IP_SLA_Tracking_RFC_Eth

This topology has served me well so far through NAT / PAT so I will stick with it!

Now PAT also known as Port Address Overload allows private IP addresses of inside hosts on your network to be translated to a single routable address with a random port number, so that a single address can be used for all your inside hosts!

You still need the “ip nat inside” and “ip nat outside” on your interfaces, but instead of needing a pool configuration and such, you simply identify the outside interface to overload (you will still need an ACL to define the traffic allowed to overload):

R2(config)#ip nat inside source list ?
  <1-2699>  Access list number for local addresses
  WORD      Access list name for local addresses

R2(config)#ip nat inside source list 2 ?
  interface  Specify interface for global address
  pool       Name pool of global addresses

R2(config)#ip nat inside source list 2 interface ?
  Async              Async interface
  BVI                Bridge-Group Virtual Interface
  CDMA-Ix            CDMA Ix interface
  CTunnel            CTunnel interface
  Dialer             Dialer interface
  FastEthernet       FastEthernet IEEE 802.3
  Lex                Lex interface
  Loopback           Loopback interface
  MFR                Multilink Frame Relay bundle interface
  Multilink          Multilink-group interface
  Null               Null interface
  Port-channel       Ethernet Channel of interfaces
  Serial             Serial
  Tunnel             Tunnel interface
  Vif                PGM Multicast Host interface
  Virtual-PPP        Virtual PPP interface
  Virtual-Template   Virtual Template interface
  Virtual-TokenRing  Virtual TokenRing

R2(config)#ip nat inside source list 2 interface s0/0 ?
  oer         Use with vtemplate only.  On new translation, if OER BR is UP,
              OER will select IP from outgoing Interface.  All packets matching
              translation are forwarded over Interface for duration of
              translation.
  overload    Overload an address translation
  reversible  Allow out->in traffic
  vrf         Specify vrf
  <cr>

R2(config)#ip nat inside source list 2 interface s0/0 overload ?
  oer  Use with vtemplate only.  On new translation, if OER BR is UP, OER will
       select IP from outgoing Interface.  All packets matching translation are
       forwarded over Interface for duration of translation.
  <cr>

R2(config)#ip nat inside source list 2 interface s0/0 overload
R2(config)#

So with the previous ACL in place, I’ll run an extended ping again from R4 and SW1, and check out what we see on R2:

R4(config)#do ping 172.12.123.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 172.12.123.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ASR#6
[Resuming connection 6 to sw1 … ]

SW1#ping 172.12.123.1 repeat 1000

Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 172.12.123.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
icmp 172.12.123.2:6    10.1.1.4:6         172.12.123.1:6     172.12.123.1:6
icmp 172.12.123.2:2    10.1.1.100:2       172.12.123.1:2     172.12.123.1:2
R2#

This really surprised me, as once we are using overload the pings go right on through successfully, I suppose because they are coming from the source interface of 172.12.123.2 instead of a random mapping that I assigned it.

Again you can use “sh ip nat stat” here to verify what you have cooking for NAT:

R2#sh ip nat stat
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  Serial0/0
Inside interfaces:
  FastEthernet0/0
Hits: 4766  Misses: 6
CEF Translated packets: 4772, CEF Punted packets: 0
Expired translations: 5
Dynamic mappings:
— Inside Source
[Id: 1] access-list 2 interface Serial0/0 refcount 0
Queued Packets: 0
R2#

Inside and outside source interfaces, nothing is utilizing PAT currently, the interface Serial0/0 highlighted shows that it is indeed using PAT, and just an overall great starting point in troubleshooting NAT / PAT.

Now, about NVI0 quick, it stands for “NAT Virtual Interface 0”, and does not impact the operation of NAT, but is used for topics beyond the scope of the CCNP ROUTE so I won’t go into too much detail. Just know that it is a type of specialized NAT, used only under certain circumstances.

AAAAAAND THAT DOES IT FOR CHRIS BRYANTS ROUTE VIDEO SERIES! I already have a pretty good start on the ebook, and will be spending the next week and a half reading and labbing as much as possible up to the day before the exam – Then as it’s said the dye is cast and I am going to just loosen up for the ROUTE the following day.

I’ll continue to post other things worth noting along the way pertinent to ROUTE, until 4/28, at which point after a short break it will be SWITCH posts!