Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

R&S Ess Ch 11 Inst

advertisement 
R&S 2 Essentials Ch 11
Network Address Translation
11.0.1.1
All public Internet addresses must be
registered with what?
11.1.1.1
What is a private address?
What are the private internet addresses as
defined in RFC1918? Include their CIDR
prefix.
Without a translation system, private hosts
behind a router in the network of one
organization cannot connect with private
hosts behind a router in other organizations
over the Internet. How is this overcome?
Describe the NATs basic operation.
11.1.1.2
Where does NAT typically operate?
11.1.1.3
What is the inside network? Outside
network?
Describe the four types of NAT addresses.
11.1.2.2
Describe Dynamic NAT.
11.1.2.1
Describe Static NAT.
11.1.2.3
Describe NAT overloading.
CCNA EXP 4
A Regional Internet Registry (RIR).
Class A: 10.0.0.0 - 10.255.255.255 10.0.0.0/8
Class B: 172.16.0.0 - 172.31.255.255 172.16.0.0/12
Class C: 192.168.0.0 - 192.168.255.255 192.168.0.0/16
Network Address Translation (NAT)
NAT-enabled routers retain one or many valid Internet IP
addresses outside of the network. When the client sends
packets out of the network, NAT translates the internal IP
address of the client to an external address. To outside users,
all traffic coming to and going from the network has the
same IP address or is from the same pool of addresses.
At the border of a stub network. .A stub network is a
network that has a single connection to its neighbor network.
The inside network is the set of networks that are subject to
translation. The outside network refers to all other
addresses.
Inside local address - Usually not an IP address assigned by a
RIR or service provider and is most likely an RFC 1918 private
address.
Inside global address - Valid public address that the inside
host is given when it exits the NAT router.
Outside global address - Valid public IP address assigned to a
host on the Internet.
Outside local address - The local IP address assigned to a
host on the outside network. In most situations, this address
will be identical to the outside global address of that outside
device.
Uses a pool of public addresses and assigns them on a firstcome, first-served basis. When a host with a private IP
address requests access to the Internet, dynamic NAT
chooses an IP address from the pool that is not already in use
by another host.
Uses a one-to-one mapping of local and global addresses,
and these mappings remain constant. Static NAT is
particularly useful for web servers or hosts that must have a
consistent address that is accessible from the Internet. These
internal hosts may be enterprise servers or networking
devices.
It maps multiple private IP addresses to a single public IP
address or a few addresses.
CH.7 IP Addressing Services
APRIL 2009
What is another name for NAT overloading?
How does PAT track the mappings?
11.1.2.4
What happens if a source port is already
used?
11.1.2.5
Compare & contrast NAT & PAT.
11.1.3.1
What are the advantages of NAT?
11.1.3.2
What are the disadvantages of NAT?
11.2.1.1
What are the steps to configuring Static
NAT?
CCNA EXP 4
Port Address Translation or PAT
Multiple addresses can be mapped to one or to a few
addresses because each private address is also tracked by a
port number.
NAT overload attempts to preserve the original source port.
However, if this source port is already used, NAT overload
assigns the first available port number starting from the
beginning of the appropriate port group 0-511, 512-1023, or
1024-65535. When there are no more ports available and
there is more than one external IP address configured, NAT
overload moves to the next IP address to try to allocate the
original source port again. This process continues until it runs
out of available ports and external IP addresses.
NAT generally only translates IP addresses on a 1:1
correspondence between publicly exposed IP addresses and
privately held IP addresses. PAT modifies both the private IP
address and port number of the sender. PAT chooses the port
numbers seen by hosts on the public network.
NAT routes incoming packets to their inside destination by
referring to the incoming source IP address given by the host
on the public network. With PAT, there is generally only one
or a very few publicly exposed IP addresses. Incoming
packets from the public network are routed to their
destinations on the private network by referring to a table in
the PAT device that tracks public and private port pairs. This
is called connection tracking.
 Conserves the legally registered addressing scheme
 Increases the flexibility of connections to the public
network
 Provides consistency for internal network addressing
schemes.
 Provides network security
 Performance is degraded
 End-to-end functionality is degraded
 End-to-end IP traceability is lost
 Tunneling is more complicated
 Initiating TCP connections can be disrupted
 Architectures need to be rebuilt to accommodate
changes
CH.7 IP Addressing Services
APRIL 2009
11.2.1.3
11.2.2.2
CCNA EXP 4
What commands verify NAT functuality?
What are the steps to configuring Dynamic
NAT?
CH.7 IP Addressing Services
APRIL 2009
11.2.2.4
11.2.3.2
How is dynamic NAT verified?
What are the steps to configuring NAT
Overload for a Single Public IP Address?
Same Way
What are the steps to configuring NAT
Overload for a Pool of Public IP Addresses?
11.2.4.1
What is port forwarding?
Describe the operation of port forwarding.
11.2.4.3
11.3.1.X
CCNA EXP 4
In the command ip nat inside source static
tcp 192.168.10.254 80 209.165.200.225 80
a. To what does the addr
192.168.10.254 refer?
b. What othe commands must be
added to finish port forwarding?
What must you do Before using the show
commands to verify NAT?
Port forwarding (sometimes referred to as tunneling) is the
act of forwarding a network port from one network node to
another. This technique can allow an external user to reach a
port on a private IP address (inside a LAN) from the outside
through a NAT-enabled router.
Port forwarding allows users on the Internet to access
internal servers by using the WAN port address and the
matched external port number. When users send these types
of requests to your WAN port IP address via the Internet, the
router forwards those requests to the appropriate servers on
your LAN.
Clear any dynamic translation entries that might still be
present.
CH.7 IP Addressing Services
APRIL 2009
What command displays the details of the
NAT assignments? How can you see
additional information about each
translation?
What command displays information about
the total number of active translations, NAT
configuration parameters, how many
addresses are in the pool, and how many
have been allocated?
By default, when do translation entries
time-out?
How can you change the time-out?
What command clears all translations from
the NAT table?
What are the steps to verify that NAT is
operating as expected?
11.2.5.2
CCNA EXP 4
What command is used to verify the
operation of the NAT feature by displaying
information about every packet that is
translated by the router?
What command generates a description of
each packet considered for translation and
outputs information about certain errors or
exception conditions, such as the failure to
allocate a global address?
Describe the IPv6 Address es that start with
FC00-FDFF.
Use the clear ip nat translation global command.
The show ip nat translations command.
Adding verbose to the command displays additional
information about each translation.
The show ip nat statistics command.
After 24 hours.
Use the ip nat translation timeout timeout_seconds
command in global configuration mode.
The clear ip nat translation * global command.
Step 1. Based on the configuration, clearly define what NAT is
supposed to achieve. This may reveal a problem with the
configuration.
Step 2. Verify that correct translations exist in the translation
table using the show ip nat translations command.
Step 3. Use the clear and debug commands to verify that NAT
is operating as expected. Check to see if dynamic entries are
recreated after they are cleared.
Step 4. Review in detail what is happening to the packet, and
verify that routers have the correct routing information to
move the packet.
The debug ip nat command.
The debug ip nat detailed command.
IPv6 addresses use colons to separate entries in a series of
16-bit hexadecimal.
CH.7 IP Addressing Services
APRIL 2009
Related documents
Operating Systems - Shawlands Academy
Operating Systems - Shawlands Academy
File - DIVISION OF MALABON CITY
File - DIVISION OF MALABON CITY
Chapter 8
Chapter 8
Department of Computing Studies
Department of Computing Studies
Causes of the Civil War
Causes of the Civil War
Chp. 4b - Cisco Networking Academy
Chp. 4b - Cisco Networking Academy
Network Address Translation
Network Address Translation
Using NAT as a layer of defense
Using NAT as a layer of defense
Download
advertisement