Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • CCNAv3.3 401

    Enviado por

    Tung Hoang
    37 visualizações45 páginas
    NAT is the process of swapping one address for another in the ip packet header. NAT is used to allow hosts that are privately addressed to access the Internet. Dynamic NAT translates inside addresses using a pool of global addresses. Port Address Translation (PAT) allows multiple inside addresses to map to a single global address.

    Descrição original:

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    PPT, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    NAT is the process of swapping one address for another in the ip packet header. NAT is used to allow hosts that are privately addressed to access the Internet. Dynamic NAT translates inside addresses using a pool of global addresses. Port Address Translation (PAT) allows multiple inside addresses to map to a single global address.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    37 visualizações45 páginas

    CCNAv3.3 401

    Enviado por

    Tung Hoang
    NAT is the process of swapping one address for another in the ip packet header. NAT is used to allow hosts that are privately addressed to access the Internet. Dynamic NAT translates inside addresses using a pool of global addresses. Port Address Translation (PAT) allows multiple inside addresses to map to a single global address.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 45

    CCNA Semester 4 Chapter 01 SCALING IP ADDRESSES

    Objectives

    Discuss characteristics of NAT and PAT Explain how to configure NAT and PAT Describe the characteristics of DHCP Explain how to configure DHCP

    Table of Content
    1 Scaling networks with Network Address Translation and Port Address Translation 2 Dynamic Host Configuration Protocol

    SCALING NETWORKS WITH NAT AND PAT

    Private addressing

    10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255

    Introducing NAT and PAT

    NAT is designed to conserve IP addresses and enable networks to use private IP addresses on internal networks. These private, internal addresses are translated to routable, public addresses.
    NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header. In practice, NAT is used to allow hosts that are privately addressed to access the Internet. NAT translations can occur dynamically or statically. The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same global address.
    6

    Major NAT and PAT features

    Static NAT is designed to allow one-to-one mapping of local and global addresses. Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host. Port Address Translation (PAT), maps multiple private IP addresses to a single public IP address
    7

    Why Use NAT?

    NAT Implementation Considerations

    NAT Concepts

    NAT Terminology

    NAT Operation

    Translating Inside Source Addresses

    Translating Outside Source Addresses

    Overloading Inside Global Addresses

    Static NAT

    Configure Static NAT


    Establish static translation between inside and outside addresses. Router(config)# ip nat inside source static local-ip global-ip Identify interfaces as inside or outside with regard to NAT. Router(config-if)# ip nat {inside|outside}

    Static NAT Sample Configuration

    Dynamic NAT
    NAT can be dynamic or static. Dynamic NAT translates inside addresses using a pool of global addresses. Each inside local address is dynamically assigned an inside global address from an administratively defined pool of addresses. Dynamic NAT enables hosts on a private network to access the internet by translating private addresses into public addresses.
    1

    Configure Dynamic NAT


    Step 1Configure a standard ACL to determine what IP addresses will be translated Step 2Define a pool of addresses to be used for NAT Step 3Link ACL to NAT pool Step 4Define interfaces as inside or outside

    Configure Dynamic NAT


    Define a standard access list to identify which hosts will be translated. router(config)# access-list number permit network mask Define a pool of global addresses to be allocated as needed. router(config)# ip nat pool pool-name startip end-ip netmask netmask Establish dynamic source translation, identifying the access list defined in the previous step. router(config)# ip nat inside source list access-list-num pool pool-name Identify interfaces as inside or outside with regard to NAT. router(config-if)# ip nat {inside|outside}

    Sample Dynamic NAT Configuration

    Port Address Translation (PAT)

    NAT Overload
    The PAT router keeps track of the different conversations by mapping TCP and UDP port numbers in the NAT table.

    Overloading NAT

    Configure a NAT pool Create an access list to determine which address should be translated Assign this access list to the NAT pool and set it for overload Assign inside and outside interfaces

    Overloading NAT
    Configure NAT pool
    Range of addresses:

    ip nat pool bigpool 192.168.1.33 192.168.1.57 netmask 255.255.255.224


    Single address

    ip nat pool smallpool 192.168.1.33 192.168.1.33 netmask 255.255.255.224 Create a standard access list to identify which addresses should be translated access-list 24 permit 10.0.0.0 0.255.255.255 Assign this access list to the NAT pool and set it for overload ip nat inside source list 24 pool bigpool overload Assign inside and outside interfaces router(config-if)# ip nat {inside|outside}

    PAT: Address Overload

    Verifying NAT Translations

    Verifying NAT Statistics

    Clearing NAT Entries

    Troubleshooting NAT and PAT configuration


    1. Based on the configuration, clearly define what NAT is supposed to achieve. 2. Verify that correct translations exist in the translation table. 3. Verify the translation is occurring by using show and debug commands. 4. Review in detail what is happening to the packet and verify that routers have the correct routing information to move the packet along
    3

    Troubleshooting NAT

    Troubleshooting NAT (Cont.)

    Issues with NAT

    NAT conserves the legally registered addressing scheme NAT increases the flexibility of connections to the public network Consistency of the internal network addressing scheme NAT increases delay

    Issues with NAT (cont.)

    Cisco IOS NAT does not support the following traffic types:
    Routing table updates DNS zone transfers BOOTP talk and ntalk protocols Simple Network Management Protocol (SNMP)

    DHCP

    Introducing DHCP

    Dynamic Host Configuration Protocol (DHCP) works in a client/server mode. DHCP enables DHCP clients on an IP network to obtain their configurations from a DHCP server. A DHCP client is included in most modern operating systems including the various Windows operating systems, Novell Netware, Sun Solaris, Linux, and MAC OS.
    3

    BOOTP and DHCP differences

    BOOTP Static mappings Permanent assignment Only supports 4 configuration parameters Lease

    DHCP Dynamic mappings Supports 30 over configuration parameters

    Both protocols are client/server based and use UDP ports 67 and 68.

    Dynamic addressing: DHCP


    DHCP Discover UDP Broadcast DHCP Offer UDP Broadcast DHCP Request DHCP Ack

    DHCP server IP1 IP1 IP2 IP2 IP3 IP3

    MAC: Known MAC: Known IP: IP: Unknown Unknown

    IP Address IP Address Gateway Gateway IP of servers IP of servers And more And more

    Configuring DHCP
    Specify DHCP pool:
    Router(config)# ip dhcp pool subnet12
    Router(dhcp-config)# network 172.16.12.0 255.255.255.0

    Router(dhcp-config)# default-router 172.16.12.254 Router(dhcp-config)# dns-server 172.16.1.2 Router(dhcp-config)# netbios-name-server 172.16.1.3 Router(dhcp-config)# domain-name cisco.com

    Specify the excluded IP addresses range:


    Router(config)# ip dhcp excluded-address start-ipaddress end-ip-address
    4

    Verifying and troubleshooting DHCP operation

    show ip dhcp binding show ip dhcp server statistics. debug ip dhcp server events

    DHCP relay
    SRC MAC: MAC A DST MAC: FFFF.FFFF.FFFF IP SRC: ? UDP CIADDR: ? GIADDR: ? MASK: ? CHADDR: MAC A IP DST: 255.255.255.255 67

    A E0: 192.168.1.1/24 IP??? Ip helper-address 192.168.2.254

    E1: 192.168.2.1/24

    SRC MAC: E1

    IP SRC: 192.168.2.1

    UDP

    CIADDR: ? GIADDR: 192.168.1.1 MASK: ? CHADDR: MAC A

    DST MAC: MAC SERVER IP DST: 192.168.2.254 67

    server: 192.168.2.254
    4

    DHCP relay (cont.)


    SRC MAC: E0 IP SRC: 192.168.2.254 UDP 68 DST MAC: MAC A IP DST: 192.168.1.10 CIADDR: 192.168.1.10 GIADDR: 192.168.1.1 MASK: 255.255.255.0 CHADDR: MAC A

    A E0: 192.168.1.1/24 IP??? Ip helper-address 192.168.2.254

    E1: 192.168.2.1/24

    SRC MAC:MAC SERV IP SRC: 192.168.2.254 UDP DST MAC: E1 IP DST: 192.168.1.10 68

    CIADDR:192.168.1.10 GIADDR: 192.168.1.1 MASK: 255.255.255.0 CHADDR: MAC A

    server: 192.168.2.254
    4

    Summary
    Private addresses are for private, internal use and should never be routed by a public Internet router. NAT alters the IP header of a packet so that the destination address, the source address, or both addresses are replaced with different addresses. PAT uses unique source port numbers on the inside global IP address to distinguish between translations. NAT and PAT may be configured for static translation, dynamic translation, and overloading DHCP works in a client/server mode, enabling clients to obtain IP configurations from a DHCP server
    4

    Q&A

    Você também pode gostar