PAT or Port Address Translation or also known as NAT Overloading is like a modified form of dynamic NAT where multiple inside local addresses are translated to single inside global IP address. It is the most popular form of NAT as the setup is the same what we use on our home connectivity as your Internet Service Provider (ISP) usually will only provide you 1 public IP to communicate with their internet router. Just remember the word many-to-one mapping.
Objective: (Tested on Cisco Router 3700 Series)
1. Configure the Cisco Router to act as the DHCP server
2. Configure NAT to translate multiple private address to single public IP
Fig.1
Pre-configuration:
Configure Bridge group (If you do not have switch for L2 (VLAN) setup)
R1>enable
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
bridge irb
bridge 88 protocol ieee
bridge 88 route ip
interface FastEthernet0/0
no ip address
duplex auto
speed auto
bridge-group 88
interface FastEthernet0/1
no ip address
duplex auto
speed auto
bridge-group 88
interface BVI88
ip address 192.168.0.1 255.255.255.0
interface FastEthernet1/0
ip address 200.200.200.2 255.255.255.0
Configure DHCP:
ip dhcp conflict logging
ip dhcp excluded-address <IP to exclude>
ip dhcp pool <Pool Name>
network <network address> <subnet mask>
domain-name <domain name>
dns-server <DNS server1> <DNS server2>
netbios-name-server <Server1> <Server2>
default-router <Gateway IP>
lease <days> <hours> <minutes>
Sample Configuration:
ip dhcp excluded-address 192.168.0.1 192.168.0.9
ip dhcp conflict logging
!
ip dhcp pool POOL1
network 192.168.0.0 255.255.255.0
domain-name freenetworktutorials.com
dns-server 192.168.88.88
netbios-name-server 192.168.88.88
default-router 192.168.0.1
lease 0 1
Verification:
show ip dhcp binding
show ip dhcp pool
show ip dhcp server statistics
Sample Output:
R1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
192.168.0.10 0100.5079.6668.1d Mar 01 2002 01:31 AM Automatic
192.168.0.11 0100.5079.6668.1e Mar 01 2002 01:32 AM Automatic
R1#show ip dhcp pool
Pool POOL1 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 2
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
192.168.0.12 192.168.0.1 – 192.168.0.254 2
R1#show ip dhcp server statistics
Memory usage 24648
Address pools 1
Database agents 0
Automatic bindings 2
Manual bindings 0
Expired bindings 0
Malformed messages 0
Secure arp entries 0
Message Received
BOOTREQUEST 0
DHCPDISCOVER 8
DHCPREQUEST 2
DHCPDECLINE 0
DHCPRELEASE 0
DHCPINFORM 0
Message Sent
BOOTREPLY 0
DHCPOFFER 8
DHCPACK 2
DHCPNAK 0
Configure PAT:
a. Configure access-list (ACL)
access-list <1-99> permit <address> <wildcard bits>
b. Configure Dynamic NAT Overload (PAT)
ip nat inside source list <ACL number> pool <Pool name> overload
or
ip nat inside source list <ACL number> interface <interface name> overload
c. Configure router interfaces as inside or outside.
interface <interface name>
ip nat insideinterface <interface name>
ip nat outside
Sample Configuration:
Router1:
access-list 88 permit 192.168.0.0 0.0.0.255
ip nat pool POOL1 200.200.200.2 200.200.200.2 netmask 255.255.255.0
ip nat inside source list 88 pool POOL1 overload
*or
ip nat inside source list 88 interface BVI88 overload
interface BVI88
ip nat inside
interface fa1/0
ip nat outside
Sample Verification:
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.1:5758 192.168.0.10:5758 200.200.200.1:5758 200.200.200.1:5758
icmp 192.168.0.1:6270 192.168.0.10:6270 200.200.200.1:6270 200.200.200.1:6270
icmp 192.168.0.1:6782 192.168.0.10:6782 200.200.200.1:6782 200.200.200.1:6782
icmp 192.168.0.1:7294 192.168.0.10:7294 200.200.200.1:7294 200.200.200.1:7294
icmp 192.168.0.1:638 192.168.0.11:638 200.200.200.1:638 200.200.200.1:638
icmp 192.168.0.1:1150 192.168.0.11:1150 200.200.200.1:1150 200.200.200.1:1150
icmp 192.168.0.1:1662 192.168.0.11:1662 200.200.200.1:1662 200.200.200.1:1662
icmp 192.168.0.1:2174 192.168.0.11:2174 200.200.200.1:2174 200.200.200.1:2174
icmp 192.168.0.1:2686 192.168.0.11:2686 200.200.200.1:2686 200.200.200.1:2686
R1#show ip nat statistics
Total active translations: 10 (0 static, 10 dynamic; 10 extended)
Outside interfaces:
FastEthernet1/0
Inside interfaces:
BVI88
Hits: 10 Misses: 0
CEF Translated packets: 10, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
— Inside Source
[Id: 2] access-list 88 interface BVI88 refcount 10
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.1 – c21c.2560.0001 ARPA BVI88
Internet 192.168.0.10 1 0050.7966.681d ARPA BVI88
Internet 192.168.0.11 1 0050.7966.681e ARPA BVI88
Internet 200.200.200.1 50 c21f.6d32.0010 ARPA FastEthernet1/0
Internet 200.200.200.2 – c21c.2560.0010 ARPA FastEthernet1/0
Be First to Comment