Chapter 7 1 Chap 7 – Implementing IP Addressing Services Learning Objectives Configure DHCP in an...
-
Upload
jerome-bayless -
Category
Documents
-
view
256 -
download
3
Transcript of Chapter 7 1 Chap 7 – Implementing IP Addressing Services Learning Objectives Configure DHCP in an...
1Chapter 7
Chap 7 – Implementing IP Addressing Services Learning Objectives
•Configure DHCP in an enterprise branch network
•Configure NAT on a Cisco router
•Configure new generation RIP (RIPng) to use IPv6
2Chapter 7
Dynamic Host Configuration Protocol (DHCP)
• Automatically assigns IP addresses
• Only DHCP server needs to be assigned an address
• Client computers are configured to accept address from server after boot-up
3Chapter 7
Dynamic Host Configuration Protocol
•Dynamic Host Configuration Protocol (DHCP) works in a client/server mode.
•DHCP enables DHCP clients on an IP network to obtain their configurations from a DHCP server.
•Less work is involved in managing an IP network when DHCP is used.
•The most significant configuration option the client receives from the server is its IP address.
•The DHCP protocol is described in RFC 2131
4Chapter 7
Dynamic Host Configuration Protocol
There are three mechanisms used to assign an IP address to the client:
•Automatic allocation – DHCP assigns a permanent IP address to a client.
•Manual allocation – The IP address for the client is assigned by the administrator. DHCP conveys the address to the client.
•Dynamic allocation – DHCP assigns, or leases, an IP address to the client for a limited period of time.
5Chapter 7
Major DHCP features
6Chapter 7
Dynamic Host Configuration Protocol(DHCP)
1. Discover (Broadcast)
2. Offer (Unicast – do you want 192.168.1.3?)
3. Request (Broadcast – yes please)
4. Acknowledge (Unicast – you have 192.168.1.3)
PC 1DHCP Server
192.168.1.3
192.168.1.4
192.168.1.5
192.168.1.6
DHCP Pool
7Chapter 7
DHCP Detailed Operation
•Discover (Broadcast)•Offer (Unicast)•Request (Broadcast)•Acknowledge (Unicast)
8Chapter 7
DHCP Message Format
16 3180 24
OP Code
Transaction Identifier
Client Hardware Address (CHADDR)
Client IP Address (CIADDR)
Your Address (YIADDR)
Server IP Address (SIADDR)
Gateway IP Address (GIADDR)
Flags Seconds
Hardware HW Address Hops
Server Name (SNAME)
Boot Filename
DHCP Options
9Chapter 7
DHCP Discover
Client broadcasts DHCP request on UDP port 67
10Chapter 7
DHCP Offer
Server responds to DHCP request on UDP port 68
11Chapter 7
Configure DHCP Server – Exclude Addresses
•Define a range of addresses that DHCP is not to allocate.
• These are usually static addresses reserved for the router interface, switch management IP address, servers, and local network printers.
12Chapter 7
Configure DHCP Server – DHCP Address Pool
•Configuring a DHCP server involves defining a pool of addresses to assign.
•The ip dhcp pool command creates a pool with the specified name and puts the router in DHCP configuration mode, which is identified by the Router(dhcp-config)# prompt.
13Chapter 7
Configure DHCP Server – DHCP Tasks
•Configure the available addresses and specify the subnet network number and mask of the DHCP address pool. Use the network statement to define the range of available addresses.
•Define the default gateway or router for the clients to use with the default-router command.
14Chapter 7
Configuring DHCP Server
• The DHCP service is enabled by default on versions of Cisco IOS that support it.
• To disable the service, use the no service dhcp command.
• Use the service dhcp global configuration command to re-enable the DHCP server process.
15Chapter 7
Verifying and Troubleshooting DHCP
•To verify the operation of DHCP, use the show ip dhcp binding command.
•This command displays a list of all IP address to MAC address bindings that have been provided by the DHCP service.
16Chapter 7
Verifying and Troubleshooting DHCP
•To verify that messages are being received or sent by the router, use the show ip dhcp server statistics command.
•This command displays count information regarding the number of DHCP messages that have been sent and received.
17Chapter 7
Verifying and Troubleshooting DHCP
•View multiple DHCP pools using the show ip dhcp pool command.
18Chapter 7
From the Client PC command line, enter <IPCONFIG /ALL> to display the IP settings of the computer:
Verifying and Troubleshooting DHCP
19Chapter 7
Configuring DHCP Client
10.0.0.2
10.0.0.3
SOHOISP
•Cisco routers in SOHO and branch sites may have to be configured to accept an interface IP address from the ISP’s DHCP server.
•Frequently, it is the Ethernet interface that is used to connect to a cable modem.
Fa0/0Fa0/1 DHCPServer
20Chapter 7
DHCP Relay
• DHCP clients use IP broadcasts to find the DHCP server on thesegment - Routers do not forward these broadcasts.
• When possible, administrators should use the ip helper-addresscommand to relay broadcast requests for these key UDP services.
21Chapter 7
DHCP Relay
By default, the ip helper-address command forwards the following eight UDP services:
•Time •TACACS •DNS •BOOTP/DHCP Server •BOOTP/DHCP Client •TFTP •NetBIOS Name Service •NetBIOS datagram Service
22Chapter 7
Configuring IP helper addresses
To configure RTA e0, the interface that receives the Host Abroadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands:
RTA(config)#interface e0RTA(config-if)#ip helper-address 172.24.1.9
23Chapter 7
Trouble Shooting DHCP
•Resolving IP Address Conflicts
•Verify Physical Connectivity
•Test Network Connectivity by Configuring Client workstation with a Static IP Address
•Verify Switch Port Configuration (STP Portfast and other Commands)
•Distinguishing whether DHCP Clients Obtain IP address on the Same Subnet or VLAN as DHCP Server
24Chapter 7
Private & Public IP AddressesPublic Internet addresses are regulated by five Regional Internet Registries (RIRs):
•ARIN•RIPE•APNIC•LACNIC•AfriNIC
•All public Internet addresses must be registered with a Regional Internet Regiestry (RIR).
•Organisations can lease public addresses from an ISP.
•Only the registered holder of a public Internet address can assign that address to a network device.
25Chapter 7
Private IP Addresses
Class A
Class B
Class C
•10.0.0.0 to 10.255.255.255
•172.16.0.0 to 172.31.255.255
•192.168.0.0 to 192.168.255.255
26Chapter 7
Network Address Translation
192.168.1.100
192.168.1.101
192.168.1.1 80.51.23.1
Destination Source Segment192.168.1.101201.134.56.3
Destination Source Segment201.134.56.3 80.51.23.1
Router
Router is configured to ‘hide’ private IP addresses by substituting them for the public IP address assigned to its Internet interface, and carrying out the reverse process for received packets.
Packet
27Chapter 7
Introducing NAT and
PAT
• NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header.
• In practice, NAT is used to allow hosts that are privately addressed to access the Internet.
• NAT translations can occur dynamically or statically.
• The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same outside address.
28Chapter 7
NAT Terms Cisco defines the following NAT terms:
•Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Centre (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
•Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
•Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
29Chapter 7
NAT Example
The translation from Private source IP addressto Public source IP address.
128.23.2.2 10.0.0.3
DA SA
128.23.2.2 179.9.8.80
DA SARTA
Outside Global Inside Local Inside GlobalOutside Global
30Chapter 7
Translation back, from Public destination IP address to Private destination IP address.
NAT Example
10.0.0.3 128.23.2.2
DA SA
179.9.8.80 128.23.2.2
DA SARTA
Inside Local Outside Global Outside GlobalInside Global
31Chapter 7
•Static NAT is designed to allow one-to-one mapping of local and global addresses. This is particularly useful for hosts which must have a consistent address that is accessible from the Internet. These internal hosts may be enterprise servers or networking devices.
•Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host.
NAT Features
32Chapter 7
NAT Overload
• NAT Overload allows you to use a single Public IP address and assign it up to 65,536 inside hosts (4,000 is more realistic).
• Modifies the TCP/UDP source port to track inside Host addresses if both hosts select the same source port.
33Chapter 7
NAT Benefits
•Conserves the legally registered addressing scheme
•Increases the flexibility of connections to the public network
•Provides consistency for internal network addressing schemes.
•Provides network security
34Chapter 7
• Performance is degraded
• End-to-end functionality is degraded
• End-to-end IP traceability is lost
• Tunneling is more complicated
• Initiating TCP connections can be disrupted
• Architectures need to be rebuilt to accommodate changes
NAT Drawbacks
35Chapter 7
Configuring Static NAT
R2 Computer
Inside Network Internet
Server192.168.10.254
S0/0/010.1.1.2
S0/1/0209.165.200.255
36Chapter 7
Configuring Dynamic NAT
192.168.10.10
192.168.11.11
S0/0/010.1.1.2
S0/1/0209.165.200.255
Internet
37Chapter 7
Configuring NAT Overload (Single Address)
192.168.10.10
192.168.11.11
S0/0/010.1.1.2
S0/1/0209.165.200.255
Internet
38Chapter 7
Configuring NAT Overload (Multiple Addresses)
192.168.10.10
192.168.11.11
S0/0/010.1.1.2
S0/1/0209.165.200.255
Internet
39Chapter 7
Port Forwarding
• Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router.
• The problem is that NAT does not allow requests initiated from the outside. This situation can be resolved with manual intervention. Port forwarding allows the identification of specific ports that can be forwarded to inside hosts.
192.168.10.10
192.168.11.11
S0/0/010.1.1.2
S0/1/0209.165.200.255
InternetComputer
WWW Server
Re-direct traffic for port 80 to
192.168.10.10
40Chapter 7
Verifying & Troubleshooting NAT Configuration
•By default, NAT translation entries time out after 24 hours.•It is sometimes useful to clear the dynamic entries sooner than the default timer. This is especially true when testing the NAT configuration.
41Chapter 7
Verifying & Troubleshooting NAT Configuration
42Chapter 7
Verifying & Troubleshooting NAT Configuration
43Chapter 7
Verifying & Troubleshooting NAT Configuration
44Chapter 7
IPv6 – The Reason Why
45Chapter 7
IPv4 / IPv6 Comparison
•There are so many IPv6 addresses available that many trillions of addresses could be assigned to every human being on the planet.
•There are approximately 665,570,793,348,866,943,898,599 addresses per square meter of the surface of the planet Earth!
46Chapter 7
IPv6 RepresentationMobility and security:•Mobile IP RFC-compliant•IPsec mandatory (or native) for IPv6
Simple header:•Routing efficiency•Performance and forwarding rate scalability•No broadcasts•No checksums•Extension headers•Flow labels
Transition richness:•Dual-stack•6to4 and manual tunnels•Translation
Enhanced IP addressing:•Global reachability and flexibility•Aggregation•Multihoming•Autoconfiguration•Plug-and-play•End-to-end without NAT•Renumbering
47Chapter 7
Next Header
Version
16 312480 4
IPv6 Packet Header
Flow LabelTraffic Class
Payload Length Hop Limit
Source IP Address
Source IP Address
Source IP Address
Source IP Address
Destination IP Address
Destination IP Address
Destination IP Address
Destination IP Address
48Chapter 7
IPv6 Addressing
• Leading zeros in a field are optional. For example, the field 09C0 equals 9C0, and the field 0000 equals 0. Therefore:
2031:0000:130F:0000:0000:09C0:876A:130B can be written as 2031:0:130F:0000:0000:9C0:876A:130B.
• Successive fields of zeros can be represented as two colons "::". However, this shorthand method can only be used once in an address. Therefore:
2031:0:130F:0000:0000:9C0:876A:130B can be written as 2031:0:130F::9C0:876A:130B.
• An unspecified address is written as "::" because it contains only zeros.
2031:0000:130F:0000:0000:09C0:876A:130B. An IPv6 address can be shortened by applying the
following guidelines:
49Chapter 7
IPv6 Address Examples• FF01:0:0:0:0:0:0:1 becomes FF01::1
• 0:0:0:0:0:0:0:1 becomes ::1
• 0:0:0:0:0:0:0:0 becomes ::
• FF01:0000:0000:0000:0000:0000:0000:1 becomes FF01:0:0:0:0:0:0:1 becomes FF01::1
• E3D7:0000:0000:0000:51F4:00C8:C0A8:6420 becomes E3D7::51F4:C8:C0A8:6420
• 3FFE:0501:0008:0000:0260:97FF:FE40:EFAB becomes 3FFE:501:8:0:260:97FF:FE40:EFAB becomes 3FFE:501:8::260:97FF:FE40:EFAB
50Chapter 7
Global Routing Prefix
IPv6 Address Structure
Interface IDSubnet ID
128 Bits
Network Portion Host Portion
48 Bits 16 Bits 64 Bits
•Interface ID – identifies a host interface address
•Subnet ID – 65,536 possible subnets
•Global Routing Prefix – issued by IANA or RIR to ISPs at /32 or /35 in length, ISPs then issue to customers with /48 mask
51Chapter 7
IPv6 Address Types
Address Type MSB (Binary) MSB (Hex)
Unspecified 00..0 ::/128
Loopback 00..1 ::1/128
Multicast 11111111 FF00::/8
Link-Local Unicast
1111111010 FExx::/10
Global Unicast 0012xxx::/4
Or3xxx::/4
52Chapter 7
Global Routing Prefix
Assigning IPv6 Addresses
Interface IDSubnet ID
64 Bits
• IPv6 addresses use interface identifiers to identify interfaces on a link.
• Interface identifiers are required to be unique on a specific link. • Interface identifiers are always 64 bits and can be dynamically
derived from a Layer 2 address (MAC).
• IPv6 address ID can be assigned statically or dynamically:
1. Static assignment using a manual interface ID 2. Static assignment using an EUI-64 interface ID 3. Stateless auto-configuration4. DHCP for IPv6 (DHCPv6)
53Chapter 7
Manual Interface ID Assignment
• Statically assign an IPv6 address to a device by manually assigning both the prefix (network) and interface ID (host) portion of the IPv6 address:
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64
54Chapter 7
Manual Interface ID Assignment•Each layer-2 MAC address consists of a 12-digit hexadecimal number, split into 2-digit pairs by colons: 07:57:AC:1F:B2:76
•EUI-64 stretches IEEE 802 MAC addresses from 48 to 64 bits by inserting 0xFFFE in the middle at the 24th bit of the MAC address to create a 64-bit, unique interface identifier:07:57:AC:FF:FE:1F:B2:76
•Assign an EUI-64 address to the interface of a Cisco router:
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64
55Chapter 7
IPv6 Transition Strategies
Different transition mechanisms are available:1. Dual stack2. Manual tunnel3. 6to4 tunnel4. ISATAP tunnel5. Teredo tunnel
Different compatibility mechanisms:Proxying and translation (NAT-PT)
"Dual stack where you can, tunnel where you must."
56Chapter 7
Cisco Dual IOS Stack
Ethernet
IPv4 IPv6
Transport
Application
IPv4
IPv6
Fa0/1 IPv4Internet
IPv6Internet
•Cisco IOS Release 12.2(2)T and later are IPv6-ready. As soon as IPv4 and IPv6 is configured on the interface, it becomes dual-stacked and forwards IPv4 and IPv6 traffic on that interface.
57Chapter 7
IPv6 Tunnelling
•Tunneling is an integration method in which an IPv6 packet is encapsulated within another protocol, such as IPv4.
•Requires dual-stack routers
58Chapter 7
IPv6 Routing Considerations• IPv6 address size - Address size affects the information-
processing functions of a router. Systems using a 64-bit CPU, bus, or memory structure can pass both the IPv4 source and destination address in a single processing cycle. For IPv6, the source and destination addresses require two cycles each-four cycles to process source and destination address information – reduction in performance.
• Multiple IPv6 node addresses - Because IPv6 nodes can use several IPv6 unicast addresses, memory consumption of the Neighbor Discovery cache may be affected.
• IPv6 routing protocols - IPv6 routing protocols are similar to their IPv4 counterparts, but since an IPv6 prefix is four times larger than an IPv4 prefix, routing updates have to carry more information.
• Routing table Size -Increased IPv6 address space leads to larger networks and a much larger Internet. This implies larger routing tables and higher memory requirements to support them.
59Chapter 7
Routing Information Protocol Next Generation (RIPng)
• RFC 2080 defines RIPng as a simple routing protocol based on RIP. RIPng is no more or less powerful than RIP, however, it provides a simple way to bring up an IPv6 network without having to build a new routing protocol.
• RIPng includes the following features:
1. Based on IPv4 RIP version 2 (RIPv2) and is similar to RIPv22. Uses IPv6 for transport3. Includes the IPv6 prefix and next-hop IPv6 address4. Uses the multicast group FF02::9 as the destination address for
RIP updates (this is similar to the broadcast function performed by RIP in IPv4)
5. Sends updates on UDP port 5216. Is supported by Cisco IOS Release 12.2(2)T and later
60Chapter 7
Configure IPv6 Address
MAC Address 0260:3e47.1530
61Chapter 7
Configure RIPng With IPv6
E0
E1
LAN1: 2001:db8:1:1::/64
LAN2: 2001:db8:1:2::/64
R1
R2
R1 Config
R2 Config
62Chapter 7
Troubleshoot IPv6
63Chapter 7
Chap 7 – Implementing IP Addressing Services Learning Objectives
•Configure DHCP in an enterprise branch network
•Configure NAT on a Cisco router
•Configure new generation RIP (RIPng) to use IPv6
64Chapter 7
AnyQuestions?
65Chapter 7
Lab TopologyChapter 7.1.8 – Configuring DHCP
S0/0/0 S0/0/1DCE
R2
R1
S0/0/0DCE S0/0/1
10.2.2.0/30
R3
10.1.1.0/30
.1
.2 .1
.2
Computer
PC1
Fa0/1
Computer
Fa0/0
PC3
192.168.10.0/24 192.168.30.0/24
DNS Server192.168.20.254/24
Fa0/0192.168.20.1/24 ISPS0/1/0
209.165.200.224/27
WWW.publicsite.com209.165.202.158/27
www.cisco.com209.165.201.30/27
S1 S3
.225
.1 .1
66Chapter 7
Chap 7.1.8 – Configuring DHCP
67Chapter 7
Lab TopologyChapter 7.2.8 – Configuring NAT
S0/0/0 S0/0/1DCE
R2
R1
S0/0/0DCE S0/0/1
10.2.2.0/30
R3
10.1.1.0/30
.1
.2 .1
.2
Computer
PC1192.168.10.10
Fa0/1
Computer
Fa0/0
PC3192.168.30.10
192.168.10.0/24 192.168.30.0/24
Inside WWW ServerLocal: 192.168.20.254/24Global: 209.165.202.131
Fa0/0192.168.20.1/24 ISPS0/1/0
209.165.200.224/27
WWW.publicsite.com209.165.201.20/28
Outside Host209.165.201.14/28
S1 S3
.1 .1
Computer
68Chapter 7
Chap 7.2.8 – Configuring NAT
69Chapter 7
Lab TopologyChapter 7.4.1 – Configuring DHCP & NAT
S0/0/0S0/0/1DCER2
R1
S0/0/0DCE S0/0/1
ISP
10.1.1.0/30
.1
.2 .225
.226
Computer
PC1
Fa0/0
Computer
PC2
192.168.10.0/24
Inside WWW ServerLocal: 192.168.20.254/24Global: 209.165.200.246
Fa0/0192.168.20.1/24
S1 S2
.1 192.168.11.0/24.1
Fa0/1
209.165.200.224/30