Presentation is loading. Please wait.

Presentation is loading. Please wait.

NAT , Device Discovery Chapter 9 , chapter 10.

Published byPaul Fox Modified over 6 years ago

Similar presentations

Presentation on theme: "NAT , Device Discovery Chapter 9 , chapter 10."— Presentation transcript:

1 NAT , Device Discovery Chapter 9 , chapter 10

2 NAT - Network Address Translation
Chapter 9

3 What is NAT: There are not enough public IPv4 addresses to assign a unique address to each device connected to the Internet. To allow a device with a private IPv4 address to access devices and resources outside of the local network, the private address must first be translated to a public address. NAT combined with private IPv4 addresses, has proven to be a useful method of preserving public IPv4 addresses. A single, public IPv4 address can be shared by hundreds, even thousands of devices, each configured with a unique private IPv4 address.

4 What is NAT: its primary use is to conserve public IPv4 addresses. It does this by allowing networks to use private IPv4 addresses internally and providing translation to a public address only when needed.  NAT has an added benefit of adding a degree of privacy and security to a network, because it hides internal IPv4 addresses from outside networks. NAT-enabled routers can be configured with one or more valid public IPv4 addresses. These public addresses are known as the NAT pool.  When an internal device sends traffic out of the network, the NAT-enabled router translates the internal IPv4 address of the device to a public address from the NAT pool.

5 What is NAT:

6 NAT Terminology: NAT includes four types of addresses:
Inside local address Inside global address Outside local address Outside global address Inside address - The address of the device which is being translated by NAT. Outside address - The address of the destination device. Local address - A local address is any address that appears on the inside portion of the network. Global address - A global address is any address that appears on the outside portion of the network.

7 Types of NAT: Static address translation (static NAT) - One-to-one address mapping between local and global addresses. Dynamic address translation (dynamic NAT) - Many-to-many address mapping between local and global addresses. Port Address Translation (PAT) - Many-to-one address mapping between local and global addresses.

8 Static NAT: These mappings are configured by the network administrator and remain constant. Static NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions.

9 Dynamic NAT: Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. When an inside device requests access to an outside network, dynamic NAT assigns an available public IPv4 address from the pool. Similar to static NAT, dynamic NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions.

10 PAT: This method is also known as overloading (NAT overloading).
maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses. This is the most common form of NAT. With PAT, multiple addresses can be mapped to one or to a few addresses, because each private address is also tracked by a port number. 

11 PAT: Why use port on mapping:
Port Address Translation (PAT) tracks IP flows of internal hosts using port numbers. By using port numbers to track flows, PAT allows many users to share a single public IPv4 address. Port forwarding allows an external user to reach a service on a private IPv4 address that is located inside a LAN.

12 Configuration: Static NAT:
Router(config)# IP nat inside source static [local-ip] [glopal-ip] Router(config)# interface [inside-interface-number] Router(config-if)# ip nat inside Router(config)# interface [outside-interface-number] Router(config-if)# ip nat outside

13 Configuration: Static NAT: (EXAMPLE)

14 Configuration: Dynamic NAT:
Router(config)# ip nat pool [name] [start-ip] [end-ip] netmask [mask] Router(config)# access-list [access-list number] permit [source-ip] [wildcard] Router(config)# ip nat inside source list [access-list number] pool [name] Router(config)# interface [inside-interface-number] Router(config-if)# ip nat inside Router(config)# interface [outside-interface-number] Router(config-if)# ip nat outside

15 Configuration: Dynamic NAT: (EXAMPLE)

16 Configuration: PAT: Router(config)# ip nat pool [name] [start-ip] [end-ip] netmask [mask] Router(config)# access-list [access-list number] permit [source-ip] [wildcard] Router(config)# ip nat inside source list [access-list number] pool [name] overload Or Router(config)# ip nat inside source list [access-list number] interface [inside-interface-number] overload Router(config)# interface [inside-interface-number] Router(config-if)# ip nat inside Router(config)# interface [outside-interface-number] Router(config-if)# ip nat outside

17 Configuration: PAT: (EXAMPLE)

18 Configuration: Verifying :
show ip nat translations  show ip nat statistics

19 Advantages and Disadvantages of NAT

20 NAT and IPv6: IPv6 unique local addresses (ULA) are similar to private addresses in IPv4. ULAs are also known as local IPv6 addresses (not to be confused with IPv6 link- local addresses) and have several characteristics including: Independent of any ISP and can be used for communications within a site without having any Internet connectivity. Not routable across the Internet.

21 Device Discovery chapter 10

22 CDP Cisco Discovery Protocol (CDP) is a Cisco proprietary Layer 2 protocol that is used to gather information about Cisco devices which share the same data link. The show cdp neighbors command provides information on directly connected Cisco devices including Device ID, local interface, capability, platform, and port ID of the remote device. The show cdp neighbors command can be used to prove that Layer 1 and Layer 2 connectivity exists between two Cisco devices. For example, if two devices have duplicate IP addresses, a ping between the devices will fail, but the output of show cdp neighbors will be successful. The show cdp neighbors detail could be used to verify the IP address of the directly connected device in case the same IP address is assigned to the two routers.

23 CDP CDP is a Cisco-proprietary protocol that can be disabled globally by using the no cdp run global configuration command, or disabled on a specific interface, by using the no cdp enable interface configuration command. Because CDP operates at the data link layer, two or more Cisco network devices, such as routers can learn about each other even if Layer 3 connectivity does not exist. The show cdp neighbors detail command reveals the IP address of a neighboring device regardless of whether you can ping the neighbor.

24 NTP: Typically, the date and time settings on a router or switch can be set using one of two methods: Manually configure the date and time Configure the Network Time Protocol (NTP) This protocol allows routers on the network to synchronize their time settings with an NTP server. A group of NTP clients that obtain time and date information from a single source have more consistent time settings. 

25 NTP: With the show NTP associations command, the IP address of the NTP master is given. NTP networks use a hierarchical system of time sources. Each level in this hierarchical system is called a stratum. The stratum 1 devices are directly connected to the authoritative time sources. The ntp server ip-address global configuration command configures the NTP server for IOS devices.

26 Syslog: When certain events occur on a network, networking devices have trusted mechanisms to notify the administrator with detailed system messages. These messages can be either non-critical or significant.  The most common method of accessing system messages is to use a protocol called syslog. The syslog logging service provides three primary functions: The ability to gather logging information for monitoring and troubleshooting The ability to select the type of logging information that is captured The ability to specify the destinations of captured syslog messages

27 Syslog: popular destinations for syslog messages include:
Logging buffer (RAM inside a router or switch) Console line (By default, Cisco routers and switches send event messages to the console)  Terminal line Syslog server However, debug-level messages are only forwarded to the internal buffer and only accessible through the Cisco CLI.

28 Syslog:

29 Syslog: the format of syslog messages on the Cisco IOS Software is as follows: seq no: timestamp: %facility-severity-MNEMONIC: description Example: 0:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up

30 Syslog: Command: logging trap [level]
allows a network administrator to limit event messages that are being sent to a syslog server based on severity. Form the level and below.

31 IOS system files: Cisco Integrated Services Routers Generation Two (ISR G2) 1900, 2900, and 3900 Series support services on demand through the use of software licensing. When an order is placed for a new ISR G2 platform, the router is shipped with a single universal Cisco IOS Software image and a license. There are two types of universal images supported in ISR G2: Universal images with the “universalk9" designation in the image name: support strong cryptography Universal images with the “universalk9_npe" designation in the image name: does not support strong cryptography

32 IOS system files: Command: show flash0

33 TFTP: Cisco IOS Software images and configuration files can be stored on a central TFTP server. This helps to control the number of IOS images and the revisions to those IOS images, as well as the configuration files that must be maintained. Use for backup.

34 TFTP (configuration):
Before doing the backup, administrator should do these 2 things: Verify connectivity between the router and TFTP server using the ping command. Verify that there is enough flash memory for the new Cisco IOS image using the show flash command.

35 Boot system command: The boot system command is a global configuration command that allows the user to specify the source for the Cisco IOS Software image to load. Command: boot system [name of copy place flash / RAM / ROM / TFTP]

36 Software licensing: Cisco IOS Release 15.0 has four available technology software packages: IPBase DATA Unified Communications Security Having the IPBase license installed is a prerequisite for installing the other technology packs. A customer who purchases a software package will receive a Product Activation Key (PAK) that serves as a receipt and is used to obtain the license for the software package.

Download ppt "NAT , Device Discovery Chapter 9 , chapter 10."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling the Internet Connection.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling the Internet Connection.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 6 Configuring a Router/ Learning About Other Devices/ Managing Cisco IOS Software.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 6 Configuring a Router/ Learning About Other Devices/ Managing Cisco IOS Software.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Network Address Translation

Network Address Translation
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Cisco S2 C4 Router Components. Configure a Router You can configure a router from –from the console terminal (a computer connected to the router –through.

Cisco S2 C4 Router Components. Configure a Router You can configure a router from –from the console terminal (a computer connected to the router –through.

Similar presentations

Ads by Google