CCNA LAB 48: Configuring Pool-based Port Address Translation

小乔

Lab Objective:
The objective of this lab exercise is for you to learn and understand how to configure pool-based PAT.

Lab Purpose:
PAT configuration is a fundamental skill. PAT provides many-to-one translation using random port numbers. This means that multiple inside hosts can use the same outside address to communicate with external devices, while hiding their private IP addresses. Like dynamic NAT, PAT works in one direction only: from the inside to the outside. Pool-based PAT translates all private IP addresses to the outside interface on the router. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure pool-based Port Address Translation.

Certification Level:
This lab is suitable for CCNA certification exam preparation.

Lab Difficulty:
This lab has a difficulty rating of 8/10.

Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 10 minutes.

Lab Topology:
Please use the following topology to complete this lab exercise:




Task 1:
Configure the hostnames on R1, R2, and Sw1 as illustrated in the topology.

Task 2:
Configure R1 S0/0, which is a DCE, to provide a clock rate of 256 Kbps to R2. Configure the IP addresses on the Serial interfaces of R1 and R2 as illustrated in the topology.

Task 3:
Configure VLAN50, named NAT_VLAN, on Sw1. Assign the FastEthernet0/2 interface on Sw1 to this VLAN. Also, configure R1 to allow Telnet access using the password CISCO.


Task 4:
Configure interface VLAN50 on Sw1 and assign it the IP address illustrated in the topology. The default gateway on Sw1 should be 10.2.2.2. Next, configure interface FastEthernet0/0 on R2 and assign it the IP address illustrated in the topology.

Task 5:
Test connectivity by pinging from R1 to R2 and pinging from R2 to Sw1. These should all be successful. However, since R1 does not know about the 10.2.2.0/27 subnet, Sw1 will not be able to ping R1, or vice versa.

Task 6:
Create an ACL to permit all IP traffic from the 10.2.2.0/27 subnet to the 192.168.254.0/29 subnet. You can create either a named or numbered ACL to complete this task.

Task 7:
Configure R2 F0/0 as the inside interface for NAT and S0/0 as the outside interface for NAT. Next, configure a pool called PAT-POOL to be used for PAT translation. This pool should have both a single starting and ending IP address of 192.168.254.4. Use the same subnet mask as that of S0/0 for this pool.


Task 8:
Configure PAT on R2 to translate traffic specified in the ACL configured in Task 6 to the pool named PAT-POOL. Telnet from Sw1 to R1. If you have configured PAT correctly, this should work. The same applies for pings from Sw1 or the Fa0/0 interface of R2 to R1.

Task 9:
Check the NAT translation table on R2 using the show ip nat translations command.

Configuration and Verification
Task 1:
For reference information on configuring hostnames, please refer to earlier labs.

Task 2:
For reference information on configuring DCE clocking and IP addressing, please refer to earlier labs.


Task 3:
For reference information on configuring and verifying VLANs and Telnet, please refer to earlier labs.

Task 4:
For reference information on configuring IP interfaces, please refer to earlier labs.

Task 5:
For reference information on configuring pinging, please refer to earlier labs.

Task 6:
R2#config t
Enter configuration commands, one per line.  End with CTRL/Z.
R2(config)#ip access-list extended NAT-ACL
R2(config-ext-nacl)#remark “NAT Traffic from 10.2.2.0/27 To 192.168.254.0/29”
R2(config-ext-nacl)#permit ip 10.2.2.0 0.0.0.31 192.168.254.0 0.0.0.7
R2(config-ext-nacl)#^Z
R2#
Task 7:
R2#conf t
Enter configuration commands, one per line.  End with CTRL/Z.
R2(config)#int fa0/0
R2(config-if)#ip nat inside
R2(config-if)#exit
R2(config)#int s0/0
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#ip nat pool PAT-POOL 192.168.254.4 192.168.254.4 netmask
255.255.255.240
R2(config)#end
R2#
Task 8:
R2#conf t
Enter configuration commands, one per line.  End with CTRL/Z.
R2(config)#ip nat inside source list NAT-ACL pool PAT-POOL overload
R2(config)#end
R2#
NOTE: Again, do not forget to issue the overload keyword when configuring NAT overload/PAT.


Sw1#ping 192.168.254.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms

Sw1#telnet 192.168.254.1
Trying 192.168.254.1 ... Open

User Access Verification

Password:
R1#
Task 9:
R2#show ip nat translations
Pro Inside global     Inside local    Outside local     Outside global
icmp 192.168.254.2:4813 10.2.2.4:4813     192.168.254.1:4813 192.168.254.1:4813
icmp 192.168.254.2:4814 10.2.2.4:4814     192.168.254.1:4814 192.168.254.1:4814
icmp 192.168.254.2:4815 10.2.2.4:4815     192.168.254.1:4815 192.168.254.1:4815
icmp 192.168.254.2:4816 10.2.2.4:4816     192.168.254.1:4816 192.168.254.1:4816
icmp 192.168.254.2:4817 10.2.2.4:4817     192.168.254.1:4817 192.168.254.1:4817
tcp 192.168.254.2:12801 10.2.2.4:12801    192.168.254.1:23   192.168.254.1:23
R2#
R2#show ip nat statistics
Total active translations: 6 (0 static, 6 dynamic; 6 extended)
Outside interfaces:
Serial0/0
Inside interfaces:
FastEthernet0/0
Hits: 250  Misses: 40
Expired translations: 32
Dynamic mappings:
-- Inside Source
[Id: 3] access-list 140 interface Serial0/0 refcount 6
[Id: 4] access-list NAT-ACL pool PAT-POOL refcount 0
pool PAT-POOL: netmask 255.255.255.248
     start 192.168.254.4 end 192.168.254.4
     type generic, total addresses 1, allocated 0 (0%), misses 0

来源: CCNA LAB39: Configuring and Applying Extended Named ACLs Inbound
来源: CCNA LAB40: Configuring and Applying Extended Numbered ACLs
来源: CCNA LAB41: Restricting Inbound Telnet Access Using Extended ACLs
来源: CCNA LAB42: Debugging Network Traffic Using Extended ACLs
来源: CCNA LAB43: ACL Sequence Numbers
来源: CCNA LAB 44: Logging ACL Matches
来源: CCNA LAB 45: Configuring Static Network Address Translation
来源: CCNA LAB 46: Configuring Dynamic Network Address Translation
来源: CCNA LAB 47: Configuring Interface-based Port Address Translation

yang11

welinker448