https://ipwithease.

com/category/blog/

https://ipwithease.com/product/nat-network-address-translation/

Details
NAT Interview Questions in 2021-
Purchase Answers of all NAT Interview questions from above.
1. What is NAT ?
2. What is PAT ?
3. What is Static NAT ?
4. What is Dynamic NAT ?
5. While configuring NAT on Router, Which command would you place on
interface connected to the Internet?
1. ip nat inside
2. ip nat outside
3. ip outside global
4. ip inside local
6. Which command will show us all the translations active on your router?
7. What is NAT Overload?
8. What is Source NAT ?
9. What is Destination NAT ?
10. Which command would we place on interface on a private/inside/LAN
network?
11. When creating a pool of global addresses, which keyword can be used instead
of the netmask command?
12. What is ALG?
13. Can I change the amount of time it takes for a NAT translation to time out
from the NAT translation table ?
14. Does NAT occur before or after routing ?
15. Explain each keyword of following NAT command – “ip nat inside source list 10
interface FastEthernet 0/0 overload?
16. What is the maximum number of configurable NAT IP pools ?
17. Which command will show you the summary of the NAT configuration?
18. What are two benefits of using NAT?
19. What is NAT Order of Operation – “Inside-to-Outside” ?
20. What is NAT Order of Operation – “Outside-to-Inside” ?
21. Can we rate limit the number of NAT translations?
22. Is there any relation between NAT concurrent sessions and DRAM on device ?
23. What are NAT IP pools ?
24. What are static NAT translations?
25. What is NAT NVI?
 26. Explain the term –
1. Inside Local
2. Inside Global
3. Outside Local
4. Outside Global
27. What is Stateful NAT (SNAT)?
28. What is NAT-PT?
29. What conditions necessitate NAT configuration ?
30. What are different types of NAT?
31. A Branch Office has 30 LAN users who want to access Internet for browsing .
What type of NAT would be required here?
32. In above question, LAN users belong to subnet 192.168.0.0/24 while Public IP
assigned to Internet Router is 202.200.200.10. What will be the router NAT
Configuration?
33. An Office has an Internet connection and has 1 Web Server which needs to be
accessed from Internet. What type of NAT would meet the requirement?
34. In the above question what detail is required to configure NAT so that We
Server is accessible from Internet?
35. Web Server local IP is 10.0.0.10 and uses TCP port 80. Provider has given
Public IP 200.200.200.11. What is the NA configuration on Internet Router?
36. What is difference between NAT and PAT ?
37. Two computers are behind (i.e. Inside LAN) a NAT router. The computers use
the router public IP address for sharing internet connection.If a user on the
internet pings the public IP address of the router, which device would respond
?
38. Which NAT command would you place on the interface on a private (Inside
LAN) network ?
39. What is disadvantage of NAT ?
40. Where is “ip nat inside” and “ip nat outside” used ?

https://www.ccexpert.us/ccie-2/different-types-of-switch-ports.html

Different Types of Switch Ports

Last Updated on Sun, 28 Nov 2021 | CCIE

■Mllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll Cisco, com

•Access Ports: belong to and carry the traffic of only one VLAN
•Trunk Ports: carry the traffic of multiple VLANs and by default is a member of all
VLANs in the VLAN database. Both ISL and 802.1Q trunk ports are supported
•Tunnel Ports: designed for service providers who carry traffic of multiple customers
across their networks and are required to maintain the VLAN and Layer 2 protocol
configurations of each customer without impacting the traffic of other customers.
Both 802.1Q tunneling and Layer 2 protocol tunneling are supported
© 2002, Cisco Systems, Inc. All rights reserved. Cisco CCIE Prep v1.0—Module 5-
23
Switch ports are Layer 2-only interfaces associated with a physical port. A switch
port can be an access port, a trunk port, or a tunnel port. You can manually configure
a port as an access port or trunk port or let the Dynamic Trunking Protocol (DTP)
operate on a per-port basis to determine if a switch port should be an access port or
a trunk port by negotiating with the port on the other end of the link. You must
manually configure tunnel ports as part of an asymmetric link connected to an
802.1Q trunk port. Switch ports are used for managing the physical interface and
associated Layer 2 protocols and do not handle routing or bridging.
Access Ports
An access port belongs to and carries the traffic of only one VLAN. Traffic is received
and sent in native formats with no VLAN tagging. Traffic arriving on an access port is
assumed to belong to the VLAN assigned to the port.
Trunk Ports
A trunk port carries the traffic of multiple VLANs and by default is a member of all
VLANs in the VLAN database. Two types of trunk ports are supported:
■ ISL trunk port - All received packets are expected to be encapsulated with an ISL
header, and all transmitted packets are sent with an ISL header. Native (non-tagged)
frames received from an ISL trunk port are dropped.
■ IEEE 802.1Q trunk port - Supports simultaneous tagged and untagged traffic. An
802.1Q trunk port is assigned a default Port VLAN ID (PVID), and all untagged traffic
travels on the port default PVID. All untagged traffic and tagged traffic with a NULL
VLAN ID are assumed to belong to the port default PVID. A packet with a VLAN ID
equal to the outgoing port default PVID is sent untagged. All other traffic is sent with
a VLAN tag.
Tunnel Ports
Tunnel ports are used in 802.1Q tunneling to segregate the traffic of customers in a
service provider network from other customers who appear to be on the same VLAN.
You configure an asymmetric link from a tunnel port on a service provider edge
switch to an 802.1Q trunk port on the customer switch. Packets entering the tunnel
port on the edge switch, already 802.1Q-tagged with the customer VLANs, are
encapsulated with another layer of 802.1Q tag (called the metro tag) containing a
VLAN ID unique in the service provider network, for each customer. The double-
tagged packets go through the service-provider network keeping the original
customer VLANs separate from those of other customers. At the outbound interface,
also a tunnel port, the metro tag is removed, and the original VLAN numbers from
the customer network are retrieved.
Tunnel ports cannot be trunk ports or access ports and must belong to a VLAN
unique for each customer.
Note Switch ports are configured using the switchport interface configuration
command.
This section discusses the configuration of Access Ports on the Catalyst 3550.
This section discusses the configuration of Access Ports on the Catalyst 3550.

You can manually assign access ports to a VLAN without having VTP globally
propagate VLAN configuration information.

Note If you assign an interface to a VLAN that does not exist, a new VLAN is
created.
Use the steps outlined in the following table to manually assign an access port to a
VLAN.
Table 4-10: Assign Ports to a VLAN Purpose
Command
3550(config)# interface interface-id Enter the interface to be added to the VLAN.
3550(config-if)# switchport mode access Define the VLAN membership mode for the p
3550(config-if)# switchport access vlan vlan-id Assign the port to a VLAN. Valid VLAN IDs a
Note To return an interface to its default configuration, use the default interface
interface-id interface configuration command.
This section discusses the configuration of Trunk Ports on the Catalyst 3550.
This section discusses the configuration of Trunk Ports on the Catalyst 3550.
3550(config) 3550(config-3550(config-3550(config-3550(config-3550ft
3550(config) 3550(config-3550(config-3550(config-3550(config-3550ft
# interface fastEthernet 0/11 if)# switchport trunk encapsulation isl if)# switchport
mode trunk if)# switchport access vlan 1
# interface fastEthernet 0/11 if)# switchport trunk encapsulation isl if)# switchport
mode trunk if)# switchport access vlan 1

3550(config) ft 3550(config-i 3550(config-i 3550(config-i 3550(config-i 3550(config-i

3550ft interface fastEthernet 0/12 r)ft switchport trunk encapsulation dotlq r)ft
switchport mode trunk r)ft switchport access vlan 1 r)ft switchport trunk native vlan 1
")# end
3550(config) ft 3550(config-i 3550(config-i 3550(config-i 3550(config-i 3550(config-i
3550ft interface fastEthernet 0/12 r)ft switchport trunk encapsulation dotlq r)ft
switchport mode trunk r)ft switchport access vlan 1 r)ft switchport trunk native vlan 1
")# end
ISL Trunk
802.1Q Trunk
• Make sure the native vlan is set on 802.1Q trunks and that it matches on both sides
of the trunk link
© 2002, CiscoSystems, Inc. All rights reserved.
Cisco CCIE Prep v1.0—Mot
5-25
A trunk is a point-to-point link between one or more Ethernet switch interfaces and
another networking device such as a router or a switch. Fast Ethernet and Gigabit
Ethernet trunks carry the traffic of multiple VLANs over a single link, and you can
extend the VLANs across an entire network.
Two trunking encapsulations are available on all Ethernet interfaces on the Catalyst
3550:
■ Inter-Switch Link (ISL)—ISL is Cisco-proprietary trunking encapsulation.
■ 802.1Q—802.1Q is industry-standard trunking encapsulation.
You can set an interface as trunking or nontrunking or to negotiate trunking with the
neighboring interface. To autonegotiate trunking, the interfaces must be in the same
VTP domain. Trunk negotiation is managed by the Dynamic Trunking Protocol
(DTP), which is a Point-to-Point Protocol. DTP supports autonegotiation of both ISL
and 802.1Q trunks.
Use the steps outlined in the following table to configure a port as an ISL or 802.1Q
trunk port:
Table 4-11: Configure a Port Purpose
Command
3550(config)# interface interface- Enter the interface configuration mode and the port to be configu
id The default mode for Layer 2 interfaces is switchport mode dynam
trunking and is configured to allow trunking, the link is a Layer 2 t
becomes a Layer 2 trunk when you enter the switchport interface
3550(config-if)# switchport trunk Configure the port to support ISL or 802.1Q encapsulation or to n
encapsulation {isl | dotlq | encapsulation type. You must configure each end of the link with
negotiate}
3550(config-if)# switchport mode Configure the interface as a Layer 2 trunk (required only if the int
{dynamic {auto | desirable} | access port or tunnel port, or to specify the trunking mode).
trunk} ■ dynamic auto—Set the interface to a trunk link if the neighborin
■ dynamic desirable—Set the interface to a trunk link if the neigh
mode.
■ trunk—Set the interface in permanent trunking mode and nego
neighboring interface is not a trunk interface.
3550(config-if)# switchport (Optional) Specify the default VLAN, which is used if the interface
access vlan vlan-id
3550(config-if)# switchport trunk Specify the native VLAN for 802.1Q trunks.
native vlan vlan-id
Note To reset all trunking characteristics of a trunking interface to the defaults, use
the no switchport trunk interface configuration command. To disable trunking, use
the switchport mode access interface configuration command to configure the port
as a static-access port.
Defining the List of Allowed VLANs on a Trunk
355O(config)# interface fastEthernet O/ll
3550(config-if)# switchport trunk allowed
355O(config-if)# exit
355O(config)# interface fastEthernet O/l2
3550(config-if)# switchport trunk allowed
355O(config-if)# end
35 5O# show interfaces trunk
Port Mode Encapsulat ion Sta
FaO/11 on isl trunkin
FaO/12 on 802.lq trunkin
FaO/24 desirable n-isl trunkin
Port Vlans allowed on trunk
FaO/11 1-500,1002-4094
FaO/12 1,501-4094
FaO/24 1-4094
Port Vlans allowed and active in management domain
FaO/11 1-5,20,30
FaO/12 1
FaO/24 1-5,20,30
Port Vlans in spanning tree forward
FaO/11 1-5,20,30
FaO/12 1
FaO/24 1-4,30
© 2002, Cis co Systems, Inc. All rights reserved.

Only VLANs 2-500 should be carried across this trunk

Only VLANs 2-500 should be carried across this trunk

Only VLANs 501 -1001 should be carried across this trunk

Cisco CCIE Prep v1.0—Module 5-26

By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN
IDs, 1 to 4094, are allowed on each trunk. However, you can remove VLANs from
the allowed list, preventing traffic from those VLANs from passing over the trunk. To
restrict the traffic a trunk carries, use the switchport trunk allowed vlan remove vlan-
list interface configuration command to remove specific VLANs from the allowed list.
A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows
of the VLAN, and if the VLAN is in the allowed list for the port. When VTP detects a
newly enabled VLAN and the VLAN is in the allowed list for a trunk port, the trunk
port automatically becomes a member of the enabled VLAN. When VTP detects a
new VLAN and the VLAN is not in the allowed list for a trunk port, the trunk port does
not become a member of the new VLAN.
Use the steps outlined in the following table to restrict the VLANs that are carried on
a trunk port:
Table 4-12: Restrict VLANs Purpose
 Command
3550(config-if)# switchport trunk Configure the list of VLANs allowed on the trunk.
allowed vlan {add | all | except | The vlan-list parameter is either a single VLAN number from
remove} vlan-list VLAN numbers, the lower one first, separated by a hyphen.
VLAN parameters or in hyphen-specified ranges.
All VLANs are allowed by default. You cannot remove any o
Note To return to the default allowed VLAN list of all VLANs, use the no switchport
trunk allowed vlan interface configuration command.
Note To return to the default allowed VLAN list of all VLANs, use the no switchport
trunk allowed vlan interface configuration command.
Configuring the Prune Elig Pruning ble List for VTP
Cisco.com
3550(config)# interface fastEthernet 0/11 3550(config-if)# switchport trunk pruning
vlan 2-500
3550(config-if)# exit
3550(config)# interface fastEthernet 0/12 3550(config-if)# switchport trunk pruning
vlan 501-1001
3550(config-if)# end
• Extended-range VLANs (VLAN IDs 1006 to 4094) cannot be pruned.
© 2002, Cisco Systems, Inc. All rights reservec
Cisco CCIE Prep v1.0—MoCule 5-27
Pruning increases available bandwidth by restricting flooded traffic to those trunk
links that the traffic must use to access the destination devices. You can only enable
VTP pruning on a switch in VTP server mode. Only VLANs included in the pruning-
eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible on
trunk ports. The pruning-eligible list applies only to trunk ports. Each trunk port has
its own eligibility list. VTP pruning must be enabled for this procedure to take effect.
Use the steps outlined in the following table to remove VLANs from the pruning-
eligible list on a trunk port:
Table 4-13: Remove VLANs from Pruning Purpose
Command
3550(config-if)# switchport trunk pruning vlan {add | Configure the list of VLANs allowed to be pruned from the tru
except | none | remove} vlan-list [,vlan[,vlan[,,,]] Separate nonconsecutive VLAN IDs with a comma and no sp
range of IDs. Valid IDs are from 2 to 1001. Extended-range V
be pruned.
VLANs that are pruning-ineligible receive flooded traffic.
The default list of VLANs allowed to be pruned contains VLA
Note To return to the default pruning-eligible list of all VLANs, use the no switchport
trunk pruning vlan interface configuration command.
Note To return to the default pruning-eligible list of all VLANs, use the no switchport
trunk pruning vlan interface configuration command.
This section discusses the configuration of Tunnel Ports on the Catalyst 3550.
Tunneling is a feature designed for service providers who carry traffic of multiple
customers across their networks and are required to maintain the VLAN and Layer 2
protocol configurations of each customer without impacting the traffic of other
customers. The Catalyst 3550 switch supports 802.1Q tunneling and Layer 2
protocol tunneling.
Continue reading here: Q Tunneling