CCNA Cisco Certified Network Associate Objectives Configure DHCP in an enterprise branch network Configure NAT; PAT on a Cisco router IPV6 Configure new generation RIP (RIPng) to use IPv6 DHCP DHCP Overview The Dynamic Host Configuration Protocol (DHCP) was designed to assign IP addresses and other important network configuration information dynamically. Because desktop clients typically make up the bulk of network nodes, DHCP is an extremely useful timesaving tool for network administrators. Some devices, such as servers, should be statically assigned. DHCP Overview DHCP Manual Allocation: The administrator assigns a pre-allocated IP address to the client and DHCP only communicates the IP address to the device. Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to a device. Dynamic Allocation: DHCP automatically dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address. BOOTP and DHCP Both DHCP and BOOTP are client/server based and use UDP ports 67 and 68. DHCP Operation DHCP Operation- DHCP Discovery 1- The DHCP client sends a directed IP broadcast with a DHCP request. 2- The server notes the blank address field as well as the hardware address of the client. DHCP Operation- DHCP Offer 3- The DHCP server picks an IP address from the available pool for the segment, as well as the other segment and global parameters. The server adds these values to the appropriate fields of the DHCP packet. 4- Using the hardware address of the client, it sends this frame back to the client. DHCP Features Configuring DHCP Note: The network statement enables DHCP on any router interfaces belonging to that network. The router will act as a DHCP server on that interface. It is also the pool of addresses that the DHCP server will use. no service dhcp disables all DHCP server and relay functionality on the router. Configuring DHCP The ip dhcp excluded-address command configures the router to exclude an individual address or range of addresses when assigning addresses to clients. Other IP configuration values such as the default gateway can be set from the DHCP configuration mode. Verifying DHCP Verifying DHCP DHCP Client DHCP Relay DHCP clients use IP broadcasts to find the DHCP server on the segment. What happens when the server and the client are not on the same segment and are separated by a router? Routers do not forward these broadcasts. When possible, administrators should use the ip helper-address command to relay broadcast requests for these key UDP services. Using helper addresses Configuring IP helper addresses Broadcast Unicast To configure RTA e0, the interface that receives the Host A broadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands: RTA(config)#interface e0 RTA(config-if)#ip helper-address 172.24.1.9 Verifying and Troubleshooting DHCP Verifying and Troubleshooting DHCP R2# show ip dhcp conflict IP address Detection Method Detection time 192.168.1.32 Ping Feb 16 2007 12:28 PM 192.168.1.64 Gratuitous ARP Feb 23 2007 08:12 AM The server uses the ping command to detect conflicts. The client uses Address Resolution Protocol (ARP) to detect clients. If an address conflict is detected, the address is removed from the pool and not assigned until an administrator resolves the conflict. Overview NAT allows private addresses to be translated into public, routable addresses. DHCP server assigns IP dynamic addresses to devices inside the network This conserves an organizations registered IP addresses and allows the packet to be transported over public external networks, such as the Internet. A variation of NAT, called Port Address Translation (PAT), allows many internal private addresses to be translated to one or more external public address. Benefits and Drawbacks of Using NAT How NAT Works A NAT-enabled device typically operates at the border of a stub network. Devices within the internal network have private IP addresses that must be translated to public, routable addresses. NAT Terms Inside local address — The IP address assigned to a host on the inside network. This address is likely to be an RFC 1918 private address. Inside global address — A legitimate IP address assigned by the RIR or service provider that represents one or more inside local IP addresses to the outside world. Outside local address — The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside. Outside global address — Reachable IP address assigned to a host on the Internet. How NAT Works NAT Table The NAT table records inside to outside mappings. Static and Dynamic NAT Inside Static NAT is designed to allow one-to-one mapping of local and global addresses. Dynamic NAT is designed to map a private IP address to a public address. Dynamic NAT Dynamic NAT NAT can be dynamic or static. Dynamic NAT translates inside addresses using a pool of global addresses. Each inside local address is dynamically assigned an inside global address from an administratively defined pool of addresses. Dynamic NAT enables hosts on a private network to access the internet by translating private addresses into public addresses. Configure Dynamic Nat 1- Define a pool of global addresses to be allocated as needed. router(config)# ip nat pool pool-name start-ip end-ip netmask netmask 2- Define a standard access list to identify which hosts will be translated. router(config)# access-list number permit network mask 3- Establish dynamic source translation, identifying the access list defined in the previous step. router(config)# ip nat inside source list access-listnum pool pool-name 4- Identify interfaces as inside or outside with regard to NAT. router(config-if)# ip nat {inside|outside} Sample Dynamic NAT Configuration Confirming NAT Operation Troubleshooting NAT outgoing incoming Static NAT Static NAT Permits devices with a private address to be seen on a public network. Static translations are entered directly into the configuration and are always in the translation table. Typically used for web servers. Configure Static Nat 1- Establish static translation between inside and outside addresses. router(config)# ip nat inside source static local-ip global-ip 2- Identify interfaces as inside or outside with regard to NAT. router(config-if)# ip nat {inside|outside} Configuring Static NAT NAT Overload or PAT (Port Address Translation) NAT overloading (sometimes called Port Address Translation or PAT) maps multiple private IP addresses to a single public IP address or a few addresses. ISP assigns one address to your router, yet several members of your family can simultaneously surf the Internet. With NAT overloading, multiple addresses can be mapped to one or to a few addresses because each private address is also tracked by a port number. When a client opens a TCP/IP session, the NAT router assigns a port number to its source address. Configuring PAT 1- Configure a NAT pool. (Or overload an interface.) 2- Create an access list to determine which address should be translated. 3- Assign this access list to the NAT pool and set it for overload. 4- Assign inside and outside interfaces. Overloading NAT 1- Configure NAT pool Range of addresses: ip nat pool bigpool 192.168.1.33 192.168.1.57 netmask 255.255.255.224 Single address ip nat pool smallpool 192.168.1.33 192.168.1.33 netmask 255.255.255.224 2- Create a standard access list to identify which addresses should be translated access-list 24 permit 10.0.0.0 0.255.255.255 3- Assign this access list to the NAT pool and set it for overload ip nat inside source list 24 pool bigpool overload 4- Assign inside and outside interfaces router(config-if)# ip nat {inside|outside} Configuring PAT Interface is used in place of a NAT pool. Debug NAT translations s= - Refers to the source IP address. a.b.c.d w.x.y.z - Indicates that source address a.b.c.d is translated to w.x.y.z. d= - Refers to the destination IP address. [xxxx] - The value in brackets is the IP identification number. This information may be useful for debugging in that it enables correlation with other packet traces from protocol analyzers. Dúvidas???? Internet Protocol V6 (IPV6) Introduction The Internet and IP-related technologies have experienced rapid growth. Because of the dramatic growth, the number of available IP (v4) addresses is quickly running out. Current IP addresses poorly allocated New network devices on the rise (PDA, Cell Phones, … ) •DHCP and NAT have helped reduce the need for IP addresses, it is estimated that we will run out of unique IPv4 addresses by 2010 Business motivators for Using IPv6 Movement to change from IPv4 to IPv6 has already begun, particularly in Europe, Japan, and the Asia-Pacific region. These areas are exhausting their allotted IPv4 addresses, which makes IPv6 all the more attractive and necessary. All U.S. government agencies must start using IPv6 across their core networks by 2008, and the agencies are working to meet that deadline. Extension Headers: Follows the previous eight fields. •- The IPv4 header has 20 octets and 12 basic header fields, followed by an options field and a data portion •- The IPv6 header has 40 octets, three IPv4 basic header fields, and five additional header fields. IPv6 Address Representation IPv6 address is a 128-bit binary value, which can be displayed as 32 hexadecimal digits. IPv6 should provide sufficient addresses for future Internet growth needs for many years to come. There are enough IPv6 addresses to allocate more than the entire IPv4 Internet address space to everyone on the planet. Binary and alphanumeric representations of IPv4 and IPv6 addresses IPv6 Address Representation Leading zeros in a field are optional. Successive fields of zeros can be represented as two colons "::". This shorthand method can only be used once in an address. An unspecified address is written as "::" because it contains only zeros Incorrect IPv6 Address Representation IPv6 Reserved Address – IETF reserves a portion of space for various uses; Private Address - Private addresses have a first octet value of "FE" in hexadecimal notation, with the next hexadecimal digit being a value from 8 to F. Site-local addresses, are addresses similar to the RFC 1918 Address Allocation for Private Internets in IPv4 today. Begin with "FE" and then "C" to "F" for the third hexadecimal digit. Link-local addresses, they refer only to a particular physical link (physical network). Routers do not forward datagrams using linklocal addresses at all, not even within the organization; they are only for local communication on a particular physical network segment. Link-local addresses begin with "FE" and then have a value from "8" to "B" for the third hexadecimal digit. Loopback Address - The loopback address is 0:0:0:0:0:0:0:1, which is normally expressed using zero compression as "::1". Manual Interface ID Assignment One way to statically assign an IPv6 address to a device is to manually assign both the prefix (network) and interface ID (host) portion of the IPv6 address RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64 EUI-64 Interface ID Assignment The EUI-64 standard stretch IEEE 802 MAC addresses from 48 to 64 bits by inserting the 16-bit 0xFFFE in the middle at the 24th bit of the MAC address to create a 64-bit, unique interface identifier. RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64 MAC 2001:DB8:2222:7272:0090:27FF:FE17:FC0F/64 IPv6 to IPv4 Transition Mechanism Techniques to transition from IPv4 to IPv6 are as follows: Dual stack Tunneling (6to4and 4to6) NAT-PT (NAT Protocol Translation) Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunneling Teredo tunneling Cisco IOS Dual StackDual stacking Dual stacking is an integration method in which a node has implementation and connectivity to both an IPv4 and IPv6 network. This is the recommended option and involves running IPv4 and IPv6 at the same time. Router and switches are configured to support both protocols, with IPv6 being the preferred protocol. Cisco IOS dual stack Cisco IOS Release 12.2(2)T and later (with the appropriate feature set) are IPv6-ready. As soon as you configure basic IPv4 and IPv6 on the interface, the interface is dual-stacked and forwards IPv4 and IPv6 traffic on that interface IPv6 Tunneling Tunneling is an integration method where an IPv6 packet is encapsulated within another protocol, such as IPv4. Enables the connection of IPv6 islands without needing to convert the intermediary networks to IPv6. Requires dual-stack routers. The packet includes a 20-byte IPv4 header with no options and an IPv6 header and payload. Tunneling is an intermediate integration and transition technique and should not be considered as a final solution. A native IPv6 architecture should be the ultimate goal. IPv6 Tunneling Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunneling - Automatic overlay tunneling mechanism that uses the underlying IPv4 network as a link layer for IPv6. ISATAP tunnels allow individual IPv4 or IPv6 dual-stack hosts within a site to communicate with other such hosts on a virtual link, creating an IPv6 network using the IPv4 infrastructure. Teredo tunneling - An IPv6 transition technology that provides host-to-host automatic tunneling instead of gateway tunneling. This approach passes unicast IPv6 traffic when dual-stacked hosts (hosts that are running both IPv6 and IPv4) are located behind one or multiple IPv4 NATs. Tunneling A tunneled network is often difficult to troubleshoot. Example of a Configured Tunnel NAT-PT Enabling IPv6 on Cisco Routers First, you must activate IPv6 traffic-forwarding on the router, and then you must configure each interface that requires IPv6. The ipv6 address command can configure a global IPv6 address. The link-local address is automatically configured when an address is assigned to the interface. You must specify the entire 128-bit IPv6 address or specify to use the 64-bit prefix by using the eui-64 option. IPv6 Address Configuration Example Configuring an IPv6 address on an interface automatically configures the link-local address for that interface. Configure RIPng with IPv6 Create the routing process. Enable the routing process on interfaces. Customize the routing protocol for the network. Example: RIPng for IPv6 Configuration Verifying RIPng for IPv6 Troubleshooting RIPng for IPv6