CCNA Exp4 - Chapter07 - IP Addressing Service

Chapter 7 - Implementing
IP Addressing Services
CCNA Exploration 4.0
1
Introduction
Học viện mạng Bach Khoa - Website: www.bkacad.com 2

DHCP

Introducing DHCP
 DHCP assigns IP addresses and other important

network configuration information dynamically.

DHCP Operation
• Manual Allocation: The

administrator assigns a pre-
allocated IP address to the
client and DHCP only
communicates the IP address
to the device.
• Automatic Allocation: DHCP
automatically assigns a static
IP address permanently to a
device, selecting it from a pool
of available addresses. There
is no lease and the address is
permanently assigned to a
device.
• Dynamic Allocation: DHCP
automatically dynamically
assigns, or leases, an IP
address from a pool of
addresses for a limited
period of time chosen by the
server, or until the client tells
the DHCP server that it no
longer needs the address.

BOOTP and DHCP
• Both DHCP and BOOTP are client/server based and

use UDP ports 67 and 68. Those ports are still known
as BOOTP ports.

DHCP Message Format

DHCP Discover

DHCP Offer

Configuring a DHCP Server

Configuring a DHCP Server
Example

Verifying DHCP
PC1: ipconfig /all

Verifying DHCP
PC2: ipconfig /all

Verifying DHCP

Configuring a DHCP Client

Configuring a DHCP Client

DHCP Relay
Host Problem

DHCP Relay
Host Renew

DHCP Relay
Broadcast Unicast
• Helper address configuration that relays broadcasts to all servers on

the segment.
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.255
• But will RTA forward the broadcast?
DHCP Relay
• Notice that the RTA interface e3, which connects to the server farm, is not configured
with helper addresses.
• However, the output shows that for this interface, directed broadcast forwarding is
disabled. This means that the router will not convert the logical broadcast
172.24.1.255 into a physical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-
FF.
• To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will
need to be configured to forward directed broadcasts with the following command:
RTA(config-if)#ip directed-broadcast

DHCP Relay
L3 Broadcast L2 Broadcast
RTA(config-if)#ip helper-address 172.24.1.255
RTA(config-if)#ip directed-broadcast
Using helper addresses
• By default, the ip helper-address command forwards the eight UDPs services.
• The Cisco IOS provides the global configuration command ip forward-

protocol to allow an administrator to forward any UDP port in addition to the
default eight.

Configuring a DHCP Server Using SDM

Configuring a DHCP Server Using SDM

Verifying and Troubleshooting DHCP

Verifying and Troubleshooting DHCP

Scaling Networks with NAT

Private and Public IP Addressing

What is NAT ?

NAT Terminology
• Inside local address - Usually not an IP address assigned by a RIR or service provider
and is most likely an RFC 1918 private address.
• Inside global address - Valid public address that the inside host is given when it exits
the NAT router.
– When traffic from PC1 is destined for the web server at 209.165.201.1, router R2
must translate the address. In this case, IP address 209.165.200.226 is used as the
inside global address for PC1.
• Outside global address - Reachable IP address assigned to a host on the Internet.
– For example, the web server is reachable at IP address 209.165.201.1.
• Outside local address - The local IP address assigned to a host on the outside
network. In most situations, this address will be identical to the outside global address of
that outside device.
The Forms of NAT
• Static NAT – Mapping an unregistered IP address to a registered IP

address on a one-to-one basis. Particularly useful when a device
needs to be accessible from outside the network.

The Forms of NAT
• Dynamic NAT – Maps an unregistered IP address to a registered IP

address from a group of registered IP addresses. Dynamic NAT also
establishes a one-to-one mapping between unregistered and
registered IP address, but the mapping could vary depending on the
registered address available in the pool, at the time of communication.

The Forms of NAT
• Overloading – A form of dynamic NAT that maps multiple unregistered

IP addresses to a single registered IP address (many-to-one) by using
different ports. Known also as PAT (Port Address Translation), single
address NAT or port-level multiplexed NAT.

NAT Example
• Inside local address – The IP address assigned to a host on the inside network. This
address is likely to be an RFC 1918 private address.
• Inside global address – A legitimate (Internet routable or public) IP address assigned
the service provider that represents one or more inside local IP addresses to the outside
world.
• Outside local address – The IP address of an outside host as it is known to the hosts
on the inside network.
• Outside global address – The IP address assigned to a host on the outside network.
The owner of the host assigns this address.
NAT Example
1 2
DA SA DA SA
128.23.2.2 10.0.0.3 .... Data 128.23.2.2 179.9.8.80 .... Data
IP Header IP Header
1 2

NAT overload

Next Available Port

Benefits and Drawbacks of Using NAT

Configure Static NAT on a Cisco Router

Example

Configure Dynamic NAT on a Cisco Router

Configure Dynamic NAT on a Cisco Router

Example
Translate to these
outside addresses

Configuring NAT Overload for a Single Public IP Address

Configuring NAT Overload for a Single Public IP Address

Configuring NAT Overload for a Pool of Public IP Addresses

Configuring NAT Overload for a Pool of Public IP Addresses

Port Forwarding
• Port forwarding (sometimes referred to as tunneling) is the act of forwarding a

network port from one network node to another.
• This technique can allow an external user to reach a port on a private IP
address (inside a LAN) from the outside through a NAT-enabled router.
Port Forwarding
http://portforward.com

Port Forwarding
• Ip nat inside source static [tcp/udp] Inside Local IP address Local TCP/UDP
Port Inside Global IP address Global TCP/UDP Port
Examples:
• ip nat inside source static udp 10.0.25.22 53 222.25.249.33 53
• ip nat inside source static udp 10.0.25.33 53 222.25.249.34 53
• ip nat inside source static tcp 10.0.25.16 80 222.25.249.34 80

Verifying NAT and NAT Overload

Verifying NAT and NAT Overload

Troubleshooting NAT and NAT Overload Configuration
• Step 1. Based on the configuration, clearly define what NAT is supposed to

achieve. This may reveal a problem with the configuration.
• Step 2. Verify that correct translations exist in the translation table using the
show ip nat translations command.
• Step 3. Use the clear and debug commands to verify that NAT is operating as
expected. Check to see if dynamic entries are recreated after they are cleared.
• Step 4. Review in detail what is happening to the packet, and verify that
routers have the correct routing information to move the packet.

IPv6

Reason for using IPv6

Reason for using IPv6

Address space

IPv6 Features

IPv6 Features

Comparing IPv4 and IPv6 Headers
Traffic class: ToS

Payload Length
Next Header: Tcp, Udp…
Hop Limit: TTL
No Checksum
• Flow Label: 20-bit field that allows a particular flow of traffic to be labeled. It
can be used for multilayer switching techniques and faster packet-switching
performance.
• Extension Headers: Follows the previous eight fields. The number of
extension headers is not fixed, so the total length of the extension header
chain is variable.

Extension header
Extension Header
Extension Header

Extension header

IPv6 Extension Headers
• IPv6 Header: Basic header described in the previous figure.
• Hop-by-hop options header: When used for the router alert
(Resource Reservation Protocol [RSVP] and Multicast Listener
Discovery version 1 [MLDv1]) and the jumbogram, this header (value =
0) is processed by all hops in the path of a packet.
• Destination options header (when the routing header is used)
• Routing header: Used for source routing and mobile IPv6 (value =
43).
• Fragment header: Used when a source must fragment a packet that is
larger than the MTU for the path between itself and a destination
device.
• Authentication Header and Encapsulating Security Payload
header: Used within IPsec to provide authentication, integrity, and
confidentiality of a packet.
– The Authentication Header (value = 51)
– The ESP header (value = 50)
• Upper-layer header: Typical headers used inside a packet to transport
the data. The two main transport protocols are TCP (value = 6) and
UDP (value = 17).

Defining Address Representation
• Leading zeros in a field are optional, so 09C0 = 9C0 and 0000 = 0.

• Successive fields of zeros can be represented as “::” only once in an address.
• An unspecified address is written as “::” because it contains only zeros.

IPv6 Address Types
1. Unicast address
– Link local (FE80::/10): Scope is configured to single link. The address is unique only on this
link, and it is not routable off the link. (similar to 169.254.x.x private address)
– Site local (FEC0::/10): similar to private address.
– Global: Globally unique, so it can be routed globally with no modification. A global address
has an unlimited scope on the worldwide Internet. Packets with global source and destination
addresses are routed to their target destination by the routers on the Internet.
2. Multicast address (FF00::/8): IPv6 does not have broadcast addresses. The range of multicast
addresses in IPv6 is larger than in IPv4. For the foreseeable future, allocation of multicast groups is
not being limited.
3. Anycast address: An anycast address identifies a list of devices or nodes; therefore, an anycast
address identifies multiple interfaces. A packet sent to an anycast address is delivered to the closest
interface, as defined by the routing protocols in use.
Special Address

IPv6 Global Unicast and Anycast address
• Global Unicast Addresses are defined by a global routing prefix, a subnet ID, and an
interface ID. The current global unicast address assignment by the Internet Assigned
Numbers Authority (IANA) uses the range of addresses that start with binary value 001
(2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of
assigned block addresses.
• The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the five RIR
registries (ARIN, RIPE, APNIC, LACNIC, and AfriNIC).
• Addresses with a prefix of 2000::/3 (001) through E000::/3 (111), with the exception of
the FF00::/8 (1111 1111) multicast addresses, are required to have 64-bit interface
identifiers in the Extended Universal Identifier (EUI)-64 format.
• When a unicast address is assigned to more than one interface, thus turning it into an
anycast address, the nodes to which the address is assigned must be explicitly
configured to use and recognize the anycast address.

Assign IPv6 address

Stateless Autoconfiguration
1. Phase 1: MAC 00-0C-29-C2-52-FF -> 02-0C-29-FF-FE-C2-52-FF

2. Phase 2: well-known link-local prefix fe80::/64 is added ->
fe80::20c:29ff:fec2:52ff
3. Phase 3: Verify the address’s uniqueness on the link, called duplicate
address detection (DAD). Send ICMPv6.
4. Phase 4: Assigned

IPv6 to IPv4 Transition Mechanism

IPv6 to IPv4 Transition Mechanism
• The 2 most common techniques to transition from IPv4 to IPv6 are as

follows:
1. Dual stack
2. IPv6-over-IPv4 (6to4) tunnels
• For communication between IPv4 and IPv6 networks, IPv4 addresses
can be encapsulated in IPv6 addresses.

Cisco IOS Dual Stack
• Dual stacking is an integration method in which a node has implementation

and connectivity to both an IPv4 and IPv6 network. This is the recommended
option and involves running IPv4 and IPv6 at the same time.
• Using IPv6 on a Cisco IOS router requires that you use the global configuration
command ipv6 unicast-routing. This command enables the forwarding of
IPv6 datagrams.
IPv6 Tunneling
• Tunneling is an integration method where an IPv6 packet is encapsulated within another protocol,
such as IPv4. This method enables the connection of IPv6 islands without needing to convert the
intermediary networks to IPv6.
• When IPv4 is used to encapsulate the IPv6 packet, a protocol type of 41 is specified in the IPv4
header, and the packet includes a 20-byte IPv4 header with no options and an IPv6 header and
payload. It also requires dual-stack routers.
• Tunneling presents these issues:
– The MTU is decreased by 20 octets (if the IPv4 header does not contain any optional field).
– Difficult to troubleshoot.

IPv6 Tunneling

Routing consideration with IPv6
• Like IPv4 classless interdomain routing (CIDR), IPv6 uses longest

prefix match routing.
• IPv6 uses modified versions of most of the common routing protocols
to handle longer IPv6 addresses and different header structures.
Routing consideration with IPv6
1. The control plane handles the interaction of the router with the other network
elements, providing the information needed to make decisions and control the overall
router operation. This plane runs processes such as routing protocols and network
management. These functions are generally complex.
2. The data plane handles packet forwarding from one physical or logical interface to
another. It involves different switching mechanisms such as process switching and
Cisco Express Forwarding (CEF) on Cisco IOS software routers.
3. Enhanced services include advanced features applied when forwarding data, such as
packet filtering, quality of service (QoS), encryption, translation, and accounting.

RIPNg routing protocol
• Based on IPv4 RIP version 2 (RIPv2) and similar to RIPv2 , distance vector, split
horizon, max hop 15, poison reverse
• Uses IPv6 for transport
• IPv6 prefix, next-hop IPv6 address
• Uses the multicast group FF02::9, the all-RIP-routers multicast group, as the destination
address for RIP updates
• Updates sent on UDP port 521
• Is supported by Cisco IOS Release 12.2(2)T and later

Enabling IPv6 on Cisco Routers
• There are two basic steps to activate IPv6 on a router.

– First, you must activate IPv6 traffic-forwarding on the router,
– and then you must configure each interface that requires IPv6.
• By default, IPv6 traffic-forwarding is disabled on a Cisco router. To
activate it between interfaces, you must configure the global command
ipv6 unicast-routing.

IPv6 Address Configuration Example

Cisco IOS IPv6 Name Resolution

Configure RIPng with IPv6
• To enable RIPng routing on the router, use the ipv6 router rip name global
configuration command.
– The name parameter identifies the RIP process.
– This process name is used later when configuring RIPng on participating interfaces.
• For RIPng, instead of using the network command to identify which interfaces should
run RIPng, you use the command ipv6 rip name enable in interface configuration mode
to enable RIPng on an interface. The name parameter must match the name parameter
in the ipv6 router rip command.

Configure RIPng with IPv6

Troubleshooting

Troubleshooting

LAB – IPv6 RIP
2003::1/64 2004::1/64 2004::2/64 2005::2/64

L0 R1 S1/0 R2 L0
F0/0 S1/1
2fff::1/64 ipv6 unicast-routing ipv6 unicast-routing
ipv6 router rip bkacad ipv6 router rip bkacad
interface lo0 ipv6 route ::/0 lo0
ipv6 address 2003::1/64 interface lo0
2fff::2/64 ipv6 rip bkacad enable
ipv6 address 2005::2/64
interface f0/0
ipv6 rip bkacad enable
ipv6 address 2fff::1/64
ipv6 rip bkacad enable interface s1/1
interface s1/0 ipv6 address 2004::2/64
ipv6 address 2004::1/64 ipv6 rip bkacad enable
ipv6 rip bkacad enable ipv6 router rip bkacad
redistribute static
ipv6 install
netsh interface ipv6 add address "Local Area Connection" 2fff::2

Labs

Summary


CCNA Exp4 - Chapter07 - IP Addressing Service

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

CCNA Exp4 - Chapter07 - IP Addressing Service

Diunggah oleh

Hak Cipta:

Format Tersedia

Chapter 7 - Implementing

CCNA Exploration 4.0

Học viện mạng Bach Khoa - Website: www.bkacad.com 2

Học viện mạng Bach Khoa - Website: www.bkacad.com 3

 DHCP assigns IP addresses and other important

Học viện mạng Bach Khoa - Website: www.bkacad.com 4

• Manual Allocation: The

Học viện mạng Bach Khoa - Website: www.bkacad.com 5

• Both DHCP and BOOTP are client/server based and

Học viện mạng Bach Khoa - Website: www.bkacad.com 6

Học viện mạng Bach Khoa - Website: www.bkacad.com 7

Học viện mạng Bach Khoa - Website: www.bkacad.com 8

Học viện mạng Bach Khoa - Website: www.bkacad.com 9

Học viện mạng Bach Khoa - Website: www.bkacad.com 10

Học viện mạng Bach Khoa - Website: www.bkacad.com 11

PC1: ipconfig /all

Học viện mạng Bach Khoa - Website: www.bkacad.com 12

PC2: ipconfig /all

Học viện mạng Bach Khoa - Website: www.bkacad.com 13

Học viện mạng Bach Khoa - Website: www.bkacad.com 14

Học viện mạng Bach Khoa - Website: www.bkacad.com 15

Học viện mạng Bach Khoa - Website: www.bkacad.com 16

Học viện mạng Bach Khoa - Website: www.bkacad.com 17

Học viện mạng Bach Khoa - Website: www.bkacad.com 18

• Helper address configuration that relays broadcasts to all servers on

Học viện mạng Bach Khoa - Website: www.bkacad.com 20

• The Cisco IOS provides the global configuration command ip forward-

Học viện mạng Bach Khoa - Website: www.bkacad.com 22

Học viện mạng Bach Khoa - Website: www.bkacad.com 23

Học viện mạng Bach Khoa - Website: www.bkacad.com 24

Học viện mạng Bach Khoa - Website: www.bkacad.com 25

Học viện mạng Bach Khoa - Website: www.bkacad.com 26

Học viện mạng Bach Khoa - Website: www.bkacad.com 27

Học viện mạng Bach Khoa - Website: www.bkacad.com 28

Học viện mạng Bach Khoa - Website: www.bkacad.com 29

• Static NAT – Mapping an unregistered IP address to a registered IP

Học viện mạng Bach Khoa - Website: www.bkacad.com 31

• Dynamic NAT – Maps an unregistered IP address to a registered IP

Học viện mạng Bach Khoa - Website: www.bkacad.com 32

• Overloading – A form of dynamic NAT that maps multiple unregistered

Học viện mạng Bach Khoa - Website: www.bkacad.com 33

128.23.2.2 10.0.0.3 .... Data 128.23.2.2 179.9.8.80 .... Data

Học viện mạng Bach Khoa - Website: www.bkacad.com 35

Học viện mạng Bach Khoa - Website: www.bkacad.com 36

Học viện mạng Bach Khoa - Website: www.bkacad.com 37

Học viện mạng Bach Khoa - Website: www.bkacad.com 38

Học viện mạng Bach Khoa - Website: www.bkacad.com 39

Học viện mạng Bach Khoa - Website: www.bkacad.com 40

Học viện mạng Bach Khoa - Website: www.bkacad.com 41

Học viện mạng Bach Khoa - Website: www.bkacad.com 42

Học viện mạng Bach Khoa - Website: www.bkacad.com 43

Học viện mạng Bach Khoa - Website: www.bkacad.com 44

Học viện mạng Bach Khoa - Website: www.bkacad.com 45

Học viện mạng Bach Khoa - Website: www.bkacad.com 46

Học viện mạng Bach Khoa - Website: www.bkacad.com 47

• Port forwarding (sometimes referred to as tunneling) is the act of forwarding a

Học viện mạng Bach Khoa - Website: www.bkacad.com 49

Học viện mạng Bach Khoa - Website: www.bkacad.com 50

Học viện mạng Bach Khoa - Website: www.bkacad.com 51

Học viện mạng Bach Khoa - Website: www.bkacad.com 52

• Step 1. Based on the configuration, clearly define what NAT is supposed to

Học viện mạng Bach Khoa - Website: www.bkacad.com 53

Học viện mạng Bach Khoa - Website: www.bkacad.com 54