NAT and PAT
Marked Lab Work - value 10%
Formal report
Introduction
Lab Procedure
Setup DHCP
Setup NAT/ PAT
Verifying NAT/ PAT
Further Testing
What should I submit?
Formal
Report Guide pdf
Introduction
This lab will allow you to see how NAT PAT can be configured on a
router.
The scenario is that your company is connected to an ISP that has a
connection to www.google.com. You have one IP address that is visible
to the outside world.
Your company will use network and port translation to supply IP
translations to the hosts inside your network.
You can use a browser on the PCs to see this website via the ISP.
Routing using EIGRP has already been setup for you but you will need to
configure the DHCP server on your company's border gateway router and
also the dynamic NAT/ PAT.
Download the start file
for Packet Tracer here.
You will need to add the details for two Fast Ethernet interfaces and
also the switches for the Staff and the Student networks and the hosts
that are attached to the switches.
You do not need to change any
of the configurations on the ISP router nor on the Web Server.
Lab Procedure
Save your work regularly both on
the router and also the Packet Tracer application itself. I have no
sympathy for people who ignore this and lose work.
Firstly build the physical layer for the network by adding two switches
and 2 PCs to each of the switches.
Rename the switches via the GUI to Student and Staff respectively.
The Border Gateway router already has the routing information that it
needs to connect to the ISP but you will need to setup the FastEthernet
interfaces to use private addressing.
Do not use the GUI for configuring
the router - you must get used to the CLI.
For FastEthernet0/0, use the network 192.168.0.0 /24
For FastEthernet0/1, use the network 192.168.1.0 /24
Give the lowest available IP address to the FastEthernet interface on
each of the two networks.
Remember that the FastEthernet interfaces will be administratively
closed down so you will need to turn them on. The IOS command no shutdown
can be used to turn them on after you have set their IP addresses.
Make sure that your interfaces on the switches and the PCs and the
FastEthernet connections on the router are green before continuing.
Setup DHCP
To make the DHCP server active to supply IP addressing information to
the PCs attached to the switches, you will need to define two address
pools, one for each of the two Ethernet networks.
Here, I have used the name net0 for the FastEthernet0/0 network and the
details below will be supplied to all the PCs attached to that
interface. Type this configuration into the border gateway
router.
ip dhcp pool
net0
network
192.168.0.0 255.255.255.0
default-router
192.168.0.1
dns-server
172.17.0.2
Now you will need to create another pool of addresses for the
FastEthernet0/1 interface. Use the same DNS server address but you will
need to use a different network number and different default gateway.
Write this down before you add the configuration. Add the configuration
in exactly the same way as above.
Save your router's configuration once you have setup the DHCP server.
Save the Packet Tracer file too.
Test that the DHCP configuration is working by selecting a PC and
visiting the Desktop, IP Configuration. Select the DHCP radio box and
if the DHCP details have been entered correctly on the router, you
should receive IP details similar to those shown below.
Do this for all PCs attached to your two switches.
If you do not receive IP details, you have made an error with your
configuration and will need to troubleshoot. Look at your
running-config first.
Setup NAT/ PAT
When setting up NAT/ PAT on your router, you will need to decide which
of the interfaces are inside the NAT/ PAT scheme and which addresses
are outside the NAT/ PAT scheme. You can think of the NAT/ PAT as an
imaginary dividing line across your router.
Write down which of the interfaces on your gateway router are inside
the nat scheme and which interface is outside the NAT scheme.
The first step you will need to carry out is to visit each interface
and apply it as either ip nat outside
or ip nat
inside.
interface
FastEthernet0/0
ip nat
inside
You do not need to change any other interface details. Do this for each
of your three interfaces according to whether they are inside or
outside the NAT scheme.
You will now need to define two access lists to allow traffic that will
cross the NAT/ PAT boundary to be defined.
Two access list entries are required to allow you to specify the TWO LAN address ranges.
Type the following:
access-list 1
permit 192.168.0.0 0.0.0.255
access-list 1
permit 192.168.1.0 0.0.0.255
The last step is to apply the addresses that you wish to cross the
boundary to the serial interface.
Type the following:
ip nat inside
source list 1 interface Serial0/0 overload
This command takes the addresses defined in access-list 1
above and applies them to the serial0/0 interface with the part of the
command source list 1 .
The word overload
is a command to the router to allow more than one inside address to
share the address that is applied to the serial interface itself.
If you have typed all of the configurations correctly, you should now
have setup the NAT/ PAT and have finished the setup part of the lab.
Verifying
NAT/ PAT
To test whether the address translation is actually taking place, you
will need to use one of the PCs to communicate with a computer outside
of your network.
Go to a PC and visit the Desktop, Command Prompt and type
ping www.google.com
If this is successful, go to the CLI of your gateway router and type
the following command
border-gateway#show
ip nat translations
Pro
Inside global Inside
local Outside
local Outside global
icmp
172.16.0.2:19
192.168.0.3:19
172.17.0.2:19 172.17.0.2:19
icmp
172.16.0.2:20
192.168.0.3:20
172.17.0.2:20 172.17.0.2:20
icmp
172.16.0.2:21
192.168.0.3:21
172.17.0.2:21 172.17.0.2:21
icmp
172.16.0.2:22
192.168.0.3:22
172.17.0.2:22 172.17.0.2:22
udp
172.16.0.2:1030 192.168.0.3:1030
172.17.0.2:53 172.17.0.2:53
The output above shows the Inside local address
that has been translated and the port that was associated with the
application.
The Outside
global address is the address that is carried across
the outside network and the port that is associated with it.
The protocol is shown at the start of the list. The four icmp requests
associated with the ping request are shown plus the request to the dns
server to translate the address www.google.com into an IP address.
Do not proceed to the next step if you do not receive output similar to
that shown above.
Further Testing
Go to the CLI of your gateway router and type the
following command
clear ip nat
translations *
Now use the browser on one of the PCs to find the page located at
www.google.com.
If this is successful, go to the CLI of your gateway router
and type the following command
show
ip nat translations
This should give output similar to that shown below.
border-gateway#show
ip nat translations
Pro
Inside global Inside
local Outside
local Outside global
udp
172.16.0.2:1031 192.168.1.2:1031
172.17.0.2:53 172.17.0.2:53
tcp
172.16.0.2:1031 192.168.1.2:1031
172.17.0.2:80 172.17.0.2:80
This shows the DNS request and the HTTP request.
What
should I submit?
For this lab and the rest of the lab work for this course, you will
need to submit the Packet Tracer files that you have created on a CD,
DVD or floppy disk.
You will also need to submit a written report of the work that you
carried out in the form of a Formal Report.
This will have a table of contents, rationale for lab work, apparatus
used, method, results and testing, conclusion, references (if used).
Please include screenshots as necessary and anything else you consider
to be pertinent to this lab work. It is expected that this work will be
word processed, however analogue diagrams and calculations may be
submitted to supplement your work.
Make sure that you include the proof that your lab was successful.
For the rationale, you are expected to provide a BRIEF explanation of
the purpose of NAT/ PAT and its use. This should not exceed 300 words
and is to be uniquely your own words. Plagiarism will not be tolerated.
Please try to use 3rd person passive voice to describe the work.
Example:
Do not write: "I used
Packet Tracer 5.x to carry out the lab work"
Use: "Packet Tracer 5.x was used to carry out this work"
This work is to be submitted on the date specified in the Assignment Schedule for this course.