Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network....
Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network.

The two-exam CCNA process covers lots of innovative features, which better reflect the skills and knowledge you'll need on the job. Passing both exams is your first step towards higher-level Cisco certification, and trainer Jeremy Cioara has mapped these CCNA training videos to the 640-816 test. This CCNA training is not to be missed.

Here's how one user described Jeremy's training: "By the way, Jeremy Cioara has to be by far one of the BEST Cisco trainers I have ever had the privilege to learn from overall. He not only keeps your attention but his energy is contagious and he provides the information at a level where you grasp it rather easily."

The last day to take the 640-816 exam is Sept. 30, 2013. After that date, the only ICND2 exam available will be 200-101. CBT Nuggets has a training course for the 200-101 exam here.

All trademarks and copyrights are the property of their respective holders.
1. Review: Rebuilding the Small Office Network, Part 1 (33 min)
2. Review: Rebuilding the Small Office Network, Part 2 (28 min)
3. Review: Rebuilding the Small Office Network, Part 3 (23 min)
4. Switch VLANs: Understanding VLANs (16 min)
5. Switch VLANs: Understanding Trunks and VTP (39 min)
6. Switch VLANs: Configuring VLANs and VTP, Part 1 (35 min)
7. Switch VLANs: Configuring VLANs and VTP, Part 2 (39 min)
8. Switch STP: Understanding the Spanning-Tree Protocol (28 min)
9. Switch STP: Configuring Basic STP (21 min)
10. Switch STP: Enhancements to STP (29 min)
11. General Switching: Troubleshooting and Security Best Practices (29 min)
12. Subnetting: Understanding VLSM (18 min)
13. Routing Protocols: Distance Vector vs. Link State (26 min)
14. Routing Protocols: OSPF Concepts (30 min)
15. Routing Protocols: OSPF Configuration and Troubleshooting (39 min)
16. Routing Protocols: EIGRP Concepts and Configuration (32 min)
17. Access-Lists: The Rules of the ACL (27 min)
18. Access-Lists: Configuring ACLs (34 min)
19. Access-Lists: Configuring ACLs, Part 2 (48 min)
20. NAT: Understanding the Three Styles of NAT (20 min)
21. NAT: Command-line NAT Configuration (35 min)
22. WAN Connections: Concepts of VPN Technology (33 min)
23. WAN Connections: Implementing PPP Authentication (34 min)
24. WAN Connections: Understanding Frame Relay (28 min)
25. WAN Connections: Configuring Frame Relay (30 min)
26. IPv6: Understanding Basic Concepts and Addressing (34 min)
27. IPv6: Configuring, Routing, and Interoperating (23 min)
28. Certification: Some Last Words for Test Takers (13 min)
29. Advanced TCP/IP: Working with Binary (25 min)
30. Advanced TCP/IP: IP Subnetting, Part 1 (55 min)
31. Advanced TCP/IP: IP Subnetting, Part 2 (22 min)
32. Advanced TCP/IP: IP Subnetting, Part 3 (19 min)

Review: Rebuilding the Small Office Network, Part 1

Review: Rebuilding the Small Office Network, Part 2

Review: Rebuilding the Small Office Network, Part 3

Switch VLANs: Understanding VLANs

Switch VLANs: Understanding Trunks and VTP

Switch VLANs: Configuring VLANs and VTP, Part 1

Switch VLANs: Configuring VLANs and VTP, Part 2

Switch STP: Understanding the Spanning-Tree Protocol

Switch STP: Configuring Basic STP

Switch STP: Enhancements to STP

General Switching: Troubleshooting and Security Best Practices

Subnetting: Understanding VLSM

Routing Protocols: Distance Vector vs. Link State

Routing Protocols: OSPF Concepts

Routing Protocols: OSPF Configuration and Troubleshooting

Routing Protocols: EIGRP Concepts and Configuration

Access-Lists: The Rules of the ACL

Access-Lists: Configuring ACLs

Access-Lists: Configuring ACLs, Part 2

NAT: Understanding the Three Styles of NAT

00:00:01

Oh, it is a rainy day out here in Phoenix, Arizona. I know that may not sound like that big of a deal, but it is for us. We, we get rain so rarely. The last I actually heard on the news. The last time we got rain was eight months ago, and it was just a drizzle, so whenever it rains here, you know, all the children run out and look at the sky and they, oh, water from the sky, you know, and where it's it's amazing, and I love the rain. Rain is a novelty here and

00:00:29

but I don't know how I could live in, in a place where there's a lot of rain, because every time, I'm looking out the window right now, cloudy skies, I just, I, I've got my cup of hot cocoa right here. I just wanna, I don't know, curl up and talk about NAT. That's, that's what

00:00:46

we're gonna do. We're gonna look at Network Address Translation, because this is a big function of just about every network that's in existence today. Network Address Translation allows you to translate your corporate private addresses into the public addresses that work on the internet. At least that's the most common use. So we're gonna look

00:01:06

look at this introductory video, at the three major forms of NAT, Dynamic NAT, NAT Overload and Static NAT. Once we wrap up here, and the next video, we'll talk about how to set them all up. Now NAT was a topic that we discussed in the ICND one series, but the primary use that we talked about in there, was just overloading and external IP address, so multiple internal clients can access the internet, and while that is the most common use of NAT, there's many more things you can use it for. The first one is Dynamic NAT. Now this is a typical picture

00:01:44

of using Dynamic NAT to translate inside addresses to outside addresses as you access the internet. Now it sounds just like what I described, but you'll notice that it is a one to one translation. As these clients go out from the internal network, they are signed a public address, and it will stay there for as long as that session remains. So if it's a TCP session,

00:02:06

there's a certain time out. Once it ends, that public address goes back into the pool. Now, likewise with Dynamic NAT, you can have it translate the other way. I can go from outside to inside, and it can rotate around. Now you might be thinking, well where would that

00:02:20

be used. I'll tell you the most common place where you see Dynamic NAT used, is to solve problems with addressing. The problem that I'm mainly talking about, is overlapping addresses. Let's say, you've got, I'll try and squeeze it in over here. Oh, hang on,

00:02:40

let me do a quick little shindig. Let's say you've got an organization over here that has a router, and organization A acquires organization B, over here on the right hand side. Now they did not plan in, in their acquisition system, that they would have overlapping addresses, and maybe the A organization decided to use the ten range, all ten addresses over here, and the B organization also used ten addresses. Well you can't have that,

00:03:12

because that's gonna be duplication. What you can do with Dynamic NAT, is set up a pool, meaning, when organization, organization A accesses organisation B, it will look as though they're coming from, we'll say, 172.16. something, and when organization B accesses organization A, it will look like they're coming from 172.17. something. That's one form of Dynamic NAT that's able to handle dynamic translations for overlapping networks. So, while

00:03:47

both of these people are using ten networks, as they access each other, they'll become different addresses, so the devices will think, oh, well there's no problem. Now I know this may just seem illogical, because if I were an organization B and maybe I pinged an address, 10.1.1.5, that also existed in organization A, well how does the router know which 10.1.1.5 you're talking about, since we have overlapping addresses.

00:04:18

Well, Dynamic NAT, when you're using it in this system, does not work with IP addresses. Let me explain. If you have to have overlapping addresses, which some organizations do for a time, it requires the use of DNS server, and let's say organization B, you know, we're IT people, we usually think in terms of addresses, but normal people think in terms of names, DNS names, and let's say organization B accesses a server in organization A, that is, we'll, we'll call it, CORPSRV, and CORPSRV is the one that is mapped to that 10.1.1.5. Well, as soon as the request goes out for CORPSRV, that will be passed to a DNS server through the router. Now as the DNS server replies, the router

00:05:10

realizes, whoa, that's an address over here on the other side, meaning, that's something from organization A they're trying to access. So as the DNS reply comes back, the router will rewrite the address to be 172.17. something, and dynamically map. How, how are you even understanding

00:05:29

any of this scribble I have on here? It will dynamically map it to something over there in organization A. So the point, let me draw it simpler down here, is you can have DNS here returning responses to names as it comes through the router. The router will hide what

00:05:45

real address it is in organization A, and make it 172.17 or 16. something, or whatever organization A was using, so that when this pc gets it, it goes, oh, well I'll send it that to my default gateway. It's the gateway NAT, Dynamic NAT translates it over to the real address 10.1.1.5 of the corporate server in organization A.

00:06:08

So you can see Dynamic NAT. What it does, is just do one to one address translations. In its simplest form, I can define a pool of addresses on one side, and a pool on the other side, and that pool goes to that pool and vice versa, but you can also use it for some pretty complex stuff like, overlapping addresses, and that is the most common use of dynamic NAT. Now with that being said, Dynamic NAT is the least common

00:06:35

form used. The most common form of NAT that's used, is called NAT Overload. and this is where multiple devices share a single address. Now this is the form of NAT that allowed us to overcome the IP address shortage on the internet, by using that sharing system Here's the way it works. We will have a router that's connected

00:06:55

to the internet, and we'll say our corporate network behind here is using 192.168.1 addresses, so we'll say, 192.168.1.0/24 exists on this network. Now as these clients will say, we've got 50 and 51. As these clients go out and access the internet, they will share the same public address, and the response will come back to that public address and forward it to these internal clients. Now this is possible, because

00:07:26

NAT Overload uses port numbers. That's why you see my little note on the bottom. This form of NAT is commonly called PAT or Port Address Translation. Now, the rumor goes, that Microsoft actually came up with that term, but NAT Overload is the technically accurate term to describe this. So the way

00:07:47

it works is, when you open a web browser or any, I'll say any network application on your pc, we'll just say a web browser, and go to www.CISCO.com, the operating system dynamically generates a source port number. We'll say 1536, in this case. Now that source port number is, when traffic comes back to that client, it will be sent to that port number, so it knows to put it in the right Internet Explorer window. I mean, think about this, look at

00:08:19

your computer right now. You probably have this video open, along with many other applications. For example, if you're using a Windows Vista, in my opinion the ultimate waste of time operating system, and, and I say that not as a slam against Vista, but there's so many gadgets in there that just waste time, and you, you look at your little gadget bar on the right hand side, and it's got news headlines that are constantly being streamed in, stock quotes You've got pictures from the internet, all kinds of stuff that's just constantly coming in. Well, Vista, or whatever operating system

00:08:53

you're using, has to have a way to separate all that, so it knows oh, this data coming in on my network card goes to the stock quote portion. This one goes to the web browser window. This one is streaming radio that you're, you're listening to on the internet.

00:09:07

hopefully not while I'm talking, but, well, take, take an example. If you're using a streaming subscription to CBT nuggets, right now, my voice, the words that are coming out of my mouth, are streaming to you into a specific port number on your pc, and that's how it knows what application to send it to, which is playing it out the speakers. Wow. That's deep. So anyway, you open a web browser and

00:09:32

that operating system generates just port number 1536. It could be any port number that's out of the, well, what's considered the well known port number range. It's gonna go to the destination of www.CISCO.com, on port destination port 80, and that's how this CISCO web server knows you're needing to be sent to the web server application. You're not sending email or anything

00:09:57

like that. You're looking for a web page. Well, as it goes through the router, as this arrow in the middle happens, the NAT Overload process sees that request and says, okay, you came in on 192.168.1.51:1536 so, I will send you out on 200.1.1.1:1536 as the source port number, and that's when CISCO replies back. It will be replying to the destination port 1536 and that public IP address, and when your router get's it, looks at this table. This is known as a NAT translation

00:10:31

table. We'll see it when we look at the configuration, and it looks at this table and goes, oh, 1536, right, that's mapped over here to 192.168.1.51:1536, and poof, you get the web page back. Now that could be happening at exactly the same time as this pc. Let's just say, for sake

00:10:52

of argument, that this pc, at exactly the same time, the exact, we'll say, second, open a web browser window, and its operating system generated 6751, and that, at, at the same time, you know, CISCO's a popular place to go. They went to CISCO.com as well, at exactly the same time. Well that's

00:11:11

okay, because they both have different source port numbers, so even though two identical requests, saying CISCO, send me your home page, is coming into the CISCO web server at the same time, it sees them as different, because they're coming from different source port numbers, and when it sends information back, the router has no problem handling that, because it says, oh, well you're coming to one port number and you're going to another. So I,

00:11:37

I have in my table what host to send you to. Now let's talk about an exception. You might know, that there are 0-65,535 different port numbers that are available for TCP and UDP. Now, as applications are running on a busy network, I mean, you might have a computer that has 50 different network applications open at a time, using up 50 different port numbers. Now you might think, as you start pondering, things that could happen.

00:12:08

What if two devices happen to generate the same source port number at the same time? What then? I mean, what, how would it handle that? and when both of those requests came to the router, and they were both using, we'll say source port 6751, The router's prepared for that, because that's actually a very common circumstance, because with a busy network and lots of applications, you can get into thousands of port numbers in a new set of time, so the chance is multiple computers will use the same one. The router

00:12:44

has no problem handling that. Whichever one gets there first, and there will be a first, you know, because the router can only receive one packet at a time, so one will be one millisecond behind the other. Whichever one gets there first, will get the 6751 and go out as that. Now once the other one, we'll say 192.168.1.49 comes in with the source of 6751. As that comes in, the router looks and goes, oh, sorry man, 6751 is in use. I'll just give you the next free port, so what we'll map

00:13:18

192.168.1.49 to 200.1.1.1, we'll say 6751 6752. It seems too simple, right. That, but that's all it does, it just takes the next available port number, and now, when the, the communication comes back to 6752, it looks and says, oh, well I'll translate that port. Now you

00:13:42

see why we call it PAT, port address translation. I'll translate that port back to the original that was sent from the client six seven five one Finally, the last form of NAT is known as Static NAT. This form is typically used for hosting servers inside of your network.

00:14:01

For example, we have private addresses here, 192.168.50 and 51, and so on. Those private addresses, since they are private, are not accessible from the internet. That's the whole definition of private, is that it is unroutable by internet routers, so we have to use Static NAT to map public IP addresses here to private ones, so when somebody wants to access, maybe we have a internal web server. Maybe that's this

00:14:27

guy running out our company. We can forward that request into the internal web server, and allow people to access it. That's known as a Static NAT mapping. So here's the idea. Static NAT is usually combined with NAT Overload, NAT Overload to provide outbound access so normal people can just surf the net and whatever else they need internet access for, and Static NAT for the internal. So what I did was show you the NAT

00:14:54

table right here, and you can see this top IP address is still doing some form of NAT Overload. You can see source port number is going through and being translated, and the bottom one has a little Static entry here saying, I have statically mapped 192.168.1.51 to 200.1.1.2 200.1.1.2. Now, the Static NAT translations are usually done two ways. I should

00:15:19

say, always done two ways, meaning, if I statically NAT 192.168.1.52 to this public address, every time that server goes out and accesses the internet, the internet will see it as this public address. It doesn't get thrown in the NAT overload pool like the rest of these devices out here, and any time someone on the internet accesses that public address, 200.1.1.2, it will be forwarded down here to this pc. It's two ways, inbound and outbound.

00:15:49

Now keep in mind, whenever we do Static NATS, or I should say any form of NAT, we do not have to have those IP addresses assigned to this interface of the router. It seems kind of strange, but this, this interface, you know, we'll, we'll call it, this is just say it's fastEthernet zero, it might be assigned the address 200.1.1.1. Now I can say I might want to use that address for NAT Overload, and so everybody pretends they are the router as they go out, but 200.1.1.2 is not assigned anywhere. It's not the address on this, this

00:16:25

interface right here, yet we haven't assigned it to a loop pack interface or some mystery interface. It's just part of the NAT process. So when somebody accesses 200.1.1.2, our ISP knows to route that packet to our router, who, whenever they see that, looks at it and says, oh, I have a NAT mapping for you. You may not

00:16:46

be assigned to my interface, but I have a NAT mapping saying that you should become 1.51. Now, Static NAT, as I'll show you as we get into the configuration, can get far more granular than doing a full one to one IP address translation, meaning, right here, I said that I had a web server at 192.168.1.51, and I mapped this full address to that pc, but maybe, let's expand our diagram here, maybe in my company, I also happen to have an email server which is 192.168.1.52 that, that I would like to allow access to as well, so I can receive emails from the outside world. Well, unfortunately, you know, the, the company

00:17:33

that I'm with, my ISP, only gave me two public addresses. Now what do I do? Well, Static NAT can be combined with port numbers. So what I can do, is I can say 200.1.1.2 on TCP port 80. We'll forward packets into the web server on port 80, but if I receive a request on 200.1.1.2:TCP port 25, I will forward that to 192.168.1.51 on TCP port 25. So we can actually split a public address among multiple internal servers, and you can actually chop this thing up with as, as many servers as you like as long as you have port numbers. Now, for example, if I had another

00:18:24

web server inside of here, maybe I had two web servers. I mean, port 80 is already used up, so I can't somehow magically translate some second port 80 into that, because we've used that port on that public address, but this feature is really cool, because it lets you use every public address to the max, meaning, instead of assigning a full IP address to a web server when it only needs port 80, we can chop it up and do as many servers as we want, as long as we have unique port numbers, and those are the three forms of NAT that we will be configuring in the upcoming video on configuring NAT. That will be also

00:19:02

one big difference between ICD 1 and ICD 2 see in the two back we used the SDM, Security Device Manager, the graphic interface to set up NAT. In this, the CCNA and ICD 2, we will be using the command line, which is far more powerful than what the graphic interface can do. So

00:19:24

we saw dynamic NAT, and what Dynamic NAT is used for, is to convert one pool of addresses to another, so I can say all of these private addresses translate over to these public addresses, or I can use that for overlapping addresses, so I can overcome that issue in an organization. We saw NAT Overload, which

NAT: Command-line NAT Configuration

WAN Connections: Concepts of VPN Technology

WAN Connections: Implementing PPP Authentication

WAN Connections: Understanding Frame Relay

WAN Connections: Configuring Frame Relay

IPv6: Understanding Basic Concepts and Addressing

IPv6: Configuring, Routing, and Interoperating

Certification: Some Last Words for Test Takers

Advanced TCP/IP: Working with Binary

Advanced TCP/IP: IP Subnetting, Part 1

Advanced TCP/IP: IP Subnetting, Part 2

Advanced TCP/IP: IP Subnetting, Part 3

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
16 hrs 32 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003