Hi, this is your host Habib's Korea. And I'm a Network Solutions Architect with cat Eclipse computing solution. My website is www cat eclipse.com. We also have cloud services. It's under shop cat Eclipse calm. And I hope that whenever you have a chance you can go and visit my website and to know more about my cloud solutions.
But enough of me, let's start our lab which is about provisioning static Nat. As I mentioned, in my previous lesson, I was involved with a manufacturing facility and we had a lot of vendors coming in with their hardware terminals. And those could have In controllers for the machineries or small terminals, that they will place them in our plant, and the vendors would be somewhere else traveling around the world. And they would like to know the status of their readings on the equipment. And this was exactly the solution I provided in front of you. And I hope my experience comes valuable to you as an individual who's now trying to learn how to do static net.
So let's start with no hesitations. And what we will do first is we will configure the back end, which is basically r one and r two. So as I said, r1 is basically your entire part of your internal network. torque, it's the SI router. r two is part of the external network, that could be an ISP or some other company that that came in to connect. That came in to provide an internet access to your organization.
Mostly it's gonna be an ISP, right? The, the other part is the switches. There's a, there's a switches on each side of the network as always, as you know, and my terminal is going to be this one, which is the focus of our scenario here where this one has an internal IP address where as the user is a remote user, connected to an ISP, and that person will reach this terminal using a public IP instead of an internal IP Between the two routers Of course, there's a there's an public IP here that was given to your to the internal organization this public IP has six host IP addresses available that means, I can use from hundred 20 dot 190 dot one two all the way six. So, so basically dot one and.to be given to these two interfaces here and there are one and under are two.
The third one will be dot three, we will give it to the terminal we will give it as as an as a NAT IP address for this terminal. So basically the task one is assigned IP addressing task two is use any routing protocol to make sure that the networks converge. And finally, it's Going to be a test that we will have to do from a remote user from a remote user workstation to to a terminal Connect connectivity to the terminal station. Okay. So let me bring up the router one and start the configuration and we will continue from there. Okay, so we have our one that came up and we will start configuring the interfaces as per the task one indicates.
So let's just make sure that we have all the all the interfaces are in the down state as you can see, so, so the first one is interface F Zero slash one. r f zero slash zero let's configure that. And as we said it's 120 dot 190 dot, we will assign this interface 12552 255-225-5248. slash 29 means 248 subnet mask, no shut. Now let me go to interface, zero slash one IP address is 192 168 dot one dot 1255 to 2552255 dot zero that's slash, slash 24 range. No shut Now, the other the other thing of this simulation is basically also for you to get familiarity with with with the routing, so what we will do is we will apply dynamic routing protocol rip. So router rip version two.
And so there's two networks here network one is 192 dot 168 dot one dot zero and the other network is the hundred 20 dot 190 dot zero. No auto summary is a good practice to do that. If you want to know more about how I did the dynamic routings I have other courses on Udemy that might be useful to take. So we are done with the router one Let me start router two and bring it up. Okay so we have our two here and we will start with the configuration of the interfaces. This interface will take the 191 hundred 20 to 192 IP address 255-225-5255 to 248 no shut interface FA zero slash one IP address this one will be 10 dot 10 dot 10 dot 1255 dot 255255 dot zero no shut.
Now the other thing is we have to apply the routing protocol as well here, router rip version two. Network is 10 dot 10 dot 10 dot zero at work 120 dot 190 dot zero and no auto summary. Let's save our config okay so basically since we have already applied the routing protocol I should I should see some routes IP route and you can see from our two I can reach the 192 dot 168 dot one network from our two that means from here I should be able to ping 192 dot 168 dot one dot one which is the which is the IP address of the internal internal routers here. So, so there is some convergence already happening between the two routing between the two routers. Let's proceed with this switch configurations of, of the network. Okay, so this switches up and I'm just going to give it a hostname Okay, so as you can see I'm getting a duplex mismatch on a cake zero slash zero.
The reason is the interface that gets zero slash zero is connected to is basically hundred base hundred megabits per second and not one gig. One gig speed so there is a mismatch there. So, let's first fix that. interface here is zero slash zero. So that should take care of those Miss match duplex messages that we were getting here. Now, I will configure this switch to be a layer two switch just for simplicity.
And, and, and and the connectivity will be much faster that way and easier because it's just an internal switch so you can configure it as layer three, but we don't want to do layer three because already we have a router. So let's let's do that interface range. Let's give it a VLAN. Well name, we'll give it a VLAN. Name it CCS and I will put all those interfaces into this VLAN I mean to arrange easier. We said that they belong to VLAN 192.
So let's apply spanning tree portfast. I think one more thing I like to always give to a layer two switches IP default gateway And I will always say 192 168 dot one dot one in this in this segment one 192 168 dot one dot one is acting as the default gateway for all the, for all the workstations. I think that's it in here let's save the configuration. And what I will do is I will bring up the switch the ISP switch as well and we will configure exactly the same scenario. Same configurations except the VLAN will be different. Okay, so the, the ISP switches up right now and we will configure the host name first.
And let's do that Let me make it caps. Now the other thing is we need to fix the duplex mismatch message that we are receiving here and we need to fix that. interface. Zero slash zero and no or two Sorry, no inco Shan Shan on top. So, no auto no negotiation Auto is the command that basically what it does is it by default, many of these switch interfaces are usually pre configured by default with a negotiation auto configuration and that has to be disabled in order to change the duplex duplex settings. And so, the other thing we need to do is we need to put all these ports in in a different VLAN and I will choose VLAN 10.
Since the the VLAN here is VLAN 10 dot 10 dot 10 dot 10 it makes I think it makes sense VLAN 10 and I'll name it ISP interface range I'm sure you're already familiar with the configuration of of a port and assigning a VLAN. So this could be just a revision for in most part, it's just a revision for anyone who's going to configure a switch. The only good thing that I should be I should do now is to the IP default IP default gateway. 10 dot 10 dot 10 dot one will act as the default gateway for for the remote user as well. Let's save that I will bring up the terminal for the remote user as well as for the internal terminal and configure the IP address as well as the default gateway on them. And then we will test the connectivity across.
Okay, so I have the remote user terminal here and I'll assign it an IP address and the syntax is IP and then the IP address that I will assign is 10 dot 10 dot 10 dot 10. And the subnet mask is 24 and the default gateway is 10 dot 10 dot 10 dot one And it's checking for duplicate addresses on the network. There is none. So it's, it has assigned that IP to the remote user computer or terminal. Now I'll bring the internal terminal console and we will do the same exact thing. Okay, so this is the the terminal one that the inside terminal right behind the CCS switch.
And I'll give it the IP address as we discussed 192 168 dot one dot 10 with slash 24. And the gateway address will be 192 dot 168 dot one dot. It's checking for duplicate address on the network and it find it didn't find anything and it did get and it did give it to the IPS As we, as we, as we see here, now in order the task two, so we we completed task one assigning the IP address into all the interfaces. Task two is to apply the routing protocol, we did apply the routing protocol. And we just want to make sure that the convergence has is achieved across the entire network. And if I do ping, for example, from here, I'm trying to do a ping from here all the way across here.
I should be able to get some response. Let's see 10 dot 10 dot 10 dot 10, I believe is the IP address. We assigned the remote computer there. And let's see if we are getting any ping replies. And yes, we do get successful Ping. That means the network is fully converged.
Now our task has not been finished yet. So The definer task is really have this remote user, ping our internal terminal using one of the public IP addresses. Now the reason why we will we will be doing that is because let's say if you're in the manufacturing facility and you have your own IP scope internally, you don't want some remote person or remote outside external user, knowing your internal IP range, and that may expose your facility to the outside world. And you don't want to do that. So, so for for doing a static Nat. This is supposed to be our task number four, actually, and I didn't put it here.
But that's the purpose of the lab. I apologize. And what I will do is, let's first come back to this topology as as you can see, always you have to look at the router that's providing you an internet access right. So this router is in your organization is in the internal organizations network and this is the router that will behave as that will do the NAT translation. This interface FA zero slash one or F Zero slash one is your Inside interface. And this one which is F Zero slash zero is your outside interface.
So let me bring up r1 again and let's configure the the inside and the outside interfaces. So I have our one here and we will proceed with the NAT configuration Please follow along county interface IP Nat inside is the command that I will apply. It does take it depends on your router. Usually it does take a little bit of time, because the router has to compute the interface to be an inside interface for nothing, and I think it may have already done it by now. So it's done as I can see here. And the other one that I will give is the let's go to the interface, zero slash zero.
And I'll say I pin that outside. It seems that the router didn't take any time. The reason is actually I improved the memory on the router to be To be more than 128 meg and and I can see better performance from this router right now. The last thing is is to map this IP address that the terminal has received to the public IP address that we have. So as you know the ISP or an internet provider will give you a block of IP addresses as I as I informed you that that will all depend how much you pay or how much that company pays and in this case, the organization internal organization has received a block of six IP addresses. Right so so that should be clear and we will use the next available IP public IP address that we have And it should be dot three as I, as I see here.
So let's start by putting the configuration first static Nat, its IP Nat inside source, static 192 dot 168 dot one dot 10. That's the IP address given to the terminal. And my public IP that that I will provide is it's going to be hundred dot 220 dot 190 or 190 dot tree. Let me save this configuration. Okay, so I'll just keep this here for now. And I just want to keep it here for now.
And what we will do is we will bring the remote computer terminal and then I will ping 120 dot 190 dot three. One thing for sure, I mean I should be able to ping this IP the remote user should be able to ping this IP because it's already been assigned when we when we did the NAT configuration perfect so we are able to ping this IP address That means that means this means that it's it is present, it's live and, and it is reaching. All right. So but from our one, I should be able to see the translation IP Nat, show IP Nat translation. That means what happens here by r1 is that it's receiving the request from 10 dot 10 dot 10 dot 10. And it's translating it to you know, it's translating it 220 to 190 dot three.
Okay, so that's how this computer is getting a reply from hundred 20 to 193 because our one is actually translating the traffic IP addressing of one when it does the translation, right. So this is basically What you see is inside global address the inside global address is 120 dot 190 dot three inside local address that's the IP address given internally to a device. The outside local is the outside local IP address, which is from an outside organization. And outside global is an outside global IP address that's given by the ISP to that outside remote user's computer. So with this, we conclude this chapter or this lesson. I hope you have enjoyed the lab.
And I hope I was very clear in demonstrating this lab. Thank you very much and join me in my next lap which is which is to not overload. Thank you very much.