NAT source list question...

NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
Okay So in the Cisco Press icnd book, they give an example dynamic nat configuration. In this example they used "access-list 1 permit 10.1.1.2"

However in a practice question I got from another source I was given a NAT snippet and I was asked what needed to be changed to make the config work.

The answer to the question was "the access-list needed a wildcard mask."

So herein lies my question. Is a wildcard mask necessary for a NAT source list in the CCNA exam? I don't really care about what other books say or real world, I just want to know the CCNA way. I'm constantly running into inconsistencies. I'm not looking for a freebee or anyone to violate the rules. I already have a full understanding of NAT and how to configure it. I just don't want to blow a SIM because of some lame practice question I relied on. Thanks
There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    The difference is whn no wildcard mask is supplied it will default to 0.0.0.0, a host match. If the intent was to match a subnet, you would need a wildcard mask, if the intent is to match one host then either use the "host" keyword or the 0.0.0.0 wildcard mask (or omit it completely)

    Keep in mind only hosts that are permitted in the ACL will be allowed to use the nat rule you created.
    The only easy day was yesterday!
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    Terrific thank you very much!
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • tech-airmantech-airman Member Posts: 953
    Netstudent wrote:
    Okay So in the Cisco Press icnd book, they give an example dynamic nat configuration. In this example they used "access-list 1 permit 10.1.1.2"

    However in a practice question I got from another source I was given a NAT snippet and I was asked what needed to be changed to make the config work.

    The answer to the question was "the access-list needed a wildcard mask."

    So herein lies my question. Is a wildcard mask necessary for a NAT source list in the CCNA exam? I don't really care about what other books say or real world, I just want to know the CCNA way. I'm constantly running into inconsistencies. I'm not looking for a freebee or anyone to violate the rules. I already have a full understanding of NAT and how to configure it. I just don't want to blow a SIM because of some lame practice question I relied on. Thanks

    Netstudent,

    The answer is it depends. I reviewed my Cisco Press ICND books and found that with ACLs in general:
    1. For a Standard IP Access Control List, the wildcard mask is optional.
    2. For an Extended IP Access Control List, the wildcard mask is required.

    For a Standard IP Access Control List, look at the bottom of page 218, under "Step 1." For an Extended IP Access Control List, look at the bottom of page 225, under "Step 1."

    I hope this helps.

    Source:
    1. CCNA Self-Study: Interconnecting Cisco Network Devices (ICND) 640-811, 640-801, 2nd Edition - http://www.ciscopress.com/title/1587051427
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    Cool thanks tech-airman
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
Sign In or Register to comment.