DCN cheatsheet 2

Syed Asghar Abbas Zaidi 07201

>en Configure PAT (NAT Overload) on R1:

>hostname Router2 ● Create an access list of IP addresses which
Shutdown of ports: need translation
Go to port interface. ● Create a pool of all IP address which are
>shutdown available for translation
RIP: ● Map access list with pool
● Define inside and outside interfaces
configmode.
>router rip
R1>enable
>version R1#configure terminal
>network (Network Ip address) Enter configuration commands, one per line. End with
ACL: CNTL/Z.
Restricting host PC 1(10.0.0.2) from accessing R1(config)#access-list 1 permit 10.0.0.2 0.0.0.0
Server (20.0.0.2). R1(config)#access-list 1 permit 10.0.0.3 0.0.0.0
To have Router 2 to deny host 10.0.0.2. R1(config)#access-list 1 deny any
>Router2(config)# access-list 10 deny host R1(config)#ip nat pool lab 50.0.0.1 50.0.0.1 netmask
10.0.0.2 255.0.0.0
Once you deny a host on a router, the router will R1(config)#ip nat inside source list 1 pool lab overload
deny all the hosts until you explicitly define the R1(config)#interface FastEthernet 0/0
R1(config-if)#ip nat inside
permitted hosts. In the following command we will
R1(config-if)#exit
permit all the hosts.
R1(config)#interface FastEthernet 0/1
>Router2(config)# access-list 10 permit any R1(config-if)#ip nat outside
Define interface on which you want to apply the R1(config-if)#exit
ACL, in this case Fa0/ 1, and define the direction Configure static NAT on R2:
(inbound or outbound) of traffic that you want to R2>enable
filter. In this case, we will filter the incoming R2#configure terminal
packets towards Router2. To do so execute the Enter configuration commands, one per line. End with
following commands. CNTL/Z.
>Router2(config)# int fa0/1 R2(config)#ip nat inside source static 20.0.0.2 30.0.0.2
>Router2(config-if)# ip access-group 10 in R2(config)#interface FastEthernet 0/1
>Router2(config-if)# exit R2(config-if)#ip nat outside
R2(config-if)#exit
>show ip access-lists
R2(config)#interface FastEthernet 0/0
Or
R2(config-if)#ip nat inside
>show access-lists R2(config-if)#exit
To remove: Configure static routing in R1
Router2( config)# no access-list 10 deny host R1(config)#ip route 30.0.0.0 255.0.0.0 192.168.0.2
10.0.0.2 Configure static routing in R2
EXTENDED ACL: R2(config)#ip route 50.0.0.0 255.0.0.0 192.168.0.1
Permit the PC1 workstation access to Server: Show statistics:
R2(config)#access-list 100 permit ip 10.0.0.2 Router#show ip nat translations
0.0.0.0 20.0.0.2 0.0.0.0 Router#show ip nat statistics
EXTRA:
deny the PC2 workstation access to Server: Router(config)#access-list 1 permit 192.168.1.2
R2(config)#access-list 100 deny ip 10.0.0.3 0.0.0.0 0.0.0.255
Router(config)#ip nat inside source list 1 int
20.0.0.2 0.0.0.0 fa0/1 overload
Lastly, we need to apply the access list to the
Fa0/0 interface on R2: Dynamic Nat:Router(config-if)#access list 1
permit 192.168.1.0 0.0.
R2(config)#int f0/1
R2(config-if)#ip access-group 100 in Router(config)#ip nat pool mypool 155.21.21.10
155.21.21.15 netmask 255.255.0.0

Router(config)#ip nat inside source list 1 pool

mypool
 DCN cheatsheet 2
Syed Asghar Abbas Zaidi 07201