1 / 69

Chap 7 – Implementing IP Addressing Services Learning Objectives

Chap 7 – Implementing IP Addressing Services Learning Objectives. Configure DHCP in an enterprise branch network Configure NAT on a Cisco router Configure new generation RIP (RIPng) to use IPv6. Dynamic Host Configuration Protocol (DHCP). Automatically assigns IP addresses

uta
Download Presentation

Chap 7 – Implementing IP Addressing Services Learning Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chap 7 – Implementing IP Addressing Services Learning Objectives • Configure DHCP in an enterprise branch network • Configure NAT on a Cisco router • Configure new generation RIP (RIPng) to use IPv6

  2. Dynamic Host Configuration Protocol (DHCP) • Automatically assigns IP addresses • Only DHCP server needs to be assigned an address • Client computers are configured to accept address from server after boot-up

  3. Dynamic Host Configuration Protocol • Dynamic Host Configuration Protocol (DHCP) works in a client/server mode. • DHCP enables DHCP clients on an IP network to obtain their configurations from a DHCP server. • Less work is involved in managing an IP network when DHCP is used. • The most significant configuration option the client receives from the server is its IP address. • The DHCP protocol is described in RFC 2131

  4. Dynamic Host Configuration Protocol • There are three mechanisms used to assign an IP address to the client: • Automatic allocation – DHCP assigns a permanent IP address to a client. • Manual allocation – The IP address for the client is assigned by the administrator. DHCP conveys the address to the client. • Dynamic allocation – DHCP assigns, or leases, an IP address to the client for a limited period of time.

  5. Major DHCP features

  6. Dynamic Host Configuration Protocol(DHCP) DHCP Server 1. Discover (Broadcast) PC 1 DHCP Pool 192.168.1.3 192.168.1.4 192.168.1.5 192.168.1.6 2. Offer (Unicast – do you want 192.168.1.3?) 3. Request (Broadcast – yes please) 4. Acknowledge (Unicast – you have 192.168.1.3)

  7. DHCP Detailed Operation • Discover (Broadcast) • Offer (Unicast) • Request (Broadcast) • Acknowledge (Unicast)

  8. DHCP Message Format 0 8 16 24 31 OP Code Hardware HW Address Hops Transaction Identifier Seconds Flags Client IP Address (CIADDR) Your Address (YIADDR) Server IP Address (SIADDR) Gateway IP Address (GIADDR) Client Hardware Address (CHADDR) Server Name (SNAME) Boot Filename DHCP Options

  9. DHCP Discover Client broadcasts DHCP request on UDP port 67

  10. DHCP Offer Server responds to DHCP request on UDP port 68

  11. Configure DHCP Server – Exclude Addresses • Define a range of addresses that DHCP is not to allocate. • These are usually static addresses reserved for the router interface, switch management IP address, servers, and local network printers.

  12. Configure DHCP Server – DHCP Address Pool • Configuring a DHCP server involves defining a pool of addresses to assign. • The ip dhcp pool command creates a pool with the specified name and puts the router in DHCP configuration mode, which is identified by the Router(dhcp-config)# prompt.

  13. Configure DHCP Server – DHCP Tasks • Configure the available addresses and specify the subnet network number and mask of the DHCP address pool. Use the network statement to define the range of available addresses. • Define the default gateway or router for the clients to use with the default-router command.

  14. Configuring DHCP Server • The DHCP service is enabled by default on versions of Cisco IOS that support it. • To disable the service, use the no service dhcp command. • Use the service dhcp global configuration command to re-enable the DHCP server process.

  15. Verifying and Troubleshooting DHCP • To verify the operation of DHCP, use the show ip dhcp binding command. • This command displays a list of all IP address to MAC address bindings that have been provided by the DHCP service.

  16. Verifying and Troubleshooting DHCP • To verify that messages are being received or sent by the router, use the show ip dhcp server statistics command. • This command displays count information regarding the number of DHCP messages that have been sent and received.

  17. Verifying and Troubleshooting DHCP • View multiple DHCP pools using the show ip dhcp pool command.

  18. Verifying and Troubleshooting DHCP From the Client PC command line, enter <IPCONFIG /ALL> to display the IP settings of the computer:

  19. Configuring DHCP Client DHCP Server Fa0/1 Fa0/0 10.0.0.2 SOHO ISP 10.0.0.3 • Cisco routers in SOHO and branch sites may have to be configured to accept an interface IP address from the ISP’s DHCP server. • Frequently, it is the Ethernet interface that is used to connect to a cable modem.

  20. DHCP Relay • DHCP clients use IP broadcasts to find the DHCP server on the segment - Routers do not forward these broadcasts. • When possible, administrators should use the ip helper-address command to relay broadcast requests for these key UDP services.

  21. DHCP Relay • By default, the ip helper-address command forwards the following eight UDP services: • Time • TACACS • DNS • BOOTP/DHCP Server • BOOTP/DHCP Client • TFTP • NetBIOS Name Service • NetBIOS datagram Service

  22. Configuring IP helper addresses To configure RTA e0, the interface that receives the Host A broadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands: RTA(config)#interface e0 RTA(config-if)#ip helper-address 172.24.1.9

  23. Trouble Shooting DHCP • Resolving IP Address Conflicts • Verify Physical Connectivity • Test Network Connectivity by Configuring Client workstation with a Static IP Address • Verify Switch Port Configuration (STP Portfast and other Commands) • Distinguishing whether DHCP Clients Obtain IP address on the Same Subnet or VLAN as DHCP Server

  24. Private & Public IP Addresses • Public Internet addresses are regulated by five Regional Internet Registries (RIRs): • ARIN • RIPE • APNIC • LACNIC • AfriNIC • All public Internet addresses must be registered with a Regional Internet Regiestry (RIR). • Organisations can lease public addresses from an ISP. • Only the registered holder of a public Internet address can assign that address to a network device.

  25. Private IP Addresses Class A • 10.0.0.0 to 10.255.255.255 ClassB • 172.16.0.0 to 172.31.255.255 Class C • 192.168.0.0 to 192.168.255.255

  26. Network Address Translation Router is configured to ‘hide’ private IP addresses by substituting them for the public IP address assigned to its Internet interface, and carrying out the reverse process for received packets. Source Destination Segment 80.51.23.1 201.134.56.3 192.168.1.100 192.168.1.1 80.51.23.1 192.168.1.101 Router Destination Source Segment 192.168.1.101 201.134.56.3 Packet

  27. Introducing NAT and PAT • NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header. • In practice, NAT is used to allow hosts that are privately addressed to access the Internet. • NAT translations can occur dynamically or statically. • The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same outside address.

  28. NAT Terms • Cisco defines the following NAT terms: • Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Centre (InterNIC) or service provider. This address is likely to be an RFC 1918 private address. • Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world. • Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

  29. NAT Example DA SA DA SA 128.23.2.2 10.0.0.3 128.23.2.2 179.9.8.80 The translation from Private source IP address to Public source IP address. RTA Outside Global Inside Local Outside Global Inside Global

  30. NAT Example DA SA DA SA 10.0.0.3 128.23.2.2 179.9.8.80 128.23.2.2 Translation back, from Public destination IP address to Private destination IP address. RTA Inside Local Outside Global Inside Global Outside Global

  31. NAT Features • Static NAT is designed to allow one-to-one mapping of local and global addresses. This is particularly useful for hosts which must have a consistent address that is accessible from the Internet. These internal hosts may be enterprise servers or networking devices. • Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host.

  32. NAT Overload • NAT Overload allows you to use a single Public IP address and assign it up to 65,536 inside hosts (4,000 is more realistic). • Modifies the TCP/UDP source port to track inside Host addresses if both hosts select the same source port.

  33. NAT Benefits • Conserves the legally registered addressing scheme • Increases the flexibility of connections to the public network • Provides consistency for internal network addressing schemes. • Provides network security

  34. NAT Drawbacks • Performance is degraded • End-to-end functionality is degraded • End-to-end IP traceability is lost • Tunneling is more complicated • Initiating TCP connections can be disrupted • Architectures need to be rebuilt to accommodate changes

  35. Configuring Static NAT R2 Inside Network Internet S0/0/0 10.1.1.2 S0/1/0 209.165.200.255 Server 192.168.10.254

  36. Configuring Dynamic NAT S0/0/0 10.1.1.2 S0/1/0 209.165.200.255 192.168.10.10 Internet 192.168.11.11

  37. Configuring NAT Overload (Single Address) S0/0/0 10.1.1.2 S0/1/0 209.165.200.255 192.168.10.10 Internet 192.168.11.11

  38. Configuring NAT Overload (Multiple Addresses) S0/0/0 10.1.1.2 S0/1/0 209.165.200.255 192.168.10.10 Internet 192.168.11.11

  39. Port Forwarding WWW Server S0/0/0 10.1.1.2 S0/1/0 209.165.200.255 192.168.10.10 Internet • Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router. • The problem is that NAT does not allow requests initiated from the outside. This situation can be resolved with manual intervention. Port forwarding allows the identification of specific ports that can be forwarded to inside hosts. Re-direct traffic for port 80 to 192.168.10.10 192.168.11.11

  40. Verifying & Troubleshooting NAT Configuration • By default, NAT translation entries time out after 24 hours. • It is sometimes useful to clear the dynamic entries sooner than the default timer. This is especially true when testing the NAT configuration.

  41. Verifying & Troubleshooting NAT Configuration

  42. Verifying & Troubleshooting NAT Configuration

  43. Verifying & Troubleshooting NAT Configuration

  44. IPv6 – The Reason Why

  45. IPv4 / IPv6 Comparison • There are so many IPv6 addresses available that many trillions of addresses could be assigned to every human being on the planet. • There are approximately 665,570,793,348,866,943,898,599 addresses per square meter of the surface of the planet Earth!

  46. IPv6 Representation • Enhanced IP addressing: • Global reachability and flexibility • Aggregation • Multihoming • Autoconfiguration • Plug-and-play • End-to-end without NAT • Renumbering • Mobility and security: • Mobile IP RFC-compliant • IPsec mandatory (or native) for IPv6 • Simple header: • Routing efficiency • Performance and forwarding rate scalability • No broadcasts • No checksums • Extension headers • Flow labels • Transition richness: • Dual-stack • 6to4 and manual tunnels • Translation

  47. IPv6 Packet Header 0 4 8 16 24 31 Version Traffic Class Flow Label Next Header Hop Limit Payload Length SourceIPAddress SourceIPAddress SourceIPAddress SourceIPAddress DestinationIPAddress DestinationIPAddress DestinationIPAddress DestinationIPAddress

  48. IPv6 Addressing 2031:0000:130F:0000:0000:09C0:876A:130B. An IPv6 address can be shortened by applying the following guidelines: • Leading zeros in a field are optional. For example, the field 09C0 equals 9C0, and the field 0000 equals 0. Therefore: 2031:0000:130F:0000:0000:09C0:876A:130B can be written as 2031:0:130F:0000:0000:9C0:876A:130B. • Successive fields of zeros can be represented as two colons "::". However, this shorthand method can only be used once in an address. Therefore: 2031:0:130F:0000:0000:9C0:876A:130B can be written as 2031:0:130F::9C0:876A:130B. • An unspecified address is written as "::" because it contains only zeros.

  49. IPv6 Address Examples • FF01:0:0:0:0:0:0:1 becomes FF01::1 • 0:0:0:0:0:0:0:1 becomes ::1 • 0:0:0:0:0:0:0:0 becomes :: • FF01:0000:0000:0000:0000:0000:0000:1 becomes FF01:0:0:0:0:0:0:1 becomes FF01::1 • E3D7:0000:0000:0000:51F4:00C8:C0A8:6420 becomes E3D7::51F4:C8:C0A8:6420 • 3FFE:0501:0008:0000:0260:97FF:FE40:EFAB becomes 3FFE:501:8:0:260:97FF:FE40:EFAB becomes 3FFE:501:8::260:97FF:FE40:EFAB

  50. IPv6 Address Structure 128 Bits Network Portion Host Portion 48 Bits 16 Bits 64 Bits Global Routing Prefix Subnet ID Interface ID • Interface ID – identifies a host interface address • Subnet ID – 65,536 possible subnets • Global Routing Prefix – issued by IANA or RIR to ISPs at /32 or /35 in length, ISPs then issue to customers with /48 mask

More Related