Configuring NAT basics for the CCNA with Packet Tracer

NAT Basics Overview

NAT basics, also known as network address translation is an important part of the CCENT and CCNA certification exams. When NAT is implemented it allows a router to translate the source IPv4 address in the packet header as it crosses the router, changing the source address in the packet from one address to another. This allows the sending computer’s message to appear as if it is coming from another computer’s address. When you masquerade the origin of a computer’s IPv4 address on a network it is known as a NAT firewall.

NAT basics lab topology using Packet Tracer

Network address translation is a primary reason that IPv4 addressing has survived and is still in use today. The creation of NAT along with private IPv4 address ranges like to, to, and to has allowed for the conservation of publicly routable IPv4 addresses. One of the results of NAT’s ability translate public addresses at the router to private IPv4 addresses is that the advent of IPv6 addressing has essentially been delayed.

Configuring NAT

For the CCENT and the CCNA certifications you need to know how NAT works and how to configure it on a Cisco router. In the following Packet Tracer exercise and accompanying video tutorials, I demonstrate four different ways of configuring NAT.

  • Static NAT translation
  • Port forwarding static NAT translation
  • NAT overload translation
  • Dynamic NAT translation using a NAT Pool


Download the Packet Tracer 6.3 activity here: NAT_practice_activity

NAT Basics Lab – Video Tutorials

Welcome to CCNA 1

Cisco CCNA 1 Introduction

The Cisco CCNA certification is the most well known computer networking certification in the industry. I recommend a Cisco CCNA Routing and Switching course of study. The Cisco Academy Curriculum in particular for anyone who wants to learn about computer networking. It is the best foundation for learning about network communication protocols, network addressing including IPv4 and IPv6, subnetting, routing, switching, VLANs and more!

I have taught the Cisco CCNA curriculum, as a Cisco Academy instructor for over 14 years. The Cisco Academy offers 4 courses that together map to the Cisco CCNA certification exam. The current exam is the 200-120 CCNA which has a stronger emphasis on IPv6. All of the students that sign up for a class through the college will be automatically enrolled in the Cisco Academy, and all Cisco Academy students will have access to online curriculum as well as the latest version of Packet Tracer. Packet Tracer is a program for creating simulated networked environments, complete with functioning routers, switches, and endpoint hosts.

Most of all, the Cisco Academy releases regular version updates to their CCNA Routing and Switching curriculum and the recently updated curriculum coincides with the new 200-125, CCNA Routing and Switching exam. The new curriculum covers new exam topics such as, IPv6, VTP, LLDP, eBGP, PPPoE, QoS, SNMPv3, NTP, DMVPN, SPAN, SDN, virtualization and Cloud computing.

CCNA 1 – Course Materials

As a Cisco Networking Academy student, all of the course materials are available through the Academy website learning management system. Including the complete text, the Packet Tracer network simulator, interactive activities, multiple choice exams, and plenty of labs with complete step-by-step instructions. If you prefer a paper copy of the text you can purchase it online from Cisco Press or Amazon. Make sure you order a current version of the text. Here is a link to the text
at Cisco Press and the ISBN number:

Introduction to Networks Companion Guide: Print ISBN: 978-1-58713-316-9, eBook: ISBN: 978-0-13347-544-9

Introduction to Networks | Cisco CCNA | Cisco Press

Class Availability

  • Where can I enroll in a class?
    I recommend looking for a Cisco Academy nearest you. That way, you take an in-person class, and get to work on physical equipment within the classroom environment. Finally, I teach the Cisco CCNA through Central Oregon Community College. The CCNA 1 class begins in the Fall quarter with CCNA2 and CCN3/4 following in the Winter and Spring respectively. Sign up for a class! You can even attend remotely online. Look for new student registration information at
  • Where can I do my labs?.
    Some labs are done in class, some labs are done at home using Packet Tracer, and some labs are done by remotely by connecting to the CIS Department Netlab+ server.
  • I am an online student, and I can’t come to the lab?
    If you are an online student, I recommend that you login to Blackboard and attend class online using the Blackboard Collaborate video conference tool. The class is always available through video conference and each class is recorded for downloading or streaming at a later date.
  • How do I turn in assignments?
    Students take exams online through the Cisco Netacad website and learning management system. Labwork and homework is turned in through Blackboard or the Netacad website.
  • How are assignments graded?
    I grade on a point system. Every week you have the opportunity to
    earn points from chapter exams and chapter labs. At the end of the class there is a cumulative multiple choice final exam as well as a hands-on lab final.

HSRP – Hot Standby Routing Protocol Packet Tracer Activity

HSRP Overview

If your gateway goes down it is a good idea to have a backup that takes over immediately. Using Cisco’s Hot Standby Routing Protocol (HSRP) you can configure a router to be an automatic backup gateway without having to change all of your network client’s default gateways, by reconfiguring your DHCP server, and releasing all of the gateway addresses on your network. {loadposition adposition5}In this graded Packet Tracer activity you configure HSRP to create active and standby router gateways.

In the activity, R1 is the current gateway router at Your task is to configure a virtual IP address on both router R1 and R2 G0/0 interfaces. You will configure R1 as the active router and R2 as the standby. Once that is done you will change the default gateway address on PC-A to the new virtual IP address and test. Download the Packet Tracer file and following along with my video tutorial.


1. Configure router R1 G0/0 interface with the following hot standby attributes:
standby 1 ip address
standby 1 priority 105
standby 1 preempt
standby 1 track g0/1
2. Configure router R2 G0/0 interface with the following hot standby attributes:
standby 1 ip address
3. Change the default gateway on PC-A to
4. Disable either of the Ethernet links to R1 and test to see if you can still ping the ISP.


Note: You will need to have Packet Tracer version 6.1 installed on your computer in order to open the file.

Video Tutorial

VLANs and Trunks Packet Tracer 6.1 Activity

VLANs and Trunks – Activity Overview

In this graded Packet Tracer 6.1 activity you will configure two Cisco Catalyst 2960 switches with VLANs and Trunks. The tasks include named VLANs, a trunk between two switches, and a management IP address on each switch using switched virtual interfaces or SVIs. You will also need to configure hostnames on the switches and each PC, with an IP address and subnet mask.

VLANS and Trunks Packet Tracer diagram and physical topology


1. Set the PC’s IP addresses based on the host address label and VLAN color code in the topology diagram
2. Assign the switch hostnames based on their labels.
3. Configure the switch VLAN numbers and VLAN names according to the diagram.
4. Configure Interface VLAN88 (SVI) addresses on both switches according to the diagram.
5. Change the switchports as access ports and assign them to VLANs according to the diagram.
6. Configure G0/1 as a Trunk. Allow the listed VLANs only across the trunk and configure the Native VLAN as shown
7. Shutdown the G0/2 interface.


For this graded activity you will need Packet Tracer version 6.1 or higher.

IOS CLI Commands for Switch S1

Switch> enable
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# vlan 10
S1(config-vlan)# name students
S1(config-vlan)# vlan 20
S1(config-vlan)# name faculty
S1(config-vlan)# vlan 30
S1(config-vlan)# name administration
S1(config-vlan)# vlan 88
S1(config-vlan)# name management
S1(config-vlan)# vlan 99
S1(config-vlan)# name native
S1(config-vlan)# exit
S1(config)# int range f0/1 – 8
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int range f0/9 – 16
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
S1(config-if)# int range f0/17 – 23
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 30
S1(config-if)# int f0/24
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 88
S1(config-if)# int vlan 88
S1(config-if)# ip address
S1(config-if)# int g0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20,30,88,99
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# int g0/2
S1(config-if)# shut

Network Troubleshooting PT Activity


It is important to know how to troubleshoot network connectivity issues. How to configure PCs to add them to the network? What tools can you use from the command prompt to test connectivity and check your network address settings? In order to test your skills, I created a Packet Tracer 6.1 activity in which you are the network administrator and you need to troubleshooting the network and answer some fundamental questions about the network. I have included the Packet Tracer activity file for you to download as well as the instructions below.

Instructions – Troubleshooting Activity

Troubleshooting Tasks
1. Fix PC1 and PC2 so they can reach the company website, and remote website
2. Fix Laptop0 so it can associate with Wireless Router0, and connect to the wireless network

Initech Admin
vty password: swingline
enable secret: cubicle

Answer the Following Questions
1. What is the network address of the green network?
2. What is the network address of the orange network?
3. What is the IP address of the Initech webserver?
4. What is the IP address of the Initech Nameserver?
5. What is the IP address of the Initech Mail Server?
Hint: what is the subdomain name of the mail server?
6. What is the IP address of the Webserver?
7. What is the SSID of Wireless Router0?
8. What is the wireless security key?
9. What is the IP address of the WAN interface on the Edge Router?


Click here to download the PT activity:
To open the file you will need Packet Tracer 6.1

Basic Network Configuration PT Activity


This is a beginning network configuration activity in Packet Tracer 6.1. This activity is designed to challenge you with some basic Cisco IOS configurations using a Cisco 1941 router, two Cisco Catalyst 2960 switches, a TFTP server and two PCs. In this Packet Tracer activity you are asked to configure the following items:

Step 1. Assign IPv4 addresses, subnet masks and default gateways to PC-A, PC-B, and Server1

Step 2. Configure the router with the following settings:
– hostname: R1
– console password: cisco
– vty 0-to-4 password: cisco
– enable secret: class
– banner message of the day: Unauthorized access is not allowed!
– encrypt all passwords
– configure Gigabit Ethernet interfaces with:
— IPv4 addresses,
— subnet masks,
— descriptions (LAN-Management, LAN-Student)
— bring-up the interfaces
– save the running configuration

Step 3. Configure each switch with the following settings:
– hostname: S1, S2
– console password: cisco
– vty 0-to-15 password: cisco
– enable secret: class
– banner message of the day: Unauthorized access is not allowed!
– encrypt all passwords
– configure interface VLAN 1 with:
— IPv4 address,
— subnet mask,
— bring-up the interface
– default gateway IPv4 address
– save running configuration

Step 4. Copy the IOS and startup-config file on R1, to the Server1 TFTP server.

Lab Activity Diagram/Topology Packet Tracer - Screenshot

Download the Activity

GRE over IP VPN Tunnel in Packet Tracer

GRE VPN Tunnel Overview

In this Packet Tracer 6.1 activity you configure a Generic Routing Encapsulation (GRE) over IP VPN tunnel. VPN tunnels are now part of the CCNA certification exam. VPN tunnels allow geographically separate private local area networks to be connected to each other across public wide area networks. In this way, a company or organization can have separate office networks virtually connected to each other across the public internet. Private local area networks connected by a tunnel across the internet have complete transparency to each other and are able to take advantage of all local area network resources as if they were locally available. In VPN Tunnels private networks are able to communicate across the public internet because all private network addressing and header information is not visible to public internet routers. The routers on the public internet do not have knowledge of the the private networks communicating across the internet. Unlike IPSec or OpenVPN tunnels, a GRE tunnel does not provide security or encryption by itself and therefore would not be a recommended method of creating a VPN tunnel across the internet if security or privacy is an important concern.


In this Packet Tracer 6.1 activity you do not need to configure R2, and the PCs. R1 and R3 have G0/0, G0/1, and default routes already configured

1. Create a GRE VPN tunnel from the R1 LAN to the R3 LAN
2. Configure Tunnel0
3. Use static routes on R1 and R3 (next hop address) to route traffic across tunnel0
4. You are successful when you can ping from PC-A to PC-C and vide versa


 Note: This Packet Tracer activity requires Packet Tracer version 6.1 minimum.

Video Walkthrough Tutorial


CLI Command Examples

R1(config)# int tunnel 0
R1(config-if)# ip address
R1(config-if)# tunnel source g0/1
R1(config-if)# tunnel destination
R1(config-if)# tunnel mode gre ip
R1(config-if)# exit
R1(config)# ip route

R3(config)# int tunnel 0
R3(config-if)# ip address
R3(config-if)# tunnel source g0/1
R3(config-if)# tunnel destination
R3(config-if)# tunnel mode gre ip
R3(config-if)# exit
R3(config)# ip route

Beginning Network Addressing PT Activity


This is a beginning Packet Tracer 6.1 activity designed to get you familiar with working with Packet Tracer. Your goal in this Packet Tracer activity is to configure the following:

1.  Both PCs with IP addresses, subnet masks, and default gateways.
2.  Configure each switch with: a hostname, an IP address and subnet mask on the VLAN 1 interface, and bring up the VLAN 1 interface.
3.  Configure the router with: a hostname, and IP address and subnet mask on each gigabit ethernet interface, and bring up the interfaces.


Command Examples

switch> enable
switch# configure terminal
switch(config)# hostname S1
S1(config)# interface vlan 1
S1(config-if)# ip address
S1(config-if)# no shutdown

router> enable
router# configure terminal
router(config)# hostname R1
R1(config)# interface g0/1
R1(config-if)# ip address
R1(config-if)# no shutdown