CCNA 2 – Module 1 WANs and Routers

advertisement
CCNA
Cisco Certified Network Associate
Objectives
 Configure DHCP in an enterprise branch
network
 Configure NAT; PAT on a Cisco router
 IPV6
 Configure new generation RIP (RIPng) to use
IPv6
DHCP
DHCP Overview
 The Dynamic Host Configuration Protocol (DHCP)
was designed to assign IP addresses and other
important network configuration information
dynamically.
 Because desktop clients typically make up the bulk
of network nodes, DHCP is an extremely useful
timesaving tool for network administrators.
 Some devices, such as servers, should be
statically assigned.
DHCP Overview
DHCP
 Manual Allocation: The administrator assigns a pre-allocated
IP address to the client and DHCP only communicates the IP
address to the device.
 Automatic Allocation: DHCP automatically assigns a static
IP address permanently to a device, selecting it from a pool of
available addresses. There is no lease and the address is
permanently assigned to a device.
 Dynamic Allocation: DHCP automatically dynamically
assigns, or leases, an IP address from a pool of addresses for
a limited period of time chosen by the server, or until the client
tells the DHCP server that it no longer needs the address.
BOOTP and DHCP
Both DHCP and BOOTP are client/server based and
use UDP ports 67 and 68.
DHCP Operation
DHCP Operation- DHCP Discovery
1- The DHCP client sends a directed IP broadcast with a DHCP
request.
2- The server notes the blank address field as well as the
hardware address of the client.
DHCP Operation- DHCP Offer
 3- The DHCP server picks an IP address from the available
pool for the segment, as well as the other segment and global
parameters. The server adds these values to the appropriate
fields of the DHCP packet.
 4- Using the hardware address of the client, it sends this
frame back to the client.
DHCP Features
Configuring DHCP
 Note: The network statement enables DHCP on any router interfaces belonging to that
network.
 The router will act as a DHCP server on that interface.
 It is also the pool of addresses that the DHCP server will use.
 no service dhcp disables all DHCP server and relay functionality on the router.
Configuring DHCP
 The ip dhcp excluded-address command configures the router to
exclude an individual address or range of addresses when assigning addresses
to clients.
 Other IP configuration values such as the default gateway can be set from
the DHCP configuration mode.
Verifying DHCP
Verifying DHCP
DHCP Client
DHCP Relay
 DHCP clients use IP broadcasts to find the DHCP server on the
segment.
 What happens when the server and the client are not on the same
segment and are separated by a router?
 Routers do not forward these broadcasts.
 When possible, administrators should use the ip helper-address
command to relay broadcast requests for these key UDP services.
Using helper addresses
Configuring IP helper addresses
Broadcast
Unicast
To configure RTA e0, the interface that receives the Host A broadcasts, to
relay DHCP broadcasts as a unicast to the DHCP server, use the following
commands:
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.9
Verifying and Troubleshooting DHCP
Verifying and Troubleshooting DHCP
R2# show ip dhcp conflict
IP address Detection Method Detection time
192.168.1.32 Ping Feb 16 2007 12:28 PM
192.168.1.64 Gratuitous ARP Feb 23 2007 08:12 AM
The server uses the ping command to detect conflicts. The client uses
Address Resolution Protocol (ARP) to detect clients. If an address conflict
is detected, the address is removed from the pool and not assigned until
an administrator resolves the conflict.
Overview
 NAT allows private addresses to be translated into
public, routable addresses.
 DHCP server assigns IP dynamic addresses to devices
inside the network
 This conserves an organizations registered IP
addresses and allows the packet to be transported over
public external networks, such as the Internet.
 A variation of NAT, called Port Address Translation
(PAT), allows many internal private addresses to be
translated to one or more external public address.
Benefits and Drawbacks of Using NAT
How NAT Works
 A NAT-enabled device typically operates at the border of a stub
network.
 Devices within the internal network have private IP addresses
that must be translated to public, routable addresses.
NAT Terms
 Inside local address — The IP address assigned to a host on
the inside network. This address is likely to be an RFC 1918
private address.
 Inside global address — A legitimate IP address assigned
by the RIR or service provider that represents one or more
inside local IP addresses to the outside world.
 Outside local address — The IP address of an outside host
as it appears to the inside network. Not necessarily a
legitimate address, it is allocated from an address space
routable on the inside.
 Outside global address — Reachable IP address assigned
to a host on the Internet.
How NAT Works
NAT Table
 The NAT table records inside to outside mappings.
Static and Dynamic NAT
Inside
 Static NAT is designed to allow one-to-one mapping of local and
global addresses.
 Dynamic NAT is designed to map a private IP address to a public
address.
Dynamic NAT
Dynamic NAT
 NAT can be dynamic or static.
 Dynamic NAT translates inside addresses using a pool of
global addresses.
 Each inside local address is dynamically assigned an
inside global address from an administratively defined
pool of addresses.
 Dynamic NAT enables hosts on a private network to
access the internet by translating private addresses into
public addresses.
Configure Dynamic Nat
1- Define a pool of global addresses to be allocated as needed.
 router(config)# ip nat pool pool-name start-ip end-ip
netmask netmask
2- Define a standard access list to identify which hosts will be
translated.
 router(config)# access-list number permit network
mask
3- Establish dynamic source translation, identifying the access
list defined in the previous step.
 router(config)# ip nat inside source list access-listnum pool pool-name
4- Identify interfaces as inside or outside with regard to NAT.
 router(config-if)# ip nat {inside|outside}
Sample Dynamic NAT Configuration
Confirming NAT Operation
Troubleshooting NAT
outgoing
incoming
Static NAT
Static NAT
 Permits devices with a private address to be seen
on a public network.
 Static translations are entered directly into the
configuration and are always in the translation
table.
 Typically used for web servers.
Configure Static Nat
1- Establish static translation between inside and outside
addresses.
 router(config)# ip nat inside source static local-ip
global-ip
2- Identify interfaces as inside or outside with regard to
NAT.
 router(config-if)# ip nat {inside|outside}
Configuring Static NAT
NAT Overload or PAT
(Port Address Translation)
 NAT overloading (sometimes called Port Address
Translation or PAT) maps multiple private IP
addresses to a single public IP address or a few
addresses.
 ISP assigns one address to your router, yet several
members of your family can simultaneously surf the
Internet.
 With NAT overloading, multiple addresses can be
mapped to one or to a few addresses because each
private address is also tracked by a port
number. When a client opens a TCP/IP session, the
NAT router assigns a port number to its source
address.
Configuring PAT
1- Configure a NAT pool. (Or overload an interface.)
2- Create an access list to determine which address
should be translated.
3- Assign this access list to the NAT pool and set it for
overload.
4- Assign inside and outside interfaces.
Overloading NAT
1- Configure NAT pool
 Range of addresses:
 ip nat pool bigpool 192.168.1.33 192.168.1.57 netmask
255.255.255.224
 Single address
 ip nat pool smallpool 192.168.1.33 192.168.1.33 netmask
255.255.255.224
2- Create a standard access list to identify which addresses should be
translated
 access-list 24 permit 10.0.0.0 0.255.255.255
3- Assign this access list to the NAT pool and set it for overload
 ip nat inside source list 24 pool bigpool overload
4- Assign inside and outside interfaces
 router(config-if)# ip nat {inside|outside}
Configuring PAT
Interface is
used in place
of a NAT pool.
Debug NAT translations
 s= - Refers to the source IP address.
 a.b.c.d  w.x.y.z - Indicates that source address a.b.c.d is translated to w.x.y.z.
 d= - Refers to the destination IP address.
 [xxxx] - The value in brackets is the IP identification number. This information may be
useful for debugging in that it enables correlation with other packet traces from
protocol analyzers.
Dúvidas????
Internet Protocol V6 (IPV6)
Introduction
 The Internet and IP-related technologies have
experienced rapid growth.
 Because of the dramatic growth, the number of available
IP (v4) addresses is quickly running out.
 Current IP addresses poorly allocated
 New network devices on the rise (PDA, Cell Phones, … )
•DHCP and NAT have helped reduce the need for IP
addresses, it is estimated that we will run out of
unique IPv4 addresses by 2010
Business motivators for Using IPv6
 Movement to change from IPv4 to IPv6 has already begun,
particularly in Europe, Japan, and the Asia-Pacific region.
These areas are exhausting their allotted IPv4 addresses,
which makes IPv6 all the more attractive and necessary.
 All U.S. government agencies must start using IPv6 across
their core networks by 2008, and the agencies are working
to meet that deadline.
Extension Headers: Follows the previous
eight fields.
•- The IPv4 header has 20 octets and 12 basic header fields,
followed by an options field and a data portion
•- The IPv6 header has 40 octets, three IPv4 basic header
fields, and five additional header fields.
IPv6 Address Representation
 IPv6 address is a 128-bit binary value, which can be displayed as
32 hexadecimal digits.
 IPv6 should provide sufficient addresses for future Internet
growth needs for many years to come.
 There are enough IPv6 addresses to allocate more than the entire
IPv4 Internet address space to everyone on the planet.
Binary and alphanumeric representations of
IPv4 and IPv6 addresses
IPv6 Address Representation
 Leading zeros in a field are optional.
 Successive fields of zeros can be represented as two colons "::". This
shorthand method can only be used once in an address.
 An unspecified address is written as "::" because it contains only
zeros
Incorrect
IPv6 Address Representation
IPv6
 Reserved Address – IETF reserves a portion of space for
various uses;
 Private Address - Private addresses have a first octet value
of "FE" in hexadecimal notation, with the next hexadecimal
digit being a value from 8 to F.
 Site-local addresses, are addresses similar to the RFC 1918
Address Allocation for Private Internets in IPv4 today. Begin with
"FE" and then "C" to "F" for the third hexadecimal digit.
 Link-local addresses, they refer only to a particular physical link
(physical network). Routers do not forward datagrams using linklocal addresses at all, not even within the organization; they are
only for local communication on a particular physical network
segment. Link-local addresses begin with "FE" and then have a
value from "8" to "B" for the third hexadecimal digit.
 Loopback Address - The loopback address is 0:0:0:0:0:0:0:1,
which is normally expressed using zero compression as "::1".
Manual Interface ID Assignment
 One way to statically assign an IPv6 address to a device is to
manually assign both the prefix (network) and interface ID (host)
portion of the IPv6 address
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64
EUI-64 Interface ID Assignment
The EUI-64 standard stretch IEEE 802 MAC addresses from 48 to 64 bits by
inserting the 16-bit 0xFFFE in the middle at the 24th bit of the MAC address to
create a 64-bit, unique interface identifier.
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64
MAC
2001:DB8:2222:7272:0090:27FF:FE17:FC0F/64
IPv6 to IPv4 Transition Mechanism
 Techniques to transition from IPv4 to IPv6 are as follows:
 Dual stack
 Tunneling (6to4and 4to6)
 NAT-PT (NAT Protocol Translation)
 Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
tunneling
 Teredo tunneling
Cisco IOS Dual StackDual stacking
 Dual stacking is an integration method in which a node has
implementation and connectivity to both an IPv4 and IPv6 network.
This is the recommended option and involves running IPv4 and
IPv6 at the same time. Router and switches are configured to support
both protocols, with IPv6 being the preferred protocol.
Cisco IOS dual stack
 Cisco IOS Release 12.2(2)T and later (with the appropriate feature
set) are IPv6-ready. As soon as you configure basic IPv4 and
IPv6 on the interface, the interface is dual-stacked and
forwards IPv4 and IPv6 traffic on that interface
IPv6 Tunneling
 Tunneling is an integration method where an IPv6 packet is




encapsulated within another protocol, such as IPv4.
Enables the connection of IPv6 islands without needing to
convert the intermediary networks to IPv6.
Requires dual-stack routers.
The packet includes a 20-byte IPv4 header with no options
and an IPv6 header and payload.
Tunneling is an intermediate integration and transition
technique and should not be considered as a final solution. A
native IPv6 architecture should be the ultimate goal.
IPv6 Tunneling
 Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP) tunneling - Automatic overlay tunneling
mechanism that uses the underlying IPv4 network as a
link layer for IPv6. ISATAP tunnels allow individual IPv4 or
IPv6 dual-stack hosts within a site to communicate with
other such hosts on a virtual link, creating an IPv6
network using the IPv4 infrastructure.
 Teredo tunneling - An IPv6 transition technology that
provides host-to-host automatic tunneling instead of
gateway tunneling. This approach passes unicast IPv6
traffic when dual-stacked hosts (hosts that are running
both IPv6 and IPv4) are located behind one or multiple
IPv4 NATs.
Tunneling
 A tunneled network is often difficult to
troubleshoot.
Example of a Configured Tunnel
NAT-PT
Enabling IPv6 on Cisco Routers
 First, you must activate IPv6 traffic-forwarding on the router,
and then you must configure each interface that requires
IPv6.
 The ipv6 address command can configure a global IPv6
address. The link-local address is automatically
configured when an address is assigned to the interface.
You must specify the entire 128-bit IPv6 address or specify to
use the 64-bit prefix by using the eui-64 option.
IPv6 Address Configuration Example
Configuring an IPv6 address on an interface automatically
configures the link-local address for that interface.
Configure RIPng with IPv6
 Create the routing process.
 Enable the routing process on interfaces.
 Customize the routing protocol for the network.
Example: RIPng for IPv6 Configuration
Verifying RIPng for IPv6
Troubleshooting RIPng for IPv6
Download