Summary of the NAT configuration

Summary of the NAT configuration

Which of the following are disadvantages of using NAT? (Choose three.)

A. Translation introduces switching path delays.

B. NAT conserves legally registered addresses.

C. NAT causes loss of end-to-end IP traceability.

D. NAT increases flexibility when connecting to the Internet.

E. Certain applications will not function with NAT enabled.

F. NAT reduces address overlap occurrence.

 

·         A, C, E. NAT is not perfect and can cause some issues in some networks, but most networks work just fine. NAT can cause delays and troubleshooting problems, and some applications just won’t work

 

Which of the following are advantages of using NAT? (Choose three.)

A. Translation introduces switching path delays.

B. NAT conserves legally registered addresses.

C. NAT causes loss of end-to-end IP traceability.

D. NAT increases flexibility when connecting to the Internet.

E. Certain applications will not function with NAT enabled.

F. NAT remedies address overlap occurrence.

 

·         B, D, F. NAT is not perfect, but there are some advantages. It conserves global addresses, which allow us to add millions of hosts to the Internet without real IP addresses. This provides flexibility in our corporate networks. NAT can also allow you to use the same subnet more than once in the same network without overlapping networks.

 

Which command will allow you to see real-time translations on your router?

A. show ip nat translations

B. show ip nat statistics

C. debug ip nat

D. clear ip nat translations *

·         C. The command debug ip nat will show you in real time the translations occurring on your router.

 

 

Which command will show you all the translations active on your router?

A. show ip nat translations

B. show ip nat statistics

C. debug ip nat

D. clear ip nat translations *

 

·         The command show ip nat translations will show you the translation table containing all the active NAT entries.

 

Which command will clear all the translations active on your router?

A. show ip nat translations

B. show ip nat statistics

C. debug ip nat

D. clear ip nat translations *

 

·         D. The command clear ip nat translations * will clear all the active NAT entries in your translation table.

 

Which command will show you the summary of the NAT configuration?

A. show ip nat translations

B. show ip nat statistics

C. debug ip nat

D. clear ip nat translations *

 

·         B. The show ip nat statistics command displays a summary of the NAT configuration as well as counts of active translation types, hits to an existing mapping, misses (causing an attempt to create a mapping), and expired translations.

 

 

Which command will create a dynamic pool named Todd that will provide you with 30 global addresses?

A. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.240

B. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224

C. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224

D. ip nat pool Todd 171.16.10.1 171.16.10.254 net 255.255.255.0

 

·         B. The command ip nat poolname creates the pool that hosts can use to get onto the global Internet. What makes option B correct is that the range 171.16.10.65 through 171.16.10.94 includes 30 hosts, but the mask has to match 30 hosts as well, and that mask is 255.255.255.224. Option C is wrong because there is a lowercase t in the pool name. Pool names are case sensitive.

 

Which of the following are methods of NAT? (Choose three.)

A. Static

B. IP NAT pool

C. Dynamic

D. NAT double-translation

E. Overload

 

·         A, C, E. You can configure NAT three ways on a Cisco router: static, dynamic, and NAT Overload (PAT).

 

When creating a pool of global addresses, which of the following can be used instead of the netmask command?

A. / (slash notation)

B. prefix-length

C. no mask

D. block-size

 

·         B. Instead of the netmask command, you can use the prefix-lengthlength statement.

 

 

Which of the following would be a good starting point for troubleshooting if your router is not translating?

A. Reboot

B. Call Cisco

C. Check your interfaces for the correct configuration

D. Run the debug all command

 

·         C. In order for NAT to provide translation services, you must have ip nat inside and ip nat outside configured on your routers interfaces.

 

Which of the following would be good reasons to run NAT? (Choose three.)

A. You need to connect to the Internet and your hosts dont have globally unique IP addresses.

B. You change to a new ISP that requires you to renumber your network.

C. You dont want any hosts connecting to the Internet.

D. You require two intranets with duplicate addresses to merge.

 

·         A, B, D. The most popular use of NAT is if you want to connect to the Internet and you don’t want hosts to have global (real) IP addresses, but options B and D are correct as well.

 

Which of the following is considered to be the inside hosts address after translation?

A. Inside local

B. Outside local

C. Inside global

D. Outside global

 

·         C. An inside global address is considered to be the IP address of the host on the private network after translation.

 

Which of the following is considered to be the inside hosts address before translation?

A. Inside local

B. Outside local

C. Inside global

D. Outside global

 

·         An inside local address is considered to be the IP address of the host on the private network before translation.

 

By looking at the following output, which of the following commands would allow dynamic translations?

Router#show ip nat trans
Pro Inside global Inside local Outside local Outside global
--- 1.1.128.1 10.1.1.1 --- ---
--- 1.1.130.178 10.1.1.2 --- ---
--- 1.1.129.174 10.1.1.10 --- ---
--- 1.1.130.101 10.1.1.89 --- ---
--- 1.1.134.169 10.1.1.100 --- ---
--- 1.1.135.174 10.1.1.200 --- ---
A. ip nat inside source pool todd 1.1.128.1 1.1.135.254 prefix-length 19

B. ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 19

C. ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 18

D. ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 21

 

·         D. What we need to figure out for this question is only the inside global pool. Basically we start at 1.1.128.1 and end at 1.1.135.174; our block size is 8 in the third octet, or /21. Always look for your block size and the interesting octet and you can find your answer every time.

 

Your inside locals are not being translated to the inside global addresses. Which of the following commands will show you if your inside globals are allowed to use the NAT pool?

ip nat pool Corp 198.18.41.129 198.18.41.134 netmask 255.255.255.248
ip nat inside source list 100 int pool Corp overload
A. debug ip nat

B. show access-list

C. show ip nat translation

D. show ip nat statistics

 

·         B. Once you create your pool, the command ip nat inside source must be used to say which inside locals are allowed to use the pool. In this question we need to see if access-list 100 is configured correctly, if at all, so show access-list is the best answer

 

 

Which command would you place on the interface of a private network?

A. ip nat inside

B. ip nat outside

C. ip outside global

D. ip inside local

 

·         You must configure your interfaces before NAT will provide any translations. On the inside network interfaces, you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside.

 

Which command would you place on an interface connected to the Internet?

A. ip nat inside

B. ip nat outside

C. ip outside global

D. ip inside local

 

·         B. You must configure your interfaces before NAT will provide any translations. On the inside networks you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside.

 

Port Address Translation is also called what?

A. NAT Fast

B. NAT Static

C. NAT Overload

D. Overloading Static

 

·         C. Another term for Port Address Translation is NAT Overload because that is the keyword used to enable port address translation

 

What does the asterisk (*) represent in the following output?

NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1]
A. The packet was destined for a local interface on the router.

B. The packet was translated and fast-switched to the destination.

C. The packet attempted to be translated but failed.

D. The packet was translated but there was no response from the remote host.

 

·         B. Fast-switching is used on Cisco routers to create a type of route cache in order to quickly forward packets through a router without having to parse the routing table for every packet. As packets are processed-switched (looked up in the routing table), this information is stored in the cache for later use if needed for faster routing processing.

 

 

Which of the following needs to be added to the configuration to enable PAT?

ip nat pool Corp 198.18.41.129 198.18.41.134 netmask 255.255.255.248
access-list 1 permit 192.168.76.64 0.0.0.31
A. ip nat pool inside overload

B. ip nat inside source list 1 pool Corp overload

C. ip nat pool outside overload

D. ip nat pool Corp 198.41.129 net 255.255.255.0 overload

 

·         B. Once you create a pool for the inside locals to use to get out to the global Internet, you must configure the command to allow them access to the pool. The ip nat inside source listnumber pool-name overload command has the correct sequence for this question.