Lab 2-2 Connecting to the InternetTask 1: Configure a Manual IP Address and Static Default Route Step 2:Branch#show ip interface brief Interface IP-Address OK? Method Status ProtocolEthernet0/0 10.1.1.1 YES manual up up Ethernet0/1 unassigned YES NVRAM up up Ethernet0/2 unassigned YES NVRAM administratively down down Ethernet0/3 unassigned YES NVRAM administratively down down

Step 3:Enter the following commands on the Branch router:Branch(config)#interface Ethernet0/1Branch(config-if)#no shutdownBranch(config-if)#ip address 209.165.201.1 255.255.255.224

Step 4:Branch#show ip interface brief Interface IP-Address OK? Method Status ProtocolEthernet0/0 10.1.1.1 YES manual up up Ethernet0/1 209.165.201.1 YES manual up up Ethernet0/2 unassigned YES NVRAM administratively down down Ethernet0/3 unassigned YES NVRAM administratively down down

Step 5:Branch#ping 209.165.201.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 m

Step 6:The Branch router does not have a route to reach networks that are not directly connected.Branch#ping 172.16.1.100Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:.....Success rate is 0 percent (0/5)

Step 7:No, there is no route present for the IP address of the server.Branch#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.0/24 is directly connected, Ethernet0/0L 10.1.1.1/32 is directly connected, Ethernet0/0 209.165.201.0/24 is variably subnetted, 2 subnets, 2 masksC 209.165.201.0/27 is directly connected, Ethernet0/1L 209.165.201.1/32 is directly connected, Ethernet0/1

Step 8:Enter the following command on the Branch router:Branch#configure terminalBranch(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.2

Step 9:Enter the following commands on the Branch router:Branch(config)#exitBranch#copy running-config startup-configDestination filename [startup-config]? Building configuration...[OK]

Step 10:The ping should be successful because you configured a static default route.Branch#ping 172.16.1.100Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Step 11:The default route is designated with S and an asterisk (*).Branch#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override

Gateway of last resort is 209.165.201.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 209.165.201.2 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.0/24 is directly connected, Ethernet0/0L 10.1.1.1/32 is directly connected, Ethernet0/0 209.165.201.0/24 is variably subnetted, 2 subnets, 2 masksC 209.165.201.0/27 is directly connected, Ethernet0/1L 209.165.201.1/32 is directly connected, Ethernet0/1

Step 12:Enter the following command on the Branch router:Branch(config)#no ip route 0.0.0.0 0.0.0.0 209.165.201.2

Step 13:Branch#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.0/24 is directly connected, Ethernet0/0L 10.1.1.1/32 is directly connected, Ethernet0/0 209.165.201.0/24 is variably subnetted, 2 subnets, 2 masksC 209.165.201.0/27 is directly connected, Ethernet0/1L 209.165.201.1/32 is directly connected, Ethernet0/1

Task 2: Configure a DHCP-Obtained IP Address Step 2:Enter the following commands on the Branch router:Branch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Branch(config)#interface Ethernet0/1Branch(config-if)#ip address dhcpBranch(config-if)#*Mar 20 13:14:54.646: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 209.165.201.1, mask 255.255.255.224, hostname Branch

Branch(config-if)#

Step 3:Enter the following commands on the Branch router:Branch(config-if)#exitBranch(config)#exitBranch#copy running-config startup-configDestination filename [startup-config]? Building configuration...[OK]

Step 4:Branch#show ip interface briefInterface IP-Address OK? Method Status ProtocolEthernet0/0 10.1.1.1 YES manual up up Ethernet0/1 209.165.201.1 YES DHCP up up Ethernet0/2 unassigned YES NVRAM administratively down down Ethernet0/3 unassigned YES NVRAM administratively down down

Step 5:The default route was set by the Branch router automatically. The Branch router received knowledge of the default gateway from the DHCP server and it set the static route next hop IP address to the IP address of the default gateway.Branch#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override

Gateway of last resort is 209.165.201.2 to network 0.0.0.0

S* 0.0.0.0/0 [254/0] via 209.165.201.2 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.0/24 is directly connected, Ethernet0/0L 10.1.1.1/32 is directly connected, Ethernet0/0 209.165.201.0/24 is variably subnetted, 2 subnets, 2 masksC 209.165.201.0/27 is directly connected, Ethernet0/1L 209.165.201.1/32 is directly connected, Ethernet0/1

Step 6:The ping should be successful.Branch#ping 209.165.201.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/12 ms

Step 7:The ping should be successful because the Branch router received received knowledge of the default gateway from DHCP server. The Branch router set the default route automatically and it set the route next hop IP address to the IP address of the default gateway.Branch#ping 172.16.1.100Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Step 9:The ping should be successful.PC1>ping 209.165.201.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 209.165.201.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Step 10:The ping should not be successful. In the next step, you will examine why the ping is not successful.PC1>ping 172.16.1.100Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:.....Success rate is 0 percent (0/5)

Step 11:Branch#telnet 209.165.201.2Trying 209.165.201.2 ... Open

HQ#debug ip icmp ICMP packet debugging is onHQ#terminal monitor

Step 12:The solution that could be implemented on Branch router to provide connectivity between PC1 and the server is NAT. With NAT, the source IP address in a packet would be translated into the outside IP address of the Branch router. The HQ router would then know how to send a returning packet back to the Branch router, because the routers are directly connected. The destination IP address in the packet would be then translated back to the IP address of PC1 and sent to PC1.HQ#Dec 18 13:25:24.239: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100, topology BASE, dscp 0 topoid 0HQ#Dec 18 13:25:26.235: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100, topology BASE, dscp 0 topoid 0HQ#Dec 18 13:25:28.235: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100, topology BASE, dscp 0 topoid 0HQ#Dec 18 13:25:30.235: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100, topology BASE, dscp 0 topoid 0HQ#Dec 18 13:25:32.235: ICMP: echo reply sent, src 172.16.1.100, dst 10.1.1.100, topology BASE, dscp 0 topoid 0

Step 13:HQ#undebug allAll possible debugging has been turned offHQ#exit

[Connection to 209.165.201.2 closed by foreign host]Branch#

Task 3: Configure NAT Step 2:Enter the following command on the Branch router:Branch(config)#access-list 1 permit 10.1.1.0 0.0.0.255

Step 3:Enter the following commands on the Branch router:Branch(config)#ip nat pool NAT_POOL 209.165.201.5 209.165.201.10 netmask 255.255.255.224

You can accommodate up to six hosts at the same time using the configured NAT pool. Step 4:Enter the following commands on the Branch router:Branch(config)#interface Ethernet0/0Branch(config-if)#ip nat inside

When you enable the interface as NAT inside, the router will block for approximately 1 minute. After that, you will see a log message about the router creating NVI0 interface. This interface is used internally by the router to perform NAT. Step 5:Enter the following commands on the Branch router:Branch(config)#interface Ethernet0/1Branch(config-if)#ip nat outside

Step 6:Enter the following command on the Branch router:Branch(config)#ip nat inside source list 1 pool NAT_POOL

Step 7:You should be successful.PC1>telnet 172.16.1.100Trying 172.16.1.100 ... OpenHQ#

When you enable the interface as NAT inside, the router will block for approximately 1 minute. After that, you will see a log message about the router creating NVI0 interface. This interface is used internally by the router to perform NAT. Step 8:You should see that the Telnet session from PC1 is seen as originating from a translated IP address. The translated IP address is the first free IP address from the NAT pool.HQ#show users Line User Host(s) Idle Location 0 con 0 idle 00:34:13 * 2 vty 0 idle 00:00:00 209.165.201.5

Interface User Mode Idle Peer Address

Step 9:You should be successful.PC2>telnet 172.16.1.100Trying 172.16.1.100 ... Open

HQ#

The session marked with an asterisk (*) is the one that is currently active and used. Step 10:You should see that the Telnet session from PC2 is seen as originating from a translated IP address. The translated IP address is the next free IP address from the NAT pool.HQ#show users Line User Host(s) Idle Location 0 con 0 idle 00:37:00 2 vty 0 idle 00:02:47 209.165.201.5* 3 vty 1 idle 00:00:00 209.165.201.6

Interface User Mode Idle Peer Address

Step 11:Notice that inside local IP addresses are translated into inside global IP addresses.Branch#show ip nat translations Pro Inside global Inside local Outside local Outside globaltcp 209.165.201.5:44019 10.1.1.100:44019 172.16.1.100:23 172.16.1.100:23--- 209.165.201.5 10.1.1.100 --- ---tcp 209.165.201.6:29705 10.1.1.101:29705 172.16.1.100:23 172.16.1.100:23--- 209.165.201.6 10.1.1.101 --- ---

Step 13:Enter the following commands on the Branch router:Branch(config)#exitBranch#copy running-config startup-configDestination filename [startup-config]? Building configuration...[OK]

Task 4: Configure NAT with PAT Step 2:Enter the following command on the Branch router:Branch(config)#no ip nat inside source list 1 pool NAT_POOL

Dynamic mapping in use, do you want to delete all entries? [no]: yes

Step 3:Enter the following command on the Branch router (and then answer with yes):Branch(config)#ip nat inside source list 1 interface Ethernet0/1 overload

You can accommodate approximately 64,000 hosts by overloading one IP address. Step 4:PC1>telnet 172.16.1.100Trying 172.16.1.100 ... OpenHQ#

Step 5:HQ#show users Line User Host(s) Idle Location 0 con 0 idle 00:42:13 * 2 vty 0 idle 00:00:00 209.165.201.1

Interface User Mode Idle Peer Address

Step 6:You should be successful.PC2>telnet 172.16.1.100Trying 172.16.1.100 ... OpenHQ#

Step 7:You should see that the Telnet session from PC2 is again seen as originating from the IP address of the Branch router outside interface.HQ#show users Line User Host(s) Idle Location 0 con 0 idle 00:43:37 2 vty 0 idle 00:01:23 209.165.201.1* 3 vty 1 idle 00:00:00 209.165.201.1

Interface User Mode Idle Peer Address

Step 8:Notice that two inside local IP addresses are translated into the same inside global IP address, which is configured on the Branch router outside interface. To provide two distinct translations, different source ports are used.Branch#show ip nat translations Pro Inside global Inside local Outside local Outside globaltcp 209.165.201.1:25562 10.1.1.100:25562 172.16.1.100:23 172.16.1.100:23tcp 209.165.201.1:27870 10.1.1.101:27870 172.16.1.100:23 172.16.1.100:23

Step 10:Enter the following commands on the Branch router:Branch(config)#exitBranch#copy running-config startup-configDestination filename [startup-config]? Building configuration...[OK]

1