CCNA NAT SIM Question 2
Question
| You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range. 9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range. You need to configure Router1 using the PC1 console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively. Now you are required to finish the configuration of Router1. |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download a similar sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1′s command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
I was trying to clarify something.
Why do we need to use the OVERLOAD statement making it a Pat? I understand its for simultaneous connections.
Would any of addresses in the pool get used aside from the first one if Pat is being used?
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29, so we have to use PAT.
When using the OVERLOAD statement, you will only use the first ip address. It is a bit weird, but it satisfies all the requirements and it is the only way we can do.
I didn’t understand in this statement ( access-list 1 permit 192.168.6.64 0.0.0.63) where 63 comes from, why we write 63 ?
This is a /26 network. There network address is 192.168.6.64.0. Its mask will be 255-(128+64) which is 63. Remember we borrowed 2 bits.
guyz i passed after failin 3 tyms, all bcos of 9tut. thank you 9tut.
@Anonymous: 63 is wildcard mask of this ip.
here see
access-list 1 permit 192.168.6.64 0.0.0.63
1 represents that it is standard access list permit is to give permisson to this ip address and after that IP address and wildcard mask is given of this ip
Remembe: Wildcard mask is reciprocal of subnet mask
Guys, Can some one please upload link for latest CCNA dump
@ 9tut,
I think you’re just partly right. It will use only the first address of the pool for so long there are free ports left. Every connection (usually multiple and simultaneous on one host) will use a port of the global address.
As PAT will/can “only” 65536 ports minus the well-known ports at a certain point (with enough hosts on the inside having connections to the outside) it will run out for that one and first address.
I believe it will then use the next address (and the next if that one will run out and..etc.)
I also believe this will occur only in larger organizations.
Kind regards
@Anonymous:
I believe the wildcardmask is just the opposit of the subnet mask.
Then again, its mask will be 256-(128+64) which is 64.
You just need the count the 0.
A wildcard mask of 0.0.0.63 covers 64 adresses: 0, 1, 2, 3, 4, …, 62, 63, 64.
Hi everyone,
pls, can i get a link like 9tut,for those in juniper networks. i want to write my jncia er next week.9tut thanks for what you are doing for ccna candidates.pls,need a quick response
How the ping will work ?
i think it will not work
because nat will assign PC2 IP in the range 198.18.32.65/29 -> 198.18.32.70/29 which is in different sub-net than router ISP (192.0.2.114/30).
so how the will ping work ?
can you pls. explain.
Sorry i forget the default route on ISP S0/1
It should definitely work
Thanks for this website
Does anyone have this in opacket tracer?
i will take CCNA exam next week.. can anyone send me the latest dumps..pls
Comment from 9tut in example NAT1 to know how the value 15 came
—————————————————————————————
You can quickly figure out what the wildcard is by reversing the bits from the subnet mask. In this case the subnet mask is /28, its last octet is 1111 0000 so we reverse it into 0000 1111 = 15
Doubt in NAT2 …??
———————–
How we got value 63 then? Subnet mask is /26, last octet is 1100 0000 so we reverse it into 0000 1100 which gives 12 ??
I know I am missing something? Can anyone explain plz!!
@Rahman: Subnet mask is /26, last octet is 1100 0000 so we reverse it into 0011 1111 (not 0000 1100) which gives 63.
Thank you.
On this Q:CCNA NAT SIM Question 2(October,23rd/2010). on this line with this
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63 so I’m not understand properly where comes the wildcard mask.
Plz any can explain to me.
to get the will card you that 192.168.6.24 with mask of 255.255.255.192. Just take 255.255.255.255 and subtract 255.255.255.192 which will give the wild card of 0.0.0.63
latest dumps please .my email.minnikanti02@rediffmail.com
@Lupz
gud of you guy you just got it as simple as it is.
PLS I REALY NEED THE LATEST DUMP GUY
I’m going to do my exam between Jan 16- Jan 20, 2011… What i need to know is if the 9tut dumps r still valid…
Also in the access-list statement: access-list 1 permit 192.168.6.64 0.0.0.63, shouldn’t we av another statement: access-list 1 deny any after… Answer any1 ASAP
exam is exactly testinside 17.14
only ip changes……
Has any1 done the CCNA exam since yesterday… Please give latest updates… Which labs came on the exam… Thanks in advance
Pretentiously, I justified lambaste 60 and am actually short on gold an eye to my 60 epic range mount. I plot to obtain surrounding 500-1,000
. Anyone recall of any to do so?
Thanks
@9tut.com
hi please let me know how this ping command works when we use private ip address in range from 192.168.6.65 – 126
and we ping the network 192.0.2.114
Can anyone help with the latest dump pls. Send to this mail; jubril234@hotmail.com
thank y’all.
let me first say- i goofed. i didn’t go through the tutorial at the beginning of the test. on the second lab there were 5 questions. i answered the first question and hit “next”, instead hitting the box at the top of the screen “question 2″. i think i did get a pop-up that said are you sure you want to go to next question? but i mistakenly thought they meant next question in lab.
and when i saw what i had done i yelled out “F*UCk”!!!!! which really freaked out the other guy in the room. so i then said “sorry”.
i got an 809 and needed an 825. i feel like i would have passed if i had answered every other question in the lab. on the remaining questions after i goofed on the lab i was rattled and didn’t concentrate as well as i should have.
SO- go through the tutorial at the beginning of the test even though you don’t think you need to. and pay attention to how cisco wants you answer the questions. also, be advised there are many router commands you cannot use without proper syntax, (such as copy run start instead of copy running-config startup-config).
i finished the test with under 5 minutes left. so be careful of your time as well. there were 1 or 2 conceptual questions that i’ve never seen in any of my study materials too. cisco does state that some questions do not count for point and are simply there to see if they should be included in future tests. however, you still have to spend TIME on them. for me- the test felt very much like a race.
i know alot of people here passed and did a great job- congratulations to all of you. to all candidates that haven’t taken the test yet, PAY ATTENTION to how cisco wants you to answer the question. even though you know the answer if you make a mistake and click through you cannot go back.
I complained to the test center and they were kind enough to generate an incident report so maybe there’a a remoter chance i’ll get a voucher for next time. i’ll let you guys know if i do.
best to all of you,
C
Hi Friends
Has any1 done the CCNA exam since yesterday… Please give latest updates… Which labs came on the exam… Thanks in advance
i will take CCNA exam next week.. can anyone send me the latest dumps..pls
Email: Idrees233@yahoo.com
Wao,this site has been useful as i gives me an insight on what to expect as i am still a fresher in networking,thanks 9tut and keep it up.
good
hi 9 tut – i would like to ask on where did the address 192.168.6.64 0.0.0.63 came from ?
is it because of /26 ? = increment of 64
255.255.255. 128 64 / 32 16 8 4 2 1
.64 seems to be the network address – can anyone help me on this – thanks in advance
9Tut – got two questions here
1. on the nat sim 2 – what do we need to place on
ip nat pool public ip range ? or private ip range ?
both sims are using the direction of going out to the internet from the local host
please clarify
@drake: Yes /26 means “increment of 64″. And 192.168.6.64 is the network address as access list need a network address here + wildcard mask to specify a range of IP addresses.
We need to place public IP addresses in the ip nat pool
@ 9tut
what will happen if i didn’t write ” OVERLOAD ” in
Router1(config)#ip nat inside source list 1 pool mypool overload
i guess it will still valid ( Dynamic NAT )
plz help !!
thnx
Isn’t it better to use extended access list in this question.. bcoz the question states that we have to allow the hosts for internet access.. so the pinging should not work… plz reply….!!
guys anyone with the latest dumps cn u email them to me please
pachitongo@yahoo.com
i am sitting for the exam on monday
everything appears OK but in the end, why is testing the connectivity performed to ISP?
I found enough pinging to 113, why 114?
wildcard bitmask
Calculating wildcard masks can be difficult, but you can do it
easily by subtracting the subnet mask from 255.255.255.255.
Example 1: assume you wanted to permit access to all users in
the 192.168.3.0 network.
–Because the subnet mask is 255.255.255.0, you could take the
255.255.255.255 and subtract from the subnet mask.
–The solution produces the wildcard mask 0.0.0.255.
Example 2: Now assume you wanted to permit network access
for the 14 users in the subnet 192.168.3.32 /28. The subnet mask
for the IP subnet is 255.255.255.240,
–take 255.255.255.255 and subtract the subnet mask
255.255.255.240
–The solution this time produces the wildcard mask 0.0.0.15.
Example 3: assume you wanted to match only networks
192.168.10.0 and 192.168.11.0.
–take 255.255.255.255 and subtract the subnet mask 255.255.254.0.
–The result is 0.0.1.255
wildcard mask 0.0.0.63
network :
These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range.
/26 =255.255.255.192
255.255.255.255
-
255.255.255.192
= 0 . 0. 0. 63 wildcard mask
Would somene be so kind to email me with the Packet Tracer SIM?
ek.briz@hotmail.com
Thanks in advance!
NAT?
PAT?
OVERLOADING?
Please write work of these
@Ice Man.. I get the wildcard now, but not sure why picked 192.168.6.64 instead of 192.168.6.65 in “access-list 1 permit 192.168.6.64 0.0.0.63″.
Network /26 255.255.255.128
64 address per Bloc
You have 62 for host
Cant use first address in rang is use for network address and last address use for network broadcast address
192.168.6.0 – 192.168.6.63 = 64 address
192.168.64 – 192.168.6.127 = 64 address
62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range.
192.168.64 is the start of the address range
and you use 192.168.6.64 wildcard mask of this ip 0.0.0.63
Hope this is understandable I’m learning this myself now.
You have to count from start address 192.168.0 last address 192.168.6.63 = 64 address
192.168.0 = 1 address
192.168.0 – 192.168.6.63 = 63 address
1+63 = 64 address
You have to count from start address 192.168.64 last address 192.168.6.127 = 64 address
192.168.64 = 1 address
192.168.64 – 192.168.6.127 = 63 address
1+63 = 64 address
DaMan
today i have a test so guyz plz pray for me !!!
Shahid – How was the exam?
I still didn’t understand the usage of Overload Keyword
Hello please can someone send me the packet tracer sim for this particular question, have exam on 17th of march. Thanks for helping me out email== markdganish@yahoo.com
access-list 1 permit 192.168.6.64 0.0.0.63
why not
access-list 1 permit 192.168.6.65 0.0.0.63 ?
thanks