Cisco^® CCNA-ICND2^™ Exam Notes

C. NAT
1.1. NAT allows several hosts be connected to Internet by using fewer globally unique IP addresses. This in turn results in conserving the scarce public IP addresses. The terms public / global is used in the sense that the IP addresses are globally unique and officially registered. 
2. NAT supports load sharing on inside machines. The inside machines are accessed in a round robin fashion, thus sharing load. 
3. NAT offers some degree of security since IP addresses are not easily traceable. This is because, the actual host IP that is accessing the Internet is translated into outside IP address and vice versa. Thus, NAT offers protection against hacking. 
4. One disadvantage of NAT is that it increases delay. This is obvious since address translation is involved.
5. Another disadvantage of NAT is that, when an application uses physical IP address, it may not function properly. This is because the physical IP address is changed by NAT.

2. NAT (Network Address Translation) can be broadly classified as below: 

1. Static NAT: Static NAT maps an unregistered IP address to registered IP (globally unique) addresses on one-to-one basis. The command used for this purpose is: ip nat inside source static <local-ip> <global-ip>, where, <local-ip> is the local IP address assigned to a host on the inside network. <global-ip> is the globally unique IP address of an inside host as it appears to the outside world. 
2. Dynamic NAT: Maps an unregistered IP address to a registered (globally unique) IP address from a group of registered (globally unique) IP addresses. 
3. Overloading - A special case of dynamic NAT that maps multiple unregistered IP addresses to a single registered (globally unique) IP address by using different port numbers. Dynamic NAT with overloading is also known also as PAT (Port Address Translation). 
4. Overlapping - This occurs when your internal IP addresses belong to global IP address range that belong to another network. In such case, the internal IP addresses need to be hidden from the outside network to prevent duplication. NAT overlapping allows the use of internal global addresses by mapping them to globally unique IP addresses using static or dynamic NAT.

3. The correct syntax for enabling dynamic NAT to translate many inside hosts to an inside global IP address is: ip nat inside source list <access-list-number> pool <pool-name> overload where <access-list-number> is the standard access list number, and <pool-name> is the pool name. Note that the option 'overload' specifies many to one relationship. This configuration is typically used when many hosts with private IP addresses need to access Internet through a specified globally unique IP address.

4. Enable dynamic NAT on an interface include the following: 

1. Defining a standard IP access-list using the command: access-list <access-list-number> {permit | deny} <local-ip-address> 
2. Defining an IP NAT pool for the inside network using the command: ip nat pool <pool-name> <start-ip> <end-ip> {netmask <net-mask> | prefix-length <prefix-length>} [type-rotary] Note that type-rotary is optional command. It indicates that the IP address range in the address pool identifies hosts among which TCP load is distributed. 
3. Mapping the access-list to the IP NAT pool by using the command: ip nat inside source list <access-list-number> pool <pool-name> 
4. Enabling NAT on at least one inside and one outside interface using the command: ip nat {inside | outside}

Previous  Up  Next