View
246
Download
1
Category
Tags:
Preview:
Citation preview
CCNACisco Certified Network Associate
Objectives
Configure DHCP in an enterprise branch network
Configure NAT; PAT on a Cisco router IPV6 Configure new generation RIP (RIPng) to
use IPv6
DHCP
DHCP OverviewThe Dynamic Host Configuration Protocol
(DHCP) was designed to assign IP addresses and other important network configuration information dynamically.
Because desktop clients typically make up the bulk of network nodes, DHCP is an extremely useful timesaving tool for network administrators.
Some devices, such as servers, should be statically assigned.
DHCP Overview
DHCPManual Allocation: The administrator assigns a pre-allocated
IP address to the client and DHCP only communicates the IP address to the device.
Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to a device.
Dynamic Allocation: DHCP automatically dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address.
BOOTP and DHCP
Both DHCP and BOOTP are client/server based and use UDP ports 67 and 68.
DHCP Operation
DHCP Operation- DHCP Discovery
1- The DHCP client sends a directed IP broadcast with a DHCP request.
2- The server notes the blank address field as well as the hardware address of the client.
DHCP Operation- DHCP Offer
3- The DHCP server picks an IP address from the available pool for the segment, as well as the other segment and global parameters. The server adds these values to the appropriate fields of the DHCP packet.
4- Using the hardware address of the client, it sends this frame back to the client.
DHCP Features
Configuring DHCP
Note: The network statement enables DHCP on any router interfaces belonging to that network. The router will act as a DHCP server on that interface. It is also the pool of addresses that the DHCP server will use. no service dhcp disables all DHCP server and relay functionality on the router.
Configuring DHCP
The ip dhcp excluded-address command configures the router to exclude an individual address or range of addresses when assigning addresses to clients.
Other IP configuration values such as the default gateway can be set from the DHCP configuration mode.
Verifying DHCP
Verifying DHCP
DHCP Client
DHCP Relay
DHCP clients use IP broadcasts to find the DHCP server on the segment.
What happens when the server and the client are not on the same segment and are separated by a router? Routers do not forward these broadcasts.
When possible, administrators should use the ip helper-address command to relay broadcast requests for these key UDP services.
Using helper addresses
Configuring IP helper addresses
To configure RTA e0, the interface that receives the Host A broadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands:RTA(config)#interface e0RTA(config-if)#ip helper-address 172.24.1.9
Broadcast Unicast
Verifying and Troubleshooting DHCP
Verifying and Troubleshooting DHCP
R2# show ip dhcp conflict
IP address Detection Method Detection time
192.168.1.32 Ping Feb 16 2007 12:28 PM
192.168.1.64 Gratuitous ARP Feb 23 2007 08:12 AM
The server uses the ping command to detect conflicts. The client uses Address Resolution Protocol (ARP) to detect clients. If an address conflict is detected, the address is removed from the pool and not assigned until an administrator resolves the conflict.
OverviewNAT allows private addresses to be
translated into public, routable addresses.DHCP server assigns IP dynamic addresses
to devices inside the networkThis conserves an organizations registered
IP addresses and allows the packet to be transported over public external networks, such as the Internet.
A variation of NAT, called Port Address Translation (PAT), allows many internal private addresses to be translated to one or more external public address.
Benefits and Drawbacks of Using NAT
How NAT Works
A NAT-enabled device typically operates at the border of a stub network.
Devices within the internal network have private IP addresses that must be translated to public, routable addresses.
NAT TermsInside local address — The IP address assigned
to a host on the inside network. This address is likely to be an RFC 1918 private address.
Inside global address — A legitimate IP address assigned by the RIR or service provider that represents one or more inside local IP addresses to the outside world.
Outside local address — The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside.
Outside global address — Reachable IP address assigned to a host on the Internet.
How NAT Works
NAT Table
The NAT table records inside to outside mappings.
Static and Dynamic NAT
Static NAT is designed to allow one-to-one mapping of local and global addresses.
Dynamic NAT is designed to map a private IP address to a public address.
Inside
Dynamic NAT
Dynamic NAT
NAT can be dynamic or static.Dynamic NAT translates inside addresses
using a pool of global addresses. Each inside local address is dynamically
assigned an inside global address from an administratively defined pool of addresses.
Dynamic NAT enables hosts on a private network to access the internet by translating private addresses into public addresses.
Configure Dynamic Nat1- Define a pool of global addresses to be allocated as needed.
router(config)# ip nat pool pool-name start-ip end-ip netmask netmask
2- Define a standard access list to identify which hosts will be translated.router(config)# access-list number permit network
mask3- Establish dynamic source translation, identifying the access
list defined in the previous step.router(config)# ip nat inside source list access-list-
num pool pool-name4- Identify interfaces as inside or outside with regard to NAT.
router(config-if)# ip nat {inside|outside}
Sample Dynamic NAT Configuration
Confirming NAT Operation
Troubleshooting NAT
outgoing
incoming
Static NAT
Static NAT
Permits devices with a private address to be seen on a public network.
Static translations are entered directly into the configuration and are always in the translation table.
Typically used for web servers.
Configure Static Nat
1- Establish static translation between inside and outside addresses.router(config)# ip nat inside source static
local-ip global-ip
2- Identify interfaces as inside or outside with regard to NAT.router(config-if)# ip nat {inside|outside}
Configuring Static NAT
NAT Overload or PAT (Port Address Translation)
NAT overloading (sometimes called Port Address Translation or PAT) maps multiple private IP addresses to a single public IP address or a few addresses.
ISP assigns one address to your router, yet several members of your family can simultaneously surf the Internet.
With NAT overloading, multiple addresses can be mapped to one or to a few addresses because each private address is also tracked by a port number. When a client opens a TCP/IP session, the NAT router assigns a port number to its source address.
Configuring PAT
1- Configure a NAT pool. (Or overload an interface.)
2- Create an access list to determine which address should be translated.
3- Assign this access list to the NAT pool and set it for overload.
4- Assign inside and outside interfaces.
Overloading NAT1- Configure NAT pool
Range of addresses: ip nat pool bigpool 192.168.1.33 192.168.1.57
netmask 255.255.255.224Single address
ip nat pool smallpool 192.168.1.33 192.168.1.33 netmask 255.255.255.224
2- Create a standard access list to identify which addresses should be translatedaccess-list 24 permit 10.0.0.0 0.255.255.255
3- Assign this access list to the NAT pool and set it for overloadip nat inside source list 24 pool bigpool overload
4- Assign inside and outside interfacesrouter(config-if)# ip nat {inside|outside}
Configuring PAT
Interface is used in place of a NAT pool.
Debug NAT translations
s= - Refers to the source IP address. a.b.c.d w.x.y.z - Indicates that source address a.b.c.d is translated to w.x.y.z. d= - Refers to the destination IP address. [xxxx] - The value in brackets is the IP identification number. This information may
be useful for debugging in that it enables correlation with other packet traces from protocol analyzers.
Dúvidas????
Internet Protocol V6 (IPV6)
IntroductionThe Internet and IP-related technologies have
experienced rapid growth.Because of the dramatic growth, the number of
available IP (v4) addresses is quickly running out. Current IP addresses poorly allocatedNew network devices on the rise (PDA, Cell
Phones, … )
•DHCP and NAT have helped reduce the need for IP addresses, it is estimated that we will run out of unique IPv4 addresses by 2010
Business motivators for Using IPv6Movement to change from IPv4 to IPv6 has already begun,
particularly in Europe, Japan, and the Asia-Pacific region. These areas are exhausting their allotted IPv4 addresses, which makes IPv6 all the more attractive and necessary.
All U.S. government agencies must start using IPv6 across their core networks by 2008, and the agencies are working to meet that deadline.
•- The IPv4 header has 20 octets and 12 basic header fields, followed by an options field and a data portion
•- The IPv6 header has 40 octets, three IPv4 basic header fields, and five additional header fields.
Extension Headers: Follows the previous eight fields.
IPv6 address is a 128-bit binary value, which can be displayed as 32 hexadecimal digits.
IPv6 should provide sufficient addresses for future Internet growth needs for many years to come.
There are enough IPv6 addresses to allocate more than the entire IPv4 Internet address space to everyone on the planet.
IPv6 Address Representation
Binary and alphanumeric representations of IPv4 and IPv6 addresses
IPv6 Address RepresentationLeading zeros in a field are optional.Successive fields of zeros can be represented as two
colons "::". This shorthand method can only be used once in an address.
An unspecified address is written as "::" because it contains only zeros
Incorrect
IPv6 Address Representation
IPv6Reserved Address – IETF reserves a portion of space for
various uses;Private Address - Private addresses have a first octet value
of "FE" in hexadecimal notation, with the next hexadecimal digit being a value from 8 to F.Site-local addresses, are addresses similar to the RFC 1918
Address Allocation for Private Internets in IPv4 today. Begin with "FE" and then "C" to "F" for the third hexadecimal digit.
Link-local addresses, they refer only to a particular physical link (physical network). Routers do not forward datagrams using link-local addresses at all, not even within the organization; they are only for local communication on a particular physical network segment. Link-local addresses begin with "FE" and then have a value from "8" to "B" for the third hexadecimal digit.
Loopback Address - The loopback address is 0:0:0:0:0:0:0:1, which is normally expressed using zero compression as "::1".
Manual Interface ID Assignment
One way to statically assign an IPv6 address to a device is to manually assign both the prefix (network) and interface ID (host) portion of the IPv6 address
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64
EUI-64 Interface ID Assignment
The EUI-64 standard stretch IEEE 802 MAC addresses from 48 to 64 bits by inserting the 16-bit 0xFFFE in the middle at the 24th bit of the MAC address to create a 64-bit, unique interface identifier.
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64
MAC
2001:DB8:2222:7272:0090:27FF:FE17:FC0F/64
IPv6 to IPv4 Transition Mechanism Techniques to transition from IPv4 to IPv6 are as follows:
Dual stack Tunneling (6to4and 4to6) NAT-PT (NAT Protocol Translation) Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP) tunneling Teredo tunneling
Cisco IOS Dual StackDual stackingDual stacking is an integration method in which a node
has implementation and connectivity to both an IPv4 and IPv6 network. This is the recommended option and involves running IPv4 and IPv6 at the same time. Router and switches are configured to support both protocols, with IPv6 being the preferred protocol.
Cisco IOS dual stack Cisco IOS Release 12.2(2)T and later (with the
appropriate feature set) are IPv6-ready. As soon as you configure basic IPv4 and IPv6 on the interface, the interface is dual-stacked and forwards IPv4 and IPv6 traffic on that interface
IPv6 TunnelingTunneling is an integration method where an IPv6
packet is encapsulated within another protocol, such as IPv4.
Enables the connection of IPv6 islands without needing to convert the intermediary networks to IPv6.
Requires dual-stack routers. The packet includes a 20-byte IPv4 header with no
options and an IPv6 header and payload.Tunneling is an intermediate integration and
transition technique and should not be considered as a final solution. A native IPv6 architecture should be the ultimate goal.
IPv6 TunnelingIntra-Site Automatic Tunnel Addressing Protocol
(ISATAP) tunneling - Automatic overlay tunneling mechanism that uses the underlying IPv4 network as a link layer for IPv6. ISATAP tunnels allow individual IPv4 or IPv6 dual-stack hosts within a site to communicate with other such hosts on a virtual link, creating an IPv6 network using the IPv4 infrastructure.
Teredo tunneling - An IPv6 transition technology that provides host-to-host automatic tunneling instead of gateway tunneling. This approach passes unicast IPv6 traffic when dual-stacked hosts (hosts that are running both IPv6 and IPv4) are located behind one or multiple IPv4 NATs.
TunnelingA tunneled network is often difficult to
troubleshoot.
Example of a Configured Tunnel
NAT-PT
Enabling IPv6 on Cisco RoutersFirst, you must activate IPv6 traffic-forwarding on
the router, and then you must configure each interface that requires IPv6.
The ipv6 address command can configure a global IPv6 address. The link-local address is automatically configured when an address is assigned to the interface. You must specify the entire 128-bit IPv6 address or specify to use the 64-bit prefix by using the eui-64 option.
IPv6 Address Configuration ExampleConfiguring an IPv6 address on an interface automatically configures the link-local address for that interface.
Configure RIPng with IPv6Create the routing process.Enable the routing process on interfaces.Customize the routing protocol for the
network.
Example: RIPng for IPv6 Configuration
Verifying RIPng for IPv6
Troubleshooting RIPng for IPv6
Recommended