Scribd
Upload
30 views34 pages

15+Working+Principle+of+NAT

Network Address Translation (NAT) is a technology that translates private internal network addresses into public IP addresses to alleviate IPv4 address shortages and simplify IP management. It allows multiple devices on a private network to access the internet using a single public IP address through methods like static, dynamic, and overloading NAT. The document also outlines the configuration and verification processes for both static and dynamic NAT setups.

Uploaded by

ramwalton
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views34 pages

15+Working+Principle+of+NAT

Network Address Translation (NAT) is a technology that translates private internal network addresses into public IP addresses to alleviate IPv4 address shortages and simplify IP management. It allows multiple devices on a private network to access the internet using a single public IP address through methods like static, dynamic, and overloading NAT. The document also outlines the configuration and verification processes for both static and dynamic NAT setups.

Uploaded by

ramwalton
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

Advanced Network Technology

Working Principle of NAT


Main Content

Working Principle of NAT


Introduction to NAT
 Overview
 The Network Address Translation (NAT) is a technology for translating internal private
network addresses into valid public IP addresses.

 This mechanism reduces the number of registered IP addresses in large networks and
simplifies IP addressing management tasks. NAT has been standardized and described in
RFC1613.

 It is a standard formulated by the Internet Engineering Task Force (IETF) and allows an
entire organization to access the Internet by using one public IP address.
Introduction to NAT
 NAT Background

Expanding
Internet
scale

IPv4 address
depletion
(IANA
allocated the
last IPv4
address block
in 2011)

Emerging solutions: IPv6,


VLSM, NAT
Introduction to NAT
 Purposes of NAT
 Solving the address shortage problem
• IPv4 addresses are in severe shortage. NAT can save many public IP addresses.
 Implementing interworking between private networks and the public network
• Private IP addresses cannot be used for communication directly on the public network. The NAT
can convert them into valid public addresses, so as to implement interworking between private
networks and the public network.
 Using unregistered public IP addresses to interwork with the public network
• The NAT can implement the interworking between an internal network and the Internet even if
the internal network uses unregistered public IP addresses.
 Preventing risks caused by address change during network reconstruction
• The addresses used for interworking with the external network do not need to be changed
during internal network reconstruction. Only the mapping needs to be modified.
• The NAT can mask overlapping when address overlapping occurs during internal network
reconstruction
Introduction to NAT
 NAT Terms
Term Definition
Inside local IP address An IP address allocated to a host on an internal network. The address is typically a private address specified in RFC 1918.

Inside global IP address A globally unique IP address that represents one or more inside local IP addresses to the external networks. It is typically allocated by
an ISP.
Outside global IP address An IP address for a host on the external network. It is typically a global routable IP address.
Outside local IP address An IP address for an external host that is visible to an internal network.
Simple translation entry A translation entry that maps one IP address to another (usually called network address translation).
Extended translation entry A translation entry that maps one IP address and port pair to another IP address and port pair (usually called port address translation).

Inside Outside

192.168.1.100 Source IP address: 100.1.1.100 100.1.1.1


Source IP address: 192.168.1.100 Destination IP address: 100.1.1.1
Destination IP address: 100.1.1.1 Private addresses:
Class A: 10.0.0.0–10.255.255.255
Inside Local Address Inside Global Address Outside Local Address Outside Global Address Class B: 172.16.0.0–172.31.255.255
Class C: 192.168.0.0–192.168.255.255
192.168.1.100 100.1.1.100 100.1.1.1 100.1.1.1
Introduction to NAT
 NAT Classification
 Static NAT: Maps one internal IP address to one external IP address manually.
• It is typically used when an internal device on an enterprise network needs to be accessible
from outside.
 Dynamic NAT: Maps an internal IP address to an IP address in an external IP address group (address
pool).
• It is typically used when PCs of one organization share multiple public IP addresses to access the
Internet.
 Overloading NAT: Maps multiple internal IP addresses to one external IP address by using different
ports. It is a special form of dynamic NAT and is also known as Port Address Translation (PAT),
Network Address Port Translation (NAPT), or port-level multiplexed NAT.
• It is typically used when PCs of one organization share one public IP address to access the
Internet.
Working Principle and Configuration of NAT
 Requirements in NAT Working Principle Case 1:
 As shown in the topology below, configure static NAT to implement one-to-one mapping between a
private address (IP address of PC 1) and a public address (IP address of interface f0/1 on R1). Ensure
that PC 1 can ping PC 3.

100.1.1.1.100/8
F0/1
192.168.1.254/24
F0/0 PC 3
100.1.1.1/8
F0/2
R1
F0/1

SW 1

PC 1
192.168.1.100/24
Default gateway: 192.168.1.254
Working Principle and Configuration of NAT
• Basic Configuration
• Configuration of PC 1 and PC 3

PC 1 PC 3
Working Principle and Configuration of NAT
• Configuration of R1

R1#configure terminal 1. In interface configuration mode, configure an IP address for the interface of R1.
Enter configuration commands, one per line. End with CNTL/Z. R1(config-if)# ip address ip-address sub-mask
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0 2. Set the interface type to internal interface or external interface.
R1(config-if)#ip nat inside R1(config-if)# ip nat { inside | outside }
R1(config-if)#no shutdown
3. Enable the interface.
R1(config-if)#exit
R1(config)#interface fastEthernet 0/1
R1(config-if)#no shutdown
R1(config-if)#ip address 100.1.1.100 255.0.0.0 4. Configure a static NAT entry.
R1(config-if)#ip nat outside R1(config-if)# ip nat inside source static local-ip { interface interface | global-ip }
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip nat inside source static 192.168.1.100 10.1.1.100 5. If the configured IP address is incorrect, delete the interface IP address.
R1(config)# R1(config-if)#no ip address [ip-address sub-mask]
Working Principle and Configuration of NAT
• Verification in NAT Working Principle Case 1
• PC 1 can ping PC 3.
PC1>ping 100.1.1.1

Pinging 100.1.1.1 with 32 bytes of data:

How to ping PC 1 from PC 3?


Reply from 100.1.1.1: bytes=32 time=1ms TTL=127 1. ping 192.168.1.100?
Reply from 100.1.1.1: bytes=32 time=0ms TTL=127 2. ping 100.1.1.100?
Reply from 100.1.1.1: bytes=32 time=1ms TTL=127
Reply from 100.1.1.1: bytes=32 time=0ms TTL=127

Ping statistics for 100.1.1.1:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Working Principle and Configuration of NAT
• Analysis of Static NAT

• Static NAT implements one-to-one mapping between private addresses and public addresses.

• Therefore, IP address waste occurs if a user does not access the Internet all the time after mapping.
Unmapped PCs cannot access the Internet. The required number of mappings to public IP addresses equals
the number of internal IP addresses. The cost is high. Static NAT is advantageous in exclusive bandwidth for
a user to guarantee user experience.
Source IP address: 100.1.1.1
Destination IP address:
4 Source IP address: 100.1.1.1
100.1.1.1.100/8 Destination IP address:
192.168.1.100 100.1.1.100
F0/1
6 192.168.1.254/24
F0/0 5 PC 3
100.1.1.1/8
F0/2
R1 2 3 Source IP address: 100.1.1.100
F0/1 Destination IP address: 100.1.1.1

SW 1
Inside Local IP Inside Global IP
Address Address
1
Source IP address: 192.168.1.100
Destination IP address: 100.1.1.1
192.168.1.100 100.1.1.100
PC 1
192.168.1.100/24
Default gateway: 192.168.1.254
Working Principle and Configuration of NAT
 Requirements in NAT Working Principle Case 2:
 As shown in the topology below, configure dynamic NAT to implement conversion between private addresses (IP
addresses of PC 1 and PC 2) and public addresses based on an address pool. Ensure that PC 1 and PC 2 can ping PC
3.
 The public address pool of R1 is 100.1.1.100 to 100.1.1.105.

100.1.1.1.100/8
F0/1
192.168.1.254/24
F0/0 PC 3
100.1.1.1/8
F0/2
F0/3 R1
F0/1

SW 1

PC 1 PC 2
192.168.1.100/24 192.168.1.200/24
Default gateway: Default gateway:
192.168.1.254 192.168.1.254
Working Principle and Configuration of NAT
• Configuration of R1 R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip address 100.1.1.100 255.0.0.0
R1(config-if)#ip nat outside
R1(config-if)#no shutdown
Comparison with static NAT: R1(config-if)#exit
ip nat inside source static 192.168.1.100 10.1.1.100 R1(config)#access-list 10 permit 192.168.1.0 0.0.0.255
R1(config)#ip nat pool ruijie 100.1.1.100 100.1.1.105 netmask 255.0.0.0
R1(config)#ip nat inside source list 10 pool ruijie
R1(config)#

1. Define an IP ACL (define private addresses for NAT).


(config)#access-list access-list-number { permit | deny }
2. Define an address pool (define public addresses for NAT).
(config)# ip nat pool pool-name start-ip end-ip { netmask netmask | prefix-length prefix-length }
3. Configure a dynamic NAT entry.
(config)# ip nat inside source list access-list-number { interface interface | pool pool-name }
Working Principle and Configuration of NAT
• Verification in NAT Working Principle Case 2
• PC 1 and PC 2 can ping PC 3.
PC1>ping 100.1.1.1 PC2>ping 100.1.1.1

Pinging 100.1.1.1 with 32 bytes of data: Pinging 100.1.1.1 with 32 bytes of data:

Reply from 100.1.1.1: bytes=32 time=1ms TTL=127 Reply from 100.1.1.1: bytes=32 time=1ms TTL=127
Reply from 100.1.1.1: bytes=32 time=0ms TTL=127 Reply from 100.1.1.1: bytes=32 time=0ms TTL=127
Reply from 100.1.1.1: bytes=32 time=1ms TTL=127 Reply from 100.1.1.1: bytes=32 time=1ms TTL=127
Reply from 100.1.1.1: bytes=32 time=0ms TTL=127 Reply from 100.1.1.1: bytes=32 time=0ms TTL=127

Ping statistics for 100.1.1.1: Ping statistics for 100.1.1.1:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds: Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms Minimum = 0ms, Maximum = 1ms, Average = 0ms
Working Principle and Configuration of NAT
• Verification in NAT Working Principle Case 2
• On R1, run the show ip nat translations command to display NAT information.

R1#show ip nat translations


Pro Inside global Inside local Outside local Outside global
icmp 100.1.1.100:17 192.168.1.100:17 100.1.1.1:17 100.1.1.1:17
icmp 100.1.1.100:18 192.168.1.100:18 100.1.1.1:18 100.1.1.1:18
icmp 100.1.1.100:19 192.168.1.100:19 100.1.1.1:19 100.1.1.1:19
icmp 100.1.1.100:20 192.168.1.100:20 100.1.1.1:20 100.1.1.1:20
icmp 100.1.1.101:5 192.168.1.200:5 100.1.1.1:5 100.1.1.1:5
icmp 100.1.1.101:6 192.168.1.200:6 100.1.1.1:6 100.1.1.1:6
icmp 100.1.1.101:7 192.168.1.200:7 100.1.1.1:7 100.1.1.1:7
icmp 100.1.1.101:8 192.168.1.200:8 100.1.1.1:8 100.1.1.1:8

R1#
Working Principle and Configuration of NAT
• Analysis of Dynamic NAT

• Unlike static NAT, dynamic NAT does not map public IP addresses one to one. It can allocate idle IPv4 public
addresses in the address pool to PCs inside the network to access the Internet.

• If PC 1 and PC 2 are using the only two public IP addresses in the address pool for dynamic NAT, PC4 cannot
access the Internet. PC 4 can access the Internet via dynamic NAT only after PC 1 or PC 2 releases its address.
Therefore, a queuing problem occurs.

• Both static NAT and dynamic NAT give the right of using a public IP address to a private IP address.
100.1.1.1.100/8
F0/1
192.168.1.254/24
F0/4 F0/0
F0/1 PC 3
F0/3 100.1.1.1/8
R1
F0/2 SW 1

PC 4 PC 1 PC 2
192.168.1.104/24 192.168.1.100/24 192.168.1.200/24
Default gateway: Default gateway: Default gateway:
192.168.1.254 192.168.1.254 192.168.1.254
Working Principle and Configuration of NAT
• Working Process of Dynamic NAT (PC 1)
5 Source IP address: 100.1.1.1
Source IP address: 100.1.1.1
Destination IP address:
6 Destination IP address:
100.1.1.100
192.168.1.100 100.1.1.1.100/8
7 192.168.1.254/24
F0/1 PC 3
F0/0 100.1.1.1/8
4 Source IP address: 100.1.1.100
R1 Destination IP address: 100.1.1.1
F0/4 2
Ruijie NAT Pool
F0/1
F0/3 100.1.1.100

F0/2 SW 1 100.1.1.101 3
...

100.1.1.105 NAT Table


PC 4 PC 1 PC 2 Inside Local IP Address Inside Global IP Address
192.168.1.104/24 192.168.1.100/24 192.168.1.200/24
Default gateway: Default gateway: Default gateway: 192.168.1.254 192.168.1.100 100.1.1.100
192.168.1.254 192.168.1.254
1
Source IP address: 192.168.1.100
Destination IP address: 100.1.1.1
Working Principle and Configuration of NAT
• Working Process of Dynamic NAT (PC 2)
5 Source IP address: 100.1.1.1
Source IP address: 100.1.1.1 6 Destination IP address:
100.1.1.101
Destination IP address:
192.168.1.200 100.1.1.1.100/8
7 192.168.1.254/24
F0/1 PC 3
F0/0 100.1.1.1/8
4 Source IP address: 100.1.1.101
R1 Destination IP address: 100.1.1.1
F0/4 2
Ruijie NAT Pool
F0/1
F0/3 100.1.1.100

F0/2 SW 1 100.1.1.101 3
...

100.1.1.105 NAT Table


PC 4 PC 1 PC 2 Inside Local IP Address Inside Global IP Address
192.168.1.104/24 192.168.1.100/24 192.168.1.200/24
Default gateway: Default gateway: Default gateway: 192.168.1.254 192.168.1.100 100.1.1.100
192.168.1.254 192.168.1.254
1 192.168.1.200 100.1.1.101
Source IP address: 192.168.1.200
Destination IP address: 100.1.1.1
Working Principle and Configuration of NAT
 Requirements in NAT Working Principle Case 3:
 As shown in the topology below, configure NAPT to implement mapping between multiple private
addresses (IP addresses of PC 1 and PC 2) and a valid public address (IP address of interface f0/1 on
R1). Ensure that PC 1 and PC 2 can ping PC 3.

100.1.1.1.100/8
F0/1
192.168.1.254/24
F0/0 PC 3
100.1.1.1/8
F0/2
F0/3 R1
F0/1

SW 1

PC 1 PC 2
192.168.1.100/24 192.168.1.200/24
Default gateway: Default gateway:
192.168.1.254 192.168.1.254
Working Principle and Configuration of NAT
• Configuration of R1
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip address 100.1.1.100 255.0.0.0
R1(config-if)#ip nat outside
R1(config-if)#no shutdown
Comparison with static NAT: R1(config-if)#exit
ip nat inside source static 192.168.1.100 10.1.1.100 R1(config)#access-list 10 permit 192.168.1.0 0.0.0.255
Comparison with dynamic NAT: R1(config)#ip nat inside source list 10 interface fastEthernet 0/1 overload R1(config)#
ip nat inside source list 10 pool ruijie

1. Configure a dynamic NAT entry (to convert an internal IP address into an external interface IP address or an address in the address pool).
(config)#ip nat inside source list access-list-number { interface interface | pool pool-name } overload

The overload keyword must be used when NAPT is configured. In this way, the router converts the source port to implement address reuse.
If the overload keyword is not specified, the router will perform dynamic NAT.
In this case, only one external IP address (that is, IP address of F0/1) is configured for translation. Therefore, multiple PCs on the internal
network access the external network through different ports with the same external IP address.
Working Principle and Configuration of NAT
• Verification in NAT Working Principle Case 3
• PC 1 and PC 2 can ping PC 3.
PC1>ping 100.1.1.1 PC2>ping 100.1.1.1

Pinging 100.1.1.1 with 32 bytes of data: Pinging 100.1.1.1 with 32 bytes of data:

Reply from 100.1.1.1: bytes=32 time=1ms TTL=127 Reply from 100.1.1.1: bytes=32 time=1ms TTL=127
Reply from 100.1.1.1: bytes=32 time=0ms TTL=127 Reply from 100.1.1.1: bytes=32 time=0ms TTL=127
Reply from 100.1.1.1: bytes=32 time=1ms TTL=127 Reply from 100.1.1.1: bytes=32 time=1ms TTL=127
Reply from 100.1.1.1: bytes=32 time=0ms TTL=127 Reply from 100.1.1.1: bytes=32 time=0ms TTL=127

Ping statistics for 100.1.1.1: Ping statistics for 100.1.1.1:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds: Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms Minimum = 0ms, Maximum = 1ms, Average = 0ms
Working Principle and Configuration of NAT
• Verification in NAT Working Principle Case 3
• On R1, run the show ip nat translations command to display NAT information.

R1#show ip nat translations


Pro Inside global Inside local Outside local Outside global
icmp 100.1.1.100:1024 192.168.1.200:1 100.1.1.1:1 100.1.1.1:1024
icmp 100.1.1.100:1025 192.168.1.200:2 100.1.1.1:2 100.1.1.1:1025
icmp 100.1.1.100:1026 192.168.1.200:3 100.1.1.1:3 100.1.1.1:1026
icmp 100.1.1.100:1027 192.168.1.200:4 100.1.1.1:4 100.1.1.1:1027
icmp 100.1.1.100:1 192.168.1.100:1 100.1.1.1:1 100.1.1.1:1
icmp 100.1.1.100:2 192.168.1.100:2 100.1.1.1:2 100.1.1.1:2
icmp 100.1.1.100:3 192.168.1.100:3 100.1.1.1:3 100.1.1.1:3
icmp 100.1.1.100:4 192.168.1.100:4 100.1.1.1:4 100.1.1.1:4

R1#
Working Principle and Configuration of NAT
• Analysis of NAPT
• NAPT standards for Network Address Port Translation.

• NAPT maps a port ID of a private IP address to a port ID of a public address. It solves the
dynamic NAT queuing problem. In NAPT, the bandwidth is not exclusive to a user and the
average user bandwidth may be very low due to many users.
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 100.1.1.100:1024 192.168.1.200:1 100.1.1.1:1 100.1.1.1:1024
icmp 100.1.1.100:1025 192.168.1.200:2 100.1.1.1:2 100.1.1.1:1025
icmp 100.1.1.100:1026 192.168.1.200:3 100.1.1.1:3 100.1.1.1:1026
icmp 100.1.1.100:1027 192.168.1.200:4 100.1.1.1:4 100.1.1.1:1027
icmp 100.1.1.100:1 192.168.1.100:1 100.1.1.1:1 100.1.1.1:1
icmp 100.1.1.100:2 192.168.1.100:2 100.1.1.1:2 100.1.1.1:2
icmp 100.1.1.100:3 192.168.1.100:3 100.1.1.1:3 100.1.1.1:3
icmp 100.1.1.100:4 192.168.1.100:4 100.1.1.1:4 100.1.1.1:4

R1#
Working Principle and Configuration of NAT
 Working Process of NAPT (PC 1):

4 Source IP address: 100.1.1.1:1


Source IP address: Destination IP address: 100.1.1.100:1
100.1.1.1:1
Destination IP address: 5
192.168.1.100:1 100.1.1.1.100/8
F0/1
6 192.168.1.254/24
F0/0 PC 3
100.1.1.1/8
F0/2 3 Source IP address: 100.1.1.100:1
F0/3 R1 Destination IP address: 100.1.1.1:1
F0/1
2
SW 1

Inside Local Address Inside Global Address

PC 1 PC 2
192.168.1.100/24 192.168.1.200/24 192.168.1.100:1 100.1.1.100:1
Default gateway: Default gateway:
192.168.1.254 192.168.1.254

Source IP address: 192.168.1.100:1


Destination IP address: 100.1.1.1:1 1
Working Principle and Configuration of NAT
 Working Process of NAPT (PC 1):

4 Source IP address: 100.1.1.1:4


Destination IP address: 100.1.1.100:1027

Source IP address: 100.1.1.1:4


Destination IP address: 192.168.1.200:4
5
100.1.1.1.100/8
6 192.168.1.254/24
F0/1

F0/0 PC 3
100.1.1.1/8
F0/2 3 Source IP address: 100.1.1.100:1027
F0/3 R1 Destination IP address: 100.1.1.1:4
F0/1
2
SW 1

Inside Local Address Inside Global Address

PC 1 PC 2
192.168.1.100/24 192.168.1.200/24 192.168.1.100:1 100.1.1.100:1
Default gateway: Default gateway: 192.168.1.200:4 100.1.1.100:1027
192.168.1.254 192.168.1.254

Source IP address: 192.168.1.200:4


1 Destination IP address: 100.1.1.1:4
Working Principle and Configuration of NAT
 Requirements in NAT Working Principle Case 4:
 As shown in the topology below, configure port mapping to map port 23 of the IP address of the F0/0 interface on
R3 to port 23 of the IP address of the F0/1 interface on R1. Ensure that the Telnet operation from PC 3 to R3 is
successful.
 The privileged EXEC mode password needs to be configured and the Telnet service needs to be enabled on R3. The
username and password are both admin.

100.1.1.1.100/8
F0/1
192.168.1.254/24
F0/0 PC 3
100.1.1.1/8

192.168.1.1/24 R1
F0/0

R3
Working Principle and Configuration of NAT
• Configuration of R3
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 192.168.1.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.254
R3(config)#enable password admin
R3(config)#line vty 0 4
R3(config-line)#login local
R3(config-line)#exit
R3(config)#username admin password admin
R3(config)#

Run the ip route 0.0.0.0 0.0.0.0 192.168.1.254 command to set the default next-hop address of routes to 192.168.1.254.
Run the enable password admin command to set the privileged EXEC mode password to admin.
Run the line vty 0 4 and login local commands to enable the Telnet function.
Run the username admin password admin command to configure the Telnet username and password.
Working Principle and Configuration of NAT
• Configuration of R1

R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#no shutdown
R1(config-if)#exit
Compare to Static NAT: R1(config)#interface fastEthernet 0/1
ip nat inside source static 192.168.1.100 10.1.1.100 R1(config-if)#ip address 100.1.1.100 255.0.0.0
Compare to Dynamic NAT: R1(config-if)#ip nat outside
ip nat inside source list 10 pool ruijie R1(config-if)#no shutdown
Compare to NAPT: R1(config-if)#exit
ip nat inside source list 10 interface fastEthernet 0/1 overload R1(config)#ip nat inside source static tcp 192.168.1.1 23 100.1.1.100 23

local-address global-address

ip nat inside source static tcp 192.168.1.1 80 100.1.1.100 80


Protocol Port Port
Working Principle and Configuration of NAT
• Verification in NAT Working Principle Case 4
• On PC 3, run the telnet100.1.1.100 command.
PC3>telnet 100.1.1.100
Trying 100.1.1.100 ...Open

User Access Verification

Username: admin
Password:
R3>
R3>

R1r#sh ip nat translations


Pro Inside global Inside local Outside local Outside global
tcp 100.1.1.100:23 192.168.1.1:23 --- ---
tcp 100.1.1.100:23 192.168.1.1:23 100.1.1.1:1026 100.1.1.1:1026

R1#
Working Principle and Configuration of NAT
• Analysis of NAPT
• Static NAT, dynamic NAT, and NAPT implement the access from an internal
network to the external network. If a server on the internal network needs
to be accessible from the outside, port mapping is required.

R1#sh ip nat translations


Pro Inside global Inside local Outside local Outside global
tcp 100.1.1.100:23 192.168.1.1:23 --- ---
tcp 100.1.1.100:23 192.168.1.1:23 100.1.1.1:1026 100.1.1.1:1026

R1r#
Working Principle and Configuration of NAT
 Working Process of Port Mapping:

Source IP address: 100.1.1.100:23


Destination IP address: 100.1.1.1:1026 6
5 100.1.1.1.100/8
F0/1
192.168.1.254/24 Source IP address: 100.1.1.1:1026
4 F0/0 PC 3
Destination IP address: 100.1.1.100:23
Source IP address: 192.168.1.1:23 100.1.1.1/8
Destination IP address: 100.1.1.1:1026
1
192.168.1.1/24 R1 2
F0/0 3
Source IP address:
100.1.1.1:1026 Inside Local Address Inside Global Address
Destination IP address:
192.168.1.1:23
R3 192.168.1.1:23 100.1.1.100:23
Working Principle and Configuration of NAT
• NAT Comprehensive Application Configuration
• PC 1 accesses PC 5 by using the public IP address 100.1.1.100 via static NAT.

• PC 2 accesses PC 5 by using an IP address in the range of 100.1.1.101 to 100.1.1.105 via dynamic NAT.

• PC 3 accesses PC 5 by using the public IP address 100.1.1.106 via NAPT.

• PC 4 advertises the Web service and PC 5 is capable of accessing the Web service of PC 4 via port mapping.
100.1.1.1.100/8
F0/1
Tips: 192.168.1.254/24 PC 5
F0/0 F0/2 100.1.1.1/8
access-list can be used to define a single IP address. For example:
172.16.1.254/24
access-list 1 permit host 192.168.1.1 F0/2
There can be only one IP address in an address pool. For example: F0/2
F0/4 R1
Router(config)#ip dhcp pool pc3 F0/1
Router(dhcp-config)#network 100.1.1.106 255.255.255.255 SW 1
F0/3
PC 4
172.16.1.1/24
Default gateway:
172.16.1.254
PC 3
192.168.1.233/24
PC 2
Default gateway:
PC 1 192.168.1.200/24
192.168.1.254
192.168.1.100/24 Default gateway:
Default gateway: 192.168.1.254
192.168.1.254
THANKS
Ruijie Networks Co., Ltd.
Address: Floor 11, East Wing, Zhongyipengao Plaza, No. 29 Fuxing Road, Haidian District, Beijing, China
Post Code: 100036
Tel: (8610) 5171-5996
Fax: (8610) 5171-5872

www.ruijienetworks.com

You might also like