Table Of Contents
This chapter presents basic configuration procedures for miscellaneous features of the Cisco 1700 series routers. It contains the following sections:
Configuring Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol (DHCP) is used to enable hosts (DHCP clients) on an IP network to obtain their configurations from a server (DHCP server). This reduces the work of administering an IP network. The most significant configuration option that the client receives from the server is its IP address.
Perform the following tasks to configure DHCP. Begin in global configuration mode.
In the following example, three DHCP address pools are created: one in network 172.16.0.0, one in subnetwork 172.16.1.0, and one in subnetwork 172.16.2.0. Attributes from network 172.16.0.0, such as the domain name, Domain Name System (DNS) server, NetBIOS name server, and NetBIOS node type, are inherited in subnetworks 172.16.1.0 and 172.16.2.0. In each pool, clients are granted 30-day leases and all addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning to clients.
ip dhcp database ftp://user:email@example.com/router-dhcp
ip dhcp excluded-address 172.16.1.100 172.16.1.103
ip dhcp excluded-address 172.16.2.100 172.16.2.103
ip dhcp pool 0
network 172.16.0.0 /16
dns-server 172.16.1.102 172.16.2.102
netbios-name-server 172.16.1.103 172.16.2.103
ip dhcp pool 1
network 172.16.1.0 /24
default-router 172.16.1.100 172.16.1.101
ip dhcp pool 2
network 172.16.2.0 /24
default-router 172.16.2.100 172.16.2.101
Configuring Network Address Translation
Network Address Translation (NAT) translates IP addresses within private "internal" networks to "legal" IP addresses for transport over public "external" networks (such as the Internet). Incoming traffic is translated back for delivery within the inside network. Thus, NAT allows an organization with unregistered "private" addresses to connect to the Internet by translating those addresses into globally registered IP addresses.
Interfaces are configured as "NAT inside" or "NAT outside." Once the interfaces are configured, the following steps can be performed to establish the NAT configuration within the router.
In this example, we want NAT to allow certain devices on the inside to originate communication with devices on the outside by translating their internal addresses to valid outside addresses or a pool of addresses. The pool in this example is defined as the range of addresses from 172.16.10.1 through 172.16.10.63.
In order to accomplish this translation, we need to use dynamic NAT. With dynamic NAT, the translation table in the router is initially empty. The table is populated as traffic that needs to be translated passes through the router (in contrast with static NAT, in which a translation is statically configured and is placed in the translation table without the need for any traffic).
In this example, we can configure NAT to translate each inside device address to a unique valid outside address, or to translate each inside device address to the same valid outside address. The second method is known as overloading. An example of how to configure each method is given here.
To begin, configure the inside interface with an IP address and as a "NAT inside" interface.
interface inside interface
ip address 10.10.10.1 255.255.255.0
ip nat inside
Then configure the outside interface with an IP address and as a "NAT outside" interface.
interface outside interface
ip address 172.16.10.64 255.255.255.0
ip nat outside
To handle the case in which each inside address is translated to its own unique outside address, define a NAT pool named "no-overload" with a range of addresses from 172.16.10.0 to 172.16.10.63
ip nat pool no-overload 172.16.10.0 172.16.10.63 prefix 24
Define access list 7 to permit packets with source addresses ranging from 10.10.10.0 through 10.10.10.31 and from 10.10.20.0 through 10.10.20.31.
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31
Then indicate that any packet received on the inside interface, as permitted by access list 7, will have its source address translated to an address from the NAT pool "no-overload."
ip nat inside source list 7 pool no-overload
Alternatively, when all inside addresses are translated to a single outside address, define a NAT pool named "ovrld," which has a range of a single IP address: 172.16.10.1.
ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24
Then indicate that any packet received on the inside interface, as permitted by access list 7, will have its source address translated to the address from the NAT pool "ovrld." Translations will be overloaded, which will allow multiple inside devices to be translated to the same outside IP address.
ip nat inside source list 7 pool ovrld overload
The keyword overload used in this command allows NAT to translate multiple inside devices to the single address in the pool.
Another variation of this command is
ip nat inside source list 7 interface outside interface overload
which configures NAT to overload on the address that is assigned to the outside interface.