2. 2
Introduction Device Configuration
• Basic Device Configuration
• Configure hostnames on a Cisco IOS device using the
CLI
• Use Cisco IOS commands to limit access to device
configurations
• Use IOS commands to save the running configuration
• Explain how devices communicate across network
media
• Configure a host device with an IP address
• Verify connectivity between two end devices
3. Components of a Network
There are three categories of network components:
• Devices
• Media
• Services
4. Components of a Network
End Devices
Some examples of end devices are:
• Computers (work stations, laptops, file servers, web servers)
• Network printers
• VoIP phones
• TelePresence endpoint
• Security cameras
• Mobile handheld devices (such as smartphones, tablets, PDAs, and
wireless debit / credit card readers and barcode scanners)
5. Components of a Network
Network Infrastructure Devices
Examples of intermediary network devices are:
• Network Access Devices (switches, and wireless access points)
• Internetworking Devices (routers)
• Security Devices (firewalls)
8. Cisco IOS
Operating Systems
All networking equipment dependent on operating
systems
• End users (PCs, laptops, smart phones, tablets)
• Switches
• Routers
• Wireless access points
• Firewalls
Cisco Internetwork Operating System (IOS)
• Collection of network operating systems used on Cisco devices
10. Cisco IOS
Purpose of OS
• PC operating systems perform technical functions that enable
• Use of a mouse
• View output
• Enter text
• Switch or router IOS provides options to
• Configure interfaces
• Enable routing and switching functions
• All networking devices come with a default IOS
• IOS stored in Flash
12. Accessing a Cisco IOS Device
Console Access Method
Most common methods to access the Command Line Interface
• Console
• Telnet or SSH
• AUX port
13. Accessing a Cisco IOS Device
Console Access Method
Console port
• Device is accessible even if no networking services have been configured
(out-of-band)
• Need a special console cable
• Allows configuration commands to be entered
• Should be configured with passwords to prevent unauthorized access
• Device should be located in a secure room so console port can not be easily
accessed
14. Accessing a Cisco IOS Device
Telnet, SSH, and AUX Access Methods
Telnet
• Method for remotely accessing the CLI over a network
• Require active networking services and one active interface that is
configured
Secure Shell (SSH)
• Remote login similar to Telnet but utilizes more security
• Stronger password authentication
• Uses encryption when transporting data
Aux Port
• Out-of-band connection
• Uses telephone line
• Can be used like console port
15. Accessing a Cisco IOS Device
Terminal Emulation Programs
Software available for
connecting to a networking
device
• PuTTY
• Tera Term
• HyperTerminal
• OS X Terminal
21. • Navigation between modes is also done via commands
• The enable command enters the Privileged EXEC Mode
• The exit commands exits to the parent command mode
• The Configure Terminal command enters the Global Configuration
Mode
• The end command used to back in privileged EXEC mode
21
Short Navigate Between IOS Modes
23. The Command Structure
Hot Keys and Shortcuts
• Tab - Completes the remainder of a partially typed command or keyword
• Ctrl-R - Redisplays a line
• Ctrl-A – Moves cursor to the beginning of the line
• Ctrl-Z - Exits configuration mode and returns to user EXEC
• Down Arrow - Allows the user to scroll forward through former
commands
• Up Arrow - Allows the user to scroll backward through former
commands
• Ctrl-Shift-6 - Allows the user to interrupt an IOS process such as ping
or traceroute.
• Ctrl-C - Aborts the current command and exits the configuration mode
26. Hostnames
Why the Switch
Let’s focus on
• Creating a two PC network connected via a switch
• Setting a name for the switch
• Limiting access to the device configuration
• Configuring banner messages
• Saving the configuration
27. Hostnames
Device Names
Some guidelines for naming conventions are that names should:
• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length
Without names, network
devices are difficult to
identify for configuration
purposes.
30. Limiting Access to Device Configurations
Securing Device Access
The passwords introduced here are:
Enable password - Limits access to the privileged EXEC mode
Enable secret - Encrypted, limits access to the privileged EXEC mode
Console password - Limits device access using the console connection
VTY password - Limits device access over Telnet
Note: In most of the labs in this course, we will be using simple passwords
such as cisco or class.
31. Limiting Access to Device Configurations
Securing Privileged EXEC Access
• use the enable secret command, not the
older enable password command
• enable secret provides greater security because the
password is encrypted
32. Limiting Access to Device Configurations
Securing User EXEC Access
Console port must be secured
• reduces the chance of unauthorized personnel physically
plugging a cable into the device and gaining device access
vty lines allow access to a Cisco device via Telnet
• number of vty lines supported varies with the type of device
and the IOS version
33. Limiting Access to Device Configurations
Encrypting Password Display
service password-
encryption
• prevents passwords
from showing up as
plain text when
viewing the
configuration
• purpose of this
command is to keep
unauthorized
individuals from
viewing passwords
in the configuration
file
• once applied,
removing the
encryption service
does not reverse the
encryption
34. Limiting Access to Device Configurations
Banner Messages
• important part of
the legal process in
the event that
someone is
prosecuted for
breaking into a
device
• wording that implies
that a login is
"welcome" or
"invited" is not
appropriate
• often used for legal
notification because
it is displayed to all
connected terminals
35. Saving Configurations
Configuration Files
• Switch# reload
•System configuration has been
modified. Save? [yes/no]: n
•Proceed with reload? [confirm]
• Startup configuration is
removed by using the erase
startup-config
•Switch# erase startup-config
• On a switch you must also
issue the delete vlan.dat
• Switch# delete vlan.dat
• Delete filename [vlan.dat]?
•Delete flash:vlan.dat? [confirm]
36. Ports and Addresses
IP Addressing in the Large
• Each end device on a
network must be
configured with an IP
address
• Structure of an IPv4
address is called dotted
decimal
• IP address displayed in
decimal notation, with
four decimal numbers
between 0 and 255
• With the IP address, a
subnet mask is also
necessary
• IP addresses can be
assigned to both physical
ports and virtual interfaces
37. Ports and Addresses
Interfaces and Ports
• Network communications depend on end user device interfaces,
networking device interfaces, and the cables that connect them
• Types of network media include twisted-pair copper cables, fiber-optic
cables, coaxial cables, or wireless
• Different types of network media have different features and benefits
• Ethernet is the most common local area network (LAN) technology
• Ethernet ports are found on end user devices, switch devices, and other
networking devices
• Cisco IOS switches have physical ports for devices to connect to, but also
have one or more switch virtual interfaces (SVIs - no physical hardware on
the device associated with it; created in software)
• SVI provides a means to remotely manage a switch over a network
38. Addressing Devices
Configuring a Switch Virtual Interface
• IP address - together with subnet mask, uniquely identifies end device on
internetwork
• Subnet mask - determines which part of a larger network is used by an IP
address
• interface VLAN 1 - interface configuration mode
• ip address 192.168.10.2 255.255.255.0 - configures the IP address and
subnet mask for the switch
• no shutdown - administratively enables the interface
• Switch still needs to have physical ports configured and VTY lines to enable
remote management
45. Summary
• Services provided by the Cisco IOS accessed using a command-line
interface (CLI)
• accessed by either the console port, the AUX port, or
through telnet or SSH
• can make configuration changes to Cisco IOS devices
• a network technician must navigate through various
hierarchical modes of the IOS
• Cisco IOS routers and switches support a similar operating system
• Introduced the initial settings of a Cisco IOS switch device
• setting a name
• limiting access to the device configuration
• configuring banner messages
• saving the configuration
49. S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
Why is the login command required? __________________________
S1(config)#enable secret class //protects access to privileged
50. service password-encryption
S1(config)#service password-encryption
• prevents passwords from showing up as plain text when viewing the
configuration
• purpose of this command is to keep unauthorized individuals from viewing
passwords in the configuration file
• once applied, removing the encryption service does not reverse the
encryption
51. Configure the Layer 3 address of the switch
S1(config)#vlan 99
S1(config-vlan)# name management
S1(config-vlan)#exit
S1(config)#interface vlan99
S1(config-if)#ip address 172.17.99.11 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#
52. Assign all user ports to VLAN 99
S1#configure terminal
S1(config)#interface range fa0/1 – 24
S1(config-if-range)#switchport access vlan 99
S1(config-if-range)#exit
53. Set up a static MAC address
S1(config)#mac-address-table static mac address of end device vlan 99
interface f0/1
Step 8: Verify the results.
S1#show mac-address-table
Remove the static MAC
S1(config)#no mac-address-table static mac address of end device vlan
99 interface f0/1
54. List the port security options.
• Explore the options for setting port security on interface Fast Ethernet
0/18.
S1# configure terminal
S1(config)#interface fastethernet 0/18
S1(config-if)#switchport port-security ?
aging Port-security aging commands
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
<cr>
S1(config-if)#switchport port-security
55. Configure port security on an access port.
Configure switch port Fast Ethernet 0/18 to accept only two devices, to
learn the MAC addresses of those
devices dynamically, and to block traffic from invalid hosts if a violation
occurs.
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation protect
S1(config-if)#exit
S1#show port-security
56. Modify the port security settings on a port.
On interface Fast Ethernet 0/18, change the port security maximum MAC
address count to 1 and to shutdown if a violation occurs.
S1(config-if)#switchport port-security maximum 1
S1(config-if)#switchport port-security violation shutdown
Verify the results.
S1#show port-security
57. VLAN
• What is VLAN?
• What is the function of VLAN?
• What is the basic steps to configuration VLAN?
58. VLAN
Final Switch Configurations
hostname S1 // for switch one
vlan 10
name staff
vlan 20
name students
vlan 30
name guest
vlan 99
name management
interface interface range fa0/1-5
switchport trunk native vlan 99
switchport mode trunk
interface Vlan99
ip address 172.17.99.11 255.255.255.0
59. Switch two configuration
hostname S2
vlan 10
name staff
vlan 20
name students
vlan 30
name guest
vlan 99
name management
interface interface range fa0/1-5
switchport trunk native vlan 99
switchport mode trunk
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
interface Vlan99
ip address 172.17.99.12 255.255.255.0
60. Switch 3 configuration
hostname S3
vlan 10
name staff
vlan 20
name students
vlan 30
name guest
vlan 99
name management
interface interface range fa0/1-5
switchport trunk native vlan 99
switchport mode trunk
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
interface Vlan99
ip address 172.17.99.13 255.255.255.0
61. how to communication inter-vlan it need layer 3
device so called router
R1(config)# interface g0/1.10
R1(config-subif)# encapsulation dot1Q 10
R1(config-subif)# ip address 172.17.10.1 255.255.255.0
R1(config-subif)# interface g0/1.20
R1(config-subif)# encapsulation dot1Q 20
R1(config-subif)# ip address 172.17.20.1 255.255.255.0
R1(config-subif)# interface g0/1.30
R1(config-subif)# encapsulation dot1Q 30
R1(config-subif)# ip address 172.17.30.1 255.255.255.0
R1(config-subif)# exit
R1(config)# interface g0/1
R1(config-if)# no shutdown
62. Routing
• The router is responsible for the routing of traffic between networks.
Router Functions
Routers are Computers
Routers are specialized computers containing the following required components to operate:
• Central processing unit (CPU)
• Operating system (OS) - Routers use Cisco IOS
• Memory and storage (RAM, ROM, NVRAM, Flash, hard drive)
63. Router…
• Routers use specialized ports and network interface cards to
interconnect to other networks. Router memory are
64. Router Basic Settings
Configure Router Basic Settings
• Name the device – Distinguishes it
from other routers
• Secure management access – Secures
privileged EXEC, user EXEC, and Telnet
access, and encrypts passwords .
• Configure a banner – Provides legal
notification of unauthorized access.
• Save the Configuration
65. Routers Choose Best Paths
• Routers use static routes and dynamic routing protocols to learn
about remote networks and build their routing tables.
• Routers use routing tables to determine the best path to send
packets.
• Routers encapsulate the packet and forward it to the interface
indicated in routing table.
66. Administrative Distance
• If multiple paths to a destination are configured on a router, the path installed in the routing table
is the one with the lowest Administrative Distance (AD):
o A static route with an AD of 1 is more reliable than an EIGRP-discovered route with an AD of 90.
o A directly connected route with an AD of 0 is more reliable than a static route with an AD of 1.
67. Static Routes
Static routes and default static routes can be implemented after directly connected interfaces are
added to the routing table:
oStatic routes are manually configured.
oThey define an explicit path between two networking devices.
oStatic routes must be manually updated if the topology changes.
oTheir benefits include improved security and control of resources.
oConfigure a static route to a specific network using the ip route network
mask {next-hop-ip | exit-intf} command.
oA default static route is used when the routing table does not contain a path
for a destination network.
oConfigure a default static route using the ip route 0.0.0.0 0.0.0.0 {exit-
intf | next-hop-ip} command.
76. Configuring the RIP Protocol
Disable Auto Summarization
Similarly to RIPv1, RIPv2 automatically summarizes networks at major network
boundaries by default.
To modify the default RIPv2 behavior of automatic summarization, use the no
auto-summary router configuration mode command.
This command has no effect when using RIPv1.
When automatic summarization has been disabled, RIPv2 no longer summarizes
networks to their classful address at boundary routers. RIPv2 now includes all
subnets and their appropriate masks in its routing updates.
The show ip protocols now states that automatic network summarization is
not in effect.
77. Configuring the RIP Protocol
Configuring Passive Interfaces
Sending out unneeded updates
on a LAN impacts the network in
three ways:
Wasted Bandwidth
Wasted Resources
Security Risk
86. Open Shortest Path First(OSPF) routing protocol
Objectives of this lab
• OSPF Characteristics
• Explain how single-area OSPF operates.
• Single-Area OSPFv2
• Implement single-area OSPFv2.
• Single-Area OSPFv3
• Implement single-area OSPFv3.
87. OSPF Characteristics
• OSPF
• Version 2 (OSPFv2) is available for IPv4 while OSPF version 3
(OSPFv3) is available for IPv6.
• 3 Main Components
• Data Structures, Routing Protocol Messages, and Algorithm
• Achieving Convergence:
• Establish Neighbor Adjacencies
• Exchange Link-State Advertisements
• Build the Topology Table
• OSPF can be implemented in
one of two ways:
• Single-Area OSPF
• Multi-area OSPF
88. OSPF Characteristics
OSPF Messages
• OSPFv2 messages contain:
• LSP Types:
• Type 1: Hello packet
• Type 2: Database Description (DBD) packet
• Type 3: Link-State Request (LSR) packet
• Type 4: Link-State Update (LSU) packet
• Type 5: Link-State Acknowledgment (LSAck) packet
89. OSPF Characteristics
OSPF Messages (Cont.)
• Hello Packets are used to:
• Discover OSPF neighbors and establish neighbor
adjacencies.
• Advertise parameters on which two routers must agree
to become neighbors.
• Elect the Designated Router (DR) and Backup Designated
Router (BDR) on multi-access networks like Ethernet and
Frame Relay.
• OSPF Hello packets are transmitted to multicast address
224.0.0.5 in IPv4 and FF02::5 in IPv6
90. OSPF Characteristics
OSPF Operation
• OSPF progresses through several states while attempting to
reach convergence
• Down state, Init state, Two-Way state, ExStart state,
Exchange state, Loading state, and Full state
• Establishing Adjacencies
• When a neighboring OSPF-enabled router receives a Hello
packet with a router ID that is not within its neighbor list,
the receiving router attempts to establish an adjacency
with the initiating router.
• OSPF DR and BDR
• On multiaccess networks, OSPF elects a DR to be the
collection and distribution point for LSAs sent and received.
A BDR is also elected in case the DR fails.
• After the Two-Way state, routers transition to database
synchronization states.
91. Single-Area OSPFv2
OSPF Router ID
• Enabling OSPFv2
• OSPFv2 is enabled using
the router ospf process-id
global configuration mode
command.
• The process-id value
represents a number between
1 and 65,535 and is selected by
the network administrator.
• The process-id value is locally
significant, which means that it
does not have to be the same
value on the other OSPF
routers to establish adjacencies
with those neighbors.
92. Single-Area OSPFv2
OSPF Router ID (Cont.)
• Router ID
• The router ID is used by the OSPF-enabled router to uniquely
identify the router and participate in the election of the DR
• Router ID based on one of three criteria
• Explicitly configured using the OSPF router-id rid command
• Router chooses the highest IPv4 address of any of configured
loopback interfaces
• If no loopback interfaces are configured, then the router chooses
the highest active IPv4 address of any of its physical interfaces
• Clearing the OSPF process is the preferred method to reset the
router ID.
• Note: The router ID looks like an IPv4 address, but it is not
routable and, therefore, is not included in the routing table, unless
the OSPF routing process chooses an interface (physical or
loopback) that is appropriately defined by a network command.
93. Single-Area OSPFv2
Configure Single-Area OSPFv2
• Enabling OSPF
• Any interfaces on a router that match the network
address in the network command are enabled to send
and receive OSPF packets.
• Wildcard Mask
• In a wildcard mask, binary 0 is equal to a match and
binary 1 is not a match.
94. Single-Area OSPFv2
Configure Single-Area OSPFv2 (Cont.)
• The network Command
• OSPFv2 can be enabled using the network intf-ip-
address 0.0.0.0 area area-id router configuration mode command.
• The advantage of specifying the interface is that the wildcard mask
calculation is not necessary.
• Unneeded OSPFv2 messages affect the network:
• Inefficient use of bandwidth, inefficient use of resources, and
increased security risk
• Configure passive interfaces
• Use the passive-interface router configuration mode command to
prevent the transmission of routing messages through a router
interface, but still allow that network to be advertised to other
routers.
• A neighbor adjacency cannot be formed over a passive interface.
95. Single-Area OSPFv2
OSPF Cost
• OSPF Metric = Cost
• The cost of an interface is inversely proportional to the
bandwidth of the interface.
• Cost = reference bandwidth / interface bandwidth
• The cost of an OSPF route is
the accumulated value from one
router to the destination network.
• To adjust the reference
bandwidth, use the auto-cost
reference-bandwidth Mb/s
router configuration command.
96. Single-Area OSPFv2
OSPF Cost (Cont.)
• Default Interface Bandwidths
• As with reference bandwidth, interface bandwidth values do
not actually affect the speed or capacity of the link.
• Use the show interfaces command to view the interface
bandwidth setting.
• Adjust Interface Bandwidth
• To adjust the interface bandwidth use the
bandwidth kilobits interface configuration command.
• Use the no bandwidth command to restore the default value.
• Set OSPF Cost Manually
• The cost can be manually configured on an interface using
the ip ospf cost value interface configuration command.
97. Single-Area OSPFv2
Verify OSPF
• Verify OSPF Neighbors
• Use the show ip ospf neighbor command to verify that the
router has formed an adjacency with its neighboring routers.
• Verify OSPF Protocol
Settings
• The show ip protocols
command is a quick way to
verify vital OSPF configuration
information.
• Verify OSPF Process
Information
• The show ip ospf command
can also be used to examine
the OSPFv2 process ID and
router ID
98. Single-Area OSPFv2
Verify OSPF (Cont.)
• Verify OSPF Interface Settings
• The quickest way to verify OSPFv2 interface settings is
to use the show ip ospf interface command.
• To get a summary of OSPFv2-enabled interfaces, use
the show ip ospf interface brief command.
99. Single-Area OSPFv3
OSPFv2 vs. OSPFv3
• OSPFv3
• Similar to its IPv4
counterpart, OSPFv3
exchanges routing
information to
populate the IPv6
routing table with
remote prefixes
• Packets with a source
or destination link-
local address cannot
be routed beyond the
link from where the
packet originated.
100. Single-Area OSPFv3
OSPFv2 vs. OSPFv3 (Cont.)
• Link-Local Addresses
• Link-local addresses are automatically created when an IPv6 global
unicast address is assigned to the interface.
• Assigning Link-Local Addresses
• Link-local addresses can be configured manually using the same
interface command used to create IPv6 global unicast addresses,
but appending the link-local keyword to the ipv6
address command.
• Configuring the OSPFv3 Router ID
• OSPFv3 requires a 32-bit router ID to be assigned before OSPF can
be enabled on an interface.
• The router-id rid command is used to assign a router ID in OSPFv3.
• Clearing the OSPF process is the preferred method to reset the
router ID.
101. Single-Area OSPFv3
Configuring OSPFv3
• Enabling OSPFv3 on Interfaces
• To enable OSPFv3 on an interface, use the ipv6
ospf process-id area area-id interface configuration mode
command.
102. Single-Area OSPFv3
Verify OSPFv3
• Verify OSPFv3 Neighbors
• Use the show ipv6 ospf neighbor command to verify that the
router has formed an adjacency with its neighboring routers.
• Verify OSPFv3 Protocol Settings
• The show ipv6 protocols command is a quick way to verify
vital OSPFv3 configuration information, including the OSPFv3
process ID, the router ID, and the interfaces enabled for
OSPFv3.
• Verify OSPFv3 Interfaces
• The quickest way to verify OSPFv3 interface settings is to use
the show ipv6 ospf interface command.
• To retrieve and view a summary of OSPFv3-enabled
interfaces on R1, use the show ipv6 ospf interface
brief command
103. Single-Area OSPFv3
Verify OSPFv3 (Cont.)
• Verify the IPv6 Routing Table
• The show ipv6 route ospf command provides specifics
about OSPFv3 routes in the routing table.
115. EIGRP
• Features of EIGRP
• Uses the Diffusing Update Algorithm (DUAL) to calculate paths and back-up paths.
• Establishes Neighbor Adjacencies.
• Uses the Reliable Transport Protocol to provide delivery of EIGRP packets to neighbors.
• Partial and Bounded Updates. Sends updates only when there is a change and only to the
routers that need the information.
• Supports Equal and Unequal Cost Load Balancing.
• Protocol Dependent Modules – responsible for network layer protocol-specific tasks
• Sends and receives EIGRP packets that are encapsulated in IPv4
• Parses EIGRP packets and informs DUAL of the new information and DUAL makes routing
decisions. The results are stored in the IPv4 routing table.
116. EIGRP Characteristics
EIGRP Packet Types
EIGRP Hello Packets
Are sent as multicasts and uses RTP for unreliable delivery
Used to form and maintain EIGRP neighbor adjacencies
EIGRP Update and Acknowledgment Packets
Update packets propagate updated routing information when necessary to the
routers that require the information using RTP
Acknowledgment packets are send to acknowledge the update was received.
EIGRP Query and Reply Packets
Searches for networks
Uses reliable delivery
Queries are multicast or unicast. Replies are always unicast.
117. Implement EIGRP for IPv4
Verify EIGRP with IPv4
• The show commands are useful in verifying EIGRP operations
and for debugging and troubleshooting purposes.
• show ip eigrp neighbors command
• View the neighbor table
• Verify neighbor adjacencies have been established
• show ip protocols Command
• Identify the parameters and other information about the
current state of any active IPv4 routing protocol processes
configured on the router
• What information can you get from this show command?
• show ip route
• Verify the routes are installed in the IPv4 routing table as
expected
• Check for convergence
118. Configure EIGRP with IPv4 (Cont.)
• The network command and Wildcard Mask
• network network-address [wildcard-mask]
• Wildcard mask is the inverse of a subnet mask
• To calculate the wildcard mask:
• 255.255.255.255
• - 255.255.255.252 Subnet mask
• -----------------
• 0. 0. 0. 3 Wildcard mask
• Passive Interface - prevent the
neighbor adjacencies
• Suppress unnecessary update traffic
• Increase security controls
• passive-interface interface-type interface-number
126. Configure EIGRP metrics
R4 router:
R4(config)#interface s0/0/0
R4(config-if)#bandwidth 64
R4(config)#interface s0/0/1
R4(config-if)#bandwidth 1024
• Note: The bandwidth command only modifies the bandwidth metric
used by routing protocols, not the physical bandwidth of the link.
128. DHCPv4 Operation
Introducing DHCPv4
DHCPv4:
assigns IPv4 addresses and other network configuration information dynamically
useful and timesaving tool for network administrators
dynamically assigns, or leases, an IPv4 address from a pool of addresses
A Cisco router can be configured to provide DHCPv4 services.
Administrators configure DHCPv4 servers so that leases expire. Then the
client must ask for another address, although the client is typically
reassigned the same address.
131. Configure DHCPv4 Server
Configure a Basic DHCPv4 Server
A Cisco router running the Cisco IOS software can be configured to act as a DHCPv4 server. To set up DHCP:
1. Exclude addresses from the pool.
2. Set up the DHCP pool name.
3. Define the range of addresses and subnet mask. Use the default-router
command for the default gateway. Optional parameters that can be included in the
pool – dns server, domain-name.
To disable DHCP, use the no service dhcp command.
•
132. Configure DHCPv4 Server
Verifying DHCPv4
Commands to verify DHCP:
show running-config | section dhcp
show ip dhcp binding
show ip dhcp server statistics
On the PC, issue the ipconfig /all command.
134. How to enable DHCP wired network
configuration
ip dhcp exclude-address 192.168.10.1 192.168.10.9
ip dhcp exclude-address 192.168.10.254
ip dhcp pool LAN-POOL-1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.11.5
end
136. How to enable DHCP wireless network
configuration
ip dhcp exclude-address 192.168.10.1 192.168.10.9
ip dhcp exclude-address 192.168.10.254
ip dhcp pool LAN-POOL-1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.11.5
end
140. NAT Operation
NAT Characteristics
• IPv4 Private Address Space
• 10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16
• What is NAT?
• Process to translate private IPv4 address to IPv4 public address
• Conserve public IPv4 addresses
• Configured at the border router for translation
• NAT includes four types of addresses:
Inside local address
Inside global address
Outside local address
Outside global address
141. NAT Operation
Types of NAT
• Static NAT
• One-to-one mapping of local and global
addresses
• Configured by the network administrator
and remain constant.
• Dynamic NAT
• Uses a pool of public addresses and assigns
them on a first-come, first-served basis
• Requires that enough public addresses for
the total number of simultaneous user
sessions
• Port Address Translation (PAT)
• Maps multiple private IPv4 addresses to a
single public IPv4 address or a few
addresses
• Also known as NAT overload
• Validates that the incoming packets were
requested
• Uses port numbers to forward the response
packets to the correct internal device
142. NAT Operation
NAT Advantages
• Advantages of NAT
• Conserves the legally registered addressing scheme
• Increases the flexibility of connections to the public network
• Provides consistency for internal network addressing schemes
• Provides network security
• Disadvantages of NAT
• Performance is degraded
• End-to-end functionality is degraded
• End-to-end IP traceability is lost
• Tunneling is more complicated
• Initiating TCP connections can be disrupted
145. Configure static routing.
A. Create a static route from the ISP router to the Gateway router using
the assigned public network address range 209.165.200.224/27.
ISP(config)# ip route 209.165.200.224 255.255.255.224 209.165.201.18
B. Create a default route from the Gateway router to the ISP router.
Gateway(config)# ip route 0.0.0.0 0.0.0.0 209.165.201.17
146. Cont..
• Step 1: Configure a static mapping.
• A static map is configured to tell the router to translate between the
private inside server address 192.168.1.20 and the public address
209.165.200.225. This allows a user from the Internet to access PC-A.
Gateway(config)# ip nat inside source static 192.168.1.20 209.165.200.225
Step 2: Specify the interfaces.
• Issue the ip nat inside and ip nat outside commands to the interfaces.
Gateway(config)# interface g0/1
Gateway(config-if)# ip nat inside
Gateway(config-if)# interface s0/0/1
Gateway(config-if)# ip nat outside
147. Cont…
Test the configuration.
A. Display the static NAT table by issuing the show ip nat translations
command.
Gateway# show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 209.165.200.225 192.168.1.20 --- ---
148. Cont…
B. From PC-A, ping the Lo0 interface (192.31.7.1) on ISP. If the ping was
unsuccessful, troubleshoot and correct the issues. On the Gateway router,
display the NAT table.
Gateway# show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 209.165.200.225:1 192.168.1.20:1 192.31.7.1:1 192.31.7.1:1
--- 209.165.200.225 192.168.1.20 --- ---
A NAT entry was added to the table with ICMP listed as the protocol when PC-A
sent an ICMP request (ping) to 192.31.7.1 on ISP.
149. Analyzing Static NAT
• Verifying Static NAT
show ip nat translations
show ip nat statistics
clear ip nat statistics