NAT Flashcards

Network Address Translation

1
Q

RFC ____ reserves certain ranges of IPv4 addresses for private use only

A

1918

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List the three private IPv4 address ranges

A

10.0.0.0 /8
172.16.0.0 /12
192.168.0.0 /16

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

T/F: Private addresses cannot be used over the internet

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

T/F: NAT allows all the devices on a single residential LAN to communicate over the internet via the same public IP address

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NAT is used to modify the ____ and/or ____ of packets

A

Source and/or destination IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

T/F: When a response comes back from the broader internet, and the router changes the destination IP address of a packet to match a previously source NAT’d packet, this isn’t destination NAT’ing

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Static NAT involves mapping _____ to _____

A

One private IP to one public IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An inside local IP address is:

A

The IP address of the host from the perspective of the LAN, AKA the address actually configured on the inside host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An inside global IP address is:

A

The IP address of the host from the perspective of outside hosts. AKA the address of the inside host AFTER NAT, usually a public IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T/F: Static NAT doesn’t really help conserve IP addresses, since it requires a public IP for each private IP anyway

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the command to mark an interface as being connected to the internal network

A

ip nat inside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the command to mark an interface as being connected to the external network

A

ip nat outside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the command to configure a 1-to-1 static NAT mapping

A

ip nat inside source static {inside-local-ip} {inside-external-ip}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the command to view NAT tables saved on the router?

A

sh ip nat translations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

T/F: When using static NAT, port numbers are also changed

A

F

Port numbers aren’t changed by static NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An outside local IP address is:

A

The ip address of the outside host, from the perspective of the LAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An outside global IP address is:

A

The IP address of the outside host, from the perspective of the outside network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

T/F: Unless destination NAT is used, outside local and outside global should always remain the same

A

T

Destination NAT is beyond the CCNA scope

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the command to clear all dynamic translations in the NAT table?

A

clear ip nat translation *

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

T/F: Each time static NAT entries are actually used, dynamic NAT entries are automatically added to the NAT table

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the command to view overview + counter information about NAT on a router

A

sh ip nat statistics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following commands will configure a static source NAT mapping of 192.168.10.10 to 203.0.113.10

a) ip nat inside source static 203.0.113.10 192.168.10.10
b) ip nat inside static source 192.168.10.10 203.0.113.10
c) ip nat source inside static 203.0.113.10 192.168.10.10
d) ip nat inside source static 192.168.10.10 203.0.113.10

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You have configured the following command on R1:
ip nat inside source static 10.0.0.1 20.0.0.1

What will happen when you issue the following command on R1:
ip nat inside source static 10.0.0.2 20.0.0.1

a) 10.0.0.1 and 10.0.0.2 will both be translated to 20.0.0.1
b) Only 10.0.0.1 will be translated to 20.0.0.1
c) Only 10.0.0.2 will be translated to 20.0.0.1
d) 20.0.0.1 will be translated to 10.0.0.1 or 10.0.0.2

A

B

If you have already statically NAT’d a private IP address to a public IP address, and you try to assign a second private IP to the same public IP, the command will be rejected

24
Q

Which of the following are private IPv4 addresses?

a) 10.254.255.0
b) 192.169.0.1
c) 172.32.1.22
d) 192.191.20.2
e) 172.20.2.3
f) 10.11.12.13

A

A, E, F

25
Q

Dynamic NAT involves a router mapping ____ to ____ as needed

A

Inside global, inside local

26
Q

T/F: Dynamic NAT involves a 1:1 mapping of an inside global to an inside local address

A

F

Dynamic NAT maps inside global to inside local addresses on an as-needed basis

27
Q

T/F: In Dynamic NAT, an ACL is used to identify which traffic should be translated

A

T

If the source IP is permitted by the ACL, the source IP will be translated

If the source IP is denied by the ACL, the source IP will not be translated, but the traffic will not be dropped

28
Q

A NAT pool is used to:

A

Define the available inside global addresses that can be used

29
Q

T/F: In dynamic NAT, although the mappings are dynamically assigned, they are still 1:1

A

T

30
Q

T/F: In dynamic NAT, mappings are dynamically assigned and are not 1:1

A

F

Mappings are still 1:1, one inside local IP per inside global

31
Q

Define NAT pool exhaustion

A

When there aren’t enough inside global IP addresses avaliable (= all are currently being used)

32
Q

T/F: If a packet from another inside host arrives and needs NAT, but there are no avaliable inside global addresses, the router will drop the packet

A

T

33
Q

T/F: Dynamic NAT entries will time out automatically if not used

A

T

34
Q

T/F: If a packet from another inside host arrives and needs NAT, but there are no avaliable inside global addresses, the router will store the packet and forward when one becomes avaliable

A

F

The router will drop the packet

35
Q

T/F: Dynamic NAT entries have to be manually cleared to free up space if they are not being used

A

F

Dynamic NAT entries have a timeout and will automatically be cleared if not used

36
Q

T/F: Static NAT mappings are permanent, while dynamic NAT mappings are temporary, but hosts are still unable to use the same public IP address at the same time

A

T

37
Q

T/F: Static NAT mappings are permanent, while dynamic NAT mappings are temporary, meaning that multiple host can use the same public IP address at the same time

A

F

Even with dynamic source NAT multiple hosts cannot use the same public IP address at the same time. PAT is required to facilitate this

38
Q

What is the command to define a NAT pool of inside global IP addresses

A

ip nat pool {pool-name} {pool-range-start} {pool-range-end} {prefix-length [length] | netmask [subnet-mask]}

39
Q

What is the command to configure a dynamic NAT by mapping the ACL to the pool

A

ip nat inside source list {acl} pool {pool-name}

40
Q

T/F: With Dynamic NAT, you still need to configure one interface as connected to the external network and one interface as connected to the internal network

A

T

41
Q

T/F: Configuring an ACL for dynamic NAT is optional

A

F

An ACL must be configured in order to use dynamic NAT

42
Q

PAT is also referred to as:

A

NAT overload

43
Q

T/F: PAT translates both the IP address and the port number (if necessary)

A

T

44
Q

T/F: PAT only translates the port number

A

F

PAT also translates the IP address

45
Q

T/F: By using a unique port number for each communication flow, a single public IP can be used by many different internal hosts

A

T

46
Q

T/F: With PAT, the router will keep track of which inside local address is using which inside global address and port

A

T

47
Q

With PAT, the router ignores which inside global port each inside local address is using, only tracking the inside global address being used is relevant

A

F

The router will keep track of which inside local address is using which inside global address AND port

48
Q

T/F: If two inside hosts choose the same random source port, PAT will operate fine, since it can still tell the hosts apart by their IP addresses

A

T

If only one inside global address is avaliable, PAT will simply translate one of the inside source ports to another to keep the communication flows seperate

49
Q

T/F: Of the NAT types covered in the CCNA, PAT is the most useful in conserving IPv4 addresses

A

T

PAT is the only NAT type in the CCNA that allows for one public IP to be shared by multiple hosts, and is in widespread use today (think residential internet connections)

50
Q

What is the command to configure PAT by mapping an ACL to an inside global address pool

A

ip nat inside source list {acl-num} pool {nat-pool} overload

51
Q

What is the command to configure PAT to map an ACL to an outside interface

A

ip nat inside source list {acl-num} interface {outside-int} overload

52
Q

T/F: The more common way to use PAT is to map an ACL to an outside interface (usually the one with the router’s public IP address) instead of a pool of inside global addresses

A

T

53
Q

T/F: The more common way to use PAT is to map an ACL to a pool of inside global addresses instead of an outside interface configured with a single public IP

A

F

The most common approach is to configure PAT to use a single outside interface with the router’s public IP address

54
Q

Which of the following NAT types best fulfills the goal of preserving public IPv4 addresses?

a) Static NAT
b) Source NAT
c) Dynamic NAT
d) NAT overload

A

D

NAT overload, AKA PAT, allows for many internal hosts to use a single public IP address

55
Q

Dynamic NAT is configured on R1 and a pool of 10 inside global addresses is specified. Currently, all 10 addresses are being used by inside hosts, but another inside host attempts to send a packet over the internet. What does R1 do with this packet?

a) It uses PAT to translate the source IP address of the packet
b) It discards the packet
c) It holds the packet until an inside global address becomes avaliable
d) It translates the source IP to the statically mapped inside global address

A

B

When NAT pool exhaustion occurs, any further traffic that needs to be NAT’d will be dropped

56
Q

After specifying the inside and outside NAT interfaces, you issue the following commands on R1. What will happen to hosts from the 192.168.1.0/24 subnet?

access-list 1 permit 10.0.1.0 0.0.0.255
access-list 1 deny 192.168.1.0 0.0.0.255
ip nat pool POOL1 203.0.113.0 203.0.113.255 prefix-length 24
ip nat inside source list 1 pool POOL1

a) The source IP of their packets will be translated to an address from 203.0.113.0/24
b) The packets they send will be discarded by R1
c) The packets they send will not be translated by R1
d) The packets they send will be discarded until an inside global address is avaliable

A

C

If an ACL deny rule applies to the traffic, then they will not be subjected to NAT. They will not be dropped, however.