-
Cisco 1700 Series Router Software Configuration Guide
-
Preface
-
Cisco IOS Software Skills
-
Configuring Security Features
-
Miscellaneous Features
-
Configuring Routing Among VLANs with IEEE 802.1Q Encapsulation
-
Configuring ISDN
-
Configuring a Leased Line
-
Configuring Frame Relay
-
Configuring Asynchronous Connections
-
Configuring X.25
-
Networking Concepts for the Cisco 1700 Router
-
ROM Monitor Software
-
Table Of Contents
Configuring Dynamic Host Configuration Protocol
Configuring Network Address Translation
Miscellaneous Features
This chapter presents basic configuration procedures for miscellaneous features of the Cisco 1700 series routers. It contains the following sections:
•
Configuring Dynamic Host Configuration Protocol
•
Configuring Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol (DHCP) is used to enable hosts (DHCP clients) on an IP network to obtain their configurations from a server (DHCP server). This reduces the work of administering an IP network. The most significant configuration option that the client receives from the server is its IP address.
Perform the following tasks to configure DHCP. Begin in global configuration mode.
Configuration Example
In the following example, three DHCP address pools are created: one in network 172.16.0.0, one in subnetwork 172.16.1.0, and one in subnetwork 172.16.2.0. Attributes from network 172.16.0.0, such as the domain name, Domain Name System (DNS) server, NetBIOS name server, and NetBIOS node type, are inherited in subnetworks 172.16.1.0 and 172.16.2.0. In each pool, clients are granted 30-day leases and all addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning to clients.
ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120ip dhcp excluded-address 172.16.1.100 172.16.1.103ip dhcp excluded-address 172.16.2.100 172.16.2.103!ip dhcp pool 0network 172.16.0.0 /16domain-name cisco.comdns-server 172.16.1.102 172.16.2.102netbios-name-server 172.16.1.103 172.16.2.103netbios-node-type h-node!ip dhcp pool 1network 172.16.1.0 /24default-router 172.16.1.100 172.16.1.101lease 30!ip dhcp pool 2network 172.16.2.0 /24default-router 172.16.2.100 172.16.2.101lease 30Configuring Network Address Translation
Network Address Translation (NAT) translates IP addresses within private "internal" networks to "legal" IP addresses for transport over public "external" networks (such as the Internet). Incoming traffic is translated back for delivery within the inside network. Thus, NAT allows an organization with unregistered "private" addresses to connect to the Internet by translating those addresses into globally registered IP addresses.
Interfaces are configured as "NAT inside" or "NAT outside." Once the interfaces are configured, the following steps can be performed to establish the NAT configuration within the router.
Configuration Example
In this example, we want NAT to allow certain devices on the inside to originate communication with devices on the outside by translating their internal addresses to valid outside addresses or a pool of addresses. The pool in this example is defined as the range of addresses from 172.16.10.1 through 172.16.10.63.
In order to accomplish this translation, we need to use dynamic NAT. With dynamic NAT, the translation table in the router is initially empty. The table is populated as traffic that needs to be translated passes through the router (in contrast with static NAT, in which a translation is statically configured and is placed in the translation table without the need for any traffic).
In this example, we can configure NAT to translate each inside device address to a unique valid outside address, or to translate each inside device address to the same valid outside address. The second method is known as overloading. An example of how to configure each method is given here.
To begin, configure the inside interface with an IP address and as a "NAT inside" interface.
interface inside interfaceip address 10.10.10.1 255.255.255.0ip nat insideThen configure the outside interface with an IP address and as a "NAT outside" interface.
interface outside interfaceip address 172.16.10.64 255.255.255.0ip nat outsideTo handle the case in which each inside address is translated to its own unique outside address, define a NAT pool named "no-overload" with a range of addresses from 172.16.10.0 to 172.16.10.63
ip nat pool no-overload 172.16.10.0 172.16.10.63 prefix 24Define access list 7 to permit packets with source addresses ranging from 10.10.10.0 through 10.10.10.31 and from 10.10.20.0 through 10.10.20.31.
access-list 7 permit 10.10.10.0 0.0.0.31access-list 7 permit 10.10.20.0 0.0.0.31Then indicate that any packet received on the inside interface, as permitted by access list 7, will have its source address translated to an address from the NAT pool "no-overload."
ip nat inside source list 7 pool no-overloadAlternatively, when all inside addresses are translated to a single outside address, define a NAT pool named "ovrld," which has a range of a single IP address: 172.16.10.1.
ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24Then indicate that any packet received on the inside interface, as permitted by access list 7, will have its source address translated to the address from the NAT pool "ovrld." Translations will be overloaded, which will allow multiple inside devices to be translated to the same outside IP address.
ip nat inside source list 7 pool ovrld overloadThe keyword overload used in this command allows NAT to translate multiple inside devices to the single address in the pool.
Another variation of this command is
ip nat inside source list 7 interface outside interface overloadwhich configures NAT to overload on the address that is assigned to the outside interface.