Interface PAT 1

certskills
By certskills June 27, 2016 09:05

#PAT – Port Address Translation – plays a huge role in IPv4 networks. Today’s post looks at the simpler of the two configuration options for router NAT configuration, which is to use a single router interface IP address as in the inside global address. Jump in for your next bit of 5-10 minutes of practice!

Requirements

Configure PAT to support hosts in the subnet off R1’s G0/1 interface, for instance, for inside hosts like S1, S2, and S3. Use the following specific rules:

  • Match all inside addresses using a numbered ACL (ACL 1)
  • Use R1’s 10.20.30.1 IP address – it’s IP address on interface G0/2 – as the inside global address for all traffic that R1 translates with NAT/PAT
  • Configure static routes as needed on R2 so that R2 can forward packets back to these inside global addresses
  • Assume all router interfaces shown in the lab are up, working, and configured with IP addresses

Figure 1: PAT Topology

Initial Configuration

Example 1 and 2 show the beginning configuration state of R1 and R2.

Example 1: R1 Config

Example 2: R2 Config

 

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear or other tools, configure the lab using them.

To test your solution if you happen to try it with VIRL or real gear, you can verify the PAT configuration by checking the reachability of R2 from PC1, PC2, or PC3 using the ping command. After these pings have been issued, you can check which addresses where assigned by using the show ip nat translations command on R1 or verify the PAT configuration and status by using the show ip nat statistics command. Or telnet from a PC to router R2. To do that, you might need to add the commands line vty 0 15, transport input all, login, and password cisco to set up simply password security and enable Telnet on router R2.

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

All interfaces in topology match the lab figure.

Network Device Info:

The switch used in the lab is an unmanaged switch.

Host device info:

This table lists host information pre-configured in VIRL, information that might not be required by the lab but may be useful to you.

Device

IP Address

User/password

S1

172.100.100.100

cisco/cisco

S2

172.100.100.150

cisco/cisco

S3

172.100.100.200

cisco/cisco

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4 10.1.1.1

Trace example: tracepath 10.1.1.1

To connect to another node within the topology: telnet 10.1.1.1

Answers: Extended Numbered ACL 1
PPP over Ethernet 1
certskills
By certskills June 27, 2016 09:05
Write a comment

2 Comments

  1. ghena October 20, 02:16

    Hello,
    There is a point in this scenario that I can not understand!
    Why did you assign Public IPs in the private network (172.10.10.0/24), what is the aim of PAT in this scenario if we are translating the Public IPs into a private IP (10.20.30.1)??

    Thank you in advance..

    Reply to this comment
    • CCENTSkills October 24, 10:45

      Ghena,
      NAT/PAT can be used for purposes beyond translating to public addresses at the edge between an enterprise and the Internet. That’s the case here. But I agree, to look more like the typical examples you would see in CCNA, you’d want private addresses on the lower left, and public on the link between routers.
      Wendell

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories