• NAT
  • NAT Concepts
  • Configuring NAT
  • Debugging NAT
• PAT
  • PAT Concepts
  • Configuring PAT
• DHCP
  • DHCP Concepts
  • Configuring DHCP

NAT

NAT Concepts

Network Address Translation (NAT) is used to allocate public IP addresses to hosts, regardless of the logical topology (hosts in different subnets can be allocated public addresses in the same subnet). As the topology of the network is hidden,  it is more secure than using public IP addresses for internal addressing.

The addresses can be assigned manually for each host, which is necessary for servers that offer external services, as domain names are set to go to a fixed IP. Hosts that do not need to always be assigned the same external IP address can have the addresses assigned dynamically as they are required.

Configuring NAT

Set IP address pool

Router(config)# ip nat pool [name] [start address] [end address] netmask [subnet mask]

Set the ACL for allowed internal hosts

Router(config)# access-list [no.] permit [network address] [wildcard mask]

Enable NAT and assign ACL

Router(config)# ip nat inside source list [no.] pool [name]

Set interfaces as inside or outside

Router(config-if)# ip nat [inside | outside]

Set a static NAT assignment

Router(config)# ip nat inside source static [inside address] [outside address]

Debugging NAT

Router# debug ip nat

PAT

PAT Concepts

Port Address Translation (PAT) is used when there are more hosts that need external addresses than external addresses available. When the there are no longer enough addresses to go around, the router will assign individual ports to hosts, as they are required. The port number is the same as the external destination port, provided it is available. If the destination port is in use, the router will assign the next available port (eg, if 7777 was the destination and was already assigned to another host, 7778 would be used, provided it is free).

PAT can allow for a significant reduction in the number of public IP addresses needed, reducing cost and extending the life of IPv4, which is running out of free addresses.

Configuring PAT

Set the ACL for allowed internal hosts

Router(config)# access-list [no.] permit [network address] [wildcard mask]

Enable PAT and assign ACL

Router(config)# ip nat inside source list [no.] interface [interface] overload

Set interfaces as inside or outside

Router(config-if)# ip nat [inside | outside]

DHCP

DHCP Concepts

Dynamic Host Configuration Protocol (DHCP) allows for host settings such as IP address, subnet mask, default gateway, and DNS server address, to be set remotely.

DHCP is based on BOOTP, which required that all hosts were allocated their IP addresses manually on the BOOTP server. DHCP doesn’t have this limitation.

DHCP requests are sent using UDP with port 68. DHCP reponses are sent back with UDP on port 67.

Configuring DHCP

Basic DHCP config with IP address and default gateway

Router(config)# ip dhcp pool [pool-name]

Router(dhcp-config)# network [network address] [subnet mask | CIDR]

Router(dhcp-config)# default-router [router address]

Other attributes

Router(dhcp-config)# dns-server [server address]

Router(dhcp-config)# domain-name [domain]

Router(dhcp-config)# netbios-name-server [server address]

Forward packets to DHCP server

On LAN interface: Router(config-if)# ip helper-address [DHCP server address]

Exclude IP addresses from DHCP pool

Router(config)# ip dhcp excluded-address [start address] [end address (optional)]