Objectives
· Configure a Customer router and host for DHCP.
· Configure a customer premise router for overloaded NAT, also known as Port Address Translation (PAT).
· Verify DHCP and NAT translations from within the customer network to ISP.
Background / Preparation
Set up a network similar to the one shown in the topology diagram. Any router that meets the interface requirements displayed in that diagram – such as 800, 1600, 1700, 1800, 2500, and 2600 routers, or a combination – may be used. Refer to the Router Interface Summary table at the end of the lab to correctly determine the interface identifiers to be used, based on the equipment in the lab. Depending on the router model, output may vary somewhat from that shown in this lab. The steps in this lab are intended to be executed on each router unless you are specifically instructed otherwise.
The following resources are required:
· Two routers, one with an Ethernet and Serial interface and the other with a Serial interface
· One Windows XP computer
· Straight-through Category 5 Ethernet cable (PC1 to switch)
· Null Serial cable
· Console cables (from PC 1 to routers R1 and R2)
· Access to the PC command prompt
· Access to PC network TCP/IP configuration
From the PC, start a HyperTerminal session with the router.
NOTE: Go to the “Erasing and reloading the router” instructions at the end of this lab. Perform those steps on all routers in this lab assignment before continuing.
NOTE: SDM Routers - If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. Refer to the procedure at the end of this lab or contact your instructor.
Step 1: Cable and configure the routers
a. Based on the topology diagram, connect the PC, switch, and routers using the appropriate cabling.
b. Configure each router with the following parameters: hostname, console access and password, vty access and password, and enable secret password. If necessary, refer to Lab 5.3.5, “Configuring Basic Router Settings with IOS CLI,” for instructions on setting hostname, passwords, and interface addresses.
c. Configure the router interfaces with the appropriate IP address and mask. Make sure that the interfaces are in usable condition and can ping a directly connected interface or host.
d. Configure the ISP router with a loopback address to be used to test the customer router. The loopback address represents a distant network.
ISP(config)#interface loopback 0
ISP(config-if)#ip address 209.165.200.1 255.255.255.224
Step 2: Configure a default route on the customer router
a. On the customer router, configure a default route pointing toward the ISP. All packets destined for networks that are not in the customer routing table are forwarded to the ISP router, which has a much larger routing table and connections to other Internet providers. Notice how this default route uses the neighbor router IP address as the last number.
Customer(config)#ip route 0.0.0.0 0.0.0.0 209.165.200.226
b. Why is a default route not used on the ISP? A default route on the ISP router would be a bad configuration if it pointed toward a customer site. Any routes not found in the ISP routing table would be automatically sent to the customer router. Of course, the customer router would not know what to do with the packet and would send the packet to the default route of the customer router, which is the ISP. A routing loop would occur.
Step 3: Configure and test the DHCP pool
a. On the customer router, configure a DHCP pool for the internal clients.
Customer(config)#ip dhcp excluded-address 192.168.1.1
Customer(config)#ip dhcp pool INTERNAL
Customer(dhcp-config)#network 192.168.1.0 255.255.255.0
Customer(dhcp-config)#domain-name abc-xyz-widgets.inc
Customer(dhcp-config)#default-router 192.168.1.1
b. On the customer host PC, click Start > Control Panel > Network Connections to verify that the NIC is configured for DHCP. If necessary, open a command prompt and issue the ipconfig /release and ipconfig /renew commands.
c. On the customer host PC, open a command prompt. Click Start > Run, and then type cmd and press Enter. Alternatively, click Start > All Programs > Accessories > Command Prompt. Issue the ipconfig /all command.
d. What IP address is issued to the PC? 192.168.1.1
e. What is the MAC address of the host PC?
f. From the host PC, ping the default gateway (the router Ethernet interface). Does the ping succeed? Ya. Troubleshoot as necessary and do not proceed until the ping is successful.
Step 4: Display DHCP binding on the customer router
a. To see the IP address and host hardware (MAC) address combination assigned by the DHCP server in the router, issue the show ip dhcp binding command on the customer router.
Customer#show ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.1.2 0100.0bdb.04a5.cd May 26 2007 11:19 AM Automatic
b. Do the IP address and Hardware address displayed match those recorded for the host PC in Step 3? Ya.
Step 5: Configure NAT/PAT
a. On the customer router, use the access-list command to identify the addresses that need to be translated. The network number is stated, but instead of a normal mask that usually comes next, a wildcard mask is used (0.0.0.255).
Customer(config)#access-list 1 permit 192.168.1.0 0.0.0.255
b. On the customer router, define where NAT looks for the IP addresses it needs to translate (source list 1 refers to access list 1 that you just created). Also define which interface IP address to use as the real address for each packet that comes through the FastEthernet interface destined for the Serial interface. The overload parameter at the end of the command shown below means that the serial port IP address is used and that port numbers are used to track the packets. Approximately 4,000 addresses can realistically be translated using this method, even though it is technically possible to translate even more.
Customer(config)#ip nat inside source list 1 interface serial 0/0 overload
c. Apply NAT to the inside and outside interfaces.
Customer(config)#interface serial 0/0
Customer(config-if)#ip nat outside
Customer(config-if)#exit
Customer(config)#interface fastethernet 0/0
Customer(config)#ip nat inside
Customer(config)#end
Step 6: Test NAT/PAT
a. From the host PC command prompt, ping the ISP router loopback address, ping 209.165.200.1
b. Was the ping successful? ________ If not, perform appropriate troubleshooting.
c. On the customer router, issue the command to verify the NAT translation.
Customer#show ip nat translation
Pro Inside global Inside local Outside local Outside global
Icmp 209.165.200.225:512 192.168.1.2:512 209.165.200.1:512 209.165.200.1:512
d. List the following IP addresses:
What is the inside global IP address shown? 209.165.200.225:512
What is the inside local IP address shown? 192.168.1.2:512
What is the outside local IP address shown? 209.165.200.1:512
What is the outside global IP address shown? 209.165.200.1:512
e. On the ISP router, configure the router to show all ICMP packets that come into the router.
ISP#debug ip icmp
ICMP packet debugging is on
f. From the host PC command prompt, issue a continuous ping.
ping 209.165.200.1 –t
g. On the ISP router, notice the debug output.
ISP#
00:49:10: ICMP: echo reply sent, src 209.165.200.1, dst 209.165.200.225
00:49:11: ICMP: echo reply sent, src 209.165.200.1, dst 209.165.200.225
00:49:12: ICMP: echo reply sent, src 209.165.200.1, dst 209.165.200.225
00:49:13: ICMP: echo reply sent, src 209.165.200.1, dst 209.165.200.225
00:49:14: ICMP: echo reply sent, src 209.165.200.1, dst 209.165.200.225
00:49:15: ICMP: echo reply sent, src 209.165.200.1, dst 209.165.200.225
00:49:16: ICMP: echo reply sent, src 209.165.200.1, dst 209.165.200.225
h. What is the source IP address of the ICMP reply?
i. What is the destination IP address of the ICMP reply?
j. Does this debug prove or disprove the fact that internal IP addresses are hidden and how can you tell?
k. On the host PC, stop the ping by pressing CTRL-X.
l. On the ISP router, stop the debug process. Note that the router takes a few moments for the output to quit displaying.
ISP#undebug all
Step 7: Clear NAT Translations
a. From the customer host PC command prompt, open a Telnet session to the ISP router.
telnet 209.165.200.226
This Telnet session will create another translation on the customer router.
b. On the customer router, issue the command to verify the NAT translation.
Customer#show ip nat translation
Pro Inside global Inside local Outside local Outside global
Tcp 209.165.200.225:1297 192.168.1.2:1297 209.165.200.226:23 209.165.200.226:23
The port number on the inside addresses may be different, because they are randomly generated source port numbers.
c. Close the command window on the customer host PC to terminate the Telnet session.
d. On the customer router, issue the command to verify the NAT translation.
e. Is the translation for the customer host PC still active on the customer router?
NAT translations remain active for different periods of time, depending on the type of translation. TCP NAT translations can remain active for up to 24 hours by default. Port translations have shorter time limits, but can still remain active for minutes, even hours after the session between the two hosts has timed out. The default timeouts for UDP range from 1 minute to 5 minutes. For more information on NAT timeouts, view the Cisco IOS Network Address Translation Overview white paper on the Cisco.com website.
http://cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml
f. On the customer router, issue the command to clear all NAT translations active in the router.
Customer#clear ip nat translation *
Verify that the translation for the customer host PC is no longer active on customer router.
Step 8: Reflection
a. What would be an advantage of using the NAT method shown in this lab over a static configuration as shown in the curriculum?
List an instance of when a company might not use NAT/PAT.
0 komentar:
Posting Komentar