Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing IP Addressing Services

Published byKelly Stewart Modified over 6 years ago

Similar presentations

Presentation on theme: "Implementing IP Addressing Services"— Presentation transcript:

1 Implementing IP Addressing Services
Reference: CCNA Exploration Accessing the WAN Chapter 7

2 Objectives

3 Introduction To cope with the depletion of IP addresses, several short-term solutions were developed. Two short-term solutions are private addresses and Network Address Translation (NAT). An inside host receives its IP address, subnet mask, default gateway IP address, DNS server IP address, and other information from a Dynamic Host Configuration Protocol (DHCP) server. DHCP server usually provides IP addresses from a private pool of addresses. The problem is that these hosts may still require valid IP addresses to access Internet resources. This is where NAT comes in.

4 Introducing DHCP Every device that connects to a network needs an IP address. Network administrators assign static IP addresses to routers, servers, and other network devices whose locations (physical and logical) are not likely to change. Administrators enter static IP addresses manually when they configure devices to join the network. Static addresses also enable administrators to manage those devices remotely. However, computers in an organization often change locations, physically and logically. Administrators are unable to keep up with having to assign new IP addresses every time an employee moves to a different office or cubicle. Desktop clients do not require a static address. Instead, a workstation can use any address within a range of addresses. This range is typically within an IP subnet. DHCP assigns IP addresses and other important network configuration information dynamically. Because desktop clients typically make up the bulk of network nodes, DHCP is an extremely useful and timesaving tool for network administrators.

5 Introducing DHCP DHCP services are scalable and relatively easy to manage. In a small branch or SOHO location, a router can be configured to provide DHCP services without the need for an expensive dedicated server. Example: A Cisco IOS feature set called Easy IP offers an optional, full-featured DHCP server. RFC 2131 describes DHCP.

6 DHCP Operation DHCP includes three different address allocation mechanisms to provide flexibility when assigning IP addresses: Manual Allocation: The administrator assigns a pre-allocated IP address to the client and DHCP only communicates the IP address to the device. Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to a device. Dynamic Allocation: DHCP automatically dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address.

7 DHCP Operation - Dynamic Allocation
When a PC connects to a DHCP server, the server assigns or leases an IP address to that PC. The PC connects to the network with that leased IP address until the lease expires. The host must contact the DHCP server periodically to extend the lease. This lease mechanism ensures that hosts that move or power off do not hold onto addresses that they do not need. The DHCP server returns these addresses to the address pool and reallocates them as necessary.

8 DHCP Operation - Dynamic Allocation
Four steps in obtaining a lease: Step 1 (DHCP Discover) Client broadcasts a DHCPDISCOVER message as to find DHCP servers on the network. The host has no valid IP information at bootup, it uses L2 and L3 broadcast addresses to communicate with the server. Step 2 (DHCP Offer) DHCP server receives a DHCDISCOVER message and finds an available IP address to lease, creates an ARP entry consisting of the MAC address of the requesting host and the leased IP address, and transmits a binding offer with a DHCPOFFER message. The DHCPOFFER message is sent as a unicast, using the L2 MAC address of the server as the source address and the L2 address of the client as the destination. Step 3 (DHCP Request) Client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST message (lease origination, lease renewal and verification). The DHCPREQUEST of the client is requesting that the IP information be verified just after it has been assigned. The message provides error checking to ensure that the assignment is still valid. The DHCPREQUEST also serves as a binding acceptance notice to the selected server and an implicit decline to any other servers that may have provided the host a binding offer. Step 4 (DHCP Acknowledge) On receiving the DHCPREQUEST message, the server verifies the lease information, creates a new ARP entry for the client lease, and replies with a unicast DHCPACK message. When the client receives the DHCPACK message, it logs the configuration information and performs an ARP lookup for the assigned address. If it does not receive a reply, it knows that the IP address is valid and starts using it as its own.

9 DHCP Operation - Dynamic Allocation

10 BOOTP and DHCP The Bootstrap Protocol (BOOTP), defined in RFC 951, is the predecessor of DHCP and shares some operational characteristics. BOOTP is a way to download address and boot configurations for diskless workstations. A diskless workstation does not have a hard drive or an operating system. For example, many automated cash register systems at your local supermarket are examples of diskless workstations. Both DHCP and BOOTP are client/server based and use UDP ports 67 and 68. Those ports are still known as BOOTP ports.

11 BOOTP and DHCP Three primary differences between DHCP and BOOTP:
BOOTP was designed for manual pre-configuration of the host information in a server database, while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. DHCP allows for recovery and reallocation of network addresses through a leasing mechanism. Specifically, DHCP defines mechanisms through which clients can be assigned an IP address for a finite lease period. BOOTP provides a limited amount of information to a host. DHCP provides additional IP configuration parameters, such as WINS and domain name.

12 DHCP Message Format The developers of DHCP needed to maintain compatibility with BOOTP and consequently used the same BOOTP message format. Because DHCP has more functionality than BOOTP, the DHCP options field was added. When communicating with older BOOTP clients, the DHCP options field is ignored.

13 DHCP Discovery and Offer Methods
DHCP Offer

14 Configuring a DHCP Server
Step 1 Excluding IP Addresses: Define a range of addresses that DHCP is not to allocate. These are usually static addresses reserved for the router interface, switch management IP address, servers, and local network printers. Step 2 Create the DHCP pool

15 Configuring a DHCP Server
Step 3 Configure the specifics of the pool Configure addresses and specify the subnet network number and mask of the DHCP address pool, default gateway, DNS server, duration of the DHCP lease.

16 Configuring a DHCP Server
Example: DHCP service is enabled by default on versions of Cisco IOS software that support it. To disable the service, use the no service dhcp command. Use the service dhcp global configuration command to re-enable the DHCP server process.

17 Verify DHCP Server Configuration
Router R1 has been configured with the following commands: ip dhcp excluded-address ip dhcp excluded-address ip dhcp pool LAN-POOL-1 network default-router domain-name span.com To verify the operation of DHCP show ip dhcp binding To verify messages show ip dhcp server statistics To view multiple pools show ip dhcp pool

18 Verify DHCP Server Configuration
PC1 has been powered and completed its booting process

19 Verify DHCP Server Configuration
Similar configuration in R2 to provide a /24 DHCP pool.

20 DHCP Client Configuration
Typically, small broadband routers for home use, such as Linksys routers, can be configured to connect to an ISP using a DSL or cable modem. In most cases, small home routers are set to acquire an IP address automatically from their ISPs. Graphic

21 DHCP Client Configuration
To configure an Ethernet interface of a Cisco router as a DHCP client ip address dhcp

22 DHCP Relay In a complex hierarchical network, enterprise servers are usually contained in a server farm. The problem is that the network clients typically are not on the same subnet as those servers. The clients must locate the servers to receive services and often these services are located using broadcast messages.

23 DHCP Relay A simpler solution is to configure the Cisco IOS helper address feature on intervening routers and switches. This solution enables routers to forward DHCP broadcasts to the DHCP servers. When a router forwards address assignment/parameter requests, it is acting as a DHCP relay agent. To configure router as a DHCP relay agent, you need to configure the nearest interface to the client with the interface configuration command ip helper-address This command relays broadcast requests for key services as a unicast to the configured address.

24 DHCP Relay DHCP is not the only service that the router can be configured to relay. By default, the ip helper-address command forwards the following eight UDP services: Port 37: Time Port 49: TACACS Port 53: DNS Port 67: DHCP/BOOTP client Port 68: DHCP/BOOTP server Port 69: TFTP Port 137: NetBIOS name service Port 138: NetBIOS datagram service

25 Troubleshooting DHCP DHCP problems can arise for a multitude of reasons: Software defects in operating systems NIC drivers DHCP/BOOTP relay agents Configuration issues (most common) A systematic approach to troubleshooting is required.

26 Troubleshooting DHCP Task 1: Resolve IP Address Conflicts
An IP address lease can expire on a client still connected to a network. If the client does not renew the lease, the DHCP server can reassign that IP address to another client. When the client reboots, it requests an IP address. If the DHCP server does not respond quickly, the client uses the last IP address. Two clients are using the same IP address, creating a conflict. The show ip dhcp conflict command displays all address conflicts recorded by the DHCP server. The server uses the ping command to detect conflicts. The client uses Address Resolution Protocol (ARP) to detect clients. If an address conflict is detected, the address is removed from the pool and not assigned until an administrator resolves the conflict.

27 Troubleshooting DHCP Task 2: Verify Physical Connectivity
Use the show interface command to confirm that the router interface acting as the default gateway for the client is operational. If the state of the interface is anything other than up, the port does not pass traffic, including DHCP client requests. Task 3: Test Network Connectivity Verify network connectivity by configuring a static IP address on a client workstation. If the workstation is unable to reach network resources with a statically configured IP address, then The root cause of the problem is not DHCP. Network connectivity troubleshooting is required.

28 Troubleshooting DHCP Task 4: Verify Switch Port Configuration
If there is a switch between the client and the DHCP server, verify that the port has STP PortFast enabled and trunking/channeling disabled. The default configuration is PortFast disabled and trunking/channeling auto, if applicable. PortFast is a Cisco technology. When an access port is configured with PortFast command (spanning-tree portfast), the port transitions from blocking to forwarding state.

29 Troubleshooting DHCP Task 5: Distinguishing Whether DHCP Clients are on the Same Subnet or VLAN as DHCP Server It is important to distinguish whether DHCP is functioning correctly when the client is on the same subnet or VLAN as the DHCP server. If the DHCP is working correctly, the problem may be the DHCP/BOOTP relay agent. If the problem persists even with testing DHCP on the same subnet or VLAN as the DHCP server, the problem may actually be with the DHCP server.

30 Troubleshooting DHCP Verify Router DHCP/BOOTP Relay Configuration
The router interface facing the client must be configured with IP helper address in order to relay DHCP requests. To verify the router configuration: Step 1. Verify that the ip helper-address command is configured on the correct interface. Step 2. Verify that the global configuration: no service dhcp has not been configured. This command disables all DHCP server and relay functionality on the router. service dhcp does not appear in the configuration, because it is the default configuration.

31 Troubleshooting DHCP Verify that the Router is Receiving DHCP Requests
On routers configured as DHCP servers, verify that the router is receiving the DHCP request from the client. Configuring an access control list for debugging output Using the debug ip packet detail command A useful command for troubleshooting DHCP operation: debug ip dhcp server events Reports server events, like address assignments and database updates.

32 Private and Public Addressing
All public Internet addresses must be registered with a Regional Internet Registry (RIR). Organizations can lease public addresses from an ISP. RFC 1918 specifies reserved private Internet addresses that are not to be routed over the Internet. Packets with private addresses can be routed within private internetworks. ISPs typically configure the border routers to prevent privately addressed traffic from being forwarded over the Internet. Using NAT, individual companies can address some or all of their hosts with private addresses and use NAT to provide access to the Internet.

33 Private and Public Addressing

34 What is NAT? NAT translates private, internal addresses into public, external addresses. NAT has an added benefit of adding a degree of privacy and security to a network because it hides internal IP addresses from outside networks. When the client sends packets out of the network, NAT-enabled routers translates the internal IP address of the client to an external address. To outside users, all traffic coming to and going from the network has the same IP address or is from the same pool of addresses.

35 What is NAT?

36 NAT Terminology In NAT terminology, the inside network is the set of networks that are subject to translation. The outside network refers to all other addresses. Inside local address - Usually not an IP address assigned by a RIR or service provider and is most likely an RFC 1918 private address. Inside global address - Valid public address that the inside host is given when it exits the NAT router. Outside global address - Valid public IP address assigned to a host on the Internet. Outside local address (out of scope) - The local IP address assigned to a host on the outside network. In most situations, this address will be identical to the outside global address of that outside device.

37 NAT Terminology Ref:

38 Dynamic Mapping and Static Mapping
Two types of NAT translation: Dynamic NAT Uses a pool of public addresses and assigns them on a first-come, first-served basis. When a host with a private IP address requests access to the Internet, dynamic NAT chooses an IP address from the pool that is not already in use by another host. Static NAT Uses a one-to-one mapping of local and global addresses, and these mappings remain constant. Useful for web servers or hosts that must have a consistent address that is accessible from the Internet.

39 NAT Overloading (PAT) NAT overloading (Port Address Translation or PAT) maps multiple private IP addresses to a single public IP address or a few addresses. Example: Your ISP assigns one address to your home/SOHO router, yet several members of your family can simultaneously surf the Internet. Multiple addresses can be mapped to one or to a few addresses because each private address is also tracked by a port number (16 bits). When a client opens a TCP/IP session, the NAT router assigns a port number to its source address. Clients use a different TCP port number for each client session with a server on the Internet. When a response comes back from the server, the source port number, which becomes the destination port number on the return trip, determines to which client the router routes the packets. It also validates that the incoming packets were requested, thus adding a degree of security to the session.

40 NAT Overloading (PAT) NAT overload attempts to preserve the original source port. If this source port is already used, NAT overload assigns the first available port number starting from the beginning of the appropriate port group: 0-511, , or When there are no more ports available and there is more than one external IP address configured, NAT overload moves to the next IP address to try to allocate the original source port again. This process continues until it runs out of available ports and external IP addresses.

41 First available port number
NAT Overloading (PAT) First available port number

42 Benefits and Drawbacks of Using NAT
NAT Benefits NAT conserves the legally registered addressing scheme NAT increases the flexibility of connections to the public network Multiple pools, backup pools, and load-balancing pools can be implemented to ensure reliable public network connections. NAT provides consistency for internal network addressing schemes On a network without private IP addresses and NAT, changing public IP addresses requires the renumbering of all hosts on the existing network. NAT allows the existing scheme to remain while supporting a new public addressing scheme. NAT provides network security Private networks do not advertise their addresses or internal topology, they remain reasonably secure when used in conjunction with NAT to gain controlled external access.

43 Benefits and Drawbacks of Using NAT
NAT Drawbacks Performance is degraded NAT increases switching delays because the translation of each IP address within the packet headers takes time. End-to-end functionality is degraded By changing end-to-end addresses, NAT prevents some applications that use IP addressing. Example: Digital signatures, fail because the source IP address changes. End-to-end IP traceability is lost Tunneling is more complicated NAT modifies values in the headers that interfere with the integrity checks done by IPsec and other tunneling protocols. Initiating TCP connections can be disrupted Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted. Architectures need to be rebuild to accommodate changes Some protocols can accommodate one instance of NAT between participating hosts (passive mode FTP, for example), but fail when both systems are separated from the Internet by NAT.

44 Configuring Static NAT
Static NAT allows connections initiated by external devices to inside devices. For instance, you may want to map an inside global address to a specific inside local address that is assigned to your web server.

45 Configuring Static NAT

46 Configuring Dynamic NAT
Dynamic NAT maps private IP addresses to public addresses. These public IP addresses come from a NAT pool. Dynamic NAT configuration differs from static NAT, but it also has some similarities like static NAT: Requires the configuration to identify each interface as an inside or outside interface. Rather than creating a static map to a single IP address, a pool of inside global addresses is used. You need an ACL to permit only those addresses that are to be translated. An ACL that is too permissive can lead to unpredictable results. Cisco advises against configuring ACLs referenced by NAT commands with the permit any command.

47 Configuring Dynamic NAT

48 Configuring Dynamic NAT
= 226 = 240 = 224

49 Configuring NAT Overload - A Single Public IP Address
With only one public IP address, the overload configuration typically assigns that public address to the outside interface that connects to the ISP. All inside addresses are translated to the single IP address when leaving the outside interface.

50 Configuring NAT Overload - A Single Public IP Address

51 Configuring NAT Overload - A Pool of Public IP Addresses
ISP has provided more than one public IP address, NAT overload is configured to use a pool.

52 Configuring NAT Overload - A Pool of Public IP Addresses
NAT pool :

53 Port Forwarding Port forwarding (tunneling) is the act of forwarding a network port from one network node to another. Allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router. Peer-to-peer file-sharing programs and key operations (web serving and outgoing FTP) require that router ports be forwarded or opened to allow these applications to work. NAT hides internal addresses, peer-to-peer only works from the inside out where NAT can map register outgoing requests against incoming replies. NAT does not allow requests initiated from the outside. Resolved with port forwarding allows specific ports to be forwarded to inside hosts.

54 Configuring Port Forwarding
If the external WAN IP address of the SOHO router is , the external user could enter SOHO router would redirect the HTTP request to the internal web server at IP address , using the default port number 80.

55 Verifying NAT and NAT Overload
Before using the show commands to verify NAT, you must clear any dynamic translation entries that might still be present. Useful commands to verify NAT operation: clear ip nat translation show ip nat translations show ip nat translations verbose show ip nat statistics By default, translation entries time out after 24 hours, unless the timers have been reconfigured with: ip nat translation timeout <timeout_ seconds>

56 Verifying NAT and NAT Overload

57 Troubleshooting NAT and NAT Overload Configuration
Step 1: Based on the configuration, clearly define what NAT is supposed to achieve. This may reveal a problem with the configuration. Step 2: Verify that correct translations exist in the translation table using the show ip nat translations command. Step 3: Use the clear and debug commands to verify that NAT is operating as expected. Check to see if dynamic entries are recreated after they are cleared. Step 4: Review in detail what is happening to the packet, and verify that routers have the correct routing information to move the packet. Use the debug ip nat command to verify the operation of the NAT: Ref: Curriculum case study

58 Summary Dynamic Host Control Protocol (DHCP) DHCP operation
This is a means of assigning IP address and other configuration information automatically. DHCP operation 3 different allocation methods Manual Automatic Dynamic Steps to configure DHCP Define range of addresses Create DHCP pool Configure DHCP pool specifics

59 Summary DHCP Relay Troubleshooting DHCP
Concept of using a router configured to listen for DHCP messages from DHCP clients and then forwards those messages to servers on different subnets Troubleshooting DHCP Most problems arise due to configuration errors Commands to aid troubleshooting Show ip dhcp Show run debug

60 Summary Private IP addresses Network Address Translation (NAT)
Class A = 10.x.x.x Class B = x.x – x.x Class C = x.x Network Address Translation (NAT) A means of translating private IP addresses to public IP addresses Type s of NAT Static Dynamic Some commands used for troubleshooting Show ip nat translations Show ip nat statistics Debug ip nat

Download ppt "Implementing IP Addressing Services"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0 Rick Graziani Cabrillo College.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0 Rick Graziani Cabrillo College.
DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.

DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CMPSC-358 (CCNA 4 ) Spring 2007.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CMPSC-358 (CCNA 4 ) Spring 2007.
Subnetting.

Subnetting.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Hands-On Microsoft Windows Server 2003 Networking Chapter 5 Dynamic Host Configuration Protocol.

Hands-On Microsoft Windows Server 2003 Networking Chapter 5 Dynamic Host Configuration Protocol.
DHCP (Dynamic Host Configuration Protocol) RD-CSY2001-2008/09.

DHCP (Dynamic Host Configuration Protocol) RD-CSY /09.
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )

Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.

Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.
Chapter Overview Understanding DHCP Configuring a DHCP Server

Chapter Overview Understanding DHCP Configuring a DHCP Server
Managing DHCP. 2 DHCP Overview Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server Reduces.

Managing DHCP. 2 DHCP Overview Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server Reduces.

Similar presentations

Ads by Google