Chapter 7 - Implementing IP Addressing Services

CCNA Exploration 4.0

Please purchase a personal license.

Introduction

H c vi n m ng Bach Khoa - Website: www.bkacad.com

DHCP

H c vi n m ng Bach Khoa - Website: www.bkacad.com

Introducing DHCP

DHCP assigns IP addresses and other important network configuration information dynamically.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

DHCP Operation

Manual Allocation: The administrator assigns a preallocated IP address to the client and DHCP only communicates the IP address to the device. Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to a device. Dynamic Allocation: DHCP automatically dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

BOOTP and DHCP

Both DHCP and BOOTP are client/server based and use UDP ports 67 and 68. Those ports are still known as BOOTP ports.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

DHCP Message Format

H c vi n m ng Bach Khoa - Website: www.bkacad.com

DHCP Discover

H c vi n m ng Bach Khoa - Website: www.bkacad.com

DHCP Offer

H c vi n m ng Bach Khoa - Website: www.bkacad.com

Configuring a DHCP Server

H c vi n m ng Bach Khoa - Website: www.bkacad.com

10

Configuring a DHCP Server

Example

H c vi n m ng Bach Khoa - Website: www.bkacad.com

11

Verifying DHCP
PC1: ipconfig /all

H c vi n m ng Bach Khoa - Website: www.bkacad.com

12

Verifying DHCP
PC2: ipconfig /all

H c vi n m ng Bach Khoa - Website: www.bkacad.com

13

Verifying DHCP

H c vi n m ng Bach Khoa - Website: www.bkacad.com

14

Configuring a DHCP Client

H c vi n m ng Bach Khoa - Website: www.bkacad.com

15

Configuring a DHCP Client

H c vi n m ng Bach Khoa - Website: www.bkacad.com

16

DHCP Relay

Host Problem

H c vi n m ng Bach Khoa - Website: www.bkacad.com

17

DHCP Relay

Host Renew

H c vi n m ng Bach Khoa - Website: www.bkacad.com

18

DHCP Relay

Broadcast

Unicast

Helper address configuration that relays broadcasts to all servers on

the segment. RTA(config)#interface e0 RTA(config-if)#ip helper-address 172.24.1.255 But will RTA forward the broadcast?
H c vi n m ng Bach Khoa - Website: www.bkacad.com 19

DHCP Relay

Notice that the RTA interface e3, which connects to the server farm, is not configured with helper addresses. However, the output shows that for this interface, directed broadcast forwarding is disabled. This means that the router will not convert the logical broadcast 172.24.1.255 into a physical broadcast with a Layer 2 address of FF-FF-FF-FF-FFFF. To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will need to be configured to forward directed broadcasts with the following command: RTA(config)#interface e3 RTA(config-if)#ip directed-broadcast
H c vi n m ng Bach Khoa - Website: www.bkacad.com 20

DHCP Relay

L3 Broadcast

L2 Broadcast

RTA(config)#interface e0 RTA(config-if)#ip helper-address 172.24.1.255 RTA(config)#interface e3 RTA(config-if)#ip directed-broadcast

H c vi n m ng Bach Khoa - Website: www.bkacad.com 21

Using helper addresses

By default, the ip helper-address command forwards the eight UDPs services.

The Cisco IOS provides the global configuration command ip forwardprotocol to allow an administrator to forward any UDP port in addition to the default eight.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

22

Configuring a DHCP Server Using SDM

H c vi n m ng Bach Khoa - Website: www.bkacad.com

23

Configuring a DHCP Server Using SDM

H c vi n m ng Bach Khoa - Website: www.bkacad.com

24

Verifying and Troubleshooting DHCP

H c vi n m ng Bach Khoa - Website: www.bkacad.com

25

Verifying and Troubleshooting DHCP

H c vi n m ng Bach Khoa - Website: www.bkacad.com

26

Scaling Networks with NAT

H c vi n m ng Bach Khoa - Website: www.bkacad.com

27

Private and Public IP Addressing

H c vi n m ng Bach Khoa - Website: www.bkacad.com

28

What is NAT ?

H c vi n m ng Bach Khoa - Website: www.bkacad.com

29

NAT Terminology

Inside local address - Usually not an IP address assigned by a RIR or service provider and is most likely an RFC 1918 private address. Inside global address - Valid public address that the inside host is given when it exits the NAT router. When traffic from PC1 is destined for the web server at 209.165.201.1, router R2 must translate the address. In this case, IP address 209.165.200.226 is used as the inside global address for PC1. Outside global address - Reachable IP address assigned to a host on the Internet. For example, the web server is reachable at IP address 209.165.201.1. Outside local address - The local IP address assigned to a host on the outside network. In most situations, this address will be identical to the outside global address of that outside device.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 30

The Forms of NAT

Static NAT Mapping an unregistered IP address to a registered IP
address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

31

The Forms of NAT

Dynamic NAT Maps an unregistered IP address to a registered IP
address from a group of registered IP addresses. Dynamic NAT also establishes a one-to-one mapping between unregistered and registered IP address, but the mapping could vary depending on the registered address available in the pool, at the time of communication.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

32

The Forms of NAT

Overloading A form of dynamic NAT that maps multiple unregistered
IP addresses to a single registered IP address (many-to-one) by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

33

NAT Example

Inside local address The IP address assigned to a host on the inside network. This address is likely to be an RFC 1918 private address. Inside global address A legitimate (Internet routable or public) IP address assigned the service provider that represents one or more inside local IP addresses to the outside world. Outside local address The IP address of an outside host as it is known to the hosts on the inside network. Outside global address The IP address assigned to a host on the outside network. The owner of the host assigns this address.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 34

NAT Example
1 2

DA 128.23.2.2

SA 10.0.0.3 IP Header .... Data

DA 128.23.2.2

SA 179.9.8.80 IP Header .... Data

H c vi n m ng Bach Khoa - Website: www.bkacad.com

35

NAT overload

H c vi n m ng Bach Khoa - Website: www.bkacad.com

36

Next Available Port

H c vi n m ng Bach Khoa - Website: www.bkacad.com

37

Benefits and Drawbacks of Using NAT

H c vi n m ng Bach Khoa - Website: www.bkacad.com

38

Configure Static NAT on a Cisco Router

H c vi n m ng Bach Khoa - Website: www.bkacad.com

39

Example

H c vi n m ng Bach Khoa - Website: www.bkacad.com

40

Configure Dynamic NAT on a Cisco Router

H c vi n m ng Bach Khoa - Website: www.bkacad.com

41

Configure Dynamic NAT on a Cisco Router

H c vi n m ng Bach Khoa - Website: www.bkacad.com

42

Example

Translate to these outside addresses

H c vi n m ng Bach Khoa - Website: www.bkacad.com

43

Configuring NAT Overload for a Single Public IP Address

H c vi n m ng Bach Khoa - Website: www.bkacad.com

44

Configuring NAT Overload for a Single Public IP Address

H c vi n m ng Bach Khoa - Website: www.bkacad.com

45

Configuring NAT Overload for a Pool of Public IP Addresses

H c vi n m ng Bach Khoa - Website: www.bkacad.com

46

Configuring NAT Overload for a Pool of Public IP Addresses

H c vi n m ng Bach Khoa - Website: www.bkacad.com

47

Port Forwarding

Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 48

Port Forwarding
http://portforward.com

H c vi n m ng Bach Khoa - Website: www.bkacad.com

49

Verifying NAT and NAT Overload

H c vi n m ng Bach Khoa - Website: www.bkacad.com

50

Verifying NAT and NAT Overload

H c vi n m ng Bach Khoa - Website: www.bkacad.com

51

Troubleshooting NAT and NAT Overload Configuration

Step 1. Based on the configuration, clearly define what NAT is supposed to achieve. This may reveal a problem with the configuration. Step 2. Verify that correct translations exist in the translation table using the show ip nat translations command. Step 3. Use the clear and debug commands to verify that NAT is operating as expected. Check to see if dynamic entries are recreated after they are cleared. Step 4. Review in detail what is happening to the packet, and verify that routers have the correct routing information to move the packet.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 52

IPv6

H c vi n m ng Bach Khoa - Website: www.bkacad.com

53

Reason for using IPv6

H c vi n m ng Bach Khoa - Website: www.bkacad.com

54

Reason for using IPv6

H c vi n m ng Bach Khoa - Website: www.bkacad.com

55

Address space

H c vi n m ng Bach Khoa - Website: www.bkacad.com

56

IPv6 Features

H c vi n m ng Bach Khoa - Website: www.bkacad.com

57

IPv6 Features

H c vi n m ng Bach Khoa - Website: www.bkacad.com

58

Comparing IPv4 and IPv6 Headers

Traffic class: ToS Payload Length Next Header: Tcp, Udp Hop Limit: TTL No Checksum

Flow Label: 20-bit field that allows a particular flow of traffic to be labeled. It can be used for multilayer switching techniques and faster packet-switching performance. Extension Headers: Follows the previous eight fields. The number of extension headers is not fixed, so the total length of the extension header chain is variable.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 59

Extension header

Extension Header

Extension Header

H c vi n m ng Bach Khoa - Website: www.bkacad.com

60

Extension header

H c vi n m ng Bach Khoa - Website: www.bkacad.com

61

IPv6 Extension Headers

IPv6 Header: Basic header described in the previous figure. Hop-by-hop options header: When used for the router alert

(Resource Reservation Protocol [RSVP] and Multicast Listener Discovery version 1 [MLDv1]) and the jumbogram, this header (value = 0) is processed by all hops in the path of a packet. Destination options header (when the routing header is used) Routing header: Used for source routing and mobile IPv6 (value = 43). Fragment header: Used when a source must fragment a packet that is larger than the MTU for the path between itself and a destination device. Authentication Header and Encapsulating Security Payload header: Used within IPsec to provide authentication, integrity, and confidentiality of a packet. The Authentication Header (value = 51) The ESP header (value = 50) Upper-layer header: Typical headers used inside a packet to transport the data. The two main transport protocols are TCP (value = 6) and UDP (value = 17).
H c vi n m ng Bach Khoa - Website: www.bkacad.com 62

Defining Address Representation

Leading zeros in a field are optional, so 09C0 = 9C0 and 0000 = 0. Successive fields of zeros can be represented as :: only once in an address. An unspecified address is written as :: because it contains only zeros.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 63

IPv6 Address Types

1.

2. 3.

Unicast address Link local (FE80::/10): Scope is configured to single link. The address is unique only on this link, and it is not routable off the link. (similar to 169.254.x.x private address) Site local (FEC0::/10): similar to private address. Global: Globally unique, so it can be routed globally with no modification. A global address has an unlimited scope on the worldwide Internet. Packets with global source and destination addresses are routed to their target destination by the routers on the Internet. Multicast address (FF00::/8): IPv6 does not have broadcast addresses. The range of multicast addresses in IPv6 is larger than in IPv4. For the foreseeable future, allocation of multicast groups is not being limited. Anycast address: An anycast address identifies a list of devices or nodes; therefore, an anycast address identifies multiple interfaces. A packet sent to an anycast address is delivered to the closest interface, as defined by the routing protocols in use.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 64

Special Address

H c vi n m ng Bach Khoa - Website: www.bkacad.com

65

IPv6 Global Unicast and Anycast address

Global Unicast Addresses are defined by a global routing prefix, a subnet ID, and an interface ID. The current global unicast address assignment by the Internet Assigned Numbers Authority (IANA) uses the range of addresses that start with binary value 001 (2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of assigned block addresses. The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the five RIR registries (ARIN, RIPE, APNIC, LACNIC, and AfriNIC). Addresses with a prefix of 2000::/3 (001) through E000::/3 (111), with the exception of the FF00::/8 (1111 1111) multicast addresses, are required to have 64-bit interface identifiers in the Extended Universal Identifier (EUI)-64 format. When a unicast address is assigned to more than one interface, thus turning it into an anycast address, the nodes to which the address is assigned must be explicitly configured to use and recognize the anycast address.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

66

Assign IPv6 address

H c vi n m ng Bach Khoa - Website: www.bkacad.com

67

Stateless Autoconfiguration

1. Phase 1: MAC 00-0C-29-C2-52-FF -> 02-0C-29-FF-FE-C2-52-FF 2. Phase 2: well-known link-local prefix fe80::/64 is added -> 3. 4.
fe80::20c:29ff:fec2:52ff Phase 3: Verify the addresss uniqueness on the link, called duplicate address detection (DAD). Send ICMPv6. Phase 4: Assigned
H c vi n m ng Bach Khoa - Website: www.bkacad.com 68

IPv6 to IPv4 Transition Mechanism

H c vi n m ng Bach Khoa - Website: www.bkacad.com

69

IPv6 to IPv4 Transition Mechanism

The 2 most common techniques to transition from IPv4 to IPv6 are as follows: 1. Dual stack 2. IPv6-over-IPv4 (6to4) tunnels For communication between IPv4 and IPv6 networks, IPv4 addresses can be encapsulated in IPv6 addresses.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 70

Cisco IOS Dual Stack

Dual stacking is an integration method in which a node has implementation and connectivity to both an IPv4 and IPv6 network. This is the recommended option and involves running IPv4 and IPv6 at the same time. Using IPv6 on a Cisco IOS router requires that you use the global configuration command ipv6 unicast-routing. This command enables the forwarding of IPv6 datagrams.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 71

IPv6 Tunneling

Tunneling is an integration method where an IPv6 packet is encapsulated within another protocol, such as IPv4. This method enables the connection of IPv6 islands without needing to convert the intermediary networks to IPv6. When IPv4 is used to encapsulate the IPv6 packet, a protocol type of 41 is specified in the IPv4 header, and the packet includes a 20-byte IPv4 header with no options and an IPv6 header and payload. It also requires dual-stack routers. Tunneling presents these issues: The MTU is decreased by 20 octets (if the IPv4 header does not contain any optional field). Difficult to troubleshoot.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 72

IPv6 Tunneling

H c vi n m ng Bach Khoa - Website: www.bkacad.com

73

Routing consideration with IPv6

Like IPv4 classless interdomain routing (CIDR), IPv6 uses longest

prefix match routing. IPv6 uses modified versions of most of the common routing protocols to handle longer IPv6 addresses and different header structures.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 74

Routing consideration with IPv6

1. 2. 3.

The control plane handles the interaction of the router with the other network elements, providing the information needed to make decisions and control the overall router operation. This plane runs processes such as routing protocols and network management. These functions are generally complex. The data plane handles packet forwarding from one physical or logical interface to another. It involves different switching mechanisms such as process switching and Cisco Express Forwarding (CEF) on Cisco IOS software routers. Enhanced services include advanced features applied when forwarding data, such as packet filtering, quality of service (QoS), encryption, translation, and accounting.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

75

RIPNg routing protocol

Based on IPv4 RIP version 2 (RIPv2) and similar to RIPv2 , distance vector, split horizon, max hop 15, poison reverse Uses IPv6 for transport IPv6 prefix, next-hop IPv6 address Uses the multicast group FF02::9, the all-RIP-routers multicast group, as the destination address for RIP updates Updates sent on UDP port 521 Is supported by Cisco IOS Release 12.2(2)T and later
H c vi n m ng Bach Khoa - Website: www.bkacad.com 76

Enabling IPv6 on Cisco Routers

There are two basic steps to activate IPv6 on a router.

First, you must activate IPv6 traffic-forwarding on the router, and then you must configure each interface that requires IPv6. By default, IPv6 traffic-forwarding is disabled on a Cisco router. To activate it between interfaces, you must configure the global command ipv6 unicast-routing.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 77

IPv6 Address Configuration Example

H c vi n m ng Bach Khoa - Website: www.bkacad.com

78

Cisco IOS IPv6 Name Resolution

H c vi n m ng Bach Khoa - Website: www.bkacad.com

79

Configure RIPng with IPv6

To enable RIPng routing on the router, use the ipv6 router rip name global configuration command. The name parameter identifies the RIP process. This process name is used later when configuring RIPng on participating interfaces. For RIPng, instead of using the network command to identify which interfaces should run RIPng, you use the command ipv6 rip name enable in interface configuration mode to enable RIPng on an interface. The name parameter must match the name parameter in the ipv6 router rip command.

H c vi n m ng Bach Khoa - Website: www.bkacad.com

80

Configure RIPng with IPv6

H c vi n m ng Bach Khoa - Website: www.bkacad.com

81

Troubleshooting

H c vi n m ng Bach Khoa - Website: www.bkacad.com

82

Troubleshooting

H c vi n m ng Bach Khoa - Website: www.bkacad.com

83

LAB IPv6 RIP

2003::1/64 L0 F0/0 2fff::1/64
R1

2004::1/64 S1/0

2004::2/64 S1/1
R2

2005::2/64 L0
ipv6 unicast-routing ipv6 router rip bkacad ipv6 route ::/0 lo0 interface lo0 ipv6 address 2005::2/64 ipv6 rip bkacad enable interface s1/1 ipv6 address 2004::2/64 ipv6 rip bkacad enable ipv6 router rip bkacad redistribute static

2fff::2/64

ipv6 unicast-routing ipv6 router rip bkacad interface lo0 ipv6 address 2003::1/64 ipv6 rip bkacad enable interface f0/0 ipv6 address 2fff::1/64 ipv6 rip bkacad enable interface s1/0 ipv6 address 2004::1/64 ipv6 rip bkacad enable

ipv6 install netsh interface ipv6 add address "Local Area Connection" 2fff::2

H c vi n m ng Bach Khoa - Website: www.bkacad.com

84

Labs

H c vi n m ng Bach Khoa - Website: www.bkacad.com

85

Summary

H c vi n m ng Bach Khoa - Website: www.bkacad.com

86

H c vi n m ng Bach Khoa - Website: www.bkacad.com

87