Module 1 – Scaling IP Addresses
Index
NAT
Network Address Translation (NAT) is used to allocate public IP addresses to hosts, regardless of the logical topology (hosts in different subnets can be allocated public addresses in the same subnet). As the topology of the network is hidden, it is more secure than using public IP addresses for internal addressing.
The addresses can be assigned manually for each host, which is necessary for servers that offer external services, as domain names are set to go to a fixed IP. Hosts that do not need to always be assigned the same external IP address can have the addresses assigned dynamically as they are required.
Set IP address pool
Router(config)# ip nat pool [name] [start address] [end address] netmask [subnet mask]
Set the ACL for allowed internal hosts
Router(config)# access-list [no.] permit [network address] [wildcard mask]
Enable NAT and assign ACL
Router(config)# ip nat inside source list [no.] pool [name]
Set interfaces as inside or outside
Router(config-if)# ip nat [inside | outside]
Set a static NAT assignment
Router(config)# ip nat inside source static [inside address] [outside address]
Router# debug ip nat
PAT
Port Address Translation (PAT) is used when there are more hosts that need external addresses than external addresses available. When the there are no longer enough addresses to go around, the router will assign individual ports to hosts, as they are required. The port number is the same as the external destination port, provided it is available. If the destination port is in use, the router will assign the next available port (eg, if 7777 was the destination and was already assigned to another host, 7778 would be used, provided it is free).
PAT can allow for a significant reduction in the number of public IP addresses needed, reducing cost and extending the life of IPv4, which is running out of free addresses.
Set the ACL for allowed internal hosts
Router(config)# access-list [no.] permit [network address] [wildcard mask]
Enable PAT and assign ACL
Router(config)# ip nat inside source list [no.] interface [interface] overload
Set interfaces as inside or outside
Router(config-if)# ip nat [inside | outside]
DHCP
Dynamic Host Configuration Protocol (DHCP) allows for host settings such as IP address, subnet mask, default gateway, and DNS server address, to be set remotely.
DHCP is based on BOOTP, which required that all hosts were allocated their IP addresses manually on the BOOTP server. DHCP doesn’t have this limitation.
DHCP requests are sent using UDP with port 68. DHCP reponses are sent back with UDP on port 67.
Basic DHCP config with IP address and default gateway
Router(config)# ip dhcp pool [pool-name]
Router(dhcp-config)# network [network address] [subnet mask | CIDR]
Router(dhcp-config)# default-router [router address]
Other attributes
Router(dhcp-config)# dns-server [server address]
Router(dhcp-config)# domain-name [domain]
Router(dhcp-config)# netbios-name-server [server address]
Forward packets to DHCP server
On LAN interface: Router(config-if)# ip helper-address [DHCP server address]
Exclude IP addresses from DHCP pool
Router(config)# ip dhcp excluded-address [start address] [end address (optional)]
