Networking Concepts for the Cisco 1700 Router

Table Of Contents

Miscellaneous Features

Configuring Dynamic Host Configuration Protocol

Configuration Example

Configuring Network Address Translation

Configuration Example


Miscellaneous Features


This chapter presents basic configuration procedures for miscellaneous features of the Cisco 1700 series routers. It contains the following sections:

Configuring Dynamic Host Configuration Protocol

Configuring Network Address Translation

Configuring Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) is used to enable hosts (DHCP clients) on an IP network to obtain their configurations from a server (DHCP server). This reduces the work of administering an IP network. The most significant configuration option that the client receives from the server is its IP address.

Perform the following tasks to configure DHCP. Begin in global configuration mode.


Command
Task

Step 1

ip dhcp excluded-address low-ip-address high-ip-address

Prevent DHCP from assigning one or more IP addresses to potential clients.

Step 2

ip dhcp pool name

Enter DHCP configuration mode, and create a pool of IP addresses that can be assigned to DHCP clients.

Step 3

network address subnet-mask

Specify a range of IP addresses that can be assigned to the DHCP clients.

Step 4

default-router ip-address

Specify the default router.

Step 5

domain-name domain name

Specify the domain name.

Step 6

dns-server ip-address

Specify the DNS server.

Step 7

netbios-name-server ip-address

Specify the NetBIOS name server.

Step 8

netbios-node-type node-type

Specify the NetBIOS node type.

Step 9

lease days
lease infinite

Specify the duration of the lease.

Configuration Example

In the following example, three DHCP address pools are created: one in network 172.16.0.0, one in subnetwork 172.16.1.0, and one in subnetwork 172.16.2.0. Attributes from network 172.16.0.0, such as the domain name, Domain Name System (DNS) server, NetBIOS name server, and NetBIOS node type, are inherited in subnetworks 172.16.1.0 and 172.16.2.0. In each pool, clients are granted 30-day leases and all addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning to clients.

ip dhcp database ftp://user:password@172.16.4.253/router-dhcp
write-delay 120
ip dhcp excluded-address 172.16.1.100 172.16.1.103
ip dhcp excluded-address 172.16.2.100 172.16.2.103
!
ip dhcp pool 0
 network 172.16.0.0 /16
 domain-name cisco.com
 dns-server 172.16.1.102 172.16.2.102
 netbios-name-server 172.16.1.103 172.16.2.103
 netbios-node-type h-node
!
ip dhcp pool 1
 network 172.16.1.0 /24
 default-router 172.16.1.100 172.16.1.101
 lease 30
!
ip dhcp pool 2
 network 172.16.2.0 /24
 default-router 172.16.2.100 172.16.2.101
 lease 30

Configuring Network Address Translation

Network Address Translation (NAT) translates IP addresses within private "internal" networks to "legal" IP addresses for transport over public "external" networks (such as the Internet). Incoming traffic is translated back for delivery within the inside network. Thus, NAT allows an organization with unregistered "private" addresses to connect to the Internet by translating those addresses into globally registered IP addresses.

Interfaces are configured as "NAT inside" or "NAT outside." Once the interfaces are configured, the following steps can be performed to establish the NAT configuration within the router.


Command
Task

Step 1

ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

Create a pool of global IP addresses for NAT.

Step 2

access-list access-list-number permit source [source-wildcard]

Define a standard access list permitting addresses that need translation.

Step 3

ip nat inside source list access-list-number pool name [overload]

Enable dynamic translation of addresses permitted by access list. Overload allows the use of one global address, from the pool, for many local addresses.

Step 4

ip nat outside source static global-ip local-ip

Enable static translation of a specified outside source address. This command is optional.

Configuration Example

In this example, we want NAT to allow certain devices on the inside to originate communication with devices on the outside by translating their internal addresses to valid outside addresses or a pool of addresses. The pool in this example is defined as the range of addresses from 172.16.10.1 through 172.16.10.63.

In order to accomplish this translation, we need to use dynamic NAT. With dynamic NAT, the translation table in the router is initially empty. The table is populated as traffic that needs to be translated passes through the router (in contrast with static NAT, in which a translation is statically configured and is placed in the translation table without the need for any traffic).

In this example, we can configure NAT to translate each inside device address to a unique valid outside address, or to translate each inside device address to the same valid outside address. The second method is known as overloading. An example of how to configure each method is given here.

To begin, configure the inside interface with an IP address and as a "NAT inside" interface.

interface inside interface
  ip address 10.10.10.1 255.255.255.0
  ip nat inside

Then configure the outside interface with an IP address and as a "NAT outside" interface.

interface outside interface
  ip address 172.16.10.64 255.255.255.0
  ip nat outside

To handle the case in which each inside address is translated to its own unique outside address, define a NAT pool named "no-overload" with a range of addresses from 172.16.10.0 to 172.16.10.63

ip nat pool no-overload 172.16.10.0 172.16.10.63 prefix 24

Define access list 7 to permit packets with source addresses ranging from 10.10.10.0 through 10.10.10.31 and from 10.10.20.0 through 10.10.20.31.

access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31

Then indicate that any packet received on the inside interface, as permitted by access list 7, will have its source address translated to an address from the NAT pool "no-overload."

ip nat inside source list 7 pool no-overload

Alternatively, when all inside addresses are translated to a single outside address, define a NAT pool named "ovrld," which has a range of a single IP address: 172.16.10.1.

ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24

Then indicate that any packet received on the inside interface, as permitted by access list 7, will have its source address translated to the address from the NAT pool "ovrld." Translations will be overloaded, which will allow multiple inside devices to be translated to the same outside IP address.

ip nat inside source list 7 pool ovrld overload

The keyword overload used in this command allows NAT to translate multiple inside devices to the single address in the pool.

Another variation of this command is

ip nat inside source list 7 interface outside interface overload

which configures NAT to overload on the address that is assigned to the outside interface.

0 Responses

    About Me

    Dasar Pemikiran “Dan hendaklah diantara kamu ada segolongan yang menyeru kepada kebajikan, menyuruh berbuat yang ma’ruf, dan mencegah dari yang munkar. Dan mereka itulah orang-orang yang beruntung.” (QS. Ali Imran : 104) “Kamu (umat Islam) adalah umat terbaik yang dilahirkan untuk manusia, (karena kamu) menyuruh (berbuat) yang ma’ruf, dan menegah dari yang munkar. Dan mereka itulah orang-orang yang beruntung.” (QS. Ali Imran : 110) “Dan (ingatlah) ketika suatu umat berkata, “mengapa kamu menasihati kaum yang Allah akan membinasakan mereka atau mengazab mereka dengan azab yang amat keras?” mereka menjawab, “Agar kami mempunyai alasan (pelepas tanggung jawab) kepada Rabb-mu, dan suapya mereka bertakwa.” (QS. Al A’raf : 164)

    Followers