What is a PAT? Lab at Packet Tracer
PAT (Port Address Translation) is a technology for translating addresses using ports. This technology solves the problem of delivery of return packets . Since the number of white IPs is limited, we need to save these addresses. With this in mind, the PAT technology was created. It allows local hosts to use private IP addresses. and set one registered address on the access router. The RAT address translation technology uses a feature of the TCP protocol: from the server’s point of view, it doesn’t matter whether connections are made to three different hosts with different addresses or connections are made from one host to one IP address, but with different ports. Therefore, to connect to the Internet many hosts of a small office with only one registered public IP address , the PAT service translates the private addresses of local hosts into one registered one. In order to correctly forward reverse communication packets to local hosts, the router stores a table of IP addresses and port numbers for the TCP and UDP protocols. You can read about IP addresses and subnet masks in my other article .
Laboratory work assignment
Create a simple network using PAT technology (NAT overloaded). The network diagram is presented below. All work will be done in Cisco Packet Tracer.
1. Create 2 PCs, a server, a switch and 2 routers on the Packet Tracer dashboard and connect all devices as shown.
2. On the switch, configure 2 VLANs so that the operation scheme is as follows. Who does not know how to do this and what is VLAN, see my last article .
3. Raise duplexes on Router0 to the port connected to the switch. We did all this work in the previous lab (laboratory work on VLAN), so I will not dwell on this point in detail. Then we ping the server from any PC.
4. Configure routers. On router 1, set the white IP address on the port that is connected to router 0 with a cross-cable. For example, I took 126.96.36.199. On router 0, set the same white IP, but put 2 at the end, since this is the next device on the network (188.8.131.52). Thus, we simulated the situation of Internet connection from the provider.
5. Check the ability to access the Internet from any PC. That is pinganem 184.108.40.206.
We cannot connect, as can be seen in the screenshot above.
6. Now configure PAT with the access list. This is necessary so that we can expand our network and connect several vlanes. Pay attention to our scheme. From it you can see that the local network ends on a zero router. It starts accessing the Internet via public IP. Therefore, it is on it that we will configure PAT. First, we need to determine which interface for PAT will be external and which internal. The external interface is the one that goes to the Internet, and the internal one that is inside the local network. That is, in our case, the external is fa0 / 0, and the internal are two, since there are two departments (fa0 / 0.2 and fa0 / 0.3)
7. Set up a zero router to work with PAT. Based on point 6, we introduce the following commands:
8. Create an access list on the same router so that the router "understands" what to put on it.
We will introduce the following commands:
9. You can verify what happened with the show run command . To start PAT, we will need to enter another command in the configuration settings:
Check the Internet connection.
And the victory! Everything is working.
Let's deal with all the teams now.
ip access-list standard HABRAHABR – создаём стандартный access лист с именем HABRAHABR
permit 192.168.2.0 0.0.0.255 – добавляем адреса сетей с обратной маской сети
ip nat inside source list HABRAHABR int fa0/0 overload – начинаем путь NAT изнутри (из инсайда) по access листу под названием HABRAHABR на интерфейсе int fa0/0. Overload указывает на тип NAT, а именно перегруженный NAT, то есть PAT.