Lesson 7 - Provision Internet access for an organization using NAT Overload

CCNA - Learn How to Configure Internet Access Practically CCNA Learn How to configure Internet Access Practically
23 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$69.99
List Price:  $99.99
You save:  $30
€67.35
List Price:  €96.21
You save:  €28.86
£55.83
List Price:  £79.77
You save:  £23.93
CA$100.76
List Price:  CA$143.95
You save:  CA$43.19
A$112.23
List Price:  A$160.33
You save:  A$48.10
S$95.14
List Price:  S$135.93
You save:  S$40.78
HK$543.62
List Price:  HK$776.63
You save:  HK$233.01
CHF 63.04
List Price:  CHF 90.06
You save:  CHF 27.02
NOK kr797.48
List Price:  NOK kr1,139.30
You save:  NOK kr341.82
DKK kr502.49
List Price:  DKK kr717.87
You save:  DKK kr215.38
NZ$124.10
List Price:  NZ$177.29
You save:  NZ$53.19
د.إ257.07
List Price:  د.إ367.26
You save:  د.إ110.18
৳8,361.55
List Price:  ৳11,945.58
You save:  ৳3,584.03
₹5,962.79
List Price:  ₹8,518.63
You save:  ₹2,555.84
RM314.04
List Price:  RM448.65
You save:  RM134.61
₦108,335.42
List Price:  ₦154,771.52
You save:  ₦46,436.10
₨19,495.71
List Price:  ₨27,852.21
You save:  ₨8,356.49
฿2,390.81
List Price:  ฿3,415.60
You save:  ฿1,024.78
₺2,467.44
List Price:  ₺3,525.07
You save:  ₺1,057.62
B$434.14
List Price:  B$620.23
You save:  B$186.09
R1,296.68
List Price:  R1,852.48
You save:  R555.80
Лв131.68
List Price:  Лв188.12
You save:  Лв56.44
₩102,198.93
List Price:  ₩146,004.73
You save:  ₩43,805.79
₪256.56
List Price:  ₪366.53
You save:  ₪109.97
₱4,090.81
List Price:  ₱5,844.26
You save:  ₱1,753.45
¥10,994.99
List Price:  ¥15,707.80
You save:  ¥4,712.81
MX$1,408.98
List Price:  MX$2,012.91
You save:  MX$603.93
QR255.09
List Price:  QR364.43
You save:  QR109.34
P967.82
List Price:  P1,382.66
You save:  P414.84
KSh9,046.20
List Price:  KSh12,923.70
You save:  KSh3,877.50
E£3,562.49
List Price:  E£5,089.49
You save:  E£1,527
ብር8,907.19
List Price:  ብር12,725.10
You save:  ብር3,817.91
Kz63,830.88
List Price:  Kz91,190.88
You save:  Kz27,360
CLP$69,323.69
List Price:  CLP$99,038.09
You save:  CLP$29,714.40
CN¥510.80
List Price:  CN¥729.75
You save:  CN¥218.94
RD$4,245.36
List Price:  RD$6,065.06
You save:  RD$1,819.70
DA9,465.07
List Price:  DA13,522.10
You save:  DA4,057.03
FJ$162.39
List Price:  FJ$232
You save:  FJ$69.60
Q539.11
List Price:  Q770.19
You save:  Q231.08
GY$14,638.77
List Price:  GY$20,913.42
You save:  GY$6,274.65
ISK kr9,772.70
List Price:  ISK kr13,961.60
You save:  ISK kr4,188.90
DH703.98
List Price:  DH1,005.73
You save:  DH301.75
L1,291.33
List Price:  L1,844.84
You save:  L553.50
ден4,143.97
List Price:  ден5,920.21
You save:  ден1,776.24
MOP$559.97
List Price:  MOP$800
You save:  MOP$240.02
N$1,289.45
List Price:  N$1,842.15
You save:  N$552.70
C$2,574.80
List Price:  C$3,678.44
You save:  C$1,103.64
रु9,534.71
List Price:  रु13,621.60
You save:  रु4,086.89
S/260.99
List Price:  S/372.86
You save:  S/111.86
K283.85
List Price:  K405.52
You save:  K121.66
SAR262.91
List Price:  SAR375.60
You save:  SAR112.69
ZK1,936.45
List Price:  ZK2,766.47
You save:  ZK830.02
L335.12
List Price:  L478.77
You save:  L143.64
Kč1,694.03
List Price:  Kč2,420.15
You save:  Kč726.12
Ft27,771.44
List Price:  Ft39,675.18
You save:  Ft11,903.74
SEK kr774.38
List Price:  SEK kr1,106.30
You save:  SEK kr331.92
ARS$71,792.58
List Price:  ARS$102,565.23
You save:  ARS$30,772.64
Bs484.55
List Price:  Bs692.24
You save:  Bs207.69
COP$307,165.41
List Price:  COP$438,826.54
You save:  COP$131,661.12
₡35,530.54
List Price:  ₡50,760.09
You save:  ₡15,229.55
L1,777.33
List Price:  L2,539.15
You save:  L761.82
₲546,250
List Price:  ₲780,390.60
You save:  ₲234,140.59
$U3,115.91
List Price:  $U4,451.49
You save:  $U1,335.58
zł287.82
List Price:  zł411.19
You save:  zł123.37
Already have an account? Log In

Transcript

Hi, this is your host Habib zecharia. And this is our last topology in this course and this is about provisioning internet access for an organization using Nat overload. As I mentioned before, Nat overload is the only way to provide Internet access to an organization. In this topology, we will complete task one which is configuring the LAN topology, we will create Nat overload policy we will test the PC one and see if it can access the remote or the internet PC over the internet. And we will verify if this router which is our edge router is going to do Nat translations for us. In a very simplistic way, I mean this land topology can be expanded to a lot more switches and the IP scheme can be you know, increased to multiple VLANs for each floors, so you can have as many floors as you want you can assign different VLANs to different floors.

And that is covered part of the campus design network that I will be doing in the future. But for now, this will be quite enough to understand how internet access is provided to an organization. So, let's start we will start first by configuring the core switch here and and we will move on from there and go up. So this is our bring up the core switch console. That's the core switch console right here. So the first thing we will do is Basically, we will try to do the necessary configuration.

And see we will go from here is we will assign VLANs first VLAN 99 name we'll call it management VLAN 11 name. I'll call it first floor IP address. VLAN 99 is actually considered to be the management VLAN of the course which sort of course which will have 172 dot 20 dot 99 dot one as its IP address. And if you will add more switches, you can increment that from dot One, two dot two dot three dot four dot three. The reason why VLAN 99 is because it's a best practice instead of using VLAN one as its management VLAN VLAN 99 or any other VLAN is recommended. Oh, that's good.

And let's add now. interface VLAN 11 ip Address 172 dot 20 dot 11 dot 1255255255 to zero, no shot. There's one more. One more IP I need to assign, which is the core link with the router and that is the interface gi two slash zero. As you can see, I'm going to make it a routed port. And I'll assign it dot two of this network here and that this network is our transient network.

And yes, so let's do that interface gi two slash zero IP address 172 dot 20 dot 10 dot two 255255255252 so because this is a routed port, I cannot just put an IP address so I have to say no switch ports. And I wanted you to see that actually, IP address 172 dot 20 dot 10 dot 2255 255-225-5252. And I'll say it no shut. Now let's verify. So yes we have VLAN 11, VLAN, 99 and VLAN and and the port gig two slash zero and it has its routed port IP address. That's great.

Now VLAN 99 is showing as down the reason is we need to add another switch and give it an IP address. It's down. So let's see. So here this interface need to be part of VLAN 11, which is the interface that's connected to that is facing pc one. pc one will get its network connectivity from core one. So let's do that.

And this is how you assigned a VLAN to the port Okay, so interface gi one slash one, switch. switch port, mode access, switch, port, access VLAN 11 No shut. So that's good. When it comes to campus network design as you know, you have to do few important things. Number one is you know, the VTP mode should be transparent. There are other things we could do you know, like, as Spanning Tree Protocol bridge port should be, the priority should be lower.

And as you can see, I mean, it's important to do those things. So you understand how, how you can, you know, design, how you can design the LAN topology. So, I'm just gonna add those configurations just to benefit the audience here. So, little bit of information on how to design the actual ports. So VTP mode I have added in transparent that's one thing. The other thing we could do is you could add spanning tree mode and make it rapid p vs t that's rapid spanning tree.

And the other thing we can do is we can make the VLAN which is VLAN, 9011 and 99. To have a lower priority, Java lower priority of four zero 96. This makes the course which to be a bridge router or a bridge course which it will have its priority as for zero 96 From the default, so if you add any other switch on the network, those priorities are default to three to 786. And because they have higher priority, they will all report back to this course which Okay, so that's the idea of, of lowering the priority for the spanning tree. Okay, and this is again part of the course that is supposed to be campus design network and hoping to bring a discourse down the road. So stay tuned for those courses.

So this this switch is completely configured. Now there's one more thing we need to do. And that is, it will come up but let's bring up the PC one here and assign it VLAN 11 IP address Okay, so let's do that. As you can see, there's no IP given to this PC. So let's give it Doc 10 172 dot 20 dot 11 dot one. That's the default gateway IP address for this pc one.

So let's see if I can ping 172 dot 20 dot 11 dot one. Now, I shouldn't be able to ping it but I'm able to ping it because this is a simulation. Sometimes you know, it may not ping but the reason why it is not supposed to pain is because we did not do that. IP routing here and by adding the IP routing, I should be able to see all the routes and also all the SPI should be able to ping each other by adding IP routing. So this is done I mean the PC is able to ping the default gateway. That's what we want it to know and it's pinging.

That's great. Now let's move to the to the router configuration are one just bringing up the console here Okay, so we have the console here and if I do show IP interface brief, as you can see I have two interface three interfaces here, gig one slash zero and gig two slashes zero. So let's start configuring they're in the interfaces here so called the interface gi, one slash zero. Let's give it an IP address 121 90 dot 2255 to 255-225-5248. No shot. And then we have another interface G, two slashes zero And the IP address of that one is going to be 172 dot 20 dot 10 dot 1-255-225-5225 52252 and OSHA.

Now, we should be able to ping the default IP address to the internet which is ping 122 190 dot one. Yes, I can ping it. That's wonderful. So this so basically the topology configuration is completed now we need to add the routing on on this router as well as on the course which so let's bring up the course which again So let's add the default route on the course with so we will say t IP Route Zero dot zero dot zero for the networks and zero dot zero dot zero dot zero for the key for the subnet mask. And the next hop IP address is the IP address of the router which is the edge router. And that's going to be 172 dot 20 dot 10 dot one.

And that's the IP address that we just configured on the router. Let's save that. Now from the core. Let me let me actually ping to the edge router from here. And yes, I can ping it. So if I do show IP route, I should have the default Static route, which is this one, as you can see.

All right, perfect. So we did that now. Let's bring up the router itself. Now, when it comes to the router, there's few things that we need to do. As you know, one thing is we need to assign a default route on this edge router that will point all the traffic that's not in the routing table to the internet, right? So that's important to do so called t IP route.

And that's an A B hundred 20 dot 119 dot one. All right, so that is done. There will be another another route that we need to add which is basically Which will identify the internal network and the path to the internal network, right. So we need to add that so IP route 172 dot 20 dot zero dot 00 dot zero dot subnet mask is 255255 dot zero dot zero. That's the summary IP scheme of the internal LAN. So it's a Class B network.

That's what we are assigning. And the next hop IP address is the core of the LAN. IP. That's all we needed to do here. Now, now this is good. Now we did that that's perfect.

The only thing we need to do Now we are moving into this data into the net overload configuration. So we finished task one. For task two to create a policy we need to do the following. Number one, we need to create an access list. And that will identify the IP range of the internal LAN. So let's do that.

So IP access list extended. Right and let's call it basically Nat. Okay. And here we will say permit. ip 172 dot 20 dot zero dot 00 dot zero dot 255255. We are using the class p Wildcat mask And let's exit from here.

Now we will add a route map route map and let's call it pm policy map permit 10. Right. And and it needs to match an IP address so it's a match IP address. Not perfect. So we did that now. Let's exit that.

Now we will have to add a statement for the overload and we will say IP Nat inside source Inside source route map, pm interface, one, zero and I'll say overload. So now we completed the configuration of the NAT overload. The only thing we need to do is to identify the inside Nat and outside Nat interfaces. So we know from our topology for our topology here, gig one slash zero is our outside Nat and get to slicer is our inside that so let's start with interface g two slash zero. And I'll say IP Nat inside. And let's go to interface one slash zero.

And I'll say IP net outside Let's save our configuration. Perfect. Now the only thing we need to do now is we will test the internet PC here and see the connectivity from r1 to the internet PC. Using an internal interface, we will source that internal interface which is going to be two gig two slash zero. So let's do that. So let's ping, ping 10 dot 10 dot 10 dot 10.

That's the IP address of the internal PC. I should have mentioned that before. But I think we have been using the same IP address all along so and I'll say source get to slash zero. And let's see. And yes, it's pinging which is perfect. Now, the other test we need to do is go into pc one and see if we can ping it.

So So show IP let's verify we have the IP and let's ping that outside PC. And yes you can see we have successful results. One more thing we need to do is go into the edge router itself and to show IP Nat translations and as you can see, I mean we are able to get out to the internet as you can see, we are pinging it. But the inside global IP address will always show that the which is the basically the public IPs So far our router, right, it's going out as in, it's going out showing the public IP address. And that's what the translation is for. Right?

And it's going, it's going through doing its translation, these are the port numbers. And that's how it works actually, any other PC on the land, if it's gonna go to the internet, it's gonna have the same IP address, but different port and it's going to translate it the router is going to translate it and basically provide access to the internet in this manner. And with this, we have concluded the last chapter of this course I hope you have enjoyed this course as much as I did, and I hope I have provided a very important practical experience here. My recommendation is as a homework is to really build up your own network topology and play with the different types of Nat, which is the NAT overload. And if you look into my previous lessons we have covered Nat static static Nat and and we also did the port address translation or the dynamic Nat.

I hope I'll see you again soon in a different course. Thank you very much. Take care. Bye bye

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.