Jeremy’s IT Lab lecture video:
Commands
Commands List
NAT Privileged Exec Commands
3. NAT
Link to original
- clear ip nat translation *
-->Clears all dynamic NAT translations in the NAT translation tableNAT Show Commands
18. NAT
Link to original
- show ip nat translations
-->Shows information about IP addresses that have been translated through NAT- show ip nat statistics
-->Shows statistics about the current NAT processNAT Global Commands
NAT Global
1. Static NAT
- ip nat inside source static inside-local-ip inside-global-ip
-->Configures a one-to-one (Static NAT) IP address mapping2. Dynamic NAT
Link to original
- access-list ACL-ID{ deny
|permit } arguments-->Creates an ACL with the specified arguments. Used to decide which addresses should be translated with NAT- ip nat pool pool-name start-ip end-ip { prefix-length prefix-length | netmask subnet-mask }
-->Creates a NAT pool to be used for dynamic NAT translations- ip nat inside source list acl-id pool pool-name
-->Configures dynamic NAT on the router using the specified NAT pool and ACL- ip nat inside source list acl-id pool pool-name overload
-->Configures dynamic PAT on the router using the specified NAT pool and ACL- ip nat inside source list acl-id interface interface-id overload
-->Configures dynamic PAT on an interface using the specified NAT pool and ACLNAT Interface Commands
NAT Interface
Link to original
- ip nat inside
-->Defines the ‘inside’ interface(s) connected to the internal network- ip nat outside
-->Defines the ‘outside’ interface(s) connected to the external network
NAT Info
Private IPv4 Addresses (RFC 1918)
IPv4 doesn’t provide enough addresses for all devices that need them in the modern world.
- That’s why RFC 1918 was created as a short term solution for the problem. It specifies three IPv4 ranges as private address ranges (meant for local usage), and they are:
- 10.0.0.0/8 (10.0.0.0 to 10.255.255.255)
- 172.16.0.0/12 (172.16.0.0 to 172.31.255.255)
- 192.168.0.0/16 (192.168.0.0 to 192.168.255.255)
- Private IP addresses cannot be used over the internet.
- These addresses can be used freely in your local networks. They do not have to be globally unique.
Network Address Translation (NAT) General Information
Network Address Translation (NAT) is a protocol that is used to modify the source and/or destination IP addresses of packets.
- There are many reasons to use NAT, but the most common reason is to allow hosts with private IP addresses to communicate with other hosts over the internet.
- Source NAT is the NAT type that you’ll have to understand and know how to configure for the CCNA.
/ATCH-Day-44---NAT-(1)-20240410224811.webp) |
|---|
| Source NAT demonstration |
Source NAT types, and what will be discussed in this lecture/note
- In this lecture/note, we’ll be focusing on Source Static NAT and how to set it up.
- Meanwhile, Dynamic Source NAT and Dynamic Source PAT will be discussed in the next lecture/note. (Day 45 - NAT (2))
NAT Address Types
There are four address types used in NAT, they are:
- Inside Local
- The IP address of the inside host, from the perspective of the local network
- Inside Global
- The IP address of the inside host, from the perspective of the global network
- Outside Local
- The IP address of the outside host, from the perspective of the local network
- Outside Global
- The IP address of the outside host, from the perspective of the global network
Good way to remember the types
- Inside/Outside refers to the location of the host
- Local/Global refers to the perspective
Note on: Outside Local and Outside Global addresses
- For the CCNA, the Outside Local and Outside Global addresses will be the same and will not change.
- Unless Destination NAT is used, the two addresses will be the same. (This is outside the scope of the CCNA certificate)
Static NAT
Static NAT involves statically configuring one-to-one mappings of private IP addresses to public IP addresses.
- When traffic from the internal host is sent to the outside network, the router will translate the source address.
- Also, this one-to-one mapping also allows external hosts to access the internal host via the Inside Global address.
Static NAT Configuration
show ip nat translations- Shows information about IP addresses that have been translated through NAT.
- Includes the following information:
- Protocol used in the connection
- Inside Local address
- Inside Global address
- Outside Local address
- Outside Global address
show ip nat statistics- Shows statistics about the current NAT process
- Includes the following information:
- Total active translations (static, dynamic, extended)
- Peak translations (highest amount of translations in one time)
- Outside interfaces
- Inside interfaces
- Etc.
clear ip nat translation *- Clears all dynamic NAT translations in the NAT translation table
- (One type of dynamic translations is IP address translations with a port included)
ip nat inside- Defines the ‘inside’ interface(s) connected to the internal network
ip nat outside- Defines the ‘outside’ interface(s) connected to the external network
ip nat inside source static INSIDE-LOCAL-IP INSIDE-GLOBAL-IP- Configures a one-to-one (Static NAT) IP address mapping