name to Weaver
Router(config)#hostname Weaver
Create a NAT pool of global addresses to be allocated with their netmask (/29 = 255.255.255.248). There were reports that the simulator in the real exam did not accept “prefix-length” keryword so you should use “netmask” keyword.
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Establish dynamic source translation, specifying the access list that was defined in the prior step
Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Finally, we should save all your work with the following command:
Weaver#copy running-config startup-config
Check your configuration by going to “Host for testing” and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
Hello friends I am taking ccna exam in two weeks, plz send latest exam dumps to lward602@yahoo.com thx again
hi Mel
Thanks a lot for pointing us to a virus site!!
For the sake of our readers, we removed the link to that file.
Did any body tried the CCNA + TEST BUNDLE ? COAST ABOUT $371.
iS that cisco new way to take down the prepExam simulator company. Just didn’t get it.
my point is if Cisco is giving up the virtual real exam that should save us lot time and money from a failure attempts.
– Please any one how had this test bundle, We need your honest feedback –
Thank you all, best of luck
Dear All,
The most important command has been missed in this SIM; without applying an access list 1 to the Fa0/0 In; the above is not going to work…
Weaver(Config)#interface fastetnernet 0/0
Weaver(Config-if)# ip access-group 1 in
Now everything should work…
:D
Aniket Belsare.
aniketbelsare@gmail.com
Mr. Sir Jee Aniket Belsare
I think you have studied only Access List and not NAT.
Go give some time to NAT also.
the ping on 198.0.2.114 is success without needing to apply the previous nat configuration !!
how is that possible ??
hi everyone!
Which statement is correct regarding the operation of DHCP?
a. If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
b. If an address conflict is detected, the address is removed from the pool for an amount of time configurable by the administrator.
Which one is true??? At 9tut the answer is a , at Brar the answer is b. I am not sure what is right!!!
@ bob
Well in that case…there is no need of writing “overload” ……
akkii, bobs right your not! conversation over!
can some one explain to me how do we work out this subnet mask198.18.184.105 19 8.18.184.110/29 to get this (/29 = 255.255.255.248)
CIDR Subnet Mask nnnnnnnn.nnnnnnnn.nnnnnnnn.????????
/24 = 255.255.255.0 = 11111111.11111111.11111111.00000000 (= 254 hosts)
/25 = 255.255.255.128 = 11111111.11111111.11111111.10000000 (= 126 hosts)
/26 = 255.255.255.192 = 11111111.11111111.11111111.11000000 (= 62 hosts)
/27 = 255.255.255.224 = 11111111.11111111.11111111.11100000 (= 30 hosts)
/28 = 255.255.255.240 = 11111111.11111111.11111111.11110000 (= 14 hosts)
/29 = 255.255.255.248 = 11111111.11111111.11111111.11111000 (= 6 hosts)
/30 = 255.255.255.252 = 11111111.11111111.11111111.11111100 (= 2 hosts)
/29 means that the first 29 bits are all ones. If you add all ones together you get:
128 64 32 16 8 4 2 1
x x x x x x x x
1 1 1 1 1 0 0 0
128 + 64 + 32 + 16 + 8 + 0 + 0 + 0 = 248
Does this make sense ?
@akki – you missed some key detail in this question/scenario.
*The ISP has handed ‘ONLY’ 6 public IP addresses > the company has 14 hosts that need to ‘SIMULTANEOUSLY’ access the internet > hence you need ‘overload’…else all 14 hosts won’t be able to ‘simultaneously’ access the internet with ‘only’ 6 public IP’s.
Fadi, If you are running the ping from the router, it will ALWAYS work fine. however if you are running the ping from the host, as the directions say, it fails until you install the NAT. If you install them as described, then the ping is successful.
Try the ping once before you install and once after. If you run the command #SHOW IP NAT STATISTICS from the router after you do the second ping, you should see 4 hits and 4 misses.. indicating four success and four fails..
Hi Admin if you or any guys here need any Exam for Cisco with Latest update, Or Admin if you need any updates. Just write me on certify-me.co.uk contact us page i will try to provide as well also to upload on the website and pass to you guys.
Hi,
This is my config for Weaver but my ping to 192.0.2.114 is unsuccessful.
Any help is much appreciated.
Thanks
!
!
interface FastEthernet0/0
ip address 192.168.100.30 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.0.2.113 255.255.255.0
encapsulation frame-relay
ip nat outside
!
ip nat pool NAT_TRAN 198.18.184.105 198.18.184.110 netmask 255.255.255.248
ip nat inside source list NAT_INSIDE pool NAT_TRAN overload
ip classless
!
!
ip access-list extended NAT_INSIDE
permit ip 192.168.100.16 0.0.0.15 198.18.184.96 0.0.0.7
!
!
!
!
!
line con 0
password cisco
login
line vty 0 4
login
!
!
!
end
I think I shouldn’t have used Extended ACL. The ping works now as I have used the foll config
!
ip nat pool NAT_TRAN 198.18.184.105 198.18.184.110 netmask 255.255.255.248
ip nat inside source list NAT_INSIDE pool NAT_TRAN overload
ip classless
!
!
ip access-list standard NAT_INSIDE
permit 192.168.100.16 0.0.0.15
!
WANTED:
I will be taking my first Cisco CCNA test (could be CCENT/CCNA &/or ICND 1/2) around end of June, 2013.
I would appreciate from anybody, from anywhere to send me any or as many practice test Q & As or review Q & As on CCNA.
God Bless You for your kind Reply !
Dave 2C’s e-Mail: dtsui15@Yahoo.com ; phone: 1-646-204-1355 (cell); 1-718-896-3199 (leave message)
i need lastest ccna labs dumps, pls send it to my e-mail:rahmon_wale@yahoo.com
@9tut or Anyone
please, expplain to me why 192.168.100.16 0.0.0.15 is correct instead of
192.168.100.8 0.0.0.7?
/29 = 11111000
Increment = 8
@will i am
you have to permit these addresses:
inside local addresses – 192.168.100.17 – 192.168.100.30/28
“192.168.100.16 0.0.0.15″ filters the entire subnet from .16 to .31
@9tut or Anyone
please, expplain to me why 192.168.100.16 0.0.0.15 is correct instead of
192.168.100.8 0.0.0.7?
/29 = 11111000
Increment = 8
@ xallax
thanx a lot. i have re-examined the IP addresses and noticed that i mixed the prefix notations,
/29 is from the ISP and
/28 which has the increment of 16 is for the inside local private addresses
i did ccna exam & i get 973. thanks 9tut,
Eigrp, Acl & Vtp. are the same with a little changes.
check subnetting.
i passed my ccna exam & i get 880. thanks 9tut,
Eigrp, Acl & Vtp. are the same with a little changes.
check subnetting. 95% of question from this site. Thanks 9 tut again.
M going to give ccna exam in a couple of weeks..wonder if most of the questions are from 9tut?
And please some1 tell me what is the current passing score for ccna?
no shutdown
@joe Hi sir. It will also work even if you will use extended access list. But referring to your previous configuration
ip access-list extended NAT_INSIDE
permit ip 192.168.100.16 0.0.0.15 198.18.184.96 0.0.0.7
Theoretically your access list configuration is wrong. since you’re only permitting traffic to the 198.18.184.96/29 network
your extended access list configuration will work if you will replace your destination address as “any”.
please correct me if im wrong thanks :)
GLOOORY BE TO GOD AND TO HIS SON JESUS!!! i have passed my exam this morning. thank you very much 9tut.com . may GOD bless all those who work for this website. continue doing this great job!
9tut,
when doing the NAT configuration does it matter the order in which the commands are placed? For example, I entered the ACL statement first and the rest of the information as follows in no special order … of course I just did this on a notepad and checked it against yours. Is there a problem with the order? I figure so long as the ACL is in before the NAT statement because the NAT statement references the ACL.
enable
config t
hostname Weaver
!
access-list 1 permit 198.168.100.16 0.0.0.15
!
interface fa0/0
ip nat inside
!
interface s0/0
ip nat outside
!
ip nat pool Pool-Add 198.18.184.105 198.18.184.110 netmask 255.255.255.248
ip nat inside source 1 pool Pool-Add overload
end
copy running-config startup-config
@Jamerican: There is no problem with the order, don’t worry!
guys in this Nat sim iam having a problem iam getting “REQUEST TIMED OUT MESSAGE ” from PC2 all config are correct
plz help .. *** thanx
guys in this Nat sim iam having a problem iam getting “REQUEST TIMED OUT MESSAGE ” from PC2 while pinging ISP ROUTER 192.0.2.114 but iam able to ping 192.0.2.113 and
all config are correct
plz help .. *** thanx
@ Jamerican – It doesn’t matter which order you put the commands in. Only advice I would give is make sure you create your NAT pool and ACL first before referencing them in the “ip nat inside source 1 pool Pool-Add overload” command. It may still work but for best practise. I was labing this up and decided to change some of the IPs in my ACL and still kicked in are fine.
Also at Anonymous do “show ip nat translation” command on Weaver make sure what you have configured is translating as expected. Once you have done a ping from any host if there is nothing stated under the “inside global” and “outside global” in this command then router is not configured correct.
this site is cool
Please send me CCNA latest dumps at sghannadi@yahoo.com
i got 986 out of 1000 in ccna exam.
easy exam gays,,,,,
It would be much appreciated if someone could send me the latest dumps to: 2u@ukr.net
Thank you!
Please send latest dumps, I am testing in two weeks. wayne@tri-statecomp.com
Thank you in advance:)
Can anyone please confirm if suggestion (?) is enabled in console commands for the new tests?
Also I’m confused on line:
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Considering the inside local addresses – 192.168.100.17 – 192.168.100.30/28 Why isnt it 192.168..100.17 instead of .16?
Also how would one calculate the subnet mask, in this case .15?
Would very appreciate an answer, thanks.
Ray, in the access list 1 the network is 192.168.100.16 no 192.168.100.17 which is host address and the wildcard for /28(netmask according to the statement) is 0.0.0.15
I tried those configs to no avail. Here is what I used:
conf t
access-list 1 permit 192.168.100.16 0.0.0.15
ip nat inside source list 1 interface serial 0/0 overload
end
pings like a charm….
woops, nevermind. Not sure what I did (or didn’t do), but the current lab worked. Here they are again:
conf t
ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 0.0.0.15
ip nat inside source list 1 pool mypool overload
since the question asks for the use of a specific pool, you’re better off this way I suppose.
@9tut, I would like to practice all the sims here similar to how you have setup the ACL, EIGRP and VTP simulator. Could you please guide me on how i could do this? thanks in advance
@Sean: You can download Packet Tracer (pkt) files of these sims to practice with (http://www.9tut.com/download/CCNA_DragDrop_EIGRP_RIP_NAT_and_implementation_LabsInPacketTracer.zip). Each sim has two pkt files: one initial file & one completed file.
@9tut Thank you for getting back to me. i have downloaded the files but unsure how to open them. could you please tell me what software i can use to open these files?