Lab 3 - NAT Pool
Lab 3 - NAT Pool
Lab 3 - NAT Pool
net
Lab exercise
Your task is to configure the network in Figure 143 to allow the hosts on the 172.16.0.0 LAN (we will
simulate this with the loopback address and secondary address) to access the
Internet'sing the NAT pool 10.0.0.1 to 10.0.0.10. Please feel free to try the lab without following
Purpose
Being able to configure NAT is a fundamental CCNA skill. Any client who needs to access
the Internet will want to use NAT. The key is to understand the client's requirements and
Lab objectives
1. Use the IP addressing scheme depicted in Figure 143. Router A needs a clock rate on
2. Set telnet access for the router to use the local login permissions of username banbury and the
password ccna (optional).
Lab walk-through
1. To set the IP addresses for an interface, you will need to do the following:
Router#config t
Router(config)#hostname RouterA
RouterA(config)#
RouterA(config)#interface serial 0
RouterA(config-if)#no shutdown
RouterA(config-if)#^Z
RouterA#
Router B:
Router#config t
Router(config)#hostname RouterB
RouterB(config)#interface serial 0
RouterB(config-if)#no shutdown
RouterB(config-if)#exit
RouterB(config)#^Z
RouterB#
To set the clock rate on a serial interface (DCE connection only) you need to use the clock rate #
command on the serial interface, where # indicates the speed:
Router B:
RouterB(config)#line vty 0 4
RouterB(config-line)#login local
RouterB(config-line)#exit
(encrypted)
Router B:
4. You need to configure a NAT pool and then tell the pool which access-list to access to
(or you could have written ip nat pool internet_out 10.0.0.1 10.0.0.10
netmask 255.255.255.0)
RouterA(config)#^Z
5. To see if NAT is working, we need to turn on a debug with debug ip nat. Now
imagine that the loopback address of 172.16.1.1 is a host on the LAN that wants to
get out to the Internet. When the packet from the NATted LAN passes through the
router, it will match the access-list and be translated to an address from the NAT pool.
RouterA#debug ip nat Turn on the NAT debug
RouterA#ping
Protocol [ip]:
!!!!!
RouterA#
RouterA#
You can see that the NAT debug shows the source (s=) as the loopback interface, which is
translated to 10.0.0.1. The destination (d=) is the serial address for router B
The numbers in brackets [20, etc.] are the IP identification numbers of the packets.
If we want to check that the pool is allocating addresses correctly, we can source a second ping
this time from the secondary address. There should be another address allocated from the NAT
pool.
RouterA#ping
Protocol [ip]:
!!!!!
RouterA#
6. Now please enter reload at the Router# prompt and type yes to confirm.
Show runs
RouterA#show run
Building configuration...
version 12.1
no service single-slot-reload-enable
no service password-encryption
hostname RouterA
ip subnet-zero
interface Loopback0
ip nat inside
interface Ethernet0
no ip address
shutdown
!
interface Ethernet1
no ip address
shutdown
interface Serial0
clockrate 64000
ip nat outside
interface Serial1
no ip address
shutdown
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
end
RouterA#
---
RouterB#show run
Building configuration...
version 12.2
no service password-encryption
hostname RouterB
ip subnet-zero
interface Serial0
interface Serial1
no ip address
shutdown
interface TokenRing0
no ip address
shutdown
ip classless
no ip http server
ip pim bidir-enable
line con 0
line aux 0
line vty 0 4
end
RouterB#
2006-2011 HowtoNetwork.net All Rights Reserved. Reproduction without permission prohibited.