Cisco
NAT Overview for CCNA
Mar 27th
As I prepare for the CCNA, I collected all my various notes and have tried to put the highlights here for quick reference as my test date approaches.
3 Types of NAT:
- Dynamic NAT – might be used between networks with overlapping address schemes. This is the least common form of NAT.
- NAT Overload / Port Address Translation (PAT)
- Static NAT – straight “one-to-one” Private to Public IP address translation.
Configure NAT Overload with the CLI (3 steps)
- Label the interfaces
- Identify the internal IP addresses to be translated (with ACL)
- Enable NAT overload
LABEL INTERFACES
router1#config t
router1(config)#int gi0/0
router1(config-if)#ip nat inside
router1(config-if)#
router1(config-if)#int gi0/1
router1(config-if)#ip nat outside
router1(config-if)#
router1(config-if)#exit
router1(config)#
Identify Internal addresses to be translated (with ACL)
router1#config t
router1(config)#ip access-list standard NAT_ADDRESSES
router1(config-std-nacl)#permit 192.168.0.0 0.0.255.255
router1(config-std-nacl)#
router1(config-std-nacl)#exit
router1(config)#
*Make a note that the name of the ACL is totally up to you, I just used this for ease of identification.
Enable NAT Overload
router1#config t
router1(config)#ip nat inside source list NAT_ADDRESSES interface gi0/1 overload
router1(config)#
router1(config)#exit
That is it for configuring NAT Overload, just 3 easy steps (as long as you can remember the steps).
Static NAT configuration
The next common form of NAT, is the straight forward Static NAT. This is where we will simple link an inside IP address with a public IP address. In this next example I will map the inside address of 192.168.10.50 to the outside address of 68.110.171.99
router1#config t
router1(config)#ip nat inside source static 192.168.10.50 68.110.171.99
router1(config)#exit
router1#
How to make your Cisco router a terminal server
Jul 10th
On more than one occasion I have needed to access the console port of a switch, but I wasn’t physically there but I did have a router near the unit. You can easily setup your router to act as a Terminal server, allowing you to use a flat rolled cable between the Router’s AUX port and the switch’s CONSOLE port. First you need to properly configure your AUX port:
line aux 0
modem InOut
transport input all
stopbits 1
flowcontrol hardware
Now in order to use this feature, log into your router and do the following:
- from the command prompt enter: SHOW LINE
- Find the line number for AUX (in this example it is Line 5)
- Telnet to the IP address of the router you are logged into, but when you telnet you will need to indicate a specific port. That port is 2000 + the line number. So in this example your command would look like this: ‘telnet 172.17.10.1 2005′
- This will get you access to the remote device
- When you are finished with the session on the remote device break out with CTRL+ALT+6, followed by x one second later. If you by chance use SecureCRT for your Telnet sessions you can setup a key map that sends the following ASCII standard for that command ‘\036\px’. You can read more about this on VanDyke’s SecureCRT Forum.
- Once you are back in the original device you can return to the remote device by simply pressing the ENTER key.
- If you are finished with your remote session, you can issue a CLEAR command to close that connection. In this example the command would be ‘CLEAR LINE 5′
Helpful Cisco Documents
Jun 11th
I always need to look up features on different Cisco routers and switches. Cisco actually produces two documents that let you quickly see all the available models and associated features:
Configuring T1 WICs for a Home lab
Jun 3rd
I have a couple of routers as part of my home lab that I am using for my Cisco certification studies. One thing that I wanted to do was connect two routers together via their T1 WICs. There are two things you need to do:
- create a T1 crossover to connect the routers
- set the clock settings on each routers’ serial interface to simulate the T1
In another post I will put the details of making a T1 crossover cable, here is a simple example of the configuration you need to apply to each routers’ T1 serial interface.
**apply this to router #1**
ip address 192.168.1.1 255.255.255.248
encapsulation ppp
fair-queue
service-module t1 clock source internal
service-module t1 timeslots 1-24 speed 64
service-module t1 framing esf
service-module t1 linecode b8zs
no shut
**apply this to router #2**
ip address 192.168.1.2 255.255.255.248
encapsulation ppp
fair-queue
service-module t1 clock source internal
service-module t1 timeslots 1-24 speed 64
service-module t1 framing esf
service-module t1 linecode b8zs
no shut
How to find the port a device is plugged into
Jun 3rd
Have you ever needed to quickly find out which switch port a network device is plugged into and you only know the IP address of the device? You could always trace the cables in your data closet and drive yourself crazy or you could use a few simple commands on your switch and quickly find it.
sh ip arp | inc <ip address>
This will return the mac address
sh mac-address-table | inc <mac address>
This will return the switch port
If the IP address is on another switch, the port that is returned in the output will be for the trunked port that goes to the next “hop”. Go to the next switch and repeat.
sh run int <switch port>
This will return the config for that interface
Here is an example:
switch01#sh ip arp | inc 172.16.11.200
Internet 172.16.11.200 0 0080.a38a.10dc ARPA Vlan11
switch01#sh mac-address-table | inc 0080.a38a.10dc
11 0080.a38a.10dc dynamic ip GigabitEthernet3/3
switch01#sh run int gi3/3
Building configuration…
Current configuration : 152 bytes
!
interface GigabitEthernet3/3
description IBM APPLICATION SERVER
switchport access vlan 11
switchport mode access
qos trust dscp
spanning-tree portfast
end
switch01#
