Please enable JavaScript.
Coggle requires JavaScript to display documents.
IPv4 Addressing
DHCP
NAT (NAT
translate LAN-Private IP Addresses to…
IPv4 Addressing
DHCP
NAT
IPv4 Address Assigning
STATIC
- useful to customers that has web servers accessible from the Internet to be associated with the DNS Name
- Dynamic DNS(DDNS) a service to update the DNS Name with the assigned ipv4 from DHCP
- AD == 1
Assignment:
1- assign the static IPv4 to the interface connecting to the SP
2- configure default route pointing to the ISP with 0.0.0.0 0.0.0.0 + ip address of ISP Router(specifying next-hop ip is best pracrtice)
DYNAMIC
- allow internet-facing interface of customer router to learn an IP from the ISP's DHCP server
- AD == 254 (floating static route), that prevents this route to be used if another default route manually configured or dynamically learnt
Assignment:
1- ip address dhcp command under the internet-interface to ISP and bringing it up with no shut.
2- no need to configure default route as the DHCP Server will inform it to the customer router // no ip dhcp client request router prevent this process
-
-
NAT
- translate LAN-Private IP Addresses to Internet-routable public IP Addresses
- implemented on Border devices such as Firewalls and Routers
- can be used in Addressing overlap in Intranets(tow mergers using the same private subnet)
BASIC NAT
-
Dynamic NAT (DNAT)
Inside Local Address assigned an Inside global address from a Pool of available addresses
Configuration:
1- create ACL with the inside Network[ access-list + number + permit + IP Address with wild card mask]
2- create a Pool [ ip nat pool + name + starting ip + ending ip + netmask]
3- configure lan-facing interface with [ip nat inside]
4- configure internet-facing interface with [ip nat outside]
5- associate the ACL with the NAT Pool [ip nat inside source list + ACL Num + pool + pool name]
can use NVI*
verfication*
sh ip nat translations
-
PAT(NAT overloading)
allow multiple inside local addresses to share one inside global address based on port numbers
Configuration:
1- create ACL with the inside Network[ access-list + number + permit + IP Address with wild card mask]
2- configure lan-facing interface with [ip nat inside]
3- configure internet-facing interface with [ip nat outside]
5- associate the ACL with the router's outside interface [ip nat inside source list + ACL Num + outside interface + interface name + overload(( can be used with pool to use PAT from the pool))]
can use NVI*
NVI (NAT Virtuell Interface)
to use ip nat enable under interfaces instead of ip nat inside or ip nat outside
- NVI0 interface created automatically with it(sh ip int brief) and take the IP Address of first enabled NAT Interface
- allow traffic to flow between inside interfaces
- avialbale to IOS 12.3(14) for DNAT and PAT and not for SNAT
----- sh ip nat nvi translations----
NAT Design Consideration::
1- NAT's modification of source and destination IP Addresses causes issues to end-to-end connections and Public Key Infrastructure(PKI), traceability is also an Issue
2- NAT's manipulations with header content causes issues with integrity checks of IPsec
Blocks of IP Addresses
Provider Aggregatable Address Space (PA)
it is assigned form SP directly and owned by it ad customer can't take it with him in case of changing the SP
Provider-Independent Address space(PI)
Assigned and owned from RIR directly and the customer can take it with him while changing the ISP