• No results found

Enable NAT for a small network with a single ISP and connection using SDM and verify operation using CLI and ping

REQUIREMENTS IN A SMALL BRANCH OFFICE NETWORK (74 questions)

Section 7: Enable NAT for a small network with a single ISP and connection using SDM and verify operation using CLI and ping

network (12 questions)

QUESTION NO: 1

TestKing has 25 computers and decides to connect the network to the Internet. TestKing would like for all of the computers to have access to the Internet at the same time, but TestKing only has four usable publicly routable IP addresses. What should be configured on the router so that all computers can connect to the Internet simultaneously?

A. Static NAT B. Global NAT C. Dynamic NAT

D. Static NAT with ACLs E. Dynamic NAT with overload

Answer: E Explanation:

NAT overload, also called many to one NAT or Port Address Translation (PAT) allows for many IP hosts to share a single IP address when connecting to the outside. In this case, the use of dynamic NAT with overloading will allow for the 25 hosts to use an IP address from the NAT pool, which will contain the 4 public IP addresses.

QUESTION NO: 2

A TestKing router has been configured with the following command:

IP nat pool nat-test 192.168.6.10 192.168.6.20 netmask 255.255.255.0

This is an example of what type of NAT?

A. Static NAT B. Dynamic NAT

D. Port Address Translation E. None of the above

Answer: B Explanation:

The configuration statement in this example is used to define a pool of IP addresses to be used for dynamic NAT translations.

Incorrect Answers:

A. Static NAT is used for 1 to 1 translation entries, using the "static" configuration keyword. In this example a range of addresses are being defined for the use in a pool. C, D. With NAT overload, also known as Port Address Translation (PAT), the keyword "overload" is added at the end of the configuration statement.

QUESTION NO: 3

The TestKing network is displayed below:

TestKing.com wants to use NAT in network displayed in the exhibit.

Which commands will apply the NAT configuration to the proper interfaces? Select two.

A. TestKing1(config)# interface serial0/1 TestKing1(config-if)# ip nat inside

B. TestKing1(config)# interface serial0/1 TestKing1(config-if)# ip nat outside

C. TestKing1(config)# interface fastethernet0/0 TestKing1(config-if)# ip nat inside

D. TestKing1(config)# interface fastethernet0/0 TestKing1(config-if)# ip nat outside

E. TestKing1(config)# interface serial0/1

TestKing1(config-if)# ip nat outside source pool 200.2.2.18 255.255.255.252

F. TestKing1(config)# interface serial0/1

TestKing1(config-if)# ip nat inside source 10.10.0.0 255.255.255.0

Answer: B, C Explanation:

After creating the static NAT entries, the router needs to know which interfaces are "inside" and which are "outside." The ip nat inside and ip nat outside interface sub-commands identify each interface appropriately.

Reference: Cisco CCNA ICND, p.271

QUESTION NO: 4

The ip subnet-zero configuration command is also in effect on router TK1. After this router performs network address translation, which address is a valid "inside global address"? A. 10.10.0.1 B. 10.10.0.17 C. 200.2.2.17 D. 200.2.2.18 E. 199.99.9.33 F. 199.99.9.47 Answer: F Explanation:

Regarding NAT operation, Cisco defines these terms as follows:

1. Inside local address - The IP address assigned to a host on the inside network. This is the address configured as a parameter of the computer's OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider. 2.

Inside global address - A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world. In this case, the NAT pool is used to distribute the Inside Global IP addresses.

3. Outside local address - The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside.

4. Outside global address - The IP address assigned to a host on the outside network by the host's owner. The address is allocated from a globally routable address or network space.

Reference:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml

QUESTION NO: 5

As a network technician at TestKing.com you would like to implement NAT in the network shown in the exhibit. You would like to allow inside hosts to use a private addressing scheme. Where should NAT be configured?

A. TestKing1 router B. TestKing2 router C. TestKing3 router D. All routers

E. All routers and switches F. None of the above

Answer: A Explanation:

NAT should always be configured on the border device. It can be a either a border router or a PIX firewall connecting to the Internet.

QUESTION NO: 6

The administrator of the TestKing network needs to ensure that a web server in their network is accessible from the Internet. Since the network uses private addressing, this requires an IP-to-registered-address mapping. The following command is entered on the router:

TestKing1(config)# ip nat inside source static 192.168.2.1 198.18.1.254

After unsuccessful results from a ping to the Internet, the administrator issues the show ip nat translations command and the output is blank. What could be the problem with the NAT configuration for this mapping?

A. The keyword overload is missing from the command. B. The administrator needs to define a NAT pool first.

C. An access list must be defined to create static NAT translations. D. The interfaces need to be configured for NAT.

Answer: D Explanation:

After configuring the static NAT administrator should configure the NAT on interface in order to define which interfaces are on the outside and which are on the inside:

interface s0

ip nat outside àBecause s0 interface is connected to ISP interface e0

ip nat inside à Because e0 interface is connected to Local LAN.

Incorrect Answers:

A, B, C: These are all tasks that need to be configured when performing many to one NAT, also known as Port Address Translation (PAT). In this example, we are specifying a static 1-1 NAT entry.

QUESTION NO: 7

Part of the TestKing network is shown below:

Refer to the topology and router configuration shown in the graphic above. A host on the TestKing LAN is accessing an FTP server across the Internet. Which of the following addresses could appear as a source address for the packets forwarded by the router to the destination server?

A. 10.10.0.1 B. 10.10.0.2 C. 199.99.9.3

D. 199.99.9.57 E. 200.2.2.17 F. 200.2.2.18

G. None of the above

Answer: D Explanation:

Using NAT we can translate the Source or Destination Address. In our example all source address from the 10.10.00 0.0.0.255 network will be translated to an IP address form the 199.99.9.40-62 pool, making only choice D correct.

QUESTION NO: 8

The TestKing network administrator has configured NAT as shown above. Clients still cannot access the Internet. What should the network administrator do to resolve this problem?

A. Configure an IP NAT address pool. B. Properly configure the ACL.

C. Apply the "ip nat" command to the S0 interface.

D. Configure the "ip nat inside" and "ip nat outside" commands on the appropriate interfaces.

E. None of the above

Explanation:

The "ip nat inside" and "ip nat outside" commands must be used from interface

configuration mode to tell the router which interface is performing which role in the NAT process. The following commands show how to configure our example router:

TK1(config)#interface ethernet0TK1(config-if)#ip nat

insideTK1(config-if)#exitTK1(config)#interface serial0TK1(config-if)#ip nat outsideTK1(config-if)#exitTK1(config)#

QUESTION NO: 9

The TestKing WAN is shown in the diagram below:

Study the Exhibit carefully and sequence of configuration commands shown in the graphic. The network at TestKing1 has just been configured for NAT as shown. Initial tests indicate that the network is functioning properly.

However, several users report that they cannot access the Internet. What is the problem?

A. The NAT pool does not have enough IP addresses.

B. The access list is not permitting all of the LAN host addresses to be translated. C. The NAT inside and NAT outside interfaces are reversed.

D. The link between the TestKing routers and the TestKing2 ISP E. None of the above

Answer: B Explanation:

The source of the IP address hosts that should be translated is specified in access list 1, which only specifies 192.168.9.0 0.0.0.7. This will only translate host

192.168.9.1-192.168.9.7. The correct syntax should have been: access-list 1 permit 192.168.9.0 0.0.0.255

QUESTION NO: 10

The network administrator has configured NAT as shown in the graphic. Some clients can access the Internet while others cannot. What should the network administrator do to resolve this problem?

A. Configure an IP NAT pool. B. Properly configure the ACL. C. Apply the ACL to the S0 interface.

D. Configure another interface with the ip nat outside command. E. None of the above.

Answer: B Explanation:

In the exhibit the ACL is only configured for the 192.168.1.0/24 network. In order to make Internet access available to all clients of both networks the access list 1 needs to include both 192.168.1.0/24 and 192.168.2.0/0.

QUESTION NO: 11

The TestKing network is shown below:

The network at the Testking has just been configured for NAT as shown. Initial tests indicate that everything is functioning as intended. However, it is found that a number of hosts cannot access the Internet. What is the problem?

A. The access list is not correct.

B. There are not enough IP addresses available in the NAT address pool. C. The wrong interface has been configured with the ip nat inside command. D. The IP address of the Fa0/0 interface is not usable.