Lab 8: Configuring PAT (NAT Overload)
The config every home and office router runs: PAT (NAT overload) translating a private 192.168.60.0/24 LAN to one public IP, with translations visible live. Difficulty: Intermediate · Time: ~30 min.
Lab objectives
- Mark inside and outside NAT interfaces
- Match internal traffic with a standard ACL
- Enable overload on the outside interface
- Watch translations in show ip nat translations
Topology & addressing
R1: Gi0/0 = 192.168.60.1/24 (LAN, 2 PCs), Gi0/1 = 203.0.113.2/30 toward an "ISP" router (203.0.113.1) with a server (198.51.100.10) behind it. R1 default route: ip route 0.0.0.0 0.0.0.0 203.0.113.1.
Step-by-step configuration
interface gi0/0 → ip nat insideinterface gi0/1 → ip nat outside | Tell NAT which side is which |
access-list 1 permit 192.168.60.0 0.0.0.255 | Define "who gets translated" |
ip nat inside source list 1 interface gi0/1 overload | PAT: many private IPs → one public, by port |
Verification
Ping the server (198.51.100.10) from both PCs, then show ip nat translations — both private IPs appear mapped to 203.0.113.2 with different ports. That port column is PAT doing its magic.
Next lab: labs hub · test yourself: CCNA practice test.
Frequently asked questions
What does overload mean in the NAT command?
It enables PAT — many inside hosts share one outside address, distinguished by unique port numbers.
Why is an ACL needed for NAT?
The ACL defines which source addresses are eligible for translation — it's a matching tool here, not a filter.
Why do pings fail without the default route?
NAT translates addresses but doesn't create reachability; the router still needs a route to forward traffic outward.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.