Objective
· Configure Network Address Translation (NAT) using Port Address Translation (PAT) on a Cisco ISR router with the Cisco SDM Basic NAT Wizard.
Background / Preparation
Cisco Router and Security Device Manager (SDM) is a Java-based web application and a device-management tool for Cisco IOS Software-based routers. The Cisco SDM simplifies router and security configuration through the use of smart wizards, which allows you to deploy, configure, and monitor a Cisco router without requiring knowledge of the command-line interface (CLI). The Cisco SDM is supported on a wide range of Cisco routers and Cisco IOS Software releases. Many newer Cisco routers come with SDM preinstalled. If you are using an 1841 router, SDM (and SDM Express) is pre-installed.
This lab assumes the use of a Cisco 1841 router. You can use another router model as long as it is capable of supporting SDM. If you are using a supported router that does not have SDM installed, you can download the latest version free of charge from the following location: http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm
From the URL shown above, view or download the document “Downloading and Installing Cisco Router and Security Device Manager.” This document provides instructions for installing SDM on your router. It lists specific model numbers and IOS versions that can support SDM, and the amount of memory required.
Cisco SDM is the full SDM product, and SMD Express is a subset. SDM will be activated automatically when the router has been previously configured and is not in its factory default state. In this lab, you will use the Cisco SDM Basic NAT Wizard to configure Network Address Translation using a single external global IP address. This address can support connections to the Internet from many internal private addresses.
NOTE: You must complete Lab 5.2.3, “Configuring an ISR with SDM Express,” on the router to be used before performing this lab. This lab assumes that the router has been previously configured with basic settings using SDM Express.
The following resources are required.
· Cisco 1841 ISR router with SDM version 2.4 installed and with basic configuration completed (critical – see Note 2 in Step 1)
· (Optional) Other Cisco router model with SDM installed
· Windows XP computer with Internet Explorer 5.5 or higher and SUN Java Runtime Environment (JRE) version 1.4.2_05 or later (or Java Virtual Machine (JVM) 5.0.0.3810).
· Straight-through or crossover category 5 Ethernet cable
· Access to PC network TCP/IP configuration
Step 1: Establish a connection from the PC to the router
a. Power up the router.
b. Power up the PC.
c. Disable any popup blocker programs. Popup blockers prevent SDM windows from displaying.
d. Connect the PC NIC to the FastEthernet 0/0 (Fa0/0) port on the Cisco 1841 ISR router with the Ethernet cable.
NOTE: An SDM router other than the 1841 may require connection to different port in order to access SDM.
e. Configure the IP address of the PC to be 192.168.1.2 with a subnet mask of 255.255.255.0.
f. SDM does not load automatically on the router. You must open the web browser to reach the SDM. Open the web browser on the PC and connect to the following URL: http://192.168.1.1
NOTE 1 – If browser connection to router fails” If you cannot connect and see the login screen, check your cabling and connections and make sure the PC’s IP configuration is correct. If the router was not previously configured, it may still be in the default state with an IP address of 10.10.10.1 on the Fa0/0 interface. Try setting the IP address of the PC to 10.10.10.2 with a subnet mask of 255.255.255.248 and connect to http://10.10.10.1 using the browser. If you have difficulty with this procedure, contact your instructor for assistance.
SDM Routers - If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. Refer to the procedure at the end of this lab or contact your instructor
g. In the Connect to dialog box, enter admin for the username and cisco123 for the password. These were configured in the previous lab. Click OK. The main SDM web application will start and you will be prompted to use HTTPS. Click Cancel. In the Security Warning window, click Yes to trust the Cisco application.
h. Verify that you are using the latest version of SDM. The initial SDM screen that displays immediately after the login shows the current version number. It is also displayed on the main SDM screen shown below, along with IOS version.
NOTE 2: If the current version is not 2.4 or higher, notify your instructor before continuing with this lab. You will need to download the latest zip file from the URL listed above and save it to the PC. From the Tools menu of the SDM GUI, use the Update SDM option to specify the location of the zip file and install the update
Step 2: Configure SDM to show Cisco IOS CLI commands.
a. From the Edit menu in the main SDM window, select Preferences.
b. Check the Preview commands before delivering to router check box. With this check box checked, you can see the Cisco IOS CLI commands that you will use to perform a configuration function on the router before these commands are sent to the router. You can learn about Cisco IOS CLI commands this way.
Step 3: Launch the Basic NAT Wizard
a. From the Configure menu, click the NAT button to view the NAT configuration page. Click the Basic NAT radio button and then click Launch the selected task.
b. In the Welcome to the Basic NAT Wizard window, click Next.
Step 4: Select the WAN interface for NAT
a. Choose the WAN interface Serial0/0/0 from the list. Check the box for the IP address range that represents the internal network of 192.168.1.0 to 192.168.1.255. This is the range that requires conversion using the NAT process.
b. Click Next and, once you have read the Summary of the Configuration, click Finish.
c. In the Deliver Configuration to Router window, review the CLI commands that were generated by the Cisco SDM. These are the commands that will be delivered to the router to configure NAT. The commands can also be manually entered from the CLI to accomplish the same task. Check the box for Save running config. to router’s startup config. NOTE: By default, the commands that you just generated will only update the router’s running configuration file when delivered. If the router is restarted, the changes you made will be lost. Checking this box will update the startup config file as well, and when the router is restarted, it will load the new commands into the running config.
If you choose to not save the commands to the startup config at this time, use the File > Write to Startup config option in SDM or use the copy running-config startup-config command from the CLI using a terminal or Telnet session.
d. Click Deliver to finish configuring the router.
e. In the Commands Delivery Status window, notice the text that says that the running config was successfully copied to the startup config. Click OK to exit the Basic NAT wizard.
f. The final NAT screen shows that the Inside Interface is Fa0/0 and the outside interface is S0/0/0. The internal private (Original) addresses will be translated dynamically to the external public address
Step 5: Reflection
a. If a PC or a LAN within your organization does not require Internet access, what do you think would be one way to stop the PC from gaining access to the Internet?
b. Consider the skills that you need to configure NAT using Cisco IOS CLI commands. What do you think the benefits and disadvantages are to using the Cisco SDM?
Why do you think that the default, after the commands have been generated, is to only update the router’s running configuration file when delivered? Why not always update the startup config file as well? What are the advantages and disadvantages of one over the other?
0 komentar:
Posting Komentar