1 NAT/PAT/DHCP 2 Table of Content 1 Scaling networks with Network Address Translation and Port Address Translation 2 Dynamic Host Configuration Protocol 3 SCALING NETWORKS WITH NAT AND PAT 4 Private addressing  10.0.0.0 – 10.255.255.255  172.16.0.0 – 172.31.255.255  192.168.0.0 – 192.168.255.255 5 Introducing NAT and PAT  Cisco defines the following NAT terms:  Inside local address  Inside global address  Outside local address  Outside global address 6 Major NAT and PAT features  Static NAT is designed to allow one-to-one mapping of local and global addresses.  Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host.  Port Address Translation (PAT), maps multiple private IP addresses to a single public IP address 7 Configuring static NAT Router(config)# ip nat inside source static 10.1.1.2 171.69.68.10 Router(config)# interface ethernet 0 Router(config-if)# ip nat inside Router(config)# interface serial 0 Router(config-if)# ip nat outside Inside host 10.1.1.2 Outside host Inside interface Ip nat inside Outside interface Ip nat outside E0 S0 8 Configuring dynamic NAT/PAT  Define private IP addresses range: Router(config)# access-list 1 permit 10.0.0.0 0.0.255.255  Define public IP addresses pool: Router(config)# ip nat pool cisco 179.9.8.0 netmask 255.255.255.240  Establish dynamic source translation: Router(config)# ip nat inside source list 1 pool cisco overload  Specify the inside and outside interface. Internet E0 S0 10.1.1.2 10.1.1.3 10.1.1.1 179.9.8.1 9 Verifying PAT configuration  Clear ip nat translation *  Clear ip nat translation inside global-ip local-ip outside local-ip global-ip  Show ip nat translation  Show ip nat statistics 10 Troubleshooting NAT and PAT configuration 1. Based on the configuration, clearly define what NAT is supposed to achieve. 2. Verify that correct translations exist in the translation table. 3. Verify the translation is occurring by using show and debug commands. 4. Review in detail what is happening to the packet and verify that routers have the correct routing information to move the packet along [...]... Configuring DHCP  Specify DHCP pool:  Router(config)# ip dhcp pool subnet12  Router (dhcp- config)# network 172.16.12.0 255.255.255.0      Router (dhcp- config)# Router (dhcp- config)# Router (dhcp- config)# Router (dhcp- config)# default-router 172.16.12.254 dns-server 172.16.1.2 netbios-name-server 172.16.1.3 domain-name cisco.com Specify the excluded IP addresses range:  Router(config)# ip dhcp excluded-address... Router(config)# ip dhcp excluded-address start-ipaddress end-ip-address 17 Verifying and troubleshooting DHCP operation  show ip dhcp binding  show ip dhcp server statistics  debug ip dhcp server events 18 SRC MAC: MAC A DST MAC: FFFF.FFFF.FFFF IP SRC: ? IP DST: 255.255.255.255 UDP 67 CIADDR: ? GIADDR: ? MASK: ? CHADDR: MAC A DHCP relay A E0: 192.168.1.1/24 IP??? Ip helper-address 192.168.2.254 E1: 192.168.2.1/24... Protocol (SNMP) 12 DHCP 13 Introducing DHCP  Dynamic Host Configuration Protocol (DHCP) works in a client/server mode DHCP enables DHCP clients on an IP network to obtain their configurations from a DHCP server  A DHCP client is included in most modern operating systems including the various Windows operating systems, Novell Netware, Sun Solaris, Linux, and MAC OS 14 BOOTP and DHCP differences BOOTP... parameters DHCP  Dynamic mappings  Lease  Supports 30 over configuration parameters Both protocols are client/server based and use UDP ports 67 and 68 15 DHCP Discover UDP Broadcast Dynamic addressing: DHCP DHCP Offer UDP Broadcast DHCP Request DHCP Ack MAC: Known MAC: Known IP: IP: Unknown Unknown IP Address IP Address Gateway Gateway IP of servers IP of servers And more … And more … DHCP server...Issues with NAT  NAT conserves the legally registered addressing scheme  NAT increases the flexibility of connections to the public network  Consistency of the internal network addressing scheme  NAT increases delay 11 Issues with NAT (cont.)  Cisco IOS NAT does not support the following traffic types:      Routing table updates... that the destination address, the source address, or both addresses are replaced with different addresses  PAT uses unique source port numbers on the inside global IP address to distinguish between translations  NAT and PAT may be configured for static translation, dynamic translation, and overloading  DHCP works in a client/server mode, enabling clients to obtain IP configurations from a DHCP server... MAC A DHCP relay (cont.) E0: 192.168.1.1/24 Ip helper-address 192.168.2.254 IP??? E1: 192.168.2.1/24 SRC MAC:MAC SERV DST MAC: E1 IP SRC: 192.168.2.254 IP DST: 192.168.1.10 UDP 68 CIADDR:192.168.1.10 GIADDR: 192.168.1.1 MASK: 255.255.255.0 CHADDR: MAC A server: 192.168.2.254 20 Summary  Private addresses are for private, internal use and should never be routed by a public Internet router  NAT alters . DHCP  Specify DHCP pool:  Router(config)# ip dhcp pool subnet12  Router (dhcp- config)# network 172.16.12.0 255.255.255.0  Router (dhcp- config)# default-router 172.16.12.254  Router (dhcp- config)#. excluded-address start-ip- address end-ip-address 18 Verifying and troubleshooting DHCP operation  show ip dhcp binding  show ip dhcp server statistics.  debug ip dhcp server events 19 DHCP. 172.16.12.254  Router (dhcp- config)# dns-server 172.16.1.2  Router (dhcp- config)# netbios-name-server 172.16.1.3  Router (dhcp- config)# domain-name cisco.com  Specify the excluded IP addresses range:  Router(config)# ip dhcp