Question 1hardmultiple choice
Full question →hardmultiple choiceObjective-mapped
Exhibit
ip nat inside source list 10 interface g0/1 access-list 10 permit 10.10.10.0 0.0.0.255 G0/0 = inside G0/1 = outside
Exhibit: Inside hosts can reach the internet only one at a time. What is the most likely NAT issue?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
The NAT statement is missing the overload keyword
PAT requires overload when multiple hosts share one public address.
B
Distractor review
The access list should deny the inside subnet
That would stop translation altogether.
C
Distractor review
The inside and outside interface roles are reversed in the exhibit
The symptom points more directly to missing overload.
D
Distractor review
NAT cannot be used with RFC1918 addresses
That is a very common NAT use case.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A frequent exam trap is assuming that reversing the inside and outside interface roles causes the symptom of only one host accessing the internet at a time. While interface roles are critical for NAT operation, reversing them typically prevents translation altogether rather than limiting it to a single host. Another trap is thinking that the ACL should deny the inside subnet to fix the issue, but denying the inside subnet in the ACL stops all translations, causing no internet access. The real cause is missing the overload keyword, which is essential for PAT to allow multiple hosts to share one public IP simultaneously.
Technical deep dive
How to think about this question
Network Address Translation (NAT) is a fundamental IP service that allows multiple devices on a private network to access external networks using a limited number of public IP addresses. Dynamic NAT maps private IP addresses to a pool of public IP addresses on a one-to-one basis, which means each internal host requires a unique public IP for translation. Port Address Translation (PAT), also known as NAT overload, extends this by allowing multiple internal hosts to share a single public IP address by differentiating sessions using unique source port numbers. In Cisco IOS, the NAT configuration must explicitly include the overload keyword in the NAT statement to enable PAT. Without overload, the router performs dynamic NAT without port translation, limiting simultaneous translations to the number of available public IP addresses in the pool. This restriction causes only one inside host to reach the internet at a time if only one public IP is configured. The overload keyword instructs the router to use port numbers to multiplex multiple inside hosts through a single public IP, enabling concurrent internet access. A common exam trap is confusing the reversal of inside and outside interfaces or misconfiguring access control lists (ACLs) for NAT. While interface roles and ACLs are important, the symptom of only one host accessing the internet at a time directly points to missing the overload keyword. Practically, missing overload causes translation to fail for additional hosts once the single public IP is in use, whereas reversed interfaces or ACL errors typically prevent translation altogether or cause other connectivity issues.
KKey Concepts to Remember
- NAT allows private IP addresses to be translated to public IP addresses for internet access in Cisco networks.
- Dynamic NAT without overload maps each inside host to a unique public IP address, limiting simultaneous translations.
- PAT uses the overload keyword to allow multiple inside hosts to share one public IP by differentiating sessions with port numbers.
- The overload keyword is required in Cisco NAT statements to enable PAT and support multiple concurrent inside hosts.
- Inside and outside interface roles must be correctly assigned for NAT to function but do not cause single-host access issues alone.
- Access control lists (ACLs) define which inside addresses are translated but denying the inside subnet stops translation entirely.
- Without overload, only one inside host can access the internet at a time if only one public IP address is available.
- Misunderstanding NAT configuration syntax and the role of overload is a common exam trap leading to connectivity failures.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
NAT allows private IP addresses to be translated to public IP addresses for internet access in Cisco networks.
What is the correct answer to this question?
The correct answer is: The NAT statement is missing the overload keyword — Without overload, dynamic NAT uses one public address per internal session mapping. PAT with overload is what lets many inside hosts share a single outside interface address at the same time.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.