1© 2003, Cisco Systems, Inc. All rights reserved.

CCNA 4 v3.0 Module 1Scaling IP Addresses

222© 2003, Cisco Systems, Inc. All rights reserved.

Objectives

• Scaling networks with Network Address Translation and Port Address Translation

• Dynamic Host Configuration Protocol

333© 2003, Cisco Systems, Inc. All rights reserved.

IP Address Allocation

• Public Internet addresses must be registered by a company with an Internet authority such as:

–American Registry for Internet Numbers (ARIN)

–Réseaux IP Européennes (RIPE)

–Regional Internet Registry (RIR)

• These public Internet addresses can also be leased from an ISP.

–It has become more common to purchase a public address space from an ISP along with your Internet connection.

444© 2003, Cisco Systems, Inc. All rights reserved.

Problems with Public Address Space

• Public addresses cost money.

• You are limited to a smaller address space.

–Example: /27, /28 or /29

32 addresses, 16 addresses or 8 addresses

• Your network address space is open to the public.

Solution: Network Address Translation!

555© 2003, Cisco Systems, Inc. All rights reserved.

Network Address Translation (NAT)

• Network Address Translation is the exchange of private addresses (RFC 1918 addresses) for public addresses.

• Private address are also known as non-routable addresses because they are not allowed on the public Internet.

666© 2003, Cisco Systems, Inc. All rights reserved.

Why NAT??? -- Why Not???

• Without NAT the rapid growth of the Internet would exhaust the IP addresses supplied by IPv4.

• NAT allows for the use of private addresses on the inside interfaces of the router and public addresses on the outside interfaces of the router.

• NAT also hides your inside addressing scheme from the outside world.

• NAT also allows for a far greater address space then that allocated by your ISP.

777© 2003, Cisco Systems, Inc. All rights reserved.

NAT

• A NAT-enabled device typically operates at the border of a stub network.

The ISP will typically set a static route back to your public networkThe connection between your outside interface and the ISP is notgenerally considered part of your public network

Inside Network

Outside Network

10.0.0.0/8

147.144.51.0/27

888© 2003, Cisco Systems, Inc. All rights reserved.

NAT Terms

• Inside Local Addresses – An IP address assigned to a host inside a network. This address is likely to be a RFC 1918 private address.

• Inside Global Address – A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP address to the outside world.

• Outside Local Address - The IP address of an outside host as it known to the hosts in the inside network.

• Outside Global Address - The IP address assigned to a host on the outside network. The owner of the host assigns this address.

999© 2003, Cisco Systems, Inc. All rights reserved.

NAT Features

• Static NAT is designed to allow one-to-one mapping of local and global addresses.

• Dynamic NAT is designed to map a range of private IP addresses to a range of public addresses.

101010© 2003, Cisco Systems, Inc. All rights reserved.

PAT Features – ‘overload’

• PAT uses unique source port numbers on the inside global IP address to distinguish between translations.

PAT will attempt to preserve the original source port. If this source port is already used, PAT will assign the first available port number

111111© 2003, Cisco Systems, Inc. All rights reserved.

NAT Benefits

• Eliminates re-assigning each host a new IP address when changing to a new ISP

• Eliminates the need to re-address all hosts that require external access, saving time and money

• Conserves addresses through application port-level multiplexing

• Protects network security

121212© 2003, Cisco Systems, Inc. All rights reserved.

Configuring NAT and PAT

131313© 2003, Cisco Systems, Inc. All rights reserved.

Configuring NAT – Static NAT

141414© 2003, Cisco Systems, Inc. All rights reserved.

Configuring NAT – Dynamic NAT

ip nat pool <pool_name> 65.89.115.15 65.89.115.250 netmask 255.255.255.0Orip nat pool <pool_name> 65.89.115.15 65.89.115.250 prefix-length 24access-list 92 permit 192.168.0.0 0.0.255.255ip nat inside source list 92 pool <pool_name> [overload]interface e0ip nat insideinterface e1ip nat insideinterface s0ip nat outside

151515© 2003, Cisco Systems, Inc. All rights reserved.

Configuring PAT

A standard access list willspecify the range of insideaddresses that should beNATed

161616© 2003, Cisco Systems, Inc. All rights reserved.

Verifying NAT and PAT Configuration

171717© 2003, Cisco Systems, Inc. All rights reserved.

Troubleshooting NAT and PAT

181818© 2003, Cisco Systems, Inc. All rights reserved.

Issues With NAT

191919© 2003, Cisco Systems, Inc. All rights reserved.

DHCP

• DHCP works by providing a process for a server to allocate the IP information to clients. Clients lease the information from the server for an administratively defined period.

202020© 2003, Cisco Systems, Inc. All rights reserved.

BOOTP and DHCP Differences

• DHCP defines mechanisms through which clients can be assigned an IP address for a finite lease period. – This lease period allows for re-assignment of the IP

address to another client later, or for the client to get another assignment, if the client moves to another subnet.

– Clients may also renew leases and keep the same IP address.

– DHCP provides the mechanism for a client to gather other IP configuration parameters, such as WINS and domain name.

212121© 2003, Cisco Systems, Inc. All rights reserved.

DHCP Operation

222222© 2003, Cisco Systems, Inc. All rights reserved.

The Order of DHCP Messages Transmitting

232323© 2003, Cisco Systems, Inc. All rights reserved.

Configuring DHCP

242424© 2003, Cisco Systems, Inc. All rights reserved.

Configuring DHCP While Excluding IP

252525© 2003, Cisco Systems, Inc. All rights reserved.

Verifying DHCP

262626© 2003, Cisco Systems, Inc. All rights reserved.

Troubleshooting DHCP

272727© 2003, Cisco Systems, Inc. All rights reserved.

DHCP Relay

The command is:ip helper-address A.B.C.D