1.2.5 Configuring DHCP Like NAT, a DHCP server requires that the administrator define a pool of addresses. The ip dhcp pool command defines which addresses will be assigned to hosts. The first command, ip dhcp pool , creates a pool with the specified name and puts the router in a specialized DHCP configuration mode. In this mode, use the network statement to define the range of addresses to be leased. If specific addresses on the network are to be excluded, return to global configuration mode. The ip dhcp excluded-address command configures the router to exclude an individual address or range of addresses when assigning addresses to clients. The ip dhcp excluded-address command may be used to reserve addresses that are statically assigned to key hosts, for instance, the interface address on the router. Typically, a DHCP server will be configured to assign much more than an IP address. Other IP configuration values such as the default gateway can be set from the DHCP config...
Posts
1.2.4 DHCP operation The DHCP client configuration process uses the following steps: A client must have DHCP configured when starting the network membership process. The client sends a request to a server requesting an IP configuration. Sometimes the client may suggest the IP address it wants, such as when requesting an extension to a DHCP lease. The client locates a DHCP server by sending a broadcast called a DHCPDISCOVER. When the server receives the broadcast, it determines whether it can service the request from its own database. If it cannot, the server may forward the request on to another DHCP server. If it can, the DHCP server offers the client IP configuration information in the form of a unicast DHCPOFFER. The DHCPOFFER is a proposed configuration that may include IP address, DNS server address, and lease time. If the client finds the offer agreeable, it will send another broadcast, a DHCPREQUEST, spec...
1.2.2 BOOTP and DHCP differences The Internet community first developed the BOOTP protocol to enable configuration of diskless workstations. BOOTP was originally defined in RFC 951 in 1985. As the predecessor of DHCP, BOOTP shares some operational characteristics. Both protocols are client/server based and use UDP ports 67 and 68. Those ports are still known as BOOTP ports. The four basic IP parameters include: IP address Gateway address Subnet mask DNS server address BOOTP does not dynamically allocate IP addresses to a host. When a client requests an IP address, the BOOTP server searches a predefined table for an entry that matches the MAC address for the client. If an entry exists, then the corresponding IP address for that entry is returned to the client. This means that the binding between the MAC address and the IP address must have already been configured in the BOOTP server. There are two primary differences between DHCP and BOOTP: DHCP defines mechanism...
1.2.1 DHCP / Introducing DHCP Dynamic Host Configuration Protocol (DHCP) works in a client/server mode. DHCP enables DHCP clients on an IP network to obtain their configurations from a DHCP server. Less work is involved in managing an IP network when DHCP is used. The most significant configuration option the client receives from the server is its IP address. The DHCP protocol is described in RFC 2131. A DHCP client is included in most modern operating systems including the various Windows operating systems, Novell Netware, Sun Solaris, Linux, and MAC OS. The client requests addressing values from the network DHCP server . This server manages the allocation of the IP addresses and will answer configuration requests from clients. The DHCP server can answer requests for many subnets. DHCP is not intended for configuring routers, switches, and servers. These type of hosts need to have static IP addresses. DHCP works by providing a process for a server to allocate IP information to...
1.1.7 Issues with NAT NAT has several advantages, including: Conserves the legally registered addressing scheme by allowing the privatization of intranets. Increases the flexibility of connections to the public network. Multiple pools, backup pools, and load balancing pools can be implemented to assure reliable public network connections. Consistency of the internal network addressing scheme. On a network without private IP addresses and NAT, changing public IP addresses requires the renumbering of all hosts on the existing network. The costs of renumbering hosts can be significant. NAT allows the existing scheme to remain while supporting a new public addressing scheme. NAT is not without drawbacks. Enabling address translation will cause a loss of functionality, particularly with any protocol or application that involves sending IP address information inside the IP payload. This requires additional support by the NAT device. ...
1.1.5 Verifying PAT configuration Once NAT is configured, use the clear and show commands to verify that it is operating as expected. By default, dynamic address translations will time out from the NAT translation table after a period of non-use. When port translation is not configured, translation entries time out after 24 hours, unless the timers are reconfigured with the ip nat translation timeout timeout_ seconds command from global configuration mode. Clear the entries before the timeout by using one of the commands in Figure . Translation information may be displayed by performing one of the tasks in EXEC mode . Alternatively, use the show run command and look for NAT, access list, interface, or pool commands with the required values. 1.1.6 Troubleshooting NAT and PAT configuration When IP connectivity problems in a NAT environment exist, it is often difficult to determine the cause of the problem. Many times NAT is mistakenly blamed, when in reality ther...
1.1.4 Configuring NAT and PAT Static Translation To configure static inside source address translation, perform the tasks in Figures and . Figure shows the use of static NAT translation. The router will translate packets from host 10.1.1.2 to a source address of 192.168.1.2. Dynamic Translation To configure dynamic inside source address translation, perform the tasks in Figure . The access list must permit only those addresses that are to be translated. Remember that there is an implicit “deny all” at the end of each access list. An access list that is too permissive can lead to unpredictable results. Cisco advises against configuring access lists referenced by NAT commands with the permit any command. Using permit any can result in NAT consuming too many router resources, which can cause network problems. Figure translates all source addresses passing access list 1, which have source address from 10.1.0.0/24, to an address ...
1.1.3 Major NAT and PAT features NAT translations can be used for a variety of purposes and can be either dynamically or statically assigned. Static NAT is designed to allow one-to-one mapping of local and global addresses. This is particularly useful for hosts which must have a consistent address that is accessible from the Internet. These internal hosts may be enterprise servers or networking devices. Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host. Overloading, or Port Address Translation (PAT), maps multiple private IP addresses to a single public IP address. Multiple addresses can be mapped to a single address because each private address is tracked by a port number. PAT uses unique source port numbers on the inside global IP address to distinguish between translations. The port number is encoded in 16 bits. The total number of internal addresses that can be translated t...
1.1.2 Introducing NAT and PAT NAT is designed to conserve IP addresses and enable networks to use private IP addresses on internal networks. These private, internal addresses are translated to routable, public addresses. This is accomplished by internetwork devices running specialized NAT software which can increase network privacy by hiding internal IP addresses. A NAT enabled device typically operates at the border of a stub network. A stub network is a network that has a single connection to its neighbor network. When a host inside the stub network wants to transmit to a host on the outside, it forwards the packet to the border gateway router. The border gateway router performs the NAT process, translating the internal private address of a host to a public, external routable address. In NAT terminology, the internal network is the set of networks that are subject to translation. The external network refers to all other addresses. Cisco defines the following NAT terms: Insi...
Module 1: Scaling IP Addresses 1.1.1 Private Addressing RFC 1918 sets aside the following three blocks of private IP addresses: 1 Class A address 16 Class B addresses 256 Class C addresses These addresses are for private, internal network use only. Packets containing these addresses are not routed over the Internet. Public Internet addresses must be registered by a company with an Internet authority, for example, American Registry for Internet Numbers (ARIN) or Réseaux IP Européens (RIPE), the Regional Internet Registry responsible for Europe and North Africa . These public Internet addresses can also be leased from an ISP. Private IP addresses are reserved and can be used by anyone. That means two networks, or two million networks, can each use the same private address. A router should never route RFC 1918 addresses. ISPs typically configure the border routers to prevent privately addressed traffic from being forwarded. NAT provides great benefits to ...