NAT Flashcards
Network Address Translation
RFC ____ reserves certain ranges of IPv4 addresses for private use only
1918
List the three private IPv4 address ranges
10.0.0.0 /8
172.16.0.0 /12
192.168.0.0 /16
T/F: Private addresses cannot be used over the internet
T
T/F: NAT allows all the devices on a single residential LAN to communicate over the internet via the same public IP address
T
NAT is used to modify the ____ and/or ____ of packets
Source and/or destination IP address
T/F: When a response comes back from the broader internet, and the router changes the destination IP address of a packet to match a previously source NAT’d packet, this isn’t destination NAT’ing
T
Static NAT involves mapping _____ to _____
One private IP to one public IP
An inside local IP address is:
The IP address of the host from the perspective of the LAN, AKA the address actually configured on the inside host
An inside global IP address is:
The IP address of the host from the perspective of outside hosts. AKA the address of the inside host AFTER NAT, usually a public IP address
T/F: Static NAT doesn’t really help conserve IP addresses, since it requires a public IP for each private IP anyway
T
What is the command to mark an interface as being connected to the internal network
ip nat inside
What is the command to mark an interface as being connected to the external network
ip nat outside
What is the command to configure a 1-to-1 static NAT mapping
ip nat inside source static {inside-local-ip} {inside-external-ip}
What is the command to view NAT tables saved on the router?
sh ip nat translations
T/F: When using static NAT, port numbers are also changed
F
Port numbers aren’t changed by static NAT
An outside local IP address is:
The ip address of the outside host, from the perspective of the LAN
An outside global IP address is:
The IP address of the outside host, from the perspective of the outside network
T/F: Unless destination NAT is used, outside local and outside global should always remain the same
T
Destination NAT is beyond the CCNA scope
What is the command to clear all dynamic translations in the NAT table?
clear ip nat translation *
T/F: Each time static NAT entries are actually used, dynamic NAT entries are automatically added to the NAT table
T
What is the command to view overview + counter information about NAT on a router
sh ip nat statistics
Which of the following commands will configure a static source NAT mapping of 192.168.10.10 to 203.0.113.10
a) ip nat inside source static 203.0.113.10 192.168.10.10
b) ip nat inside static source 192.168.10.10 203.0.113.10
c) ip nat source inside static 203.0.113.10 192.168.10.10
d) ip nat inside source static 192.168.10.10 203.0.113.10
D
You have configured the following command on R1:
ip nat inside source static 10.0.0.1 20.0.0.1
What will happen when you issue the following command on R1:
ip nat inside source static 10.0.0.2 20.0.0.1
a) 10.0.0.1 and 10.0.0.2 will both be translated to 20.0.0.1
b) Only 10.0.0.1 will be translated to 20.0.0.1
c) Only 10.0.0.2 will be translated to 20.0.0.1
d) 20.0.0.1 will be translated to 10.0.0.1 or 10.0.0.2
B
If you have already statically NAT’d a private IP address to a public IP address, and you try to assign a second private IP to the same public IP, the command will be rejected
Which of the following are private IPv4 addresses?
a) 10.254.255.0
b) 192.169.0.1
c) 172.32.1.22
d) 192.191.20.2
e) 172.20.2.3
f) 10.11.12.13
A, E, F
Dynamic NAT involves a router mapping ____ to ____ as needed
Inside global, inside local
T/F: Dynamic NAT involves a 1:1 mapping of an inside global to an inside local address
F
Dynamic NAT maps inside global to inside local addresses on an as-needed basis
T/F: In Dynamic NAT, an ACL is used to identify which traffic should be translated
T
If the source IP is permitted by the ACL, the source IP will be translated
If the source IP is denied by the ACL, the source IP will not be translated, but the traffic will not be dropped
A NAT pool is used to:
Define the available inside global addresses that can be used
T/F: In dynamic NAT, although the mappings are dynamically assigned, they are still 1:1
T
T/F: In dynamic NAT, mappings are dynamically assigned and are not 1:1
F
Mappings are still 1:1, one inside local IP per inside global
Define NAT pool exhaustion
When there aren’t enough inside global IP addresses avaliable (= all are currently being used)
T/F: If a packet from another inside host arrives and needs NAT, but there are no avaliable inside global addresses, the router will drop the packet
T
T/F: Dynamic NAT entries will time out automatically if not used
T
T/F: If a packet from another inside host arrives and needs NAT, but there are no avaliable inside global addresses, the router will store the packet and forward when one becomes avaliable
F
The router will drop the packet
T/F: Dynamic NAT entries have to be manually cleared to free up space if they are not being used
F
Dynamic NAT entries have a timeout and will automatically be cleared if not used
T/F: Static NAT mappings are permanent, while dynamic NAT mappings are temporary, but hosts are still unable to use the same public IP address at the same time
T
T/F: Static NAT mappings are permanent, while dynamic NAT mappings are temporary, meaning that multiple host can use the same public IP address at the same time
F
Even with dynamic source NAT multiple hosts cannot use the same public IP address at the same time. PAT is required to facilitate this
What is the command to define a NAT pool of inside global IP addresses
ip nat pool {pool-name} {pool-range-start} {pool-range-end} {prefix-length [length] | netmask [subnet-mask]}
What is the command to configure a dynamic NAT by mapping the ACL to the pool
ip nat inside source list {acl} pool {pool-name}
T/F: With Dynamic NAT, you still need to configure one interface as connected to the external network and one interface as connected to the internal network
T
T/F: Configuring an ACL for dynamic NAT is optional
F
An ACL must be configured in order to use dynamic NAT
PAT is also referred to as:
NAT overload
T/F: PAT translates both the IP address and the port number (if necessary)
T
T/F: PAT only translates the port number
F
PAT also translates the IP address
T/F: By using a unique port number for each communication flow, a single public IP can be used by many different internal hosts
T
T/F: With PAT, the router will keep track of which inside local address is using which inside global address and port
T
With PAT, the router ignores which inside global port each inside local address is using, only tracking the inside global address being used is relevant
F
The router will keep track of which inside local address is using which inside global address AND port
T/F: If two inside hosts choose the same random source port, PAT will operate fine, since it can still tell the hosts apart by their IP addresses
T
If only one inside global address is avaliable, PAT will simply translate one of the inside source ports to another to keep the communication flows seperate
T/F: Of the NAT types covered in the CCNA, PAT is the most useful in conserving IPv4 addresses
T
PAT is the only NAT type in the CCNA that allows for one public IP to be shared by multiple hosts, and is in widespread use today (think residential internet connections)
What is the command to configure PAT by mapping an ACL to an inside global address pool
ip nat inside source list {acl-num} pool {nat-pool} overload
What is the command to configure PAT to map an ACL to an outside interface
ip nat inside source list {acl-num} interface {outside-int} overload
T/F: The more common way to use PAT is to map an ACL to an outside interface (usually the one with the router’s public IP address) instead of a pool of inside global addresses
T
T/F: The more common way to use PAT is to map an ACL to a pool of inside global addresses instead of an outside interface configured with a single public IP
F
The most common approach is to configure PAT to use a single outside interface with the router’s public IP address
Which of the following NAT types best fulfills the goal of preserving public IPv4 addresses?
a) Static NAT
b) Source NAT
c) Dynamic NAT
d) NAT overload
D
NAT overload, AKA PAT, allows for many internal hosts to use a single public IP address
Dynamic NAT is configured on R1 and a pool of 10 inside global addresses is specified. Currently, all 10 addresses are being used by inside hosts, but another inside host attempts to send a packet over the internet. What does R1 do with this packet?
a) It uses PAT to translate the source IP address of the packet
b) It discards the packet
c) It holds the packet until an inside global address becomes avaliable
d) It translates the source IP to the statically mapped inside global address
B
When NAT pool exhaustion occurs, any further traffic that needs to be NAT’d will be dropped
After specifying the inside and outside NAT interfaces, you issue the following commands on R1. What will happen to hosts from the 192.168.1.0/24 subnet?
access-list 1 permit 10.0.1.0 0.0.0.255 access-list 1 deny 192.168.1.0 0.0.0.255 ip nat pool POOL1 203.0.113.0 203.0.113.255 prefix-length 24 ip nat inside source list 1 pool POOL1
a) The source IP of their packets will be translated to an address from 203.0.113.0/24
b) The packets they send will be discarded by R1
c) The packets they send will not be translated by R1
d) The packets they send will be discarded until an inside global address is avaliable
C
If an ACL deny rule applies to the traffic, then they will not be subjected to NAT. They will not be dropped, however.
