Senior Acquisitions Editor: Kenyon Brown Development Editor: Kim Wimpsett

Lab_B#

config t

Lab_B(config)#

router rip

Lab_B(config-router)#

network 192.168.30.0

Lab_B(config-router)#

network 192.168.20.0

4.  On Lab_C, configure RIP routing:

Lab_C#

config t

Lab_C(config)#

router rip

Lab_C(config-router)#

network 192.168.30.0

5.  On the ISP router, configure a default route to the corporate network:

ISP#

config t

ISP(config)#

ip route 0.0.0.0 0.0.0.0 s0

6.  Configure the ISP router so you can telnet into the router without

being prompted for a password:

ISP#

config t

ISP(config)#

line vty 0 4

ISP(config-line)#

no login

7.  Verify that you can ping from the ISP router to the Lab_C router and

from the Lab_C router to the ISP router. If you cannot, troubleshoot

your network.

Lab 13.2: Configuring Dynamic NAT

In this lab, you’ll configure dynamic NAT on the Lab_A router.

1.  Create a pool of addresses called GlobalNet on the Lab_A router. The

pool should contain a range of addresses of 171.16.10.50 through

171.16.10.55.

Lab_A(config)#

ip nat pool GlobalNet 171.16.10.50 171.16.10.55

net 255.255.255.0

2.  Create access list 1. This list permits traffic from the 192.168.20.0 and

192.168.30.0 network to be translated.

Lab_A(config)#

access-list 1 permit 192.168.20.0 0.0.0.255

Lab_A(config)#

access-list 1 permit 192.168.30.0 0.0.0.255

3.  Map the access list to the pool that was created.

Lab_A(config)#

ip nat inside source list 1 pool GlobalNet

4.  Configure serial 0/0 as an inside NAT interface.

Lab_A(config)#

int s0/0

Lab_A(config-if)#

ip nat inside

5.  Configure serial 0/2 as an outside NAT interface.

Lab_A(config-if)#

int s0/2

Lab_A(config-if)#

ip nat outside

6.  Move the console connection to the Lab_C router. Log in to the Lab_C

router. Telnet from the Lab_C router to the ISP router.

Lab_C#

telnet 171.16.10.1

7.  Move the console connection to the Lab_B router. Log in to the

Lab_B router. Telnet from the Lab_B router to the ISP router.

Lab_B#

telnet 171.16.10.1

8.  Execute the command

show users

from the ISP router. (This shows

who is accessing the VTY lines.)

ISP#

show users

a.  What does it show as your source IP address?

________________

b.  What is your real source IP address?__________________

The

show users

output should look something like this:

ISP>

sh users

Line User Host(s) Idle

Location

0 con 0 idle 00:03:32

2 vty 0 idle 00:01:33

171.16.10.50

* 3 vty 1 idle 00:00:09

171.16.10.51

Interface User Mode Idle Peer

Address

ISP>

Notice that there is a one-to-one translation. This

means you must have a real IP address for every host that

wants to get to the Internet, which is not typically possible.

9.  Leave the session open on the ISP router and connect to Lab_A. (Use

Ctrl+Shift+6, let go, and then press X.)

10.  Log in to your Lab_A router and view your current translations by

entering the

show ip nat translations

command. You should see

something like this:

Lab_A#

sh ip nat translations

Pro Inside global Inside local Outside local

Outside global

--- 171.16.10.50 192.168.30.2 --- ---

--- 171.16.10.51 192.168.20.2 --- ---

Lab_A#

11.  If you turn on

debug ip nat

on the Lab_A router and then ping

through the router, you will see the actual NAT process take place,

which will look something like this:

00:32:47: NAT*: s=192.168.30.2->171.16.10.50, d=171.16.10.1 [5]

00:32:47: NAT*: s=171.16.10.1, d=171.16.10.50->192.168.30.2

Lab 13.3: Configuring PAT

In this lab, you’ll configure PAT on the Lab_A router. We will use PAT

because we don’t want a one-to-one translation, which uses just one IP

address for every user on the network.

1.  On the Lab_A router, delete the translation table and remove the

dynamic NAT pool.

Lab_A#

clear ip nat translations *

Lab_A#

config t

Lab_A(config)#

no ip nat pool GlobalNet 171.16.10.50

171.16.10.55 netmask 255.255.255.0

Lab_A(config)#

no ip nat inside source list 1 pool GlobalNet

2.  On the Lab_A router, create a NAT pool with one address called

Lammle. The pool should contain a single address, 171.16.10.100.

Enter the following command:

Lab_A#

config t

Lab_A(config)#

ip nat pool Lammle 171.16.10.100 171.16.10.100

net 255.255.255.0

3.  Create access list 2. It should permit networks 192.168.20.0 and

192.168.30.0 to be translated.

Lab_A(config)#

access-list 2 permit 192.168.20.0 0.0.0.255

Lab_A(config)#

access-list 2 permit 192.168.30.0 0.0.0.255

4.  Map access list 2 to the new pool, allowing PAT to occur by using the

overload

command.

Lab_A(config)#

ip nat inside source list 2 pool Lammle overload

5.  Log in to the Lab_C router and telnet to the ISP router; also, log in to

the Lab_B router and telnet to the ISP router.

6.  From the ISP router, use the

show users

command. The output should

look like this:

ISP>

sh users

Line User Host(s) Idle

Location

* 0 con 0 idle 00:00:00

2 vty 0 idle 00:00:39

171.16.10.100

4 vty 2 idle 00:00:37

171.16.10.100

Interface User Mode Idle Peer Address

ISP>

7.  From the Lab_A router, use the

show ip nat translations

command.

Lab_A#

sh ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 171.16.10.100:11001 192.168.20.2:11001 171.16.10.1:23

171.16.10.1:23

tcp 171.16.10.100:11002 192.168.30.2:11002 171.16.10.1:23

171.16.10.1:23

8.  Also make sure the

debug ip nat

command is on for the Lab_A

router. If you ping from the Lab_C router to the ISP router, the output

will look like this:

01:12:36: NAT: s=192.168.30.2->171.16.10.100, d=171.16.10.1 [35]

01:12:36: NAT*: s=171.16.10.1, d=171.16.10.100->192.168.30.2

[35]

01:12:36: NAT*: s=192.168.30.2->171.16.10.100, d=171.16.10.1

[36]

01:12:36: NAT*: s=171.16.10.1, d=171.16.10.100->192.168.30.2

[36]

01:12:36: NAT*: s=192.168.30.2->171.16.10.100, d=171.16.10.1

[37]

01:12:36: NAT*: s=171.16.10.1, d=171.16.10.100->192.168.30.2

[37]

01:12:36: NAT*: s=192.168.30.2->171.16.10.100, d=171.16.10.1

[38]

01:12:36: NAT*: s=171.16.10.1, d=171.16.10.100->192.168.30.2

[38]

01:12:37: NAT*: s=192.168.30.2->171.16.10.100, d=171.16.10.1

[39]

01:12:37: NAT*: s=171.16.10.1, d=171.16.10.100->192.168.30.2

[39]

Review Questions

The following questions are designed to test your

understanding of this chapter’s material. For more information on

how to get additional questions, please see

www.lammle.com/ccna

.

You can find the answers to these questions in Appendix B, “Answers to

Review Questions.”

1.  Which of the following are disadvantages of using NAT? (Choose

three.)

A.  Translation introduces switching path delays.

B.  NAT conserves legally registered addresses.

C.  NAT causes loss of end-to-end IP traceability.

D.  NAT increases flexibility when connecting to the Internet.

E.  Certain applications will not function with NAT enabled.

F.  NAT reduces address overlap occurrence.

2.  Which of the following are advantages of using NAT? (Choose three.)

A.  Translation introduces switching path delays.

B.  NAT conserves legally registered addresses.

C.  NAT causes loss of end-to-end IP traceability.

D.  NAT increases flexibility when connecting to the Internet.

E.  Certain applications will not function with NAT enabled.

F.  NAT remedies address overlap occurrence.

3.  Which command will allow you to see real-time translations on your

router?

A.

show ip nat translations

B.

show ip nat statistics

C.

debug ip nat

D.

clear ip nat translations *

4.  Which command will show you all the translations active on your

router?

A.

show ip nat translations

B.

show ip nat statistics

C.

debug ip nat

D.

clear ip nat translations *

5.  Which command will clear all the translations active on your router?

A.

show ip nat translations

B.

show ip nat statistics

C.

debug ip nat

D.

clear ip nat translations *

6.  Which command will show you the summary of the NAT

configuration?

A.

show ip nat translations

B.

show ip nat statistics

C.

debug ip nat

D.

clear ip nat translations *

7.  Which command will create a dynamic pool named Todd that will

provide you with 30 global addresses?

A.

ip nat pool Todd 171.16.10.65 171.16.10.94 net

255.255.255.240

B.

ip nat pool Todd 171.16.10.65 171.16.10.94 net

255.255.255.224

C.

ip nat pool todd 171.16.10.65 171.16.10.94 net

255.255.255.224

D.

ip nat pool Todd 171.16.10.1 171.16.10.254 net 255.255.255.0

8.  Which of the following are methods of NAT? (Choose three.)

A.  Static

B.  IP NAT pool

C.  Dynamic

D.  NAT double-translation

E.  Overload

9.  When creating a pool of global addresses, which of the following can

be used instead of the

netmask

command?

A.

/

(slash notation)

B.

prefix-length

C.

no mask

D.

block-size

10.  Which of the following would be a good starting point for

troubleshooting if your router is not translating?

A.  Reboot.

B.  Call Cisco.

C.  Check your interfaces for the correct configuration.

D.  Run the

debug all

command.

11.  Which of the following would be good reasons to run NAT? (Choose

three.)

A.  You need to connect to the Internet and your hosts don’t have

globally unique IP addresses.

B.  You change to a new ISP that requires you to renumber your

network.

C.  You don’t want any hosts connecting to the Internet.

D.  You require two intranets with duplicate addresses to merge.

12.  Which of the following is considered to be the inside host’s address

after translation?

A.  Inside local

B.  Outside local

C.  Inside global

D.  Outside global

13.  Which of the following is considered to be the inside host’s address

before translation?

A.  Inside local

B.  Outside local

C.  Inside global

D.  Outside global

14.  By looking at the following output, determine which of the following

commands would allow dynamic translations?

Router#

show ip nat trans

Pro Inside global Inside local Outside local Outside

global

--- 1.1.128.1 10.1.1.1 --- ---

--- 1.1.130.178 10.1.1.2 --- ---

--- 1.1.129.174 10.1.1.10 --- ---

--- 1.1.130.101 10.1.1.89 --- ---

--- 1.1.134.169 10.1.1.100 --- ---

--- 1.1.135.174 10.1.1.200 --- ---

A.

ip nat inside source pool todd 1.1.128.1 1.1.135.254 prefix-

length 19

B.

ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 19

C.

ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 18

D.

ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 21

15.  Your inside locals are not being translated to the inside global

addresses. Which of the following commands will show you if your

inside globals are allowed to use the NAT pool?

ip nat pool Corp 198.18.41.129 198.18.41.134 netmask

255.255.255.248

ip nat inside source list 100 int s0/0 Corp overload

A.

debug ip nat

B.

show access-list

C.

show ip nat translation

D.

show ip nat statistics

16.  Which command would you place on the interface of a private

network?

A.

ip nat inside

B.

ip nat outside

C.

ip outside global

D.

ip inside local

17.  Which command would you place on an interface connected to the

Internet?

A.

ip nat inside

B.

ip nat outside

C.

ip outside global

D.

ip inside local

18.  Port Address Translation is also called what?

A.  NAT Fast

B.  NAT Static

C.  NAT Overload

D.  Overloading Static

19.  What does the asterisk (*) represent in the following output?

NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1]

A.  The packet was destined for a local interface on the router.

B.  The packet was translated and fast-switched to the destination.

C.  The packet attempted to be translated but failed.

D.  The packet was translated but there was no response from the

remote host.

20.  Which of the following needs to be added to the configuration to

enable PAT?

ip nat pool Corp 198.18.41.129 198.18.41.134 netmask

255.255.255.248

access-list 1 permit 192.168.76.64 0.0.0.31

A.

ip nat pool inside overload

B.

ip nat inside source list 1 pool Corp overload

C.

ip nat pool outside overload

D.

ip nat pool Corp 198.41.129 net 255.255.255.0 overload

Chapter 14

Internet Protocol Version 6 (IPv6)

THE FOLLOWING ICND1 EXAM TOPICS ARE

COVERED IN THIS CHAPTER:

1.11 Identify the appropriate IPv6 addressing scheme to

satisfy addressing requirements in a LAN/WAN

environment

1.12 Configure, verify, and troubleshoot IPv6 addressing

1.13 Configure and verify IPv6 Stateless Address Auto

Configuration

1.14 Compare and contrast IPv6 address types

1.14.a Global unicast

1.14.b Unique local

1.14.c Link local

1.14.d Multicast

1.14.e Modified EUI 64

1.14.f Autoconfiguration

1.14.g Anycast

3.6 Configure, verify, and troubleshoot IPv4 and IPv6

static routing

3.6.a Default route

We’ve covered a lot of ground in this book, and

though the journey has been tough at times, it’s been well worth it! But

our networking expedition isn’t quite over yet because we still have the

vastly important frontier of IPv6 to explore. There’s still some expansive

territory to cover with this sweeping new subject, so gear up and get

ready to discover all you need to know about IPv6. Understanding IPv6 is

vital now, so you’ll be much better equipped and prepared to meet today’s

real-world networking challenges as well as to ace the exam. This final

chapter is packed and brimming with all the IPv6 information you’ll need

to complete your Cisco exam trek successfully, so get psyched—we’re in

the home stretch!

I probably don’t need to say this, but I will anyway because I really want

to go the distance and do everything I can to ensure that you arrive and

achieve . . . You absolutely must have a solid hold on IPv4 by now, but if

you’re still not confident with it, or feel you could use a refresher, just

page back to the chapters on TCP/IP and subnetting. And if you’re not

crystal clear on the address problems inherent to IPv4, you really need to

review Chapter 13, “Network Address Translation (NAT)”, before we

decamp for this chapter’s IPv6 summit push!

People refer to IPv6 as “the next-generation Internet protocol,” and it was

originally created as the solution to IPv4’s inevitable and impending

address-exhaustion crisis. Though you’ve probably heard a thing or two

about IPv6 already, it has been improved even further in the quest to

bring us the flexibility, efficiency, capability, and optimized functionality

that can effectively meet our world’s seemingly insatiable thirst for ever-

evolving technologies and increasing access. The capacity of its

predecessor, IPv4, pales wan and ghostly in comparison, which is why

IPv4 is destined to fade into history completely, making way for IPv6 and

the future.

The IPv6 header and address structure has been completely overhauled,

and many of the features that were basically just afterthoughts and

addenda in IPv4 are now included as full-blown standards in IPv6. It’s

power-packed, well equipped with robust and elegant features, poised

and prepared to manage the mind-blowing demands of the Internet to

come!

After an introduction like that, I understand if you’re a little

apprehensive, but I promise—really—to make this chapter and its VIP

topic pretty painless for you. In fact, you might even find yourself actually

enjoying it—I definitely did! Because IPv6 is so complex, while still being

so elegant, innovative, and powerful, it fascinates me like some weird

combination of a sleek, new Aston Martin and a riveting futuristic novel.

Hopefully you’ll experience this chapter as an awesome ride and enjoy

reading it as much as I did writing it!

To find up-to-the-minute updates for this chapter, please see

www.lammle.com/ccna

or the book’s web page at

www.sybex.com/go/ccna

.

Why Do We Need IPv6?

Well, the short answer is because we need to communicate and our

current system isn’t really cutting it anymore. It’s kind of like the Pony

Express trying to compete with airmail! Consider how much time and

effort we’ve been investing for years while we scratch our heads to

resourcefully come up with slick new ways to conserve bandwidth and IP

addresses. Sure, variable length subnet masks (VLSMs) are wonderful

and cool, but they’re really just another invention to help us cope while

we desperately struggle to overcome the worsening address drought.

I’m not exaggerating, at all, about how dire things are getting, because it’s

simply reality. The number of people and devices that connect to

networks increases dramatically each and every day, which is not a bad

thing. We’re just finding new and exciting ways to communicate to more

people, more often, which is good thing. And it’s not likely to go away or

even decrease in the littlest bit, because communicating and making

connections are, in fact, basic human needs—they’re in our very nature.

But with our numbers increasing along with the rising tide of people

joining the communications party increasing as well, the forecast for our

current system isn’t exactly clear skies and smooth sailing. IPv4, upon

which our ability to do all this connecting and communicating is

presently dependent, is quickly running out of addresses for us to use.

IPv4 has only about 4.3 billion addresses available—in theory—and we

know that we don’t even get to use most of those! Sure, the use of

Classless Inter-Domain Routing (CIDR) and Network Address

Translation (NAT) has helped to extend the inevitable dearth of

addresses, but we will still run out of them, and it’s going to happen

within a few years. China is barely online, and we know there’s a huge

population of people and corporations there that surely want to be. There

are myriad reports that give us all kinds of numbers, but all you really

need to think about to realize that I’m not just being an alarmist is this:

there are about 7 billion people in the world today, and it’s estimated that

only just over 10 percent of that population is currently connected to the

Internet—wow!

That statistic is basically screaming at us the ugly truth that based on

IPv4’s capacity, every person can’t even have a computer, let alone all the

other IP devices we use with them! I have more than one computer, and

it’s pretty likely that you do too, and I’m not even including phones,

laptops, game consoles, fax machines, routers, switches, and a mother

lode of other devices we use every day into the mix! So I think I’ve made

it pretty clear that we’ve got to do something before we run out of

addresses and lose the ability to connect with each other as we know it.

And that “something” just happens to be implementing IPv6.

Yüklə 22,5 Mb.

Dostları ilə paylaş: