When creating a pool of global addresses which keyword can be used instead of the netmask command?

Correct Answer - Option 2 : prefix-length

The correct answer is Option 2.

• One may use the prefix-length instead of the netmask command.
• The prefix length is another way of expressing the subnet mask. The prefix length is the number of bits set to 1 in the subnet mask. It is written in “slash notation”, a “/” followed by the number of bits set to 1.

For example, if the subnet mask is 255.255.255.0, there are 24 bits set to 1 in the binary version of the subnet mask, so the prefix length is 24 bits or /24. The prefix and the subnet mask are different ways of representing the same thing - the network portion of an address.​

​Hence the correct answer is, prefix-length.

Dynamic NAT also creates one-to-one mappings between addresses and does not conserve IP addresses, just like static NAT. However, dynamic NAT creates a pool of inside global IP addresses to be mapped to an access list identifying inside local IP addresses. So basically we have two sets of addresses being mapped and not individual addresses. The same inside local address may not map to the same inside global address every time. The configuration should help make these concepts more understandable.

Here is a sample dynamic NAT configuration for the scenario in Figure 10-3.

R1>

R1>enable
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip nat pool MyPool 67.210.97.2 67.210.97.4 ?
netmask        Specify the network mask
prefix-length  Specify the prefix length

R1(config)#ip nat pool MyPool 67.210.97.2 67.210.97.4 netmask 255.255.255.0
R1(config)#access-list 1 permit host 192.168.1.2
R1(config)#access-list 1 permit host 192.168.1.3
R1(config)#access-list 1 permit host 192.168.1.4
R1(config)#ip nat inside source list 1 pool MyPool

R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#interface FastEthernet0/1
R1(config-if)#ip address 67.210.97.1 255.255.255.0
R1(config-if)#ip nat outside
R1(config-if)#end
R1# 

There are three parts of the above configuration.

First, the command ip nat pool MyPool 67.210.97.2 67.210.97.4 netmask 255.255.255.0 is used to create a pool of inside global addresses from 67.210.97.2 to 67.210.97.4. That is a total of 3 addresses only with a subnet mask of 255.255.255.0. Please note that we chose MyPool as NAT pool name but this choice is arbitrary and NAT pool name can be anything you like, even your first name. Also note that a network mask has to be specified using netmask keyword when defining a NAT pool.

Second, the ip access-list 1 commands create a standard access list matching interesting traffic for address translation. The access list would match IP addresses of the three inside hosts.

Third and last, the ip nat inside source list 1 pool MyPool command instructs the router to dynamically translate source IP addresses of packets coming in at the inside interface that match access-list 1 to an address found in the ip nat pool named MyPool.

Exam Concept – Dynamic NAT allows one-to-one mapping of local addresses to global addresses from a pool of global addresses.

Let’s verify it now:

R1#show ip nat translations 

There is no output so far as there are no static mappings between inside local and inside global addresses. Let’s generate some traffic from each of the three inside hosts and run the show ip nat translations command again:

R1#show ip nat translations
Pro  Inside global  Inside local   Outside local     Outside global
icmp 67.210.91.2:15 192.168.1.2:15 173.194.67.102:15 173.194.67.102:15
—  67.210.91.2    192.168.1.2    —               —
icmp 67.210.91.3:16 192.168.1.3:16 173.194.67.102:16 173.194.67.102:16
—  67.210.91.3    192.168.1.3    —               —
icmp 67.210.91.4:17 192.168.1.4:17 173.194.67.102:17 173.194.67.102:17
— 67.210.91.4     192.168.1.4    —               — 

Let’s issue the clear ip nat translations * command and view tha translation table again:

R1#clear ip nat translation *
R1#show ip nat translations 

The translation table is empty now as there were no entries as a result of static mapping.

If you can recall what we learned in the chapter on access lists, access lists were presented as tools to match packets comprising of interesting traffic. The access lists here is also being used to match interesting traffic for address translation. The access list is not used for traffic filtering because the access list was never applied to an interface using ip access-group command.

Please keep in mind that both static and dynamic NAT create one-to-one mapping of inside local and inside global addresses. The only difference is that for static NAT we need to specify explicitly which inside local address maps to which inside global address. While, for dynamic NAT we just have to create an access list to identify inside local addresses and a pool to specify inside global addresses. The actual mapping is done dynamically as the router performing NAT receives interested packets.

When creating pool of global addresses Which of the following can be used instead of netmask command?

Which command will create a dynamic pool named Todd that will provide you with 30 global addresses?

Which command will allow you to see real time translation on your router?

Which command would you place on interface connected to the Internet?