Scribd Logo
Upload

Welcome to Scribd!

  • ACL and NAT

    Uploaded by

    Manoj Borah
    14 views3 pages
    ACL and NAT

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ACL and NAT

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views3 pages

    ACL and NAT

    Uploaded by

    Manoj Borah
    ACL and NAT

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Implimenting ACL

    Numbered Standard

    Router#conf t
    Router(config)#access-list 50 deny host 10.0.0.10
    Router(config)#access-list 50 permit any
    Router(config)#int fa0/0
    Router(config-if)#ip access-group 50 out

    ------------

    Named Standard

    Router#conf t
    Router(config)#ip access-list Standard TEST
    Router(config-std-nacl)#deny host 10.0.0.10
    Router(config-std-nacl)#permit any
    Router(config-std-nacl)#exit
    Router(config)#int fa0/0
    Router(config-if)#ip access-group TEST out

    ------------

    Numbered Extended

    Router#conf t

    Router(config)#access-list 180 deny ip host 10.0.0.10 192.168.10.0


    0.0.0.255
    Router(config)#access-list 180 deny icmp host 10.0.0.40 host
    192.168.10.20
    Router(config)#access-list 180 permit tcp 10.0.0.51 0.0.0.7 host
    192.168.10.60 eq 23
    Router(config)#access-list 180 deny ip 10.0.0.51 0.0.0.7 host
    192.168.10.60
    Router(config)#access-list 180 permit ip any any
    Router(config)#int fa0/0
    Router(config-if)#ip access-group 180 in

    ------------
    Named Extended

    Router#conf t
    Router(config)#ip access-list Extended TEST
    Router(config-Ext-nacl)#deny ip host 10.0.0.10 192.168.10.0 0.0.0.255
    Router(config-Ext-nacl)#deny icmp host 10.0.0.40 host 192.168.10.20
    Router(config-Ext-nacl)#permit tcp 10.0.0.51 0.0.0.7 host 192.168.10.60
    eq 23
    Router(config-Ext-nacl)#deny ip 10.0.0.51 0.0.0.7 host 192.168.10.60
    Router(config-Ext-nacl)#permit ip any any
    Router(config-Ext-nacl)#exit

    Router(config)#int fa0/0
    Router(config-if)#ip access-group TEST in

    ------------

    To Monitor

    Router#sh ip access-list
    Router#sh ip interface Fa0/0 % Look for outgoing and incoming ACL %

    -----------------------------------------------

    Address Translation Configuration

    Static NAT

    Router#conf t
    Router(config)#ip nat inside source static 10.0.0.5 70.0.0.8
    Router(config)#ip nat inside source static 10.0.0.10 70.0.0.9
    Router(config)#int fa0/0
    Router(config-if)#ip nat inside
    Router(config-if)#exit
    Router(config)#int s0/0
    Router(config-if)#ip nat outside
    Router(config)#exit
    Router(config)#

    ------------
    Dynamic NAT

    Router#conf t
    Router(config)#access-list 80 permit 10.0.0.51 0.0.0.3
    Router(config)#ip nat pool TEST 70.0.0.11 70.0.0.14 netmask 255.0.0.0
    Router(config)#ip nat inside source list 80 pool TEST
    Router(config)#int fa0/0
    Router(config-if)#ip nat inside
    Router(config-if)#exit
    Router(config)#int s0/0
    Router(config-if)#ip nat outside
    Router(config)#exit
    Router(config)#

    ------------

    Port-Level Address Translation PAT

    Router#conf t
    Router(config)#access-list 80 permit 10.0.0.51 0.0.0.3
    Router(config)#ip nat inside source list 80 interface s0/0 overload
    Router(config)#int fa0/0
    Router(config-if)#ip nat inside
    Router(config-if)#exit
    Router(config)#int s0/0
    Router(config-if)#ip nat outside
    Router(config-if)#exit
    Router(config)#

    ------------

    To Monitor

    Router#sh ip nat translation


    Router#sh ip nat statictics
    Router#debug ip nat
    Router#sh ip access-list % Only in case of Dynamic Nat and PAT %

    You might also like