Professional Documents
Culture Documents
and logically.
Desktop clients do not require a static address.
A workstation can use any address within a range of addresses.
This range is within an IP subnet.
DHCP Operation
period of time.
DHCP
Server Port
Client Port
5
DHCP Request
DHCP Reply
Configuring DHCP
Configuring DHCP
Router(config)#service dhcp
To disable the service:
11
12
13
14
15
DHCP Relay
DNS
Fa0/1
Fa0/0
Fa0/2
DHCP clients use IP broadcasts to find the DHCP server on the subnet.
What happens when the server and the client are not on the same subnet ?
Routers do not forward these broadcasts.
Use the ip helper-address command to relay broadcast requests for these key UDP
services.
16
DNS
Fa0/1
Fa0/0
Fa0/2
17
Fa0/1
Fa0/0
Broadcast
Fa0/2
Unicast
To configure RTA Fa0/0, the interface that receives the Host A broadcasts, to relay DHCP
broadcasts as a unicast to the DHCP server:
RTA(config)#interface Fa0/0
e0
RTA(config-if)#ip helper-address 172.24.1.9 Specify the DHCP Server
18
DNS
Fa0/1
Fa0/0
Broadcast
Fa0/2
Directed broadcast
Helper address configuration that relays broadcast to all servers on the segment.
Fa0/0
RTA(config)#interface e0
Directed Broadcast
Fa0/0
Fa0/2
20
Directed Broadcast
The RTA interface Fa 0/2, which connects to the server farm, is not configured with helper
addresses.
However, the output shows that for this interface, directed broadcast forwarding is
disabled.
This means that the router will not convert the logical broadcast 172.24.1.255 into a
physical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-FF.
To allow all the nodes in the server farm to receive the broadcasts at Layer 2,
Fa 0/2 will need to be
configured to forward directed broadcasts:
RTA(config)#interface fa 0/2
RTA(config-if)#ip directed-broadcast
21
Fa0/1
Fa0/0
Fa0/2
Helper address configuration that relays broadcasts to all servers on the subnet.
RTA(config)#interface Fa 0/0
RTA(config-if)#ip helper-address 172.24.1.255
RTA(config)#interface Fa 0/2
RTA(config-if)#ip directed-broadcast
22
23
24
NAT Example
Private
Public
Destination
NAT
Inside Local IP address The IP private address assigned to a host on the inside
network.
Inside Global IP address A public IP address that represents one or more inside
local IP addresses to the outside world.
DA
128.23.2.2
DA
SA
10.0.0.3
IP Header
....
Data
SA
128.23.2.2
179.9.8.80
IP Header
....
Data
.79
DA
SA
10.0.0.3
128.23.2.2
IP Header
DA
....
Data
179.9.8.80
SA
128.23.2.2
....
Data
IP Header
10.0.0.3:1555
Allows you to use a single Public IP address and assign it up to 40000 inside hosts
Multiple private IP addresses can be translated by a single public address (many-to-one translation).
Tracks and translates SA, DA and SP (which uniquely identifies each connection) for each stream of
traffic.
28
PAT Example
SA
10.0.0.3
IP Header
1
DA
128.23.2.2
SA
10.0.0.2
IP Header
DP
80
SP
1331
DA
Data
TCP/UDP
Header
DP
80
TCP/UDP
Header
128.23.2.2 179.9.8.80
IP Header
SP
1555
SA
DA
Data
SA
128.23.2.2 179.9.8.80
IP Header
DP
80
SP
3333
1331
Data
TCP/UDP
Header
DP
80
SP
1555
2222
Data
TCP/UDP
Header
29
PAT Example
SA
128.23.2.2
IP Header
4
DA
SA
10.0.0.2
128.23.2.2
IP Header
DP
SP
1331
80
DA
Data
TCP/UDP
Header
DP
1555
80
TCP/UDP
Header
179.9.8.80 128.23.2.2
SP
DA
Data
SA
179.9.8.80
IP Header
SA
DP
SP
3333
1331
80
TCP/UDP
Header
DP
128.23.2.2 1555
2222
IP Header
Data
SP
80
Data
TCP/UDP
Header
30
S0/0/0 outside
192.168.1.2
Fa0/0
S0/0/0
192.168.1.2
31
Inside Fa0/0
S0/0/0 outside
Fa0/0
Binding to ACL
S0/0/0
Source subnet IP address
must match here
32
S0/0/0 outside
In this example a pool of Public IP addresses is used, using PAT, source ports, to
differentiate between connection streams.
33
This is a different
example, using the IP
address of the outside
interface instead of
specifying a pool of IP
addresses
34
35
Verifying NAT
36
Troubleshooting NAT/PAT
37
38
THE
END
39