Summary Module 1

Summary Module 1

Before students begin Module 2, they must be able to explain the concepts of NAT, PAT, and DHCP.
Online assessment options include the end-of-module online quiz in the curriculum and the online Module 1 exam. From memory, students should be able to fill in Drag and Drop assessments for Basic NAT Operation and NAT with Overload. Students should also be able to complete a Checkbox activity for the advantages and disadvantages of NAT.
A comprehension of the following key points should have been achieved:

• Private addresses are for private, internal use and should never be routed by a public Internet router.
• NAT alters the IP header of a packet so that the destination address, the source address, or both addresses are replaced with different addresses.
• PAT uses unique source port numbers on the inside global IP address to distinguish between translations.
• NAT translations can occur dynamically or statically and can be used for a variety of uses.
• NAT and PAT may be configured for static translation, dynamic translation, and overloading.
• The process for verifying NAT and PAT configuration includes the clear and show commands.
• The debug ip nat command is used for troubleshooting NAT and PAT configuration.
• NAT has advantages and disadvantages.
• DHCP works in a client/server mode. This enables clients to obtain IP configurations from a DHCP server.
• BOOTP is the predecessor of DHCP and shares some operational characteristics with DHCP. However, BOOTP is not dynamic.
• A DHCP server manages pools of IP addresses and associated parameters. Each pool is dedicated to an individual logical IP subnet.
• The DHCP client configuration process has four steps.
• A DCHP server is usually configured to assign more than IP addresses.
• The show ip dhcp binding command is used to verify DHCP operation.
• The debug ip dhcp server events command is used to troubleshoot DHCP.

When a DHCP server and a client are not on the same segment and are separated by a router, the ip helper-address command is used to relay broadcast requests. 

An understanding of the following key points should have been achieved:

• Private addresses are for private, internal use and should never be routed by a public Internet router.
• NAT alters the IP header of a packet so that the destination address, the source address, or both addresses are replaced with different addresses.
• PAT uses unique source port numbers on the inside global IP address to distinguish between translations.
• NAT translations can occur dynamically or statically and can be used for a variety of uses.
• NAT and PAT may be configured for static translation, dynamic translation, and overloading.
• The process for verifying NAT and PAT configuration include the clear and show commands.
• The debug ip nat command is used for troubleshooting NAT and PAT configuration.
• NAT has advantages and disadvantages.
• DHCP works in a client/server mode, enabling clients to obtain IP configurations from a DHCP server.
• BOOTP is the predecessor of DHCP and shares some operational characteristics with DHCP, but BOOTP is not dynamic.
• A DHCP server manages pools of IP addresses and associated parameters. Each pool is dedicated to an individual logical IP subnet.
• The DHCP client configuration process has four steps.
• Usually, a DCHP server is configured to assign more than IP addresses.
• The show ip dhcp binding command is used to verify DHCP operation.
• The debug ip dhcp server events command is used for troubleshooting DHCP.

When a DHCP server and a client are not on the same segment and are separated by a router, the ip helper-address command is used to relay broadcast requests. 

Verifying the Catalyst switch default configuration

Verifying the Catalyst switch default configuration 

Switch name	Command	Explanation
SydneySwitch#	show version	Displays the configuration of the system hardware, software version, names, and sources of configuration files and boot images
SydneySwitch#	show running-configuration	Displays the current active configuration file of the switch
SydneySwitch#	show interfaces	Displays the statistics for all interfaces configured on the switch
SydneySwitch#	show ip	Displays the IP address, subnet mask, and default gateway

1.2.8 DHCP Relay

1.2.8 DHCP Relay

DHCP clients use IP broadcasts to find the DHCP server on the segment. What happens when the server and the client are not on the same segment and are separated by a router? Routers do not forward these broadcasts.
DHCP is not the only critical service that uses broadcasts. Cisco routers and other devices may use broadcasts to locate TFTP servers. Some clients may need to broadcast to locate a TACACS server. A TACACS server is a security server. Typically, in a complex hierarchical network, clients do not reside on the same subnet as key servers. Such remote clients will broadcast to locate these servers. However, routers, by default, will not forward client broadcasts beyond their subnet.
Because some clients are useless without services such as DHCP, one of two choices must be implemented. The administrator will need to place servers on all subnets or use the Cisco IOS helper address feature. Running services such as DHCP or DNS on several computers creates overhead and administrative difficulties making the first option inefficient. When possible, administrators should use the ip helper-address command to relay broadcast requests for these key UDP services.
By using the helper address feature, a router can be configured to accept a broadcast request for a UDP service and then forward it as a unicast to a specific IP address. By default, the ip helper-address command forwards the following eight UDP services:

• Time
• TACACS
• DNS
• BOOTP/DHCP Server
• BOOTP/DHCP Client
• TFTP
• NetBIOS Name Service
• NetBIOS datagram Service

In the particular case of DHCP, a client broadcasts a DHCPDISCOVER packet on its local segment. This packet is picked up by the gateway. If a helper-address is configured, the DHCP packet is forwarded to the specified address. Before forwarding the packet, the router fills in the GIADDR field of the packet with the IP address of the router for that segment. This address will then be the gateway address for the DHCP client, when it gets the IP address. 
The DHCP server receives the discover packet. The server uses the GIADDR field to index into the list of address pools in order to find one which has the gateway address set to the value in GIADDR. This pool is then used to supply the client with its IP address.

1.2.6 Verifying DHCP operation / 1.2.7 Troubleshooting DHCP

1.2.6 Verifying DHCP operation
To verify the operation of DHCP, the command show ip dhcp binding can be used. This displays a list of all bindings created by the DHCP service.
To verify that messages are being received or sent by the router, use the command show ip dhcp server statistics. This will display count information regarding the number of DHCP messages that have been sent and received. 
1.2.7Troubleshooting DHCP
To troubleshoot the operation of the DHCP server, the command debug ip dhcp server events can be used. This command will show that the server periodically checks to see if any leases have expired. Also displayed are the processes of addresses being returned and addresses being allocated.

1.2.5 Configuring DHCP / 1.2.6 Verifying DHCP operation

1.2.5 Configuring DHCP

Like NAT, a DHCP server requires that the administrator define a pool of addresses. The ip dhcp pool command defines which addresses will be assigned to hosts.
The first command, ip dhcp pool, creates a pool with the specified name and puts the router in a specialized DHCP configuration mode. In this mode, use the network statement to define the range of addresses to be leased. If specific addresses on the network are to be excluded, return to global configuration mode.
The ip dhcp excluded-address command configures the router to exclude an individual address or range of addresses when assigning addresses to clients. The ip dhcp excluded-address command may be used to reserve addresses that are statically assigned to key hosts, for instance, the interface address on the router.
Typically, a DHCP server will be configured to assign much more than an IP address. Other IP configuration values such as the default gateway can be set from the DHCP configuration mode. Using the default-router command sets the default gateway. The address of the DNS server, dns-server, and WINS server, netbios-name-server, can also be configured here. The IOS DHCP server can configure clients with virtually any TCP/IP information.
A list of the key IOS DHCP server commands entered in the DHCP pool configuration mode are shown in Figure .
The DHCP service is enabled by default on versions of Cisco IOS that support it. To disable the service, use the no service dhcp command. Use the service dhcp global configuration command to re-enable the DHCP server process.

1.2.6 Verifying DHCP operation
To verify the operation of DHCP, the command show ip dhcp binding can be used. This displays a list of all bindings created by the DHCP service.
To verify that messages are being received or sent by the router, use the command show ip dhcp server statistics. This will display count information regarding the number of DHCP messages that have been sent and received. 

1.2.4 DHCP operation

1.2.4 DHCP operation

The DHCP client configuration process uses the following steps:

1. A client must have DHCP configured when starting the network membership process. The client sends a request to a server requesting an IP configuration. Sometimes the client may suggest the IP address it wants, such as when requesting an extension to a DHCP lease. The client locates a DHCP server by sending a broadcast called a DHCPDISCOVER.
2. When the server receives the broadcast, it determines whether it can service the request from its own database. If it cannot, the server may forward the request on to another DHCP server. If it can, the DHCP server offers the client IP configuration information in the form of a unicast DHCPOFFER. The DHCPOFFER is a proposed configuration that may include IP address, DNS server address, and lease time.
3. If the client finds the offer agreeable, it will send another broadcast, a DHCPREQUEST, specifically requesting those particular IP parameters. Why does the client broadcast the request instead of unicasting it to the server? A broadcast is used because the first message, the DHCPDISCOVER, may have reached more than one DHCP server. If more than one server makes an offer, the broadcasted DHCPREQUEST allows the other servers to know which offer was accepted. The offer accepted is usually the first offer received.
4. The server that receives the DHCPREQUEST makes the configuration official by sending a unicast acknowledgment, the DHCPACK. It is possible, but highly unlikely, that the server will not send the DHCPACK. This may happen because the server may have leased that information to another client in the interim. Receipt of the DHCPACK message enables the client to begin using the assigned address immediately.
5. If the client detects that the address is already in use on the local segment it will send a DHCPDECLINE message and the process starts again. If the client received a DHCPNACK from the server after sending the DHCPREQUEST, then it will restart the process again.
6. If the client no longer needs the IP address, the client sends a DHCPRELEASE message to the server.

Depending on an organization's policies, it may be possible for an end user or an administrator to statically assign a host an IP address that belongs in the DHCP servers address pool. Just in case, the Cisco IOS DHCP server always checks to make sure that an address is not in use before the server offers it to a client. The server will issue an ICMP echo request, or will ping, to a pool address before sending the DHCPOFFER to a client. Although configurable, the default number of pings used to check for a potential IP address conflict is two.

1.2.2 BOOTP and DHCP differences / 1.2.3 Major DHCP features

1.2.2 BOOTP and DHCP differences

The Internet community first developed the BOOTP protocol to enable configuration of diskless workstations. BOOTP was originally defined in RFC 951 in 1985. As the predecessor of DHCP, BOOTP shares some operational characteristics. Both protocols are client/server based and use UDP ports 67 and 68. Those ports are still known as BOOTP ports.
The four basic IP parameters include:

• IP address
• Gateway address
• Subnet mask
• DNS server address

BOOTP does not dynamically allocate IP addresses to a host. When a client requests an IP address, the BOOTP server searches a predefined table for an entry that matches the MAC address for the client. If an entry exists, then the corresponding IP address for that entry is returned to the client. This means that the binding between the MAC address and the IP address must have already been configured in the BOOTP server.
There are two primary differences between DHCP and BOOTP:

• DHCP defines mechanisms through which clients can be assigned an IP address for a finite lease period. This lease period allows for reassignment of the IP address to another client later, or for the client to get another assignment, if the client moves to another subnet. Clients may also renew leases and keep the same IP address.

DHCP provides the mechanism for a client to gather other IP configuration parameters, such as WINS and domain name. 

1.2.3 Major DHCP features
There are three mechanisms used to assign an IP address to the client:

• Automatic allocation – DHCP assigns a permanent IP address to a client.
• Manual allocation – The IP address for the client is assigned by the administrator. DHCP conveys the address to the client.
• Dynamic allocation – DHCP assigns, or leases, an IP address to the client for a limited period of time.

The focus of this section is the dynamic allocation mechanism. Some of the configuration parameters available are listed in IETF RFC 1533:

• Subnet mask
• Router
• Domain Name
• Domain Name Server(s)
• WINS Server(s)

The DHCP server creates pools of IP addresses and associated parameters. Pools are dedicated to an individual logical IP subnet. This allows multiple DHCP servers to respond and IP clients to be mobile. If multiple servers respond, a client can choose only one of the offers.