1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Clear up on pool netmasks

Discussion in 'Routing & Switching' started by KnightFireFx, Dec 6, 2009.

  1. KnightFireFx

    KnightFireFx New Member

    Hi guys,

    Have tried researching and gathering information regarding the format of netmasks in Dynamic NAT Configurations.

    Is this the subnet mask which will be used for the pooled addresses? Or is it just to verify the range of addresses is in the same subnet?

    Can you use the network address ? Broadcast address?

    I've seen very unclear and conflicting examples and suggestions.

    Thanks for any information in advance.

    Certifications: A+, Network+, CCNA, CCENT, MCDST, MCP
    WIP: CCNA: Security, Telecom Engineering
  2. cisco lab rat

    cisco lab rat Megabyte Poster

    The mask is used to define the network, the range of addresses you define as the pool is used to determine the viable addresses that can be issued.

    Lets use the example of through to with a Mask of of /28

    the command:

    ip nat pool xxxxx netmask

    It is not advisable or correct to write out the command including the Network and or broadcast like below

    ip nat pool xxxxx netmask <wrong, in the sense that it is not the best way to do it, but it still works

    Although it can be done the system will not issue the network or broadcast address to a client. I have tested this and that seems to be the case. I am aware that there is quite a bit of conflicting info since the cisco device which I used seems to accept the command with the network and broadcast.

    I will run a more comprehensive test this week to see if there are any further issues with applying the Network and the Broadcast.


    Certifications: Yes I pretty much am!!
    WIP: Fizzicks Degree
  3. cisco lab rat

    cisco lab rat Megabyte Poster

    An update as promised

    I tested this NAT setup and the results were that even if you do use the network address as the first in the range and the broadcast address as the last address in the pool, the NAT process will first of all not complain, and when it comes to assigning addresses it will start assigning from the first "legal" host address and stop at the last, never assigning the broadcast address.

    Once all the addresses in the pool have been used and PAT (Overload) has not been enabled no further sessions are allowed to be established through the router.

    Tested a pair of 1841's IOS 12.4 advancedsec

    Hope this helps

    Last edited: Dec 27, 2009
    Certifications: Yes I pretty much am!!
    WIP: Fizzicks Degree

Share This Page