Differences

This shows you the differences between two versions of the page.

--- networking:cisco:static-nat [2026/02/04 23:41] – [Cisco : Static NAT [U]] ilyasa
+++ networking:cisco:static-nat [2026/02/04 23:51] (current) – ilyasa
@@ Line 3: / Line 3: @@
 NAT (Network Address Translation) statis adalah tipe NAT di mana satu alamat IP publik secara permanen dipetakan ke satu alamat IP privat dalam jaringan internal. Ini berarti bahwa alamat IP publik tertentu selalu merujuk ke perangkat atau server tertentu di dalam jaringan privat. NAT statis biasanya digunakan ketika Anda ingin perangkat dalam jaringan internal dapat diakses dari luar jaringan (misalnya, dari internet) dengan alamat IP publik yang tetap
 ===== Syntax =====
-==== Some acction ====
-^ Command ^ Description ^
+<code js>
-| ''S1(config)#vlan [vlan-ID]'' | Membuat VLAN baru dan menetapkan nomor VLAN |
+ip nat inside source static [local-ip] [global-ip]
-| ''S1(config-vlan)#name [name]'' | Memberikan nama pada VLAN |
+</code>
-Contoh:
+  * local-ip: Ini merupakan private ip address di local network yang akan dipetakan ke public ip address
+  * global-ip: Ini merupakan public ip address yang akan dilihat oleh internet
+Untuk menkonfigurasi NAT static kamu harus menentukan interface inside dan outsite terlebih dahulu dengan:
 <code>
-vlan 10
+interface [interface]
- name VLAN-10
+  ip nat inside
-vlan 20
+interface [interface]
- name VLAN-20
+  ip nat outside
-vlan 99
- name VLAN-Management
 </code>
 ===== Topologi =====
-Gambar topology
+{{ :networking:cisco:cisco_nat.png?nolink |}}
-Goals Topology
+Tujuan: Kita mempunyai pool ip public 100.0.0.0/24 Gunakan pool tersebut untuk menkonfigurasi NAT static dengan Mapping IP addresses dari IP LAN 192.168.1.X, PC1, PC2, dan PC3 ke 100.0.0.x/24
+<hidden Preconfig>
+* **R1 : Proconfig**
+<code js>
+hostname R1
+!
+ip dhcp excluded-address 192.168.1.1
+!
+ip dhcp pool LAN
+   network 192.168.1.0 255.255.255.0
+   default-router 192.168.1.254
+   dns-server 8.8.8.8
+!
+!
+interface FastEthernet0/0
+ ip address 203.0.113.1 255.255.255.252
+ no shutdown
+!
+interface FastEthernet0/1
+ ip address 192.168.1.254 255.255.255.0
+ no shutdown
+!
+ip route 0.0.0.0 0.0.0.0 203.0.113.2
+</code>
+* **Intenet: Cisco router to simulate internet**
+<code js>
+hostname internet
+!
+!
+interface Loopback0
+ ip address 142.251.175.113 255.255.255.255
+!
+interface FastEthernet0/0
+ ip address 203.0.113.2 255.255.255.252
+ no shutdown
+!
+interface FastEthernet0/1
+ ip address 8.8.8.1 255.255.255.0
+ no shutdown
+!
+ip route 100.0.0.0 255.255.255.0 203.0.113.1
+</code>
+* **Linux DNS server with a single records **
+Linux DNS server with a single records
+<code>
+DNS A Record google.com –> 142.251.175.113
+</code>
+</hidden>
 ===== Konfigurasi =====
-  * **Step 1 : Pembuatan VLANs**
+  * **R1 : Menset Interface inside dan outsite**
+<code js>
+R1(config)#interface fastEthernet 0/0
+R1(config-if)#ip nat outside
+R1(config)#interface fastEthernet 0/1
+R1(config-if)#ip nat inside
+</code>
+  * **R1 : Mempetakan ip 100.0.0.x/24 ke ip private kita**
+<code js>
+R1(config)#ip nat inside source static 192.168.1.1 100.0.0.1
+R1(config)#ip nat inside source static 192.168.1.2 100.0.0.2
+R1(config)#ip nat inside source static 192.168.1.3 100.0.0.3
+</code>
+===== Testing =====
+* **PC1 : Test ping dan hasil capture**
 <code>
-Switch(config)#vlan 10
+PC1> ip dhcp
-Switch(config-vlan)#name BIRU
+DORA IP 192.168.1.1/24 GW 192.168.1.254
-Switch(config-vlan)#exit
-Switch(config)#vlan 20
+PC1> ping google.com
-Switch(config-vlan)#name MAGENTA
+google.com resolved to 142.251.175.113
-Switch(config-vlan)#exit
+bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=19.694 ms
+bytes from 142.251.175.113 icmp_seq=2 ttl=254 time=20.258 ms
+bytes from 142.251.175.113 icmp_seq=3 ttl=254 time=15.912 ms
+bytes from 142.251.175.113 icmp_seq=4 ttl=254 time=16.214 ms
+^c
 </code>
-  * **Step 2 : Assign VLANs ke Ports**
+{{ :networking:cisco:cisco_natstatic-test03.png?nolink |}}
+* **PC2 : Test ping dan hasil capture**
 <code>
-Switch(config)#interface f0/1
+PC2> ping google.com -c 1
-Switch(config-if)#switchport mode access
+google.com resolved to 142.251.175.113
-Switch(config-if)#switchport access vlan 10
-Switch(config-if)#exit
-Switch(config)#interface f0/2
+bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=30.073 ms
-Switch(config-if)#switchport mode access
-Switch(config-if)#switchport access vlan 10
-Switch(config-if)#exit
 </code>
-===== Testing =====
+{{ :networking:cisco:cisco_natstatic-test02.png?nolink |}}
+* **PC3 : Test ping dan hasil capture**
+<code>
+PC3> ping google.com -c 1
+google.com resolved to 142.251.175.113
+bytes from 142.251.175.113 icmp_seq=1 ttl=254 time=20.609 ms
+</code>
+{{ :networking:cisco:cisco_natstatic-test01.png?nolink |}}
+* **R1 : logs nat translations**
+<code js>
+R1#show ip nat translations
+Pro Inside global      Inside local       Outside local      Outside global
+icmp 100.0.0.1:49363   192.168.1.1:49363  8.8.8.8:49363      8.8.8.8:49363
+icmp 100.0.0.1:49619   192.168.1.1:49619  8.8.8.8:49619      8.8.8.8:49619
+icmp 100.0.0.1:49875   192.168.1.1:49875  8.8.8.8:49875      8.8.8.8:49875
+icmp 100.0.0.1:50131   192.168.1.1:50131  8.8.8.8:50131      8.8.8.8:50131
+icmp 100.0.0.1:50387   192.168.1.1:50387  8.8.8.8:50387      8.8.8.8:50387
+--- 100.0.0.1          192.168.1.1        ---                ---
+icmp 100.0.0.2:54227   192.168.1.2:54227  8.8.8.8:54227      8.8.8.8:54227
+--- 100.0.0.2          192.168.1.2        ---                ---
+icmp 100.0.0.3:57043   192.168.1.3:57043  8.8.8.8:57043      8.8.8.8:57043
+--- 100.0.0.3          192.168.1.3        ---                ---
+</code>