CCNA 2 v6.0 Study Material – Chapter 9: NAT for IPv4

CCNA 2 v6.0 Study Material – Chapter 9: NAT for IPv4
5 (4) votes

Chapter 9 – Sections & Objectives

  • 9.1 Network Layer Protocols
    • Explain how NAT provides IPv4 address scalability in a small to medium-sized business network.
  • 9.2 Configuring NAT
    • Configure NAT services on the edge router to provide IPv4 address scalability in a small to medium-sized business network.
  • 9.3 Troubleshoot NAT Configurations
    • Troubleshoot NAT issues in a small to medium-sized business network.

9.1 NAT Operation

NAT Characteristics

  • IPv4 Private Address Space
    • 10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16
  • What is NAT?
    • Process to translate network IPv4 address
    • Conserve public IPv4 addresses
    • Configured at the border router for translation
  • NAT Terminology
    • Inside address
    • Inside local address
    • Inside global address
    • Outside address
    • Outside local address
    • Outside global address

 

Types of NAT

  • Static NAT
    • One-to-one mapping of local and global addresses
    • Configured by the network administrator and remain constant.
  • Dynamic NAT
    • Uses a pool of public addresses and assigns them on a first-come, first-served basis
    • Requires that enough public addresses for the total number of simultaneous user sessions
  • Port Address Translation (PAT)
    • Maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses
    • Also known as NAT overload
    • Validates that the incoming packets were requested
    • Uses port numbers to forward the response packets to the correct internal device

 

 

 

 

 

 

 

NAT Advantages

  • Advantages of NAT
    • Conserves the legally registered addressing scheme
    • Increases the flexibility of connections to the public network
    • Provides consistency for internal network addressing schemes
    • Provides network security
  • Disadvantages of NAT
    • Performance is degraded
    • End-to-end functionality is degraded
    • End-to-end IP traceability is lost
    • Tunneling is more complicated
    • Initiating TCP connections can be disrupted

 

9.2 Configuring NAT

Configuring Static NAT

•  Configuring Static NAT

°  Create the mapping between the inside local and outside local addresses

ip nat inside source static local-ip global-ip

°  Define which interfaces belong to the inside network and which belong to the outside network

ip nat inside
ip nat outside

•  Analyzing Static NAT

•  Verifying Static NAT

show ip nat translations
show ip nat statistics
clear ip nat statistics

 

Configuring Dynamic NAT

•  Dynamic NAT Operation

°  The pool of public IPv4 addresses (inside global address pool) is available to any device on the inside network on a first-come, first-served basis.

°  With dynamic NAT, a single inside address is translated to a single outside address.

°  The pool must be large enough to accommodate all inside devices.

°  A device is unable to communicate to any external networks if no addresses are available in the pool.

•  Configuring Dynamic NAT

°  Create the mapping between the inside local and outside local addresses

ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

°  Create a standard ACL to permit those addresses to be translated

access-list access-list-number permit source [source-wildcard]

°  Bind the ACL to the pool

ip nat inside source list access-list-number pool name

°  Identify the inside and outside interfaces

ip nat inside
ip nat outside

•  Analyzing Dynamic NAT

•  Verifying Dynamic NAT

show ip nat translations
show ip nat translations verbose
clear ip nat statistics
clear ip nat translations *

 

 

Configuring Port Address Translations (PAT)

•  Configuring PAT: Address Pool

°  Create the mapping between the inside local and outside local addresses

ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

°  Create a standard ACL to permit those addresses to be translated

access-list access-list-number permit source [source-wildcard]

°  Bind the ACL to the pool

ip nat inside source list access-list-number pool name

°  Identify the inside and outside interfaces

ip nat inside
ip nat outside

•  Configuring PAT: Single Address

°  Define a standard ACL to permit those addresses to be translated

access-list access-list-number permit source [source-wildcard]

°  Establish dynamic source translation, specify the ACL, exit interface, and overload option

ip nat inside source list access-list-number interface type name overload

°  Identify the inside and outside interfaces

ip nat inside
ip nat outside

•  Analyzing PAT

•  Verifying PAT

show ip nat translations
show ip nat statistics
slear ip nat statistics

 

 

Port Forwarding

  • Port Forwarding
    • Port forwarding is the act of forwarding a network port from one network node to another.
    • A packet sent to the public IP address and port of a router can be forwarded to a private IP address and port in inside network.
    • Port forwarding is helpful in situations where servers have private addresses, not reachable from the outside networks.
  • Wireless Router Example
  • Configuring Port Forwarding with IOS
ip nat inside source [static {tcp | udp local-ip local-port global-ip global-port} [extendable]

 

 

Configuring NAT and IPv6

  • NAT for IPv6?
    • IPv6 with a 128-bit address provides 340 undecillion addresses.
    • Address space is not an issue for IPv6.
    • IPv6 makes IPv4 public-private NAT unnecessary by design; however, IPv6 does implement a form of private addresses, and it is implemented differently than they are for IPv4.
  • IPv6 Unique Local Address
    • IPv6 unique local addresses (ULAs) are designed to allow IPv6 communications within a local site.
    • ULAs are not meant to provide additional IPv6 address space.
    • ULAs have the prefix FC00::/7, which results in a first hextet range of FC00 to FDFF.
    • ULAs are also known as local IPv6 addresses (not to be confused with IPv6 link-local addresses).

  • NAT for IPv6
    • IPv6 also uses NAT, but in a much different context.
    • In IPv6, NAT is used to provide transparent communication between IPv6 and IPv4.
    • NAT64 is not intended to be a permanent solution; it is meant to be a transition mechanism.
    • Network Address Translation-Protocol Translation (NAT-PT) was another NAT-based transition mechanism for IPv6, but is now deprecated by IETF.
    • NAT64 is now recommended.

 

9.3 Troubleshooting NAT

Troubleshooting NAT Configurations

  • Troubleshooting NAT: show commands
clear ip nat statistics
clear ip nat translations *
show ip nat statistics
Show ip nat translations
  • Troubleshooting NAT: debug commands
debug ip nat

 

9.4 Chapter Summary

  • How NAT is used to help alleviate the depletion of the IPv4 address space.
  • NAT conserves public address space and saves considerable administrative overhead in managing adds, moves, and changes.
  • NAT for IPv4, including:
  • NAT characteristics, terminology, and general operations
  • Different types of NAT, including static NAT, dynamic NAT, and NAT with overloading
  • Benefits and disadvantages of NAT
  • The configuration, verification, and analysis of static NAT, dynamic NAT, and NAT with overloading.
  • How port forwarding can be used to access an internal devices from the Internet.
  • Troubleshooting NAT using showand debugcommands.
  • How NAT for IPv6 is used to translate between IPv6 addresses and IPv4 addresses.

Section 9.1
New Terms and Commands

  • Dynamic Network Address Translation (Dynamic NAT)
  • Global Address
  • Inside Address
  • Inside Global Address
  • Inside Local Address
  • Local Address
  • Network Address Translation (NAT)
  • Outside Address
  • Outside Global Address
  • Outside Local Address
  • Port Address Translation (PAT)
  • Private Address
  • Public Address
  • RFC 1918
  • Static Network Address Translation (Static NAT)

Section 9.2
New Terms and Commands

  • show ip nat statistics command
  • clear ip nat statistics command
  • clear ip nat translation * command
  • ip nat inside source command
  • ip nat inside source list access-list-number pool name command
  • ip nat pool command
  • ip nat translation timeout command
  • NAT64
  • Overload
  • Port Forwarding
  • show ip nat statistics command
  • show ip nat translations command
  • Unique Local Address (ULA)

Section 9.3
New Terms and Commands

  • debug ip nat command
  • debug ip nat detailed command

 

Download Slide PowerPoint (pptx):


Related Articles


Leave a Reply

avatar

Send this to a friend