Basic NAT question regarding prefix length.

While reading and labbing I have typed the command ip nat pool NAT_POOL x.x.x.x y.y.y.y prefix-length numerous times without fully understanding. Usually the lab has the prefix length defined. My question is what is the prefix-length(or netmask) portion of this controlling? 

 

Thanks,

Stevan Sheely

Comments

  • From the command reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i3.html#wp6064781280

     

    • Specify the network mask of the network to which the pool addresses belong.

  • Thanks, I have seen that in the documentation but I guess I am trying to understand what it's purpose is...

    Say your ISP assigns a /28 which gives you 14 usable addresses. You want to setup a pool of 4 addresses for dynamic NAT. Per the documentation you should use something like

    ip nat pool MY_POOL 100.1.1.4 100.1.1.7 netmask 255.255.255.240

    however when I use the following nothing seems to change...

    ip nat pool MY_POOL 100.1.1.4 100.1.1.7 netmask 255.255.255.252

     

    NAT will still use the 4 alocatted addresses and from what I can see in the lab everything works as expected. So I am just curious as to why do you set the netmask/prefix to the subnet mask of the subnet that the pool addresses were derived. What purpose does it serve?

  • Thanks, I have seen that in the documentation but I guess I am trying to understand what it's purpose is...

    Say your ISP assigns a /28 which gives you 14 usable addresses. You want to setup a pool of 4 addresses for dynamic NAT. Per the documentation you should use something like

    ip nat pool MY_POOL 100.1.1.4 100.1.1.7 netmask 255.255.255.240

    however when I use the following nothing seems to change...

    ip nat pool MY_POOL 100.1.1.4 100.1.1.7 netmask 255.255.255.252

     

    NAT will still use the 4 alocatted addresses and from what I can see in the lab everything works as expected. So I am just curious as to why do you set the netmask/prefix to the subnet mask of the subnet that the pool addresses were derived. What purpose does it serve?

    It's just a sanity test to make sure the pool you define falls into the prefix/netmask. For example when you get a /30 from your ISP you cannot define a pool bigger then /30.

    Example:
    R4(config)#ip nat pool NATPOOL 1.1.1.1 1.1.1.3 prefix-length 30
    R4(config)#ip nat pool NATPOOL 1.1.1.1 1.1.1.10 prefix-length 30
    %Pool NATPOOL prefix length 30 too large; should be no more than 28
    %Start and end addresses on different subnets

    As you can see with my second ip nat pool statement it's not accepted, because the end address is a other subnet then the start address. Again it's just a sanity check. 

Sign In or Register to comment.