Học viện mạng Bach Khoa - Website: www.bkacad.com 4Introducing DHCP DHCP assigns IP addresses and other important network configuration information dynamically... Học viện mạng Bach K
Trang 1Chapter 7 - Implementing
IP Addressing Services
CCNA Exploration 4.0
Trang 2Học viện mạng Bach Khoa - Website: www.bkacad.com 2
Introduction
Trang 3Học viện mạng Bach Khoa - Website: www.bkacad.com 3
DHCP
Trang 4Học viện mạng Bach Khoa - Website: www.bkacad.com 4
Introducing DHCP
DHCP assigns IP addresses and other important
network configuration information dynamically.
Trang 5Học viện mạng Bach Khoa - Website: www.bkacad.com 5
DHCP Operation
• Manual Allocation: The
administrator assigns a
pre-allocated IP address to the
client and DHCP only
communicates the IP address
to the device
• Automatic Allocation: DHCP
automatically assigns a static
IP address permanently to a
device, selecting it from a pool
of available addresses There
is no lease and the address is
address from a pool of
addresses for a limited
period of time chosen by the
server, or until the client tells
the DHCP server that it no
longer needs the address
Trang 6Học viện mạng Bach Khoa - Website: www.bkacad.com 6
BOOTP and DHCP
• Both DHCP and BOOTP are client/server based and
as BOOTP ports
Trang 7Học viện mạng Bach Khoa - Website: www.bkacad.com 7
DHCP Message Format
Trang 8Học viện mạng Bach Khoa - Website: www.bkacad.com 8
DHCP Discover
Trang 9Học viện mạng Bach Khoa - Website: www.bkacad.com 9
DHCP Offer
Trang 10Học viện mạng Bach Khoa - Website: www.bkacad.com 10
Configuring a DHCP Server
Trang 11Học viện mạng Bach Khoa - Website: www.bkacad.com 11
Configuring a DHCP Server
Example
Trang 12Học viện mạng Bach Khoa - Website: www.bkacad.com 12
Verifying DHCP
PC1: ipconfig /all
Trang 13Học viện mạng Bach Khoa - Website: www.bkacad.com 13
Verifying DHCP
PC2: ipconfig /all
Trang 14Học viện mạng Bach Khoa - Website: www.bkacad.com 14
Verifying DHCP
Trang 15Học viện mạng Bach Khoa - Website: www.bkacad.com 15
Configuring a DHCP Client
Trang 16Học viện mạng Bach Khoa - Website: www.bkacad.com 16
Configuring a DHCP Client
Trang 17Học viện mạng Bach Khoa - Website: www.bkacad.com 17
DHCP Relay
Host Problem
Trang 18Học viện mạng Bach Khoa - Website: www.bkacad.com 18
DHCP Relay
Host Renew
Trang 19Học viện mạng Bach Khoa - Website: www.bkacad.com 19
Trang 20Học viện mạng Bach Khoa - Website: www.bkacad.com 20
DHCP Relay
• Notice that the RTA interface e3, which connects to the server farm, is not configured with helper addresses
• However, the output shows that for this interface, directed broadcast forwarding is
disabled This means that the router will not convert the logical broadcast
172.24.1.255 into a physical broadcast with a Layer 2 address of
FF-FF-FF-FF-FF-FF
• To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will
need to be configured to forward directed broadcasts with the following command:
RTA(config)#interface e3
RTA(config-if)#ip directed-broadcast
Trang 21Học viện mạng Bach Khoa - Website: www.bkacad.com 21
Trang 22Học viện mạng Bach Khoa - Website: www.bkacad.com 22
Using helper addresses
• By default, the ip helper-address command forwards the eight UDPs services
• The Cisco IOS provides the global configuration command ip
forward-protocol to allow an administrator to forward any UDP port in addition to the
default eight.
Trang 23Học viện mạng Bach Khoa - Website: www.bkacad.com 23
Configuring a DHCP Server Using SDM
Trang 24Học viện mạng Bach Khoa - Website: www.bkacad.com 24
Configuring a DHCP Server Using SDM
Trang 25Học viện mạng Bach Khoa - Website: www.bkacad.com 25
Verifying and Troubleshooting DHCP
Trang 26Học viện mạng Bach Khoa - Website: www.bkacad.com 26
Verifying and Troubleshooting DHCP
Trang 27Học viện mạng Bach Khoa - Website: www.bkacad.com 27
Scaling Networks with NAT
Trang 28Học viện mạng Bach Khoa - Website: www.bkacad.com 28
Private and Public IP Addressing
Trang 29Học viện mạng Bach Khoa - Website: www.bkacad.com 29
What is NAT ?
Trang 30Học viện mạng Bach Khoa - Website: www.bkacad.com 30
NAT Terminology
• Inside local address - Usually not an IP address assigned by a RIR or service provider
and is most likely an RFC 1918 private address
• Inside global address - Valid public address that the inside host is given when it exits
the NAT router
– When traffic from PC1 is destined for the web server at 209.165.201.1, router R2 must translate the address In this case, IP address 209.165.200.226 is used as the inside global address for PC1.
• Outside global address - Reachable IP address assigned to a host on the Internet
– For example, the web server is reachable at IP address 209.165.201.1
• Outside local address - The local IP address assigned to a host on the outside
network In most situations, this address will be identical to the outside global address of that outside device
Trang 32Học viện mạng Bach Khoa - Website: www.bkacad.com 32
The Forms of NAT
• Dynamic NAT – Maps an unregistered IP address to a registered IP address from a group of registered IP addresses Dynamic NAT also establishes a one-to-one mapping between unregistered and
registered IP address, but the mapping could vary depending on the registered address available in the pool, at the time of communication
Trang 33Học viện mạng Bach Khoa - Website: www.bkacad.com 33
The Forms of NAT
• Overloading – A form of dynamic NAT that maps multiple unregistered
IP addresses to a single registered IP address (many-to-one) by using different ports Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT
Trang 34Học viện mạng Bach Khoa - Website: www.bkacad.com 34
• Outside local address – The IP address of an outside host as it is known to the hosts
on the inside network.
• Outside global address – The IP address assigned to a host on the outside network The owner of the host assigns this address.
Trang 35Học viện mạng Bach Khoa - Website: www.bkacad.com 35
Trang 36Học viện mạng Bach Khoa - Website: www.bkacad.com 36
NAT overload
Trang 37Học viện mạng Bach Khoa - Website: www.bkacad.com 37
Next Available Port
Trang 38Học viện mạng Bach Khoa - Website: www.bkacad.com 38
Benefits and Drawbacks of Using NAT
Trang 39Học viện mạng Bach Khoa - Website: www.bkacad.com 39
Configure Static NAT on a Cisco Router
Trang 40Học viện mạng Bach Khoa - Website: www.bkacad.com 40
Example
Trang 41Học viện mạng Bach Khoa - Website: www.bkacad.com 41
Configure Dynamic NAT on a Cisco Router
Trang 42Học viện mạng Bach Khoa - Website: www.bkacad.com 42
Configure Dynamic NAT on a Cisco Router
Trang 43Học viện mạng Bach Khoa - Website: www.bkacad.com 43
Example
Translate to these outside addresses
Trang 44Học viện mạng Bach Khoa - Website: www.bkacad.com 44
Configuring NAT Overload for a Single Public IP Address
Trang 45Học viện mạng Bach Khoa - Website: www.bkacad.com 45
Configuring NAT Overload for a Single Public IP Address
Trang 46Học viện mạng Bach Khoa - Website: www.bkacad.com 46
Configuring NAT Overload for a Pool of Public IP Addresses
Trang 47Học viện mạng Bach Khoa - Website: www.bkacad.com 47
Configuring NAT Overload for a Pool of Public IP Addresses
Trang 48Học viện mạng Bach Khoa - Website: www.bkacad.com 48
Port Forwarding
• Port forwarding (sometimes referred to as tunneling ) is the act of forwarding a network port from one network node to another
• This technique can allow an external user to reach a port on a private IP
address (inside a LAN) from the outside through a NAT-enabled router.
Trang 49Học viện mạng Bach Khoa - Website: www.bkacad.com 49
Port Forwarding
http://portforward.com
Trang 50Port Forwarding
• Ip nat inside source static [tcp/udp] Inside Local IP address Local TCP/UDP
Port Inside Global IP address Global TCP/UDP Port
Examples:
• ip nat inside source static udp 10.0.25.22 53 222.25.249.33 53
• ip nat inside source static udp 10.0.25.33 53 222.25.249.34 53
• ip nat inside source static tcp 10.0.25.16 80 222.25.249.34 80
• ip nat inside source static tcp 10.0.17.2 1723 222.25.249.34 1723
• ip nat inside source static tcp 10.0.25.17 80 222.25.249.34 8082
Học viện mạng Bach Khoa - Website: www.bkacad.com 50
Trang 51Học viện mạng Bach Khoa - Website: www.bkacad.com 51
Verifying NAT and NAT Overload
Trang 52Học viện mạng Bach Khoa - Website: www.bkacad.com 52
Verifying NAT and NAT Overload
Trang 53Học viện mạng Bach Khoa - Website: www.bkacad.com 53
Troubleshooting NAT and NAT Overload Configuration
• Step 1 Based on the configuration, clearly define what NAT is supposed to
achieve This may reveal a problem with the configuration.
• Step 2 Verify that correct translations exist in the translation table using the
show ip nat translations command.
• Step 3 Use the clear and debug commands to verify that NAT is operating as
expected Check to see if dynamic entries are recreated after they are cleared.
• Step 4 Review in detail what is happening to the packet, and verify that
routers have the correct routing information to move the packet.
Trang 54Học viện mạng Bach Khoa - Website: www.bkacad.com 54
IPv6
Trang 55Học viện mạng Bach Khoa - Website: www.bkacad.com 55
Reason for using IPv6
Trang 56Học viện mạng Bach Khoa - Website: www.bkacad.com 56
Reason for using IPv6
Trang 57Học viện mạng Bach Khoa - Website: www.bkacad.com 57
Address space
Trang 58Học viện mạng Bach Khoa - Website: www.bkacad.com 58
IPv6 Features
Trang 59Học viện mạng Bach Khoa - Website: www.bkacad.com 59
IPv6 Features
Trang 60Học viện mạng Bach Khoa - Website: www.bkacad.com 60
Comparing IPv4 and IPv6 Headers
• Flow Label: 20-bit field that allows a particular flow of traffic to be labeled It
can be used for multilayer switching techniques and faster packet-switching
performance
• Extension Headers: Follows the previous eight fields The number of
extension headers is not fixed, so the total length of the extension header
chain is variable
Traffic class: ToS Payload Length Next Header: Tcp, Udp… Hop Limit: TTL
No Checksum
Trang 61Học viện mạng Bach Khoa - Website: www.bkacad.com 61
Extension header
Extension Header
Extension Header
Trang 62Học viện mạng Bach Khoa - Website: www.bkacad.com 62
Extension header
Trang 63Học viện mạng Bach Khoa - Website: www.bkacad.com 63
IPv6 Extension Headers
• IPv6 Header: Basic header described in the previous figure
• Hop-by-hop options header: When used for the router alert
(Resource Reservation Protocol [RSVP] and Multicast Listener
Discovery version 1 [MLDv1]) and the jumbogram, this header (value = 0) is processed by all hops in the path of a packet
• Destination options header (when the routing header is used)
• Routing header: Used for source routing and mobile IPv6 (value =
43)
• Fragment header: Used when a source must fragment a packet that is
larger than the MTU for the path between itself and a destination
device
• Authentication Header and Encapsulating Security Payload
header: Used within IPsec to provide authentication, integrity, and
confidentiality of a packet
– The Authentication Header (value = 51)
– The ESP header (value = 50)
• Upper-layer header: Typical headers used inside a packet to transport
the data The two main transport protocols are TCP (value = 6 ) and
UDP (value = 17).
Trang 64Học viện mạng Bach Khoa - Website: www.bkacad.com 64
Defining Address Representation
• Leading zeros in a field are optional, so 09C0 = 9C0 and 0000 = 0.
• Successive fields of zeros can be represented as “::” only once in an address
• An unspecified address is written as “::” because it contains only zeros.
Trang 65Học viện mạng Bach Khoa - Website: www.bkacad.com 65
IPv6 Address Types
1 Unicast address
– Link local (FE80::/10): Scope is configured to single link The address is unique only on this
link, and it is not routable off the link (similar to 169.254.x.x private address)
– Site local (FEC0::/10): similar to private address.
– Global: Globally unique , so it can be routed globally with no modification A global address
has an unlimited scope on the worldwide Internet Packets with global source and destination addresses are routed to their target destination by the routers on the Internet
2 Multicast address (FF00::/8): IPv6 does not have broadcast addresses The range of multicast
addresses in IPv6 is larger than in IPv4 For the foreseeable future, allocation of multicast groups is not being limited
3 Anycast address: An anycast address identifies a list of devices or nodes ; therefore, an anycast
address identifies multiple interfaces A packet sent to an anycast address is delivered to the closest interface , as defined by the routing protocols in use
Trang 66Học viện mạng Bach Khoa - Website: www.bkacad.com 66
Special Address
Trang 67Học viện mạng Bach Khoa - Website: www.bkacad.com 67
IPv6 Global Unicast and Anycast address
• Global Unicast Addresses are defined by a global routing prefix, a subnet ID, and an
interface ID The current global unicast address assignment by the Internet Assigned Numbers Authority (IANA) uses the range of addresses that start with binary value 001 (2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of
assigned block addresses.
• The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the five RIR registries (ARIN, RIPE, APNIC, LACNIC, and AfriNIC)
• Addresses with a prefix of 2000::/3 (001) through E000::/3 (111), with the exception of the FF00::/8 (1111 1111) multicast addresses, are required to have 64-bit interface
identifiers in the Extended Universal Identifier (EUI)-64 format.
• When a unicast address is assigned to more than one interface , thus turning it into an anycast address , the nodes to which the address is assigned must be explicitly
configured to use and recognize the anycast address
Trang 68Học viện mạng Bach Khoa - Website: www.bkacad.com 68
Assign IPv6 address
Trang 69Học viện mạng Bach Khoa - Website: www.bkacad.com 69
Stateless Autoconfiguration
1 Phase 1: MAC 00-0C-29-C2-52-FF -> 02-0C-29- FF-FE -C2-52-FF
2 Phase 2: well-known link-local prefix fe80::/64 is added ->
fe80::20c:29ff:fec2:52ff
3 Phase 3: Verify the address’s uniqueness on the link, called duplicate
address detection (DAD) Send ICMPv6.
4 Phase 4: Assigned
Trang 70Học viện mạng Bach Khoa - Website: www.bkacad.com 70
IPv6 to IPv4 Transition Mechanism
Trang 71Học viện mạng Bach Khoa - Website: www.bkacad.com 71
IPv6 to IPv4 Transition Mechanism
• The 2 most common techniques to transition from IPv4 to IPv6 are as
follows:
1 Dual stack
2 IPv6-over-IPv4 (6to4) tunnels
• For communication between IPv4 and IPv6 networks, IPv4 addresses
can be encapsulated in IPv6 addresses.
Trang 72Học viện mạng Bach Khoa - Website: www.bkacad.com 72
Cisco IOS Dual Stack
• Dual stacking is an integration method in which a node has implementation
and connectivity to both an IPv4 and IPv6 network This is the recommended option and involves running IPv4 and IPv6 at the same time
• Using IPv6 on a Cisco IOS router requires that you use the global configuration
command ipv6 unicast-routing This command enables the forwarding of
IPv6 datagrams.
Trang 73Học viện mạng Bach Khoa - Website: www.bkacad.com 73
• Tunneling is an integration method where an IPv6 packet is encapsulated within another protocol, such as IPv4 This method enables the connection of IPv6 islands without needing to convert the
intermediary networks to IPv6.
• When IPv4 is used to encapsulate the IPv6 packet, a protocol type of 41 is specified in the IPv4
header, and the packet includes a 20-byte IPv4 header with no options and an IPv6 header and
payload It also requires dual-stack routers
• Tunneling presents these issues:
– The MTU is decreased by 20 octets (if the IPv4 header does not contain any optional field)
– Difficult to troubleshoot
IPv6 Tunneling