One week till my exam!

sleemie

I have Lammle's book and I just printed out the Cisco white paper. I GUESS i'll go ahead and try to lock in some of that info.

Humper

sleemie wrote:

I have Lammle's book and I just printed out the Cisco white paper. I GUESS i'll go ahead and try to lock in some of that info.

Once you get the idea behind it, it's really simple. Theres not alot to it.

I'll give you a sample question and see if you can figure it out:

You have a Router, and a switch. The LAN has 45 users attached to it, and NAT Overload (PAT) is configured on the Router (NOTE: Switch is attached to port f0/0 on the router). The router has one IP address that is a registered public address that connects to the ISP. Some of the users are not able to connect to the Internet, examine the following NAT commands below:

int f0/0
ip nat inside

int s0/0
ip nat outside


ip nat inside source list 1 interface s0/0 overload
access-list 1 permit 10.0.1.0 0.0.0.15

Do you know the answer?

sleemie

i better read that paper...that's all greek to me.

Humper

sleemie wrote:

i better read that paper...that's all greek to me.

Read the paper, and if you think you have an answer to the question feel free to reply

SV

Congratulations... cool job .... great score. Happy for you buddy

sleemie

i'm kind of taking a guess here from reading the sybex info. the cisco info is soooo dry.

shouldn't the word pool be placed after the 1 to read "..source list 1 pool.." and instead of "interface s0/0" shouldn't that be the name of the pool?

You can't assign an interface as the source list pool, can you?

Humper

No the problem lies with the access-list.

Remember I said, there are 45 users on the LAN and I showed you the access-list?

access-list 1 permit 10.0.1.0 0.0.0.15

The problem with the access-list that I defined is that it is not big enough for all the users.

A 0.0.0.15 wildcard mask is the same as a 255.255.255.240 subnet mask. What I am permitting in the wildcard mask is 14 usuable IP addresses. What about the other 35 users?

If the subnet mask for the lan interface is say for example a /26 (62 usable host addresses) then my subnet mask is 255.255.255.192 and my wildcard mask is 0.0.0.63.

When the NATing router goes to check the ACL to determine which IP's are permitted to be NAT'd it is only going to allow the first 14 usuable IP's (16 actually but you cannot use the other 2 because of subnetting).


Thus as I was saying about, my access-list should look like this:

access-list 1 permit 10.0.1.0 0.0.0.63 (if I have a /26, it could be anything).

I would suggest reading more about NAT and the CLI commands that go with it, because YES you absolutely can select an interface when using the ip nat command. The problem is that Todd Lammle doesn't do a very good job of explaining it the pdf. I'll see if I can find some more resources for you.

sleemie

okay, thanx a bunch.

With your emphasis on this I'm assuming I should be prepared for this on the test??

Humper

sleemie wrote:

okay, thanx a bunch.

With your emphasis on this I'm assuming I should be prepared for this on the test??

Theres a good chance you will, and since the test is around 55-56 questions you can only get a few wrong (you need 85% to pass). Once you read NAT'ing and understand it, it really is EASY. Theres only three types of NATing (Static,Dynamic, and overload). There is only 4-5 commands you must know so it really isnt that bad

sleemie

forget this nat thing...i'm just gonna have to take my chances without it. each source I looked at has something different as far as entering the commands and I'm just not up to fooling around with it at this point. I probably won't get a sim on it, anyways, so I should be fine. I'll probably just get the standard whether the address is inside local or inside global type question.

i'm ready to be done with this thing....

rbowman

Wow congrats on scoring perfect on what is considered by many to be one of the hardest certs. I just noticed that CCNA is your first cert and I was just wondering...are you crazy! You took the hardest one of them all first...damn. I am right now studying for Network+, which is considered as the networking learners permit but still looks nice on a resume .

Which cert you going for next?

Humper

rbowman wrote:

Wow congrats on scoring perfect on what is considered by many to be one of the hardest certs. I just noticed that CCNA is your first cert and I was just wondering...are you crazy! You took the hardest one of them all first...damn. I am right now studying for Network+, which is considered as the networking learners permit but still looks nice on a resume .

Which cert you going for next?

CCNA is my only cert I wouldn't let others scare you, the CCNA exam is really not that tough. Of course you need to study study study and apply the concepts you've learned on real equipment. The simulators don't cut it, they are crapola.

I have already started studying for my BSCI for CCNP. After CCNP I might go for another cert like CCIP, then eventually CCIE

Humper

sleemie wrote:

forget this nat thing...i'm just gonna have to take my chances without it. each source I looked at has something different as far as entering the commands and I'm just not up to fooling around with it at this point. I probably won't get a sim on it, anyways, so I should be fine. I'll probably just get the standard whether the address is inside local or inside global type question.

i'm ready to be done with this thing....

That's fine, theres nothing wrong with taking your chances and hoping you wont get it on your test, except that when you are hired by a company they will expect you to know the CCNA topics and lets face it, the CCNA exam is just the beginning of it all. Your concern should be that if you were asked to troubleshoot or configure NAT at your job, what are you going to do?

For me, I wanted the cert probably just as bad as you did, but I what I really wanted to get out of this cert was to learn the material.