5 Replies Latest reply: Jan 27, 2011 11:03 AM by Terryk RSS

    NAT and nat pools




      I am trying to understand the natpool "netmask" .  If I want to use just a part of a subnet for the netpool, would I still use a netmask to cover the entire pool?


      For example:



      The subnet would actually go from 33 to 63...  is this okay to use the .224?


      Are there some rules around the netmask or some suggested appropriate use?


      I could have missed it, but I am not seeing this question in the ICND2 but perhaps it is covered.


      Thanks for the information,

        • 1. Re: NAT and nat pools

          Hi Terryk,


          The netmask in the command is used to determine what is the network part and the host part of the range you mention. If you don't mention it, the router doesn't know if the 32 for example in the address is part of the network bits or the host bits. With your mask, we know that these bits are network ones.

          • 2. Re: NAT and nat pools

            Yes, I understand this is a mask.  What I don't understand is if it is okay in the above example to use a 224 mask even though I am not using all of the host addresses in this range.  the valid range (I believe) with this netmask would be 33 to 63.  I realize I stated subnets above.  My bad, I meant hosts. 


            Does that make more sense?  Sorry for the confusion

            • 3. Re: NAT and nat pools

              Well, as I understand that, it makes sens the way you type it. The command says : I want to make a NAT pool, with addresses from to and those addresses have the netmask, so they belong to the network /27. That doesn't say anywhere to use other addresses than those you mention.

              • 4. Re: NAT and nat pools

                Yes, this is perfectly correct.  the net mask must match the subnet to which the IP addresses in your "pool" belong.  While the entire subnet uses the valid host IP addresses -, you are saying I want to use only 40 - 62.




                • 5. Re: NAT and nat pools

                  thank you Brian.  this makes sense!