pankaj content
TRANSCRIPT
-
7/31/2019 Pankaj Content
1/25
Cisco Certified Network Associate (CCNA)
Training Report
On
Cisco Certified Network Associate (CCNA)
(Network Security, NAT & PAT)
Submitted in the partial fulfillment of the requirement for the award of degree
of
Bachelors of Technology
In
Computer Science Engineering
Submitted by:
Name: Pankaj Rai
Reg. Number: 10902129
Name and Location of Company: NETMAX Technology Pvt. Ltd.
SCO2, Choti Baradari Part-1
Jalandhar, Punjab (144001)
Period Training: 01/06/2012- 15/07/2012
Lovely Professional University Punjab 1
-
7/31/2019 Pankaj Content
2/25
Cisco Certified Network Associate (CCNA)
Department of Computer Science Engineering
Lovely Professional University
Phagwara144001, Punjab (India)
Lovely Professional University Punjab 2
-
7/31/2019 Pankaj Content
3/25
Cisco Certified Network Associate (CCNA)
Ph. (01824-506960-61)
Department of Computer Science Engineering
Lovely Professional University Phagwara (Distt. Kapurthala)
Punjab India 144001
Ref:__________ Dated: __________
Certificate
Certified that this Training entitled Area of training submitted by Name of the Student
(Roll Number), students of Computer Science Engineering Department, Lovely Professional
University, Phagwara Punjab in the partial fulfillment of the requirement for the award of
Bachelors of Technology (Computer Science Engineering) Degree of LPU, is a record of
students own study carried under my supervision & guidance.
Name and Signature of Training Supervisor
Designation
Head of the Domain
Lovely Professional University Punjab 3
-
7/31/2019 Pankaj Content
4/25
Cisco Certified Network Associate (CCNA)
ACKNOWLEDGEMENT
Every piece of creation is originated by the zeal of hard work and determination and to put the
effort into action, a lot many factors may influence. Nothing concrete can be achieved without optimum
inspiration and perspiration. The phenomenon of creation is very long and involves time consuming
process, energy, dedication as well as the skills and Experience of the persons involved in the task.
The basic view is to evolve an original and substantial work with many helping hands.
Joining NETMAX TECHNOLOGIES as trainees gave me solid platform for nursing my
professional career. It gi ve s me i mm en se pl ea su re to ex pr es s my deepest gratitude
towards all those persons who have been a vital part of this creation. But thinking them all specifically
seems to be impossible, so to fit into the framework of words and acknowledgement. I would like to
thank my sirMr. Jaswinder Singh and Mr. Ajit Pal Brarfor providing me the environment which really
nursed me to endeavor my professional career. Their backup and motivation always inspired me and
acted as a morale booster.
I whole-heartedly thank the whole NETMAX TEAM for giving me the opportunities
to bring out the best in me and developing my talents and knowledge, not only in the technical
field but also in my overall personality. My sincere thanks goes to all the people who
cooperated by providing very cordial environment during the course of work.
All Sincere thanks to Respected HOD sir (CSE) for guiding me not only as a faculty but also for all other
problems.
In addition, I would like to thank my colleges T.P. Dept. for the permission to allow me to go on
industrial training and have the industry related experience.
Last but not the least, I express my deep felt gratitude to my parents and friends without
whose moral support and encouragement, I would have never been able to bring this project to
completion in such a presentable form and that too successfully!
INDERPREET SINGH
100610391677
Lovely Professional University Punjab 4
-
7/31/2019 Pankaj Content
5/25
Cisco Certified Network Associate (CCNA)
TABLE OF CONTENTS
S. NO. TITLE PAGE NO.
1. ABOUT THE ORGANISATION
2. FLOW CHART OF THE PROCESS AT THE ORGANISATION
3. DETAILS OF WORK/JOB ASSIGNED
4. LEARNING OUTCOMES & ANALYSIS
5. CONCLUSIONS
6. FUTURE SCOPE OF THIS TYPE TRAINING
The Project Report should be spiral-Binding and the title page should be as per
the format (Black on white A4 sheet).
Note:
1. One copy is to be submitted to the examiners panel at the time of presentation and
evaluation
2. Training report must have minimum 20-30 A4 pages.
3. A power point presentation of 8-10min duration followed by question answer session
would be done by each student.
Format must be in New Time Roman (12) for normal and Headlines Size must be
(14+Bold)
Lovely Professional University Punjab 5
-
7/31/2019 Pankaj Content
6/25
Cisco Certified Network Associate (CCNA)
1. ABOUT THE ORGANISATION
NETMAX TECHNOLOGIES as an organization
was established in 2001. It provide training to
students and corporate in CISCO, REDHAT, SUN,
and MICROSOFT over the past ten years. It is the
first Org. to introduce CCNP, CCSP, CCVP and
CCIE in north region to meet the current needs of
our corporate clients.
NETMAXTECHNOLOGIESis active in the following sectors:
IT Training Microcontroller based design
IT Support Electronics system design
Embedded systems training
In Education It has strategic alliance with Pearson VUE. They are authorized certified testing
Partner ofREDHAT, MICROSOFT & CISCO. We are also NOVELL EDUCATION
PARTNERwith which we provide NOVELL and SUSE LINUX courses. NETMAX
TECHNOLOGIES also conduct courses in CADENCE based design tools.
Since Their inception, they have remained true to five unwavering
commitments...
Draw on the expertise of experienced trainers. Each of our trainers has an average of four
years relevant experience in the industry. Together, they have accumulated thousands of
teaching hours. No other training center in Region boasts a team with this level of
expertise.
Provide an environment that is conducive to learning. Among other things, participants
have access to top-of-the-line network and system infrastructure. This is why we adhere
to rigorous standards of methodology and ensure that our faculty and technicians
provide you with assistance should you encountering any problems.
Use comprehensive learning material. We provide each participant with comprehensive
material that is recommended and an easy-to-use reference guide in which students can
find any of the information covered during the course.
Provide concrete and current course content. We constantly update and improve our course
content in response to the changes made by vendors like CISCO, Microsoft.
Lovely Professional University Punjab 6
-
7/31/2019 Pankaj Content
7/25
Cisco Certified Network Associate (CCNA)
OUR TEAM
Presently we have a strong technical team of certified professionals for catering to these
solutions and have presence in Chandigarh and Punjab. We have skilled team of engineers who
are experienced in design, programming. We are having more than 15 engineers who arehaving prestigious certifications like CCNA, CCNP, CCSP, CCSA, MCSE, RHCE, C++, C,
and JAVA & PHP MySQL Programming.
Support Area (network solutions)
LINUX / UNIX networks
SUN networks
CISCO devices (Routers, Switches, Firewalls, Cache Engine, RAS etc)
Bandwidth Manager software and hardware
Radio Links
Security Solutions
Lovely Professional University Punjab 7
-
7/31/2019 Pankaj Content
8/25
Cisco Certified Network Associate (CCNA)
NETMAX-TECHNOLOGIES provide the following Courses in IT & Embedded Systems
given below:
Network Training
CISCO CCNA, CCNP,CCSP,CCIE
RED HAT LINUX
SUN SOLARIS
WINDOWS 2000, 2003 (MCP,MCSA & MCSE)
SUSE LINUX
Software Training
VB .Net
C# .Net
ASP .Net
PHP
JAVA
C/C++
Design Services (Embedded systems)
AVR family
MCS 51
ELECTRONIC SYSTEM DESIGN
Our core strength is our commitment, technical expertise and cost effective solutions. We
ensure high service levels and prompt support availability leading to lower downtime.
Lovely Professional University Punjab 8
-
7/31/2019 Pankaj Content
9/25
Cisco Certified Network Associate (CCNA)
3. DETAILS OF WORK/JOB ASSIGNED
COURSE INTRODUCTION
In this course we are going to study a lot of technologies and our objective will be:
- Create a large sized LAN network
- Implement WAN connectivity between multiple locations
- Routing traffic between different locations
- Secure networks and Control traffic flow
- Connect organization to ISP
- Wi-Fi LAN networks
To achieve all these objectives we must know about following technologies:
Switches
VLAN, Inter VLAN, Frame Tagging, Spanning Tree, Port Security, Ether Channel
Routing
Static, Dynamic, RIP, EIGRP, OSPF
Security
Access-lists, CBAC, VPN, NAT
To perform all these tasks on Router and Switches some prerequisites are required:
- OSI and TCP/IP model
- IPv4 basics & Sub-netting
- Router and Switch Administration
Lovely Professional University Punjab 9
-
7/31/2019 Pankaj Content
10/25
Cisco Certified Network Associate (CCNA)
What is Network?
In one network more than one computer connected with each other through centralized device.
They can share files and resources with each other.
LAN
LAN stands for Local Area Network. The scope of the LAN is within one building, one school
or within one lab. In LAN (Hub), media access method is used CSMA/CD in which each
computer sense the carrier before sending the data over the n/w. if carrier is free then you can
transmit otherwise you have to wait or you have to listen. In multiple access each computer
have right that they can access each other. If two computers sense the carrier on same time then
the collision occur. Each computer, in the network, aware about the collision. Now this stop
transmitting and they will use back off algorithm. In which random number is generated. This
number or algorithm is used by each computer. Who has short number or small number, he has
first priority to transmit the data over the network and other computers will wait for their turn.
WAN
WAN stands for Wide Area Network, in which two local area networks are connected through
public n/w. it may be through telecommunication infrastructure or dedicated lines. For e.g: -
ISDN lines, Leased lines etc.
In which we can use WAN devices and WAN technology. You can also connect with your
remote area through existing Internetwork called Internet.
Lovely Professional University Punjab 1
-
7/31/2019 Pankaj Content
11/25
Cisco Certified Network Associate (CCNA)
Network Devices
Hub
Hub is centralized device, which is used to connect multiple workstations. There are two types
of Hub: -
(i) Active Hub
(ii) Passive Hub
It has no special kind of memory. It simply receives the frame (data) and forwards it to all its
nodes except the receiving node. It always performs broadcasting. In case of hub, there is one
collision domain and one broadcast domain. In case of hub, the media access method is used
CSMA/CD (Carrier Sense Multiple Access/Collision Detection).
(i) Active Hub
In Active hub, it receives the frame regenerate and then forward to all its nodes.
(ii) Passive Hub
In Passive hub, it simply receives the frame and forward to all its connected nodes.
You cannot perform LAN segmentation using hub.
Switch
Switch is also used to connect multiple workstations. Switch is more intelligent than hub. It has
special kind of memory called mac address/filter/lookup table. Switch reads mac addresses.
Switch stores mac addresses in its filter address table. Switch when receives frame, it reads the
destination mac address and consult with its filter table. If he has entry in its filter table then he
forwards the frame to that particular mac address, if not found then it performs broadcasting to
all its connected nodes.
Every port has its own buffer memory. A port has two queues one is input queue and
second is output queue. When switch receives the frame, the frame is received in input queue
and forward from output queue. So in case of switch there is no chance or place for collisions.
In case of switch, the media access method is used CSMA/CA (Carrier Sense Multiple Access/
Collision Avoidance). Switches provide more efficiency, more speed and security.
There are two types of switches: -
Lovely Professional University Punjab 1
-
7/31/2019 Pankaj Content
12/25
Cisco Certified Network Associate (CCNA)
(i) Manageable switches (can be configured with console cable).
(ii) Non-manageable switches.
We can perform LAN segmentation by using switches.
Bridge
Bridge is a hardware device, which is used to provide LAN segmentation means it is used for
break the collision domain. It has same functionality as performed by switch. We can use
bridge between two different topologies. It has fewer ports. Each port has a own buffer
memory. It works on Data Link Layer of OSI model. It also read mac address and stores it in its
filter table. In case of bridge there is one broadcast domain.
Router
Router is hardware device, which is used to communicate two different networks. Router
performs routing and path determination. It does not perform broadcast information. There are
two types of routers: -
(i) Hardware Routers are developed by Cisco, HP.
(ii) Software Routers is configured with the help of routing and remote access. This feature is
offered by Microsoft. This feature is by default installed, but you have to enable or configure it.
Hardware routers are dedicated routers. They are more efficient.
But in case of software routers, it has less features, slow performance. They are not very much
efficient.
LAN Card
LAN card is media access device. LAN card provide us connectivity in the network. There is a
RJ45 (Registered Jack) connector space on the LAN card. RJ45 is used in UTP cable. There is
another led which is also called heartbeat of LAN card. When any activity occurs it may be
receiving or transmitting any kind of data. This led start blinking and also tells us the status of
LAN card.
Network Security
Lovely Professional University Punjab 1
-
7/31/2019 Pankaj Content
13/25
Cisco Certified Network Associate (CCNA)
Access Control List
ACL are the basic security feature that is required in any network to control the flow of traffic.
Most of time our network may have servers and clients for which traffic control is required.
We can also use ACL to classify the traffic. ACLs are used in features like QOS (Quality of
Service), Prioritize traffic and interesting traffic for ISDN.
Classification Access Control List: -
Types of ACL based on Protocol: -
(1) IP Access Control List
(2) IPX Access Control List
(3) AppleTalk Access Control List
Types of ACL based on Feature: -
(1) Standard ACL
(2) Extended ACL
Types of ACL based on Access mode: -
(1) Numbered ACL
(2) Named ACL
Types of ACL based on Order of rules: -
(1) Deny, permit
(2) Permit, deny
Types of ACL based on direction of implementation: -
(1) Inbound ACL
(2) Outbound ACL
Flow chart of Inbound ACL
Lovely Professional University Punjab 1
-
7/31/2019 Pankaj Content
14/25
Cisco Certified Network Associate (CCNA)
No
Yes
No
Yes
Yes No
IP Standard ACL (Numbered)In Standard ACL, we are only able to specify source address for the filtering of packets. The
syntax to create IP standard ACL are: -
Lovely Professional University Punjab 1
A Packet is received
Is there any Access-
list applied on
interface in Inbound
direction?
Is there any matching
rule in ACL from top-
down order?
Is it
permit
?
The packet
is dropped.
The packet
is dropped.
The packet
is passed to
RE
The packet
is passed to
Routing
Engine
-
7/31/2019 Pankaj Content
15/25
Cisco Certified Network Associate (CCNA)
Router#conf ter
Router(config)#access-list
Router(config)#exit
Single pc host 192.168.10.5192.168.10.5
192.168.10.5 0.0.0.0
N/w 200.100.100.0 0.0.0.255
Subnet 200.100.100.32 0.0.0.15
All any
Example: - 172.16.0.16 18 should not access Internet; rest of all other pc should accessInternet.
Internet
172.16.0.1
172.16.x.x
Router#conf terRouter(config)#access-list 30 deny 172.16.0.16
Router(config)#access-list 30 deny 172.16.0.17
Router(config)#access-list 30 deny 172.16.0.18
Router(config)#access-list 30 permit any
Router(config)#exit
Applying ACL on interface
Router#conf ter
Router(config)#interface Router(config-if)#ip access-group
Lovely Professional University Punjab 1
Router
-
7/31/2019 Pankaj Content
16/25
Cisco Certified Network Associate (CCNA)
Router(config-if)#exit
Rule for applying ACL
Only one ACL can be applied on each interface, in each direction for each protocol.
Example: - Suppose we want to allow Internet only for 192.168.10.32 70.
Internet
Router(config)#access-list 25 permit 192.168.10.32 0.0.0.31
Router(config)#access-list 25 permit 192.168.10.64 0.0.0.3
Router(config)#access-list 25 permit 192.168.10.68Router(config)#access-list 25 permit 192.168.10.69
Router(config)#access-list 25 permit 192.168.10.70
Router(config)#interface serial 0
Router(config-if)#ip access-group 25 out
IP Standard ACL (Named)In Numbered ACL editing feature is not available that is we are not able to delete single rule
from the ACL. In Named ACL editing feature is available.
Router#config terRouter(config)#ip access-list standard
Router(config-std-nacl)#
Router(config-std-nacl)#exit
Router#conf ter
Router(config)#ip access-list standard abc
Router(config-std-nacl)#deny 172.16.0.16
Router(config-std-nacl)#deny 172.16.0.17
Router(config-std-nacl)#deny 172.16.0.18
Lovely Professional University Punjab 1
Router
-
7/31/2019 Pankaj Content
17/25
Cisco Certified Network Associate (CCNA)
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
To modify the ACL
Router#conf terRouter(config)#ip access-list standard abc
Router(config-std-nacl)#no deny 172.16.0.17
Router(config-std-nacl)#exit
To control Telnet access using ACL
If we want to control telnet with the help of ACL then we can create a standard ACL and apply
this ACL on vty port. The ACL that we will create for vty will be permit deny order.
Example: - suppose we want to allow telnet to our router from 192.168.10.5 & 192.168.10.30pc.
Router#conf ter
Router(config)#access-list 50 permit 192.168.10.5
Router(config)#access-list 50 permit 192.168.10.30
Router(config)#line vty 0 4
Router(config-line)#access-class 50 in
Router(config)#exit
IP Extended ACL (Numbered)
Extended ACL are advanced ACL. ACL, which can control traffic flow on the basis of fivedifferent parameters that are: -
(i) Source address
(ii) Destination address
(iii) Source port
(iv) Destination port
(v) Protocol (layer 3/layer 4)
The syntax to create Extended ACL
Router#conf ter
Router(config)#access-list []
[]
router(config)#exit
-> 100 to 199
-> layer
IP
TCPUDP
Lovely Professional University Punjab 1
-
7/31/2019 Pankaj Content
18/25
Cisco Certified Network Associate (CCNA)
ICMP
IGRP
no (1 to 65535) or
telnet/www/ftp etc.
Single pc
192.168.10.4 0.0.0.0host 192.168.10.4
N/w
200.100.100.0 0.0.0.255
Subnet
172.30.0.32 0.0.0.7
All
Any
Example rules of Extended ACL
Router(config)#access-list 140 deny ip 192.168.10.3 0.0.0.0 any
(All tcp/ip data is denied from source 192.168.10.3 to any destination)
Router(config)#access-list 120 permit ip any any
(All tcp/ip data permit from any source to any destination)
Router(config)#access-list 145 deny tcp any host 200.100.100.5
(All tcp data is denied from any source to host 200.100.100.5)
Router(config)#access-list 130 permit tcp any host 200.100.100.10 eq 80
(All tcp based data from any source is allowed to access destination 200.100.100.10 on port no.
80 that is www(http) ) web access
Router(config)#access-list 130 permit udp any host 200.100.100.10 eq 53
(Any pc is able to access our DNS service running on port no. 53)
Router(config)#access-list 150 deny tcp any any eq 23 [or telnet]
(Telnet traffic is not allowed)
Router(config)#access-list 160 deny icmp any any
(All icmp data from any source to any destination is denied)
To display ACL
Router#show access-lists or
Router#show access-list
Lovely Professional University Punjab 1
-
7/31/2019 Pankaj Content
19/25
Cisco Certified Network Associate (CCNA)
To display ACL applied on interface
Router#show ip interface
Router#show ip interface
Router#show ip interface Ethernet 0
Example: - Extended ACL
Suppose we want to control inbound traffic for our network. ACL should be designed
according the following policy.
(1) Access to web server (200.100.100.3) is allowed from any source.
(2) FTP server (200.100.100.4) should be accessible only from branch office n/w
(200.100.175.0/24).
(3) ICMP & Telnet should be allowed only from remote pc 200.100.175.80
(4) Any pc can access DNS (200.100.100.8)
200.100.175.x
200.100.100.x
Router(config)#access-list 130 permit tcp any host 200.100.100.3 eq 80Router(config)#access-list 130 permit tcp 200.100.175.0 0.0.0.255 200.100.100.4 0.0.0.0
Eq 21
Router(config)#access-list 130 permit icmp 200.100.175.80 0.0.0.0 any
Router(config)#access-list 130 permit tcp 200.100.175.80 0.0.0.0 any eq 23
Router(config)#access-list 130 permit udp any host 200.100.100.8 eq 53
Switch port ACL
You can only apply port ACLs to layer 2 interfaces on your switches because they are only
supported on physical layer 2 interfaces. You can apply them as only inbound lists on your
interfaces, and you can use only named lists as well.Extended IP access lists use both source and destination addresses as well as optional
Lovely Professional University Punjab 1
Router
Router
-
7/31/2019 Pankaj Content
20/25
Cisco Certified Network Associate (CCNA)
protocol information and port number. There are also MAC extended access lists that use
source and destination MAC addresses and optional protocol type information.
Switches scrutinize all inbound ACLs applied to a certain interface and decide to allow
traffic through depending on whether the traffic is a good match to the ACL or not. ACLs can
also be used to control traffic on VLANs. You just need to apply a port ACL to a trunk port.
Switch#conf ter
Switch(config)#mac access-list extended abc
Switch(config-ext-mac)#deny any host 000d.29bd.4b85
Switch(config-ext-mac)#permit any any
Switch(config-ext-mac)#do show access-list
Switch(config-ext-mac)#int f0/6
Switch(config-if)#mac access-group abc in
Time-Based ACLs
In this you can specify a certain time of day and week and then identity that particular period
by giving it a name referenced by a task. The reference function will fall under whatever time
constraints you have dictated. The time period is based upon the routers clock, but it is highly
recommended that using it in conjunction with Network Time Protocol (NTP) synchronization.
Router#conf ter
Router(config)#time-range no-http
Router(config-time-range)#periodic 06:00 to 12:00
Router(config-time-range)#exit
Router(config)#time-range tcp-yes
Router(config-time-range)#periodic weekend 06:00 to 12:00
Router(config-time-range)#exit
Router(config)ip access-list extended time
Router(config-ext-nacl)#deny tcp any any eq www time-range no-http
Router(config-ext-nacl)#permit tcp any any time-range tcp-yes
Router(config-ext-nacl)#interface f0/0
Router(config-if)#ip access-group time in
Router(config-if)#do show time-range
Remarks
Remarks are the comments or remarks regarding the entries you have made in both your IP
Standard and Extended ACLs.
Router#conf ter
Router(config)#access-list 110 remark permit rahul from admin only to sale
Lovely Professional University Punjab 2
-
7/31/2019 Pankaj Content
21/25
Cisco Certified Network Associate (CCNA)
Router(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255
Router(config)#access-list 110 deny ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255
Router(config)#ip access-list extended no_telnet
Router(config-ext-nacl)#remark deny all of finance from telnetting to sale
Router(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.20.0 0.0.0.255 eq 23Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#do show run
Network Address Translation (NAT)
NAT is the feature that can be enable in a Router, Firewall or a Pc. With the help of NAT, we
are able to translate network layer addresses that are IP addresses of packets. With the help of
Port Address Translation, we are also able to translate port no.s present in transport layer
header.
Lovely Professional University Punjab 2
-
7/31/2019 Pankaj Content
22/25
10.0.0.7200.100.100.12
1024
Cisco Certified Network Associate (CCNA)
Advantage of NAT
There are two reasons due to which we use NAT: -
(1) Conserve Live IP address
On Internet, there are limited no of IP addresses. If our Pc wants to communicate on
Internet then it should have a Live IP address assigned by our ISP. So that IP address request
will depend on no. of PCs that we want to connect on Internet. Due to this, there will be a lot of
wastage in IP addresses. To reduce wastage, we can share live IP addresses between multiple
PCs with the help of NAT.
(2)NAT enhances the network security by hiding PC & devices behind NAT.
Working of NAT & PAT
10.0.0.5
10.0.0.6 10.0.0.1 200.100.100.12
10.0.0.7
10.0.0.8
1100 Port Translation
Types of NAT
Static NAT
This NAT is used for servers in which one Live IP is directly mapped to one Local IP. This
NAT will forward on the traffic for the Live IP to the Local PC in the n/w.
Lovely Professional University Punjab 2
NAT
Internet
Switch
10.0.0.5200.100.100.12
1080
10.0.0.6200.100.100.12
1085
10.0.0.8200.100.100.12
1024
-
7/31/2019 Pankaj Content
23/25
Cisco Certified Network Associate (CCNA)
Static NAT
200.1.1.5 = 192.168.10.6
Live 200.1.1.5
Local 192.168.10.6
Port Base Static NAT
This NAT is also used for servers. It provides port-based access to the servers with the help of
NAT.
200.1.1.5:80 -> 192.168.10.6200.1.1.5:53 -> 192.168.10.7
Web DNS
192.168.10.6 192.168.10.7
Dynamic NAT using Pool
Dynamic NAT is used for clients, which want to access Internet. The request from multiple
clients IPs are translated with the Live IP obtained from the Pool. It is also called Pool Based
Dynamic NAT.
Pool => 200.1.1.8 200.1.1.12/28
Lovely Professional University Punjab 2
Internet
Router
Router
Internet
-
7/31/2019 Pankaj Content
24/25
Cisco Certified Network Associate (CCNA)
Local address => 172.16.X.X
Except => 172.16.0.5
172.16.0.6
172.16.0.7
Web Server DNS Full access 172.16.X.X
172.16.0.5 172.16.0.6 172.16.0.7
Pool allotted => 200.1.1.0 15/28
Server
Static => 200.1.1.3 = 172.16.0.7
Port Based Static NAT
200.1.1.4:53 = 172.16.0.6
200.1.1.4:80 = 172.16.0.5
Client
Dynamic NAT
Pool => 200.1.1.8 200.1.1.12/28
Local address => 172.16.0.X
Except
172.16.0.5
172.16.0.6
172.16.0.7
Configuring NAT
Router#conf ter
Router(config)#int serial 0
Router(config-if)#ip nat outside
Router(config-if)#int eth 0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3
Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80
Lovely Professional University Punjab 2
Router
Internet
-
7/31/2019 Pankaj Content
25/25
Cisco Certified Network Associate (CCNA)
Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53
Router(config)#access-list 30 deny 172.16.0.5
Router(config)#access-list 30 deny 172.16.0.6
Router(config)#access-list 30 deny 172.16.0.7
Router(config)#access-list 30 permit anyRouter(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask 255.255.255.240
Router(config)#ip nat inside source list 30 pool abc overload
NAT + PAT
Command for Basic NAT
Router(config)#ip nat inside source list 30 interface serial 0
To display NAT translation
Router#sh ip nat translations
(after ping any address, it shows ping details)
To clear IP NAT Translation
Router#clear ip nat Translation *
4. LEARNING OUTCOMES & ANALYSIS