1Chapter 7

Chap 7 – Implementing IP Addressing Services Learning Objectives

•Configure DHCP in an enterprise branch network

•Configure NAT on a Cisco router

•Configure new generation RIP (RIPng) to use IPv6

2Chapter 7

Dynamic Host Configuration Protocol (DHCP)

• Automatically assigns IP addresses

• Only DHCP server needs to be assigned an address

• Client computers are configured to accept address from server after boot-up

3Chapter 7

Dynamic Host Configuration Protocol

•Dynamic Host Configuration Protocol (DHCP) works in a client/server mode.

•DHCP enables DHCP clients on an IP network to obtain their configurations from a DHCP server.

•Less work is involved in managing an IP network when DHCP is used.

•The most significant configuration option the client receives from the server is its IP address.

•The DHCP protocol is described in RFC 2131

4Chapter 7

Dynamic Host Configuration Protocol

There are three mechanisms used to assign an IP address to the client:

•Automatic allocation – DHCP assigns a permanent IP address to a client.

•Manual allocation – The IP address for the client is assigned by the administrator. DHCP conveys the address to the client.

•Dynamic allocation – DHCP assigns, or leases, an IP address to the client for a limited period of time.

5Chapter 7

Major DHCP features

6Chapter 7

Dynamic Host Configuration Protocol(DHCP)

1. Discover (Broadcast)

2. Offer (Unicast – do you want 192.168.1.3?)

3. Request (Broadcast – yes please)

4. Acknowledge (Unicast – you have 192.168.1.3)

PC 1DHCP Server

192.168.1.3

192.168.1.4

192.168.1.5

192.168.1.6

DHCP Pool

7Chapter 7

DHCP Detailed Operation

•Discover (Broadcast)•Offer (Unicast)•Request (Broadcast)•Acknowledge (Unicast)

8Chapter 7

DHCP Message Format

16 3180 24

OP Code

Transaction Identifier

Client Hardware Address (CHADDR)

Client IP Address (CIADDR)

Your Address (YIADDR)

Server IP Address (SIADDR)

Gateway IP Address (GIADDR)

Flags Seconds

Hardware HW Address Hops

Server Name (SNAME)

Boot Filename

DHCP Options

9Chapter 7

DHCP Discover

Client broadcasts DHCP request on UDP port 67

10Chapter 7

DHCP Offer

Server responds to DHCP request on UDP port 68

11Chapter 7

Configure DHCP Server – Exclude Addresses

•Define a range of addresses that DHCP is not to allocate.

• These are usually static addresses reserved for the router interface, switch management IP address, servers, and local network printers.

12Chapter 7

Configure DHCP Server – DHCP Address Pool

•Configuring a DHCP server involves defining a pool of addresses to assign.

•The ip dhcp pool command creates a pool with the specified name and puts the router in DHCP configuration mode, which is identified by the Router(dhcp-config)# prompt.

13Chapter 7

Configure DHCP Server – DHCP Tasks

•Configure the available addresses and specify the subnet network number and mask of the DHCP address pool. Use the network statement to define the range of available addresses.

•Define the default gateway or router for the clients to use with the default-router command.

14Chapter 7

Configuring DHCP Server

• The DHCP service is enabled by default on versions of Cisco IOS that support it.

• To disable the service, use the no service dhcp command.

• Use the service dhcp global configuration command to re-enable the DHCP server process.

15Chapter 7

Verifying and Troubleshooting DHCP

•To verify the operation of DHCP, use the show ip dhcp binding command.

•This command displays a list of all IP address to MAC address bindings that have been provided by the DHCP service.

16Chapter 7

Verifying and Troubleshooting DHCP

•To verify that messages are being received or sent by the router, use the show ip dhcp server statistics command.

•This command displays count information regarding the number of DHCP messages that have been sent and received.

17Chapter 7

Verifying and Troubleshooting DHCP

•View multiple DHCP pools using the show ip dhcp pool command.

18Chapter 7

From the Client PC command line, enter <IPCONFIG /ALL> to display the IP settings of the computer:

Verifying and Troubleshooting DHCP

19Chapter 7

Configuring DHCP Client

10.0.0.2

10.0.0.3

SOHOISP

•Cisco routers in SOHO and branch sites may have to be configured to accept an interface IP address from the ISP’s DHCP server.

•Frequently, it is the Ethernet interface that is used to connect to a cable modem.

Fa0/0Fa0/1 DHCPServer

20Chapter 7

DHCP Relay

• DHCP clients use IP broadcasts to find the DHCP server on thesegment - Routers do not forward these broadcasts.

• When possible, administrators should use the ip helper-addresscommand to relay broadcast requests for these key UDP services.

21Chapter 7

DHCP Relay

By default, the ip helper-address command forwards the following eight UDP services:

•Time •TACACS •DNS •BOOTP/DHCP Server •BOOTP/DHCP Client •TFTP •NetBIOS Name Service •NetBIOS datagram Service

22Chapter 7

Configuring IP helper addresses

To configure RTA e0, the interface that receives the Host Abroadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands:

RTA(config)#interface e0RTA(config-if)#ip helper-address 172.24.1.9

23Chapter 7

Trouble Shooting DHCP

•Resolving IP Address Conflicts

•Verify Physical Connectivity

•Test Network Connectivity by Configuring Client workstation with a Static IP Address

•Verify Switch Port Configuration (STP Portfast and other Commands)

•Distinguishing whether DHCP Clients Obtain IP address on the Same Subnet or VLAN as DHCP Server

24Chapter 7

Private & Public IP AddressesPublic Internet addresses are regulated by five Regional Internet Registries (RIRs):

•ARIN•RIPE•APNIC•LACNIC•AfriNIC

•All public Internet addresses must be registered with a Regional Internet Regiestry (RIR).

•Organisations can lease public addresses from an ISP.

•Only the registered holder of a public Internet address can assign that address to a network device.

25Chapter 7

Private IP Addresses

Class A

Class B

Class C

•10.0.0.0 to 10.255.255.255

•172.16.0.0 to 172.31.255.255

•192.168.0.0 to 192.168.255.255

26Chapter 7

Network Address Translation

192.168.1.100

192.168.1.101

192.168.1.1 80.51.23.1

Destination Source Segment192.168.1.101201.134.56.3

Destination Source Segment201.134.56.3 80.51.23.1

Router

Router is configured to ‘hide’ private IP addresses by substituting them for the public IP address assigned to its Internet interface, and carrying out the reverse process for received packets.

Packet

27Chapter 7

Introducing NAT and

PAT

• NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header.

• In practice, NAT is used to allow hosts that are privately addressed to access the Internet.

• NAT translations can occur dynamically or statically.

• The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same outside address.

28Chapter 7

NAT Terms Cisco defines the following NAT terms:

•Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Centre (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.

•Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.

•Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

29Chapter 7

NAT Example

The translation from Private source IP addressto Public source IP address.

128.23.2.2 10.0.0.3

DA SA

128.23.2.2 179.9.8.80

DA SARTA

Outside Global Inside Local Inside GlobalOutside Global

30Chapter 7

Translation back, from Public destination IP address to Private destination IP address.

NAT Example

10.0.0.3 128.23.2.2

DA SA

179.9.8.80 128.23.2.2

DA SARTA

Inside Local Outside Global Outside GlobalInside Global

31Chapter 7

•Static NAT is designed to allow one-to-one mapping of local and global addresses. This is particularly useful for hosts which must have a consistent address that is accessible from the Internet. These internal hosts may be enterprise servers or networking devices.

•Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host.

NAT Features

32Chapter 7

NAT Overload

• NAT Overload allows you to use a single Public IP address and assign it up to 65,536 inside hosts (4,000 is more realistic).

• Modifies the TCP/UDP source port to track inside Host addresses if both hosts select the same source port.

33Chapter 7

NAT Benefits

•Conserves the legally registered addressing scheme

•Increases the flexibility of connections to the public network

•Provides consistency for internal network addressing schemes.

•Provides network security

34Chapter 7

• Performance is degraded

• End-to-end functionality is degraded

• End-to-end IP traceability is lost

• Tunneling is more complicated

• Initiating TCP connections can be disrupted

• Architectures need to be rebuilt to accommodate changes

NAT Drawbacks

35Chapter 7

Configuring Static NAT

R2 Computer

Inside Network Internet

Server192.168.10.254

S0/0/010.1.1.2

S0/1/0209.165.200.255

36Chapter 7

Configuring Dynamic NAT

192.168.10.10

192.168.11.11

S0/0/010.1.1.2

S0/1/0209.165.200.255

Internet

37Chapter 7

Configuring NAT Overload (Single Address)

192.168.10.10

192.168.11.11

S0/0/010.1.1.2

S0/1/0209.165.200.255

Internet

38Chapter 7

Configuring NAT Overload (Multiple Addresses)

192.168.10.10

192.168.11.11

S0/0/010.1.1.2

S0/1/0209.165.200.255

Internet

39Chapter 7

Port Forwarding

• Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router.

• The problem is that NAT does not allow requests initiated from the outside. This situation can be resolved with manual intervention. Port forwarding allows the identification of specific ports that can be forwarded to inside hosts.

192.168.10.10

192.168.11.11

S0/0/010.1.1.2

S0/1/0209.165.200.255

InternetComputer

WWW Server

Re-direct traffic for port 80 to

192.168.10.10

40Chapter 7

Verifying & Troubleshooting NAT Configuration

•By default, NAT translation entries time out after 24 hours.•It is sometimes useful to clear the dynamic entries sooner than the default timer. This is especially true when testing the NAT configuration.

41Chapter 7

Verifying & Troubleshooting NAT Configuration

42Chapter 7

Verifying & Troubleshooting NAT Configuration

43Chapter 7

Verifying & Troubleshooting NAT Configuration

44Chapter 7

IPv6 – The Reason Why

45Chapter 7

IPv4 / IPv6 Comparison

•There are so many IPv6 addresses available that many trillions of addresses could be assigned to every human being on the planet.

•There are approximately 665,570,793,348,866,943,898,599 addresses per square meter of the surface of the planet Earth!

46Chapter 7

IPv6 RepresentationMobility and security:•Mobile IP RFC-compliant•IPsec mandatory (or native) for IPv6

Simple header:•Routing efficiency•Performance and forwarding rate scalability•No broadcasts•No checksums•Extension headers•Flow labels

Transition richness:•Dual-stack•6to4 and manual tunnels•Translation

Enhanced IP addressing:•Global reachability and flexibility•Aggregation•Multihoming•Autoconfiguration•Plug-and-play•End-to-end without NAT•Renumbering

47Chapter 7

Next Header

Version

16 312480 4

IPv6 Packet Header

Flow LabelTraffic Class

Payload Length Hop Limit

Source IP Address

Source IP Address

Source IP Address

Source IP Address

Destination IP Address

Destination IP Address

Destination IP Address

Destination IP Address

48Chapter 7

IPv6 Addressing

• Leading zeros in a field are optional. For example, the field 09C0 equals 9C0, and the field 0000 equals 0. Therefore:

2031:0000:130F:0000:0000:09C0:876A:130B can be written as 2031:0:130F:0000:0000:9C0:876A:130B.

• Successive fields of zeros can be represented as two colons "::". However, this shorthand method can only be used once in an address. Therefore:

2031:0:130F:0000:0000:9C0:876A:130B can be written as 2031:0:130F::9C0:876A:130B.

• An unspecified address is written as "::" because it contains only zeros.

2031:0000:130F:0000:0000:09C0:876A:130B. An IPv6 address can be shortened by applying the

following guidelines:

49Chapter 7

IPv6 Address Examples• FF01:0:0:0:0:0:0:1 becomes FF01::1

• 0:0:0:0:0:0:0:1 becomes ::1

• 0:0:0:0:0:0:0:0 becomes ::

• FF01:0000:0000:0000:0000:0000:0000:1 becomes FF01:0:0:0:0:0:0:1 becomes FF01::1

• E3D7:0000:0000:0000:51F4:00C8:C0A8:6420 becomes E3D7::51F4:C8:C0A8:6420

• 3FFE:0501:0008:0000:0260:97FF:FE40:EFAB becomes 3FFE:501:8:0:260:97FF:FE40:EFAB becomes 3FFE:501:8::260:97FF:FE40:EFAB

50Chapter 7

Global Routing Prefix

IPv6 Address Structure

Interface IDSubnet ID

128 Bits

Network Portion Host Portion

48 Bits 16 Bits 64 Bits

•Interface ID – identifies a host interface address

•Subnet ID – 65,536 possible subnets

•Global Routing Prefix – issued by IANA or RIR to ISPs at /32 or /35 in length, ISPs then issue to customers with /48 mask

51Chapter 7

IPv6 Address Types

Address Type MSB (Binary) MSB (Hex)

Unspecified 00..0 ::/128

Loopback 00..1 ::1/128

Multicast 11111111 FF00::/8

Link-Local Unicast

1111111010 FExx::/10

Global Unicast 0012xxx::/4

Or3xxx::/4

52Chapter 7

Global Routing Prefix

Assigning IPv6 Addresses

Interface IDSubnet ID

64 Bits

• IPv6 addresses use interface identifiers to identify interfaces on a link.

• Interface identifiers are required to be unique on a specific link. • Interface identifiers are always 64 bits and can be dynamically

derived from a Layer 2 address (MAC).

• IPv6 address ID can be assigned statically or dynamically:

1. Static assignment using a manual interface ID 2. Static assignment using an EUI-64 interface ID 3. Stateless auto-configuration4. DHCP for IPv6 (DHCPv6)

53Chapter 7

Manual Interface ID Assignment

• Statically assign an IPv6 address to a device by manually assigning both the prefix (network) and interface ID (host) portion of the IPv6 address:

RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64

54Chapter 7

Manual Interface ID Assignment•Each layer-2 MAC address consists of a 12-digit hexadecimal number, split into 2-digit pairs by colons: 07:57:AC:1F:B2:76

•EUI-64 stretches IEEE 802 MAC addresses from 48 to 64 bits by inserting 0xFFFE in the middle at the 24th bit of the MAC address to create a 64-bit, unique interface identifier:07:57:AC:FF:FE:1F:B2:76

•Assign an EUI-64 address to the interface of a Cisco router:

RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64

55Chapter 7

IPv6 Transition Strategies

Different transition mechanisms are available:1. Dual stack2. Manual tunnel3. 6to4 tunnel4. ISATAP tunnel5. Teredo tunnel

Different compatibility mechanisms:Proxying and translation (NAT-PT)

"Dual stack where you can, tunnel where you must."

56Chapter 7

Cisco Dual IOS Stack

Ethernet

IPv4 IPv6

Transport

Application

IPv4

IPv6

Fa0/1 IPv4Internet

IPv6Internet

•Cisco IOS Release 12.2(2)T and later are IPv6-ready. As soon as IPv4 and IPv6 is configured on the interface, it becomes dual-stacked and forwards IPv4 and IPv6 traffic on that interface.

57Chapter 7

IPv6 Tunnelling

•Tunneling is an integration method in which an IPv6 packet is encapsulated within another protocol, such as IPv4.

•Requires dual-stack routers

58Chapter 7

IPv6 Routing Considerations• IPv6 address size - Address size affects the information-

processing functions of a router. Systems using a 64-bit CPU, bus, or memory structure can pass both the IPv4 source and destination address in a single processing cycle. For IPv6, the source and destination addresses require two cycles each-four cycles to process source and destination address information – reduction in performance.

• Multiple IPv6 node addresses - Because IPv6 nodes can use several IPv6 unicast addresses, memory consumption of the Neighbor Discovery cache may be affected.

• IPv6 routing protocols - IPv6 routing protocols are similar to their IPv4 counterparts, but since an IPv6 prefix is four times larger than an IPv4 prefix, routing updates have to carry more information.

• Routing table Size -Increased IPv6 address space leads to larger networks and a much larger Internet. This implies larger routing tables and higher memory requirements to support them.

59Chapter 7

Routing Information Protocol Next Generation (RIPng)

• RFC 2080 defines RIPng as a simple routing protocol based on RIP. RIPng is no more or less powerful than RIP, however, it provides a simple way to bring up an IPv6 network without having to build a new routing protocol.

• RIPng includes the following features:

1. Based on IPv4 RIP version 2 (RIPv2) and is similar to RIPv22. Uses IPv6 for transport3. Includes the IPv6 prefix and next-hop IPv6 address4. Uses the multicast group FF02::9 as the destination address for

RIP updates (this is similar to the broadcast function performed by RIP in IPv4)

5. Sends updates on UDP port 5216. Is supported by Cisco IOS Release 12.2(2)T and later

60Chapter 7

Configure IPv6 Address

MAC Address 0260:3e47.1530

61Chapter 7

Configure RIPng With IPv6

E0

E1

LAN1: 2001:db8:1:1::/64

LAN2: 2001:db8:1:2::/64

R1

R2

R1 Config

R2 Config

62Chapter 7

Troubleshoot IPv6

63Chapter 7

Chap 7 – Implementing IP Addressing Services Learning Objectives

•Configure DHCP in an enterprise branch network

•Configure NAT on a Cisco router

•Configure new generation RIP (RIPng) to use IPv6

64Chapter 7

AnyQuestions?

65Chapter 7

Lab TopologyChapter 7.1.8 – Configuring DHCP

S0/0/0 S0/0/1DCE

R2

R1

S0/0/0DCE S0/0/1

10.2.2.0/30

R3

10.1.1.0/30

.1

.2 .1

.2

Computer

PC1

Fa0/1

Computer

Fa0/0

PC3

192.168.10.0/24 192.168.30.0/24

DNS Server192.168.20.254/24

Fa0/0192.168.20.1/24 ISPS0/1/0

209.165.200.224/27

WWW.publicsite.com209.165.202.158/27

www.cisco.com209.165.201.30/27

S1 S3

.225

.1 .1

66Chapter 7

Chap 7.1.8 – Configuring DHCP

67Chapter 7

Lab TopologyChapter 7.2.8 – Configuring NAT

S0/0/0 S0/0/1DCE

R2

R1

S0/0/0DCE S0/0/1

10.2.2.0/30

R3

10.1.1.0/30

.1

.2 .1

.2

Computer

PC1192.168.10.10

Fa0/1

Computer

Fa0/0

PC3192.168.30.10

192.168.10.0/24 192.168.30.0/24

Inside WWW ServerLocal: 192.168.20.254/24Global: 209.165.202.131

Fa0/0192.168.20.1/24 ISPS0/1/0

209.165.200.224/27

WWW.publicsite.com209.165.201.20/28

Outside Host209.165.201.14/28

S1 S3

.1 .1

Computer

68Chapter 7

Chap 7.2.8 – Configuring NAT

69Chapter 7

Lab TopologyChapter 7.4.1 – Configuring DHCP & NAT

S0/0/0S0/0/1DCER2

R1

S0/0/0DCE S0/0/1

ISP

10.1.1.0/30

.1

.2 .225

.226

Computer

PC1

Fa0/0

Computer

PC2

192.168.10.0/24

Inside WWW ServerLocal: 192.168.20.254/24Global: 209.165.200.246

Fa0/0192.168.20.1/24

S1 S2

.1 192.168.11.0/24.1

Fa0/1

209.165.200.224/30