Configuring NAT basics for the CCNA with Packet Tracer

NAT Basics Overview

NAT basics, also known as network address translation is an important part of the CCENT and CCNA certification exams. When NAT is implemented it allows a router to translate the source IPv4 address in the packet header as it crosses the router, changing the source address in the packet from one address to another. This allows the sending computer’s message to appear as if it is coming from another computer’s address. When you masquerade the origin of a computer’s IPv4 address on a network it is known as a NAT firewall.

NAT basics lab topology using Packet Tracer

Network address translation is a primary reason that IPv4 addressing has survived and is still in use today. The creation of NAT along with private IPv4 address ranges like 192.168.0.0 to 192.168.255.255, 172.16.0.0 to 172.31.255.255, and 10.0.0.0 to 10.255.255.255 has allowed for the conservation of publicly routable IPv4 addresses. One of the results of NAT’s ability translate public addresses at the router to private IPv4 addresses is that the advent of IPv6 addressing has essentially been delayed.

Configuring NAT

For the CCENT and the CCNA certifications you need to know how NAT works and how to configure it on a Cisco router. In the following Packet Tracer exercise and accompanying video tutorials, I demonstrate four different ways of configuring NAT.

  • Static NAT translation
  • Port forwarding static NAT translation
  • NAT overload translation
  • Dynamic NAT translation using a NAT Pool

Download

Download the Packet Tracer 6.3 activity here: NAT_practice_activity

NAT Basics Lab – Video Tutorials


VLANs and Trunks Packet Tracer 6.1 Activity

VLANs and Trunks – Activity Overview

In this graded Packet Tracer 6.1 activity you will configure two Cisco Catalyst 2960 switches with VLANs and Trunks. The tasks include named VLANs, a trunk between two switches, and a management IP address on each switch using switched virtual interfaces or SVIs. You will also need to configure hostnames on the switches and each PC, with an IP address and subnet mask.

VLANS and Trunks Packet Tracer diagram and physical topology

Instructions

1. Set the PC’s IP addresses based on the host address label and VLAN color code in the topology diagram
2. Assign the switch hostnames based on their labels.
3. Configure the switch VLAN numbers and VLAN names according to the diagram.
4. Configure Interface VLAN88 (SVI) addresses on both switches according to the diagram.
5. Change the switchports as access ports and assign them to VLANs according to the diagram.
6. Configure G0/1 as a Trunk. Allow the listed VLANs only across the trunk and configure the Native VLAN as shown
7. Shutdown the G0/2 interface.

Download

For this graded activity you will need Packet Tracer version 6.1 or higher.

VLANS-Switchports-Trunks-SVIs.zip

IOS CLI Commands for Switch S1

Switch> enable
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# vlan 10
S1(config-vlan)# name students
S1(config-vlan)# vlan 20
S1(config-vlan)# name faculty
S1(config-vlan)# vlan 30
S1(config-vlan)# name administration
S1(config-vlan)# vlan 88
S1(config-vlan)# name management
S1(config-vlan)# vlan 99
S1(config-vlan)# name native
S1(config-vlan)# exit
S1(config)# int range f0/1 – 8
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int range f0/9 – 16
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
S1(config-if)# int range f0/17 – 23
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 30
S1(config-if)# int f0/24
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 88
S1(config-if)# int vlan 88
S1(config-if)# ip address 192.168.88.254 255.255.255.0
S1(config-if)# int g0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20,30,88,99
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# int g0/2
S1(config-if)# shut

Routing and Switching Essentials Practice Final – Packet Tracer 6

Lab Overview – Routing and Switching Essentials Practice Final

I designed this Packet Tracer 6 lab activity as a final review for the CCNA2: Routing and Switching Essentials. This lab covers many of the skill and knowledge areas necessary for the Cisco Academy CCNA5.0, Routing and Switching Essentials Final, Hands-on Lab Final and Packet Tracer Final. This Packet Tracer activity also includes IPv6  configurations that are covered in the new curriculum. You will need Packet Tracer 6.0.1 to open the activity file. The activity tracks your overall progress and provides feedback on correctly executed tasks. Here is a list of the knowledge and skill areas that it covers:

• IPv4 addressing and IPv6 addressing,
• VLANs, Trunks and InterVLAN routing,
• OSPFv2 and OSPFv3 for IPv6
• DHCPv4 as well as SLAAC and Stateless DHCPv6
• NAT for IPv4,
• ACLs and IPv6 ACLs,

The scoring is based on the total number of items correctly configured. Remember that when entering configurations the system is case sensitive. When you are finished, you should be able to communicate across the network. In this PT activity access to the CLI tab has not been disabled. Have fun!

 

Download

CCNA2_RoutingNSwitching-practice-final.zip

Note: You will need Packet Tracer version 6.0.1 to open this activity

Video Tutorials

Packet Tracer 6 Activity – RIPng and IPv6

Overview

The goal in this activity is to configure an IPv6 network with the RIPng routing protocol. In addition to configuring RIPng on the routers, you will need to configure all of the devices in the network with the correct IPv6 addressing. The goal is to configure the routers and PCs with the following information:
• Enable IPv6 routing on all routers,
• On all routers, configure link-local and global unicast IPv6 addresses with network prefix lengths (see the network diagram),
• On routers R1, R2, and R3 configure the RIPng IPv6 routing protocol (use the name: RIP1 in all caps as the routing process name),
• On router R1, configure a default route towards the ISP router, and use RIPng to distribute that route to routers R2 and R3,
• On router ISP, configure a summary route to reach all of the subnets on R1, R2, and R3,
• On the PCs configure static IPv6 addresses with network prefix lengths, and gateway addresses (see the network diagram),
• Configure hostnames on all routers and save the running configuration to the startup-configuration file

The scoring is based on the total number of items correctly configured. Remember that when entering configurations the system is case sensitive. When you are finished, you should be able to communicate across the network (e.g. successfully ping PCB from PCA)

RIPng PTactivity

Download

RIPng.zip

Note: You will need Packet Tracer version 6.0.1 to open this activity

Spoiler Alert – read below if you are stuck and need help with the commands

IOS Command List

router>enable
router#configure terminal
router(config)#hostname R1
R1(config)#ipv6 unicast-routing
R1(config)#interface g0/0
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:DA:1::1/64
R1(config-if)#ipv6 rip RIP1 enable
R1(config-if)#no shut
R1(config-if)#interface s0/0/0
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:DA:2::1/64
R1(config-if)#ipv6 rip RIP1 enable
R1(config-if)#ipv6 rip RIP1 default-information originate
R1(config-if)#clock rate 128000
R1(config-if)#no shut
R1(config-if)#interface s0/0/1
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:CD1:C::2/64
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ipv6 route ::/0 s0/0/1
R1(config)#exit
R1#copy running-config startup-config
R1#show running-config
R1#show ipv6 route
R1#show ipv6 int brief

Standard ACL Packet Tracer Challenge

Packet Tracer Challenge Overview

Learn the basics of using standard access lists with these Packet Tracer graded activities. In the activities, the networks have been pre-configured. All you need to do is write the access list, and decide where to apply it. Open the Packet Tracer files, follow the written instructions and the instructions on the topology diagrams.

Standard ACL Practice #1

In this Packet Tracer exercise, the goal is to create a simple standard ACL to permit one network and block the other. Follow the written instructions on where to apply the access list.

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download it here: standardACL-practice1.zip

Standard ACL Practice #2

In this exercise the goal is to permit two hosts, one from the yellow network and one from the blue network, to reach the green network. In this exercise you need to figure out where to apply the ACL so that the intended networks are effected. Hint: standard ACL are usually applied closest to the destination network effected.

 

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download the file here: standardACL-practice2.zip

Switch & VLAN Packet Tracer Challenge

Switch & VLAN Packet Tracer Challenge Overview

A Packet Tracer graded activity. It covers basic Cisco CCNA switch configurations, VLANs, native VLAN, trunk ports, port-security, and setting up secure remote administration with SSH. Great practice for the the Cisco CCNA!

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download it here: BasicConfig-VLAN-Trunk-PortSec-SSH-challenge.zip

Activity Instructions

Configure the Network according to the Topology Diagram and Labels.
When you are finished, the PCs on the Student VLAN should be able to ping each other and so should the PCs on the Faculty VLAN. The Admin PC should be able to SSH into S1 and S2 from the command prompt (Eg. PC>ssh -l admin 192.168.99.2)

PCs
1. IP address (see topology),
2. subnet mask (see topology),
3. default gateway address (first usable address in network)

Cisco 2960 Switches: S1 & S2
1. name: S1, S2
2. enable password, md5 encrypted: class
3. domain name: danscourses.com
4. message of the day banner: Unauthorized access is prohibited!
5. console password: cisco
6. vty 0 15 password: cisco
7. Security RSA Key size: 1024
8. SSH version 2
9. vty: ssh only
10. VLAN 10: student
11. VLAN 20: faculty
12. VLAN 99: Mgt
13. Interface VLAN 99: S1-IP address 192.168.99.2, S2-IP address 192.168.99.3
14. Native VLAN 99
15. fa0/1 Trunk
16. fa0/2-0/13 access VLAN 10
17. fa0/14-0/24 access VLAN 20
18. Gi1/1 access VLAN 99
19. Encrypt all passwords
20. Save running-config to startup-config

Cisco 2960 Switch: S1 Only
1. Gi1/1 Switchport Port-Security, sticky, maximum 1 mac address, violation shutdown

RIPv2 Packet Tracer Lab

Instructions

1. This is a classless addressing scenario (VLSM-CIDR), so you need a classless routing protocol. For this lab use RIPv2.
2. The lab topology has discontiguous networks, so you will need to disable RIP auto-summary.
3. R2 needs to have a default static route to the internet through the ISP router. Use the next hop ip address.
4. R2 needs to tell the other routers about its default route.
5. R2’s Fast Ethernet 0/1 interface should be passive.
6. Use passive-interface in order to not send routing updates to the LANs.
7. The ISP router should not use RIP, but instead use three static routes, two of the static routes should be summary routes.
8. The routers with DCE interfaces should have the clock rate set to 64000
9. The router’s serial DTE interfaces should have the first usable ip address in the network and the DCE interfaces should have the second usable ip address in the network.
10. All router LAN interfaces should have the first usable address in the network.
11. All PCs should have the x.x.x.10 host ip address.
12. Configure hostnames on all of the routers.

RIP Commands

R2(config)#router rip
R2(config-router)#version 2 //change to RIP version 2
R2(config-router)#no auto-summary //turn off default route summarization
R2(config-router)#network //advertises a connected network to neighboring RIP routers
R2(config-router)#network
R2(config-router)#network
R2(config-router)#default-information originate //distribute a default route to neighboring RIP routers
R2(config-router)#passive-interface //stops RIP from advertising routes out of an interface
R2(config-router)#end

Packet Tracer Graded Exercise

RIPv2_with_summary_routes.zip

Configure the Network with RIP Packet Tracer Challenge

Overview

In the lab, we configure a network topology which includes three Cisco 1841 or 1941 routers, three Cisco 2960 switches, and three PCs. The three routers need to be connected to each other over serial connections. {loadposition adposition5}Each router also needs to be  connected to a switch over a fast ethernet (1841) or gigabit ethernet port (1941). Each PC needs to be connected to a switch. The goal of the lab is to do the following things:

1) Wire all of the devices in the network as instructed,
2) Configure the ip addressing and names of all of the devices as instructed,
3) Configure the devices using CLI commands as instructed,
4) Configure RIP so all devices can communicate over the network,
5) Verify that all PCs can communicate with each other over the network

I have created a Packet Tracer Activity which has all of the lab instructions included in it and will also check your results when you are finished. You will need Packet Tracer version 5.3.3. You can download the activity by clicking here, : CCNA2_Configure_the_Network_Challenge_1b.zip

Here is an image of the network topology at the start of the activity lab.

 

Lab Outline

1) Wire the network. The serial interfaces with .2 as the address should be the DCE.
2) Configure the ip addressing and names of all of the devices as shown in the topology
3) Configure the devices using the commands listed below
4) Configure RIP so all devices can communicate over the network

Notes:
• Login passwords should be “cisco” (no quotes)
• Enable secret should be “class” (no quotes)
• Clock rates should be set to 64000
• Interface descriptions should be based on the connected network subnet like: “network-1”, “network-2”, up to “network-6”
• commands not listed below are: “enable” are “configure terminal”
• Start wiring the local area networks from the PCs using first available ethernet ports. PC1 to S1(fa0/1) and S1(fa0/2) to R1(fa0/0). Start wiring serial ports clockwise starting from R1(0/0/0) to R2 (0/0/0), R2(0/0/1) to R2 (0/0/0), etc.. (Remember the .2s should be the DCEs.)
• PCs should be configured with .10 host addresses, switches with .2 host addresses, and routers with .1 and .2 host addresses (refer to diagram)

Router Commands

hostname <name>
banner motd <#No unauthorized access!#>
enable secret <password>
line console 0
password <password>
login
line vty 0 4
password <password>
login
int fa 0/0
ip address <ip addr> <mask>
description <description>
no shut
int s 0/0/0
ip address <ip addr> <mask>
clock rate <rate num> (only if the interface is the DCE)
description <description>
no shut
int s 0/0/1
ip address <ip addr> <mask>
clock rate <rate num> (only if the interface is the DCE)
description <description>
no shut
router rip
network <net address>
network <net address>
network <net address>
copy running-config startup-config

Switch Commands

hostname <name>
banner motd <#No unauthorized access!#>
enable secret <password>
line console 0
password <password>
login
line vty 0 15
password <password>
login
int vlan 1
ip address <ip addr> <mask>
no shutdown
ip default-gateway <ip addr>
copy running-config startup-config