TNE20002 / TNE70003

IP Addressing Services DHCP and NAT

V1.0

Dynamic Host Configuration Protocol (DHCP)

Almost every device that connects to a network needs an IP address.

Network administrators assign static IP addresses to routers,

servers, and other network devices whose locations (physical and

logical) are not likely to change.
User computers in an organization often change locations, physically

and logically.
Desktop clients do not require a static address.
A workstation can use any address within a range of addresses.
This range is within an IP subnet.

Configure DHCP in an Enterprise Branch Network

DHCP Operation

Address Allocation Methods:

Manual:
The IP address for the client is pre-allocated by the administrator

and DHCP conveys the address to the client.

Automatic:
DHCP automatically assigns a permanent IP address to a client

with no lease period.

Dynamic:

DHCP assigns, or leases, an IP address to the client for a limited

period of time.

DHCP Operation Overview

DHCP
Client and Server on same Subnet
Broadcast

DHCP
Server Port

Client Port
5

Major DHCP features

DHCP Request

DHCP Reply

DHCP Operation Detail

DHCP Operation Detail - Two Servers

Configuring DHCP

The network statement enables DHCP on any router interfaces belonging

to that network.
The router will act as a DHCP server on that interface.
It is also the pool of addresses that the DHCP server will use.
Pool NaMe (vs nAmE) case sensitive
9

Configuring DHCP

The ip dhcp excluded-address command configures the router to exclude an

individual address or
range of addresses
when assigning
addresses to clients.
IP configuration values such as the default gateway can be set.
10

Configuring a Cisco Router as a DHCP Server

The Enabling the DHCP service:

To enable the service:

Router(config)#service dhcp
To disable the service:

Router(config)#no service dhcp

11

Configuring DHCP - Options

12

Verifying and Troubleshooting DHCP

13

DHCP Relay DHCP Server in a different subnet

14

DHCP Relay DHCP Server in a different subnet

15

DHCP Relay
DNS

Fa0/1

Fa0/0

Fa0/2

DHCP clients use IP broadcasts to find the DHCP server on the subnet.

What happens when the server and the client are not on the same subnet ?
Routers do not forward these broadcasts.

Use the ip helper-address command to relay broadcast requests for these key UDP
services.

16

Using Helper Address

DNS

Fa0/1

Fa0/0

Fa0/2

17

Configuring IP Helper Unicast Address

DNS

Fa0/1

Fa0/0

Broadcast

Fa0/2

Unicast

To configure RTA Fa0/0, the interface that receives the Host A broadcasts, to relay DHCP
broadcasts as a unicast to the DHCP server:
RTA(config)#interface Fa0/0
e0
RTA(config-if)#ip helper-address 172.24.1.9 Specify the DHCP Server

18

Configuring IP helper Directed Broadcast address

DNS

Fa0/1

Fa0/0
Broadcast

Fa0/2
Directed broadcast

Helper address configuration that relays broadcast to all servers on the segment.
Fa0/0
RTA(config)#interface e0

RTA(config-if)#ip helper-address 172.24.1.255

Will RTA forward the directed broadcast ?

19

Directed Broadcast
Fa0/0

Fa0/2

20

Directed Broadcast

The RTA interface Fa 0/2, which connects to the server farm, is not configured with helper
addresses.

However, the output shows that for this interface, directed broadcast forwarding is
disabled.

This means that the router will not convert the logical broadcast 172.24.1.255 into a
physical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-FF.

To allow all the nodes in the server farm to receive the broadcasts at Layer 2,
Fa 0/2 will need to be
configured to forward directed broadcasts:

RTA(config)#interface fa 0/2
RTA(config-if)#ip directed-broadcast

21

Configuring IP helper Directed Broadcast ddress

DNS

Fa0/1

Fa0/0

Fa0/2

Helper address configuration that relays broadcasts to all servers on the subnet.
RTA(config)#interface Fa 0/0
RTA(config-if)#ip helper-address 172.24.1.255
RTA(config)#interface Fa 0/2
RTA(config-if)#ip directed-broadcast
22

Network Address Translation

NAT (defined by RFC 1631) is designed to conserve IP addresses and

enable networks to use private IP addresses on internal networks.

These private, internal addresses are translated to routable, public

addresses for accessing the Internet.

NAT translations can occur dynamically or statically.

NAT (PAT) port address translation allows multiple inside addresses to

map to the same global address.

23

Private addressing Internal Networks

24

NAT Example
Private

Public

Destination

NAT

Inside Local IP address The IP private address assigned to a host on the inside
network.

Inside Global IP address A public IP address that represents one or more inside
local IP addresses to the outside world.

Outside Global IP address The public IP address assigned to a destination host

on the outside network.
25

NAT Example Private source to Public source

2

DA
128.23.2.2

DA

SA
10.0.0.3
IP Header

....

Data

SA

128.23.2.2

179.9.8.80

IP Header

....

Data

The translation from Private source IP address to Public source IP address.

26

NAT Example - Public destination to Private destination

4

.79

DA

SA

10.0.0.3

128.23.2.2

IP Header

DA
....

Data

179.9.8.80

SA
128.23.2.2

....

Data

IP Header

Translation back, from Public destination IP address to Private destination IP address.

27

PAT Port Address Translation

10.0.0.3:1555

Allows you to use a single Public IP address and assign it up to 40000 inside hosts
Multiple private IP addresses can be translated by a single public address (many-to-one translation).
Tracks and translates SA, DA and SP (which uniquely identifies each connection) for each stream of
traffic.
28

PAT Example

NAT/PAT table maintains

translation of:
DA, SA, SP
DA
128.23.2.2

SA
10.0.0.3
IP Header

1
DA
128.23.2.2

SA
10.0.0.2
IP Header

DP
80

SP
1331

DA
Data

TCP/UDP
Header
DP
80

TCP/UDP
Header

128.23.2.2 179.9.8.80
IP Header

SP
1555

SA

DA
Data

SA

128.23.2.2 179.9.8.80
IP Header

DP
80

SP
3333
1331

Data

TCP/UDP
Header
DP
80

SP
1555
2222

Data

TCP/UDP
Header
29

PAT Example

NAT/PAT table maintains

translation of:
SA (DA), DA (SA), DP (SP)
DA
10.0.0.3

SA
128.23.2.2
IP Header

4
DA

SA

10.0.0.2

128.23.2.2
IP Header

DP

SP

1331

80

DA
Data

TCP/UDP
Header
DP
1555

80

TCP/UDP
Header

179.9.8.80 128.23.2.2

SP

DA
Data

SA

179.9.8.80

IP Header

SA

DP

SP

3333
1331

80

TCP/UDP
Header
DP

128.23.2.2 1555
2222
IP Header

Data

SP
80

Data

TCP/UDP
Header
30

Configuring Static NAT

Inside Fa0/0

S0/0/0 outside

192.168.1.2

Fa0/0

S0/0/0

192.168.1.2

31

Configuring Dynamic NAT

Inside Fa0/0

S0/0/0 outside

Translate to these range of

outside addresses

Fa0/0
Binding to ACL
S0/0/0
Source subnet IP address
must match here
32

Configuring PAT Overload

Inside Fa0/0

S0/0/0 outside

In this example a pool of Public IP addresses is used, using PAT, source ports, to
differentiate between connection streams.
33

Configuring PAT Overload

This is a different
example, using the IP
address of the outside
interface instead of
specifying a pool of IP
addresses

34

NAT Clear Commands

35

Verifying NAT

36

Troubleshooting NAT/PAT

Watch the NAT translations

37

Issues with NAT/PAT

NAT also forces some applications that use IP addressing to stop

functioning because it hides end-to-end IP addresses. .
Sometimes, this problem can be avoided by implementing static NAT
mappings.

38

THE

END

39