Chap 7 - PowerPoint PPT Presentation

About This Presentation
Title:

Chap 7

Description:

Old IPv4-only applications continue to work as before. New and modified applications take advantage of both IP layers. Chapter 7.2.8 ... – PowerPoint PPT presentation

Number of Views:56
Avg rating:3.0/5.0
Slides: 70
Provided by: PhillH8
Category:
Tags: ccna | chap | chapter

less

Transcript and Presenter's Notes

Title: Chap 7


1
Chap 7 Implementing IP Addressing Services
Learning Objectives
  • Configure DHCP in an enterprise branch network
  • Configure NAT on a Cisco router
  • Configure new generation RIP (RIPng) to use IPv6

2
Dynamic Host Configuration Protocol (DHCP)
  • Automatically assigns IP addresses
  • Only DHCP server needs to be assigned an address
  • Client computers are configured to accept address
    from server after boot-up

3
Dynamic Host Configuration Protocol
  • Dynamic Host Configuration Protocol (DHCP) works
    in a client/server mode.
  • DHCP enables DHCP clients on an IP network to
    obtain their configurations from a DHCP server.
  • Less work is involved in managing an IP network
    when DHCP is used.
  • The most significant configuration option the
    client receives from the server is its IP
    address.
  • The DHCP protocol is described in RFC 2131

4
Dynamic Host Configuration Protocol
  • There are three mechanisms used to assign an IP
    address to the client
  • Automatic allocation DHCP assigns a permanent
    IP address to a client.
  • Manual allocation The IP address for the client
    is assigned by the administrator. DHCP conveys
    the address to the client.
  • Dynamic allocation DHCP assigns, or leases, an
    IP address to the client for a limited period of
    time.

5
Major DHCP features
6
Dynamic Host Configuration Protocol(DHCP)
DHCP Server
1. Discover (Broadcast)
PC 1
DHCP Pool
192.168.1.3 192.168.1.4 192.168.1.5 192.168.1.6
2. Offer (Unicast do you want 192.168.1.3?)
3. Request (Broadcast yes please)
4. Acknowledge (Unicast you have 192.168.1.3)
7
DHCP Detailed Operation
  • Discover (Broadcast)
  • Offer (Unicast)
  • Request (Broadcast)
  • Acknowledge (Unicast)

8
DHCP Message Format
16
31
8
0
24
OP Code
Hardware
HW Address
Hops
Transaction Identifier
Flags
Seconds
Client IP Address (CIADDR)
Your Address (YIADDR)
Server IP Address (SIADDR)
Gateway IP Address (GIADDR)
Client Hardware Address (CHADDR)
Server Name (SNAME)
Boot Filename
DHCP Options
9
DHCP Discover
Client broadcasts DHCP request on UDP port 67
10
DHCP Offer
Server responds to DHCP request on UDP port 68
11
Configure DHCP Server Exclude Addresses
  • Define a range of addresses that DHCP is not to
    allocate.
  • These are usually static addresses reserved for
    the router interface, switch management IP
    address, servers, and local network printers.

12
Configure DHCP Server DHCP Address Pool
  • Configuring a DHCP server involves defining a
    pool of addresses to assign.
  • The ip dhcp pool command creates a pool with the
    specified name and puts the router in DHCP
    configuration mode, which is identified by the
    Router(dhcp-config) prompt.

13
Configure DHCP Server DHCP Tasks
  • Configure the available addresses and specify the
    subnet network number and mask of the DHCP
    address pool. Use the network statement to define
    the range of available addresses.
  • Define the default gateway or router for the
    clients to use with the default-router command.

14
Configuring DHCP Server
  • The DHCP service is enabled by default on
    versions of Cisco IOS that support it.
  • To disable the service, use the no service dhcp
    command.
  • Use the service dhcp global configuration command
    to re-enable the DHCP server process.

15
Verifying and Troubleshooting DHCP
  • To verify the operation of DHCP, use the show ip
    dhcp binding command.
  • This command displays a list of all IP address to
    MAC address bindings that have been provided by
    the DHCP service.

16
Verifying and Troubleshooting DHCP
  • To verify that messages are being received or
    sent by the router, use the show ip dhcp server
    statistics command.
  • This command displays count information regarding
    the number of DHCP messages that have been sent
    and received.

17
Verifying and Troubleshooting DHCP
  • View multiple DHCP pools using the show ip dhcp
    pool command.

18
Verifying and Troubleshooting DHCP
From the Client PC command line, enter ltIPCONFIG
/ALLgt to display the IP settings of the computer
19
Configuring DHCP Client
DHCP Server
Fa0/0
Fa0/1
10.0.0.2
SOHO
ISP
10.0.0.3
  • Cisco routers in SOHO and branch sites may have
    to be configured to accept an interface IP
    address from the ISPs DHCP server.
  • Frequently, it is the Ethernet interface that is
    used to connect to a cable modem.

20
DHCP Relay
  • DHCP clients use IP broadcasts to find the DHCP
    server on the
  • segment - Routers do not forward these
    broadcasts.
  • When possible, administrators should use the ip
    helper-address
  • command to relay broadcast requests for these key
    UDP services.

21
DHCP Relay
  • By default, the ip helper-address command
    forwards the following eight UDP services
  • Time
  • TACACS
  • DNS
  • BOOTP/DHCP Server
  • BOOTP/DHCP Client
  • TFTP
  • NetBIOS Name Service
  • NetBIOS datagram Service

22
Configuring IP helper addresses
  • To configure RTA e0, the interface that receives
    the Host A
  • broadcasts, to relay DHCP broadcasts as a unicast
    to the DHCP server,
  • use the following commands
  • RTA(config)interface e0
  • RTA(config-if)ip helper-address 172.24.1.9

23
Trouble Shooting DHCP
  • Resolving IP Address Conflicts
  • Verify Physical Connectivity
  • Test Network Connectivity by Configuring Client
    workstation with a Static IP Address
  • Verify Switch Port Configuration (STP Portfast
    and other Commands)
  • Distinguishing whether DHCP Clients Obtain IP
    address on the Same Subnet or VLAN as DHCP Server

24
Private Public IP Addresses
  • Public Internet addresses are regulated by five
    Regional Internet Registries (RIRs)
  • ARIN
  • RIPE
  • APNIC
  • LACNIC
  • AfriNIC
  • All public Internet addresses must be registered
    with a Regional Internet Regiestry (RIR).
  • Organisations can lease public addresses from an
    ISP.
  • Only the registered holder of a public Internet
    address can assign that address to a network
    device.

25
Private IP Addresses
Class A
  • 10.0.0.0 to 10.255.255.255

Class B
  • 172.16.0.0 to 172.31.255.255

Class C
  • 192.168.0.0 to 192.168.255.255

26
Network Address Translation
Router is configured to hide private IP
addresses by substituting them for the public IP
address assigned to its Internet interface, and
carrying out the reverse process for received
packets.
Source
Destination
Segment
201.134.56.3
80.51.23.1
192.168.1.100
192.168.1.1
80.51.23.1
192.168.1.101
Router
Destination
Source
Segment
192.168.1.101
201.134.56.3
Packet
27
Introducing NAT and PAT
  • NAT, as defined by RFC 1631, is the process of
    swapping one address for another in the IP packet
    header.
  • In practice, NAT is used to allow hosts that are
    privately addressed to access the Internet.
  • NAT translations can occur dynamically or
    statically.
  • The most powerful feature of NAT routers is their
    capability to use port address translation (PAT),
    which allows multiple inside addresses to map to
    the same outside address.

28
NAT Terms
  • Cisco defines the following NAT terms
  • Inside local address The IP address assigned to
    a host on the inside network. The address is
    usually not an IP address assigned by the
    Internet Network Information Centre (InterNIC) or
    service provider. This address is likely to be an
    RFC 1918 private address.
  • Inside global address A legitimate IP address
    assigned by the InterNIC or service provider that
    represents one or more inside local IP addresses
    to the outside world.
  • Outside global address The IP address assigned
    to a host on the outside network. The owner of
    the host assigns this address.

29
NAT Example
RTA
Outside Global
Inside Local
Inside Global
Outside Global
  • The translation from Private source IP address
  • to Public source IP address.

30
NAT Example
RTA
Inside Local
Outside Global
Outside Global
Inside Global
  • Translation back, from Public destination IP
  • address to Private destination IP address.

31
NAT Features
  • Static NAT is designed to allow one-to-one
    mapping of local and global addresses. This is
    particularly useful for hosts which must have a
    consistent address that is accessible from the
    Internet. These internal hosts may be enterprise
    servers or networking devices.
  • Dynamic NAT is designed to map a private IP
    address to a public address. Any IP address from
    a pool of public IP addresses is assigned to a
    network host.

32
NAT Overload
  • NAT Overload allows you to use a single Public IP
    address and assign it up to 65,536 inside hosts
    (4,000 is more realistic).
  • Modifies the TCP/UDP source port to track inside
    Host addresses if both hosts select the same
    source port.

33
NAT Benefits
  • Conserves the legally registered addressing
    scheme
  • Increases the flexibility of connections to the
    public network
  • Provides consistency for internal network
    addressing schemes.
  • Provides network security

34
NAT Drawbacks
  • Performance is degraded
  • End-to-end functionality is degraded
  • End-to-end IP traceability is lost
  • Tunneling is more complicated
  • Initiating TCP connections can be disrupted
  • Architectures need to be rebuilt to accommodate
    changes

35
Configuring Static NAT
Inside Network
Internet
S0/0/0 10.1.1.2
S0/1/0 209.165.200.255
Server 192.168.10.254
36
Configuring Dynamic NAT
S0/0/0 10.1.1.2
S0/1/0 209.165.200.255
192.168.10.10
Internet
192.168.11.11
37
Configuring NAT Overload (Single Address)
S0/0/0 10.1.1.2
S0/1/0 209.165.200.255
192.168.10.10
Internet
192.168.11.11
38
Configuring NAT Overload (Multiple Addresses)
S0/0/0 10.1.1.2
S0/1/0 209.165.200.255
192.168.10.10
Internet
192.168.11.11
39
Port Forwarding
WWW Server
S0/0/0 10.1.1.2
S0/1/0 209.165.200.255
192.168.10.10
Internet
Re-direct traffic for port 80 to 192.168.10.10
192.168.11.11
  • Port forwarding (sometimes referred to as
    tunneling) is the act of forwarding a network
    port from one network node to another. This
    technique can allow an external user to reach a
    port on a private IP address (inside a LAN) from
    the outside through a NAT-enabled router.
  • The problem is that NAT does not allow requests
    initiated from the outside. This situation can be
    resolved with manual intervention. Port
    forwarding allows the identification of specific
    ports that can be forwarded to inside hosts.

40
Verifying Troubleshooting NAT Configuration
  • By default, NAT translation entries time out
    after 24 hours.
  • It is sometimes useful to clear the dynamic
    entries sooner than the default timer. This is
    especially true when testing the NAT
    configuration.

41
Verifying Troubleshooting NAT Configuration
42
Verifying Troubleshooting NAT Configuration
43
Verifying Troubleshooting NAT Configuration
44
IPv6 The Reason Why
45
IPv4 / IPv6 Comparison
  • There are so many IPv6 addresses available that
    many trillions of addresses could be assigned to
    every human being on the planet.
  • There are approximately 665,570,793,348,866,943,89
    8,599 addresses per square meter of the surface
    of the planet Earth!

46
IPv6 Representation
  • Mobility and security
  • Mobile IP RFC-compliant
  • IPsec mandatory (or native) for IPv6
  • Enhanced IP addressing
  • Global reachability and flexibility
  • Aggregation
  • Multihoming
  • Autoconfiguration
  • Plug-and-play
  • End-to-end without NAT
  • Renumbering
  • Simple header
  • Routing efficiency
  • Performance and forwarding rate scalability
  • No broadcasts
  • No checksums
  • Extension headers
  • Flow labels
  • Transition richness
  • Dual-stack
  • 6to4 and manual tunnels
  • Translation

47
IPv6 Packet Header
16
31
24
8
0
4
Version
Flow Label
Traffic Class
Next Header
Hop Limit
Payload Length
Source IP Address
Source IP Address
Source IP Address
Source IP Address
Destination IP Address
Destination IP Address
Destination IP Address
Destination IP Address
48
IPv6 Addressing
20310000130F0000000009C0876A130B. An IPv6
address can be shortened by applying the
following guidelines
  • Leading zeros in a field are optional. For
    example, the field 09C0 equals 9C0, and the field
    0000 equals 0. Therefore
  • 20310000130F0000000009C0876A130B can be
    written as 20310130F000000009C0876A130B.
  • Successive fields of zeros can be represented as
    two colons "". However, this shorthand method
    can only be used once in an address. Therefore
  • 20310130F000000009C0876A130B can be
    written as 20310130F9C0876A130B.
  • An unspecified address is written as "" because
    it contains only zeros.

49
IPv6 Address Examples
  • FF010000001 becomes FF011
  • 00000001 becomes 1
  • 00000000 becomes
  • FF010000000000000000000000001 becomes
    FF010000001 becomes FF011
  • E3D700000000000051F400C8C0A86420 becomes
    E3D751F4C8C0A86420
  • 3FFE050100080000026097FFFE40EFAB becomes
    3FFE5018026097FFFE40EFAB becomes
    3FFE501826097FFFE40EFAB

50
IPv6 Address Structure
128 Bits
Network Portion
Host Portion
48 Bits
16 Bits
64 Bits
Global Routing Prefix
Interface ID
Subnet ID
  • Interface ID identifies a host interface
    address
  • Subnet ID 65,536 possible subnets
  • Global Routing Prefix issued by IANA or RIR to
    ISPs at /32 or /35 in length, ISPs then issue to
    customers with /48 mask

51
IPv6 Address Types
Address Type MSB (Binary) MSB (Hex)
Unspecified 00..0 /128
Loopback 00..1 1/128
Multicast 11111111 FF00/8
Link-Local Unicast 1111111010 FExx/10
Global Unicast 001 2xxx/4 Or 3xxx/4
52
Assigning IPv6 Addresses
64 Bits
Global Routing Prefix
Interface ID
Subnet ID
  • IPv6 addresses use interface identifiers to
    identify interfaces on a link.
  • Interface identifiers are required to be unique
    on a specific link.
  • Interface identifiers are always 64 bits and can
    be dynamically derived from a Layer 2 address
    (MAC).
  • IPv6 address ID can be assigned statically or
    dynamically
  • Static assignment using a manual interface ID
  • Static assignment using an EUI-64 interface ID
  • Stateless auto-configuration
  • DHCP for IPv6 (DHCPv6)

53
Manual Interface ID Assignment
  • Statically assign an IPv6 address to a device by
    manually assigning both the prefix (network) and
    interface ID (host) portion of the IPv6 address
  • RouterX(config-if)ipv6 address
    2001DB82222727272/64

54
Manual Interface ID Assignment
  • Each layer-2 MAC address consists of a 12-digit
    hexadecimal number, split into 2-digit pairs by
    colons 0757AC1FB276
  • EUI-64 stretches IEEE 802 MAC addresses from 48
    to 64 bits by inserting 0xFFFE in the middle at
    the 24th bit of the MAC address to create a
    64-bit, unique interface identifier
  • 0757ACFFFE1FB276
  • Assign an EUI-64 address to the interface of a
    Cisco router
  • RouterX(config-if)ipv6 address
    2001DB822227272/64 eui-64

55
IPv6 Transition Strategies
  • Different transition mechanisms are available
  • Dual stack
  • Manual tunnel
  • 6to4 tunnel
  • ISATAP tunnel
  • Teredo tunnel
  • Different compatibility mechanisms
  • Proxying and translation (NAT-PT)

"Dual stack where you can, tunnel where you
must."
56
Cisco Dual IOS Stack
IPv4 Internet
Fa0/1
IPv4
IPv6 Internet
Application
IPv6
Transport
IPv4
IPv6
Ethernet
  • Cisco IOS Release 12.2(2)T and later are
    IPv6-ready. As soon as IPv4 and IPv6 is
    configured on the interface, it becomes
    dual-stacked and forwards IPv4 and IPv6 traffic
    on that interface.

57
IPv6 Tunnelling
  • Tunneling is an integration method in which an
    IPv6 packet is encapsulated within another
    protocol, such as IPv4.
  • Requires dual-stack routers

58
IPv6 Routing Considerations
  • IPv6 address size - Address size affects the
    information-processing functions of a router.
    Systems using a 64-bit CPU, bus, or memory
    structure can pass both the IPv4 source and
    destination address in a single processing cycle.
    For IPv6, the source and destination addresses
    require two cycles each-four cycles to process
    source and destination address information
    reduction in performance.
  • Multiple IPv6 node addresses - Because IPv6 nodes
    can use several IPv6 unicast addresses, memory
    consumption of the Neighbor Discovery cache may
    be affected.
  • IPv6 routing protocols - IPv6 routing protocols
    are similar to their IPv4 counterparts, but since
    an IPv6 prefix is four times larger than an IPv4
    prefix, routing updates have to carry more
    information.
  • Routing table Size -Increased IPv6 address space
    leads to larger networks and a much larger
    Internet. This implies larger routing tables and
    higher memory requirements to support them.

59
Routing Information Protocol Next Generation
(RIPng)
  • RFC 2080 defines RIPng as a simple routing
    protocol based on RIP. RIPng is no more or less
    powerful than RIP, however, it provides a simple
    way to bring up an IPv6 network without having to
    build a new routing protocol.
  • RIPng includes the following features
  • Based on IPv4 RIP version 2 (RIPv2) and is
    similar to RIPv2
  • Uses IPv6 for transport
  • Includes the IPv6 prefix and next-hop IPv6
    address
  • Uses the multicast group FF029 as the
    destination address for RIP updates (this is
    similar to the broadcast function performed by
    RIP in IPv4)
  • Sends updates on UDP port 521
  • Is supported by Cisco IOS Release 12.2(2)T and
    later

60
Configure IPv6 Address
MAC Address 02603e47.1530
61
Configure RIPng With IPv6
R1 Config
R1
LAN1 2001db811/64
E0
R2 Config
R2
E1
LAN2 2001db812/64
62
Troubleshoot IPv6
63
Chap 7 Implementing IP Addressing Services
Learning Objectives
  • Configure DHCP in an enterprise branch network
  • Configure NAT on a Cisco router
  • Configure new generation RIP (RIPng) to use IPv6

64
Any Questions?
65
Lab Topology
Chapter 7.1.8 Configuring DHCP
209.165.200.224/27
Fa0/0 192.168.20.1/24
S0/1/0
.225
S0/0/1 DCE
S0/0/0
DNS Server 192.168.20.254/24
.2
.1
www.cisco.com 209.165.201.30/27
10.2.2.0/30
10.1.1.0/30
S0/0/0 DCE
S0/0/1
.2
.1
WWW.publicsite.com 209.165.202.158/27
.1
Fa0/0
.1
Fa0/1
192.168.30.0/24
192.168.10.0/24
S3
S1
PC3
PC1
66
Chap 7.1.8 Configuring DHCP
67
Lab Topology
Chapter 7.2.8 Configuring NAT
209.165.200.224/27
Fa0/0 192.168.20.1/24
S0/1/0
S0/0/1 DCE
S0/0/0
Inside WWW Server Local 192.168.20.254/24 Global
209.165.202.131
.2
.1
Outside Host 209.165.201.14/28
10.2.2.0/30
10.1.1.0/30
S0/0/0 DCE
S0/0/1
.2
.1
WWW.publicsite.com 209.165.201.20/28
.1
Fa0/0
.1
Fa0/1
192.168.30.0/24
192.168.10.0/24
S3
S1
PC3 192.168.30.10
PC1 192.168.10.10
68
Chap 7.2.8 Configuring NAT
69
Lab Topology
Chapter 7.4.1 Configuring DHCP NAT
Fa0/0 192.168.20.1/24
S0/0/1 DCE
S0/0/0
Inside WWW Server Local 192.168.20.254/24 Global
209.165.200.246
.2
.225
209.165.200.224/30
10.1.1.0/30
S0/0/0 DCE
S0/0/1
.226
.1
Fa0/0
Fa0/1
192.168.10.0/24
.1
192.168.11.0/24
.1
S2
S1
PC2
PC1
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Chap 7 " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!