NAT source list question...

Okay So in the Cisco Press icnd book, they give an example dynamic nat configuration. In this example they used "access-list 1 permit 10.1.1.2"

However in a practice question I got from another source I was given a NAT snippet and I was asked what needed to be changed to make the config work.

The answer to the question was "the access-list needed a wildcard mask."

So herein lies my question. Is a wildcard mask necessary for a NAT source list in the CCNA exam? I don't really care about what other books say or real world, I just want to know the CCNA way. I'm constantly running into inconsistencies. I'm not looking for a freebee or anyone to violate the rules. I already have a full understanding of NAT and how to configure it. I just don't want to blow a SIM because of some lame practice question I relied on. Thanks

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

dtlokee

The difference is whn no wildcard mask is supplied it will default to 0.0.0.0, a host match. If the intent was to match a subnet, you would need a wildcard mask, if the intent is to match one host then either use the "host" keyword or the 0.0.0.0 wildcard mask (or omit it completely)

Keep in mind only hosts that are permitted in the ACL will be allowed to use the nat rule you created.

Netstudent

Terrific thank you very much!

tech-airman

Netstudent wrote:

Okay So in the Cisco Press icnd book, they give an example dynamic nat configuration. In this example they used "access-list 1 permit 10.1.1.2"

However in a practice question I got from another source I was given a NAT snippet and I was asked what needed to be changed to make the config work.

The answer to the question was "the access-list needed a wildcard mask."

So herein lies my question. Is a wildcard mask necessary for a NAT source list in the CCNA exam? I don't really care about what other books say or real world, I just want to know the CCNA way. I'm constantly running into inconsistencies. I'm not looking for a freebee or anyone to violate the rules. I already have a full understanding of NAT and how to configure it. I just don't want to blow a SIM because of some lame practice question I relied on. Thanks

Netstudent,

The answer is it depends. I reviewed my Cisco Press ICND books and found that with ACLs in general:

For a Standard IP Access Control List, the wildcard mask is optional.
For an Extended IP Access Control List, the wildcard mask is required.

For a Standard IP Access Control List, look at the bottom of page 218, under "Step 1." For an Extended IP Access Control List, look at the bottom of page 225, under "Step 1."

I hope this helps.

Source:

CCNA Self-Study: Interconnecting Cisco Network Devices (ICND) 640-811, 640-801, 2nd Edition - http://www.ciscopress.com/title/1587051427

Netstudent

Cool thanks tech-airman