Scribd
Upload
73 views9 pages

Week013 Lab10

The document describes configuring Network Address Translation (NAT) on a Cisco router. Key steps include: 1. Configuring interfaces on routers R1, R2, and R3 with IP addresses and enabling routing protocols. 2. Defining the NAT inside interface (FastEthernet 0/1) and outside interface (Serial 0/0/0) on router R2. 3. Creating an access list on R2 to match the internal network (192.168.50.0/24) to be translated. 4. Configuring NAT on R2 to translate the source IP addresses of matching packets to the IP of the outside interface, using overloading NAT.

Uploaded by

Mau Gamon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
73 views9 pages

Week013 Lab10

The document describes configuring Network Address Translation (NAT) on a Cisco router. Key steps include: 1. Configuring interfaces on routers R1, R2, and R3 with IP addresses and enabling routing protocols. 2. Defining the NAT inside interface (FastEthernet 0/1) and outside interface (Serial 0/0/0) on router R2. 3. Creating an access list on R2 to match the internal network (192.168.50.0/24) to be translated. 4. Configuring NAT on R2 to translate the source IP addresses of matching packets to the IP of the outside interface, using overloading NAT.

Uploaded by

Mau Gamon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 1 of 9

Follow the task and steps given. Don’t forget to answer step 13. This Laboratory Exercise is 10pts .

We have now simple topology consisting of three routers. R3 will simply be used as a host on our “internal”
network and R2 will be used as our border router (the serial connection between R1 and R2 will represent our
connection to the Internet):

The goal is to NAT any traffic originating on our internal network (R3) as it leaves the serial 0/0 interface on
R2 on it’s way to the “Internet” (R1). Overloading (having multiple clients all NAT’d to the same IP address) is
probably the most common implementation (especially for those of us who run NAT on a Cisco box at home!).

NETWORK DIAGRAM:
Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11 NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 2 of 9

Instructions:

Task 1: Perform Basic Configuration on all Routers.

Step 1: If you will use a live lab with all the cisco devices in place and connected to each other as
shown at the topology diagram above . Establish a HyperTerminal session to the devices.
Nevertheless, you can also use a Cisco Packet Tracer Simulation software to do this Lab. Take
note also the cable you will use broken line or dash means cross cable.

Use:

Routers: Cisco 1841

Step 2: Do this in all routers. Enter global configuration mode.

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Step 3: Configure the routershostnameR1, R2 and R3

Enter the command hostname R1 for Router at the prompt.

Example:

Router(config)#hostname R1

R1(config)#

Router(config)#hostname R2

R2(config)#

Router(config)#hostname R3

R3(config)#

Step 4: Do this in each router. Disable DNS lookup.

Disable DNS lookup with the no ip domain-lookup command.

Example:
R1(config)#no ip domain-lookup

R1(config)#

Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11 NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 3 of 9

Step 5: Do this in all routers. Configure the EXEC mode password.

Configure the EXEC mode password using the enable secret password command. Use class for

thepassword.

Example:

R1(config)#enable secret class

R1(config)#

Step 6: Do this in all routers. Configure a message-of-the-day banner.

Configure a message-of-the-day banner using the banner motdcommand.

Example:

R1(config)#banner motd&

Enter TEXT message. End with the character '&'.

********************************

!!!AUTHORIZED ACCESS ONLY!!!

********************************

&

R1(config)#

Step 7: Do this in all routers. Configure the console password.

Use cisco as the password. When you are finished, exit from line configuration mode.

Example:

R1(config)#line console 0
R1(config-line)#password cisco

R1(config-line)#login

R1(config-line)#exit

R1(config)#

Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11 NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 4 of 9

Step 8: Do this in all routers. Configure the password for the virtual terminal lines.

Use cisco as the password. When you are finished, exit from line configuration mode.

Example:

R1(config)#line vty 0 4

R1(config-line)#password cisco

R1(config-line)#exec-timeout 0 0

R1(config-line)#logging syncronous

R1(config-line)#login

R1(config-line)#exit

R1(config)#

Step 8: Configure router fa0/0 and s0/0/0 with the ip address assigned. Don’t forget to enable
the ports configured using “no shutdown” command. Take note also the cable you will use
broken line or dash means cross cable.

R1# configure terminal


R1(config)# interface serial0/0/0
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
R1(config)#router ospf 1
R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
R1(config-router)#exit
R1(config)#exit
R1#
R1#write mem
Building configuration...
[OK]
R1#

Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11 NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 5 of 9

R2# configure terminal


R2(config)# interface serial0/0/0
R2(config-if)# ip address 192.168.10.2 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# exit
R2(config-if)# interface fastethernet0/0
R2(config-if)# ip address 192.168.50.1 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# exit
R2(config)#
R2(config)#router ospf 1
R2(config-router)#network 192.168.10.0 0.0.0.255 area 0
R2(config-router)#network 192.168.50.0 0.0.0.255 area 0
R2(config-router)#exit
R2(config)#exit
R2#
R2#write mem
Building configuration...
[OK]
R2#

R3# configure terminal


R3(config)# no ip routing
R3(config)# interface fastethernet0/0
R3(config-if)# ip address 192.168.50.2 255.255.255.0
R3(config-if)# no shutdown
R3(config-if)# exit
R3(config)#
R3(config)#router ospf 1
R3(config-router)#network 192.168.50.0 0.0.0.255 area 0
R3(config-router)#exit
R3(config)#exit
R3#
R3#write mem
Building configuration...
[OK]
R3#

Step 9: Do “show ipint brief” in R2. This confirms all interfaces and connections are up.

R2#sh ipint brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.50.1 YES manual up up

Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11 NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 6 of 9

FastEthernet0/1 unassigned YES unset administratively down down

Serial0/0/0 192.168.10.2 YES manual up up

Vlan1 unassigned YES unset administratively down down

R2#

Step 10:. Add these configuration below to router R2.

Now we can start with configuring NAT. First, let’s define our NAT inside and NAT outside interfaces (fastethernet 0/1 and
serial 0/0, respectively).

R2(config-if)# interface fastethernet 0/1


R2(config-if)# ip nat inside
R2(config-if)# interface serial 0/0/0
R2(config-if)# ip nat outside

Next, we need to create an access-list to match the “internal” IP addresses (the ones we want to be NAT’d). In this case,
our internal network is 192.168.50.0/24. Our ACL to match that network is simple:

R2(config-if)# ip access-list standard NAT


R2(config-std-nacl)# permit 192.168.50.0 0.0.0.255

Last, we’ll use the “ipnat …” command to actually instruct the router on what we want to NAT:

R2(config)# ip nat inside source list NAT interface serial0/0/0 overload

This tells IOS that any packets coming in the “inside” interface (fastethernet 0/0) that are permitted by the
named access-list “NAT” will have their “source” address translated to the IP address assigned to “interface
serial 0/0/0″. In addition, NAT translations will be overloaded — that allows multiple devices inside to be
translated to the same IP address.

Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11 NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 7 of 9

Step 11: Test.

R1# debug ipicmp


ICMP packet debugging is on

R3#ping 192.168.10.1

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/11/49 ms

R3#

You will see this in R1 …

R1#
ICMP: echo reply sent, src 192.168.10.1, dst 192.168.10.2

ICMP: echo reply sent, src 192.168.10.1, dst 192.168.10.2

ICMP: echo reply sent, src 192.168.10.1, dst 192.168.10.2

ICMP: echo reply sent, src 192.168.10.1, dst 192.168.10.2

ICMP: echo reply sent, src 192.168.10.1, dst 192.168.10.2


So R1 saw the echo requests and sent echo replies back, but notice the IP addresses. The source IP address of the echo
replies is 192.168.10.1 (R1), but the destination IP address is 192.168.10.2 (R2)

Step 12: Test and see the NAT translation at R2.

R2#debug ipnat
IP NAT debugging is on

R2#

Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11 NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 8 of 9

R3#ping 192.168.10.1

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

R3#

Observe R2 …
R2#
NAT: s=192.168.50.2->192.168.10.2, d=192.168.10.1 [684]

NAT*: s=192.168.10.1, d=192.168.10.2->192.168.50.2 [647]

NAT: s=192.168.50.2->192.168.10.2, d=192.168.10.1 [685]

NAT*: s=192.168.10.1, d=192.168.10.2->192.168.50.2 [648]

NAT: s=192.168.50.2->192.168.10.2, d=192.168.10.1 [686]

NAT*: s=192.168.10.1, d=192.168.10.2->192.168.50.2 [649]

NAT: s=192.168.50.2->192.168.10.2, d=192.168.10.1 [687]

NAT*: s=192.168.10.1, d=192.168.10.2->192.168.50.2 [650]

NAT: s=192.168.50.2->192.168.10.2, d=192.168.10.1 [688]

NAT*: s=192.168.10.1, d=192.168.10.2->192.168.50.2 [651]


Step 13: Ping test again and show ipnat translation. Copy the result of show ipnat translation to
blanks space below.
R3#ping 192.168.10.1

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

R3#

Course Code IT212

Data Communications and


Description Networking 2 (Cisco 2) /
Chapter 11 NAT for IPV4
College / Department:
LabExer No. 11-1
Online Education

LABORATORY EXERCISE Page 9 of 9

INSTRUCTIONS FOR THE STUDENTS:


 The filename of your video should be:
“<Last Name>, <First Name> - Laboratory Exercise 0<XX>”
 Submit the packet tracer file (.pkt) or a video of you doing the configuration/activity.
 Upload your video to any video sharing website such as YouTube and Vimeo.
 Attach the link in a text file or word document and upload the file on the space provided for it in
the LMS.

You might also like