- Configuring Asynchronous Serial Traffic Over UDP
- Modem Signal and Line States
- Configuring X.25 on ISDN Using AO/DI
- Configuring ISDN BRI
- Leased and Switched BRI Interface for ETSI NET3
- ISDN BCAC and Round-Robin Channel Selection Enhancements
- Configuring ISDN Special Signaling
- Configuring Snapshot Routing
- Reliable Static Routing Backup Using Object Tracking
- Configuring Dial Backup for Serial Lines
- Configuring Dial Backup with Dialer Profiles
- Dialer Watch Connect Delay
- Configuring Cisco Easy IP ..
- Configuring Virtual Profiles
- Configuring Virtual Template Interfaces
- Configuring Media-Independent PPP and Multilink PPP
- Customer Profile Idle Timer Enhancements for Interesting Traffic
- Troubleshooting Enhancements for Multilink PPP over ATM Link Fragmentation and Interleaving
- Configuring PPP Callback
- Configuring ISDN Caller ID Callback
- Configuring BACP
- Large-Scale Dial-Out (LSDO) VRF Aware
Configuring Cisco Easy IP
This chapter describes how to configure the Cisco Easy IP feature. It includes the following main sections:
To identify the hardware platform or software image information associated with a feature, use the Feature Navigator on Cisco.com to search for information about the feature or refer to the software release notes for a specific release. For more information, see the “Identifying Supported Platforms” section in the “Using Cisco IOS Software” chapter.
For a complete description of the Cisco Easy IP commands in this chapter, refer to the Cisco IOS Dial Technologies Command Reference . To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
Cisco Easy IP Overview
Cisco Easy IP enables transparent and dynamic IP address allocation for hosts in remote environments using the following functionality:
- Cisco Dynamic Host Configuration Protocol (DHCP) server
- Port Address Translation (PAT), a subset of Network Address Translation (NAT)
- Dynamic PPP/IP Control Protocol (PPP/IPCP) WAN interface IP address negotiation
With the Cisco IOS Easy IP, a Cisco router automatically assigns local IP addresses to remote hosts (such as small office, home office or SOHO routers) using DHCP with the Cisco IOS DHCP server, automatically negotiates its own registered IP address from a central server via PPP/IPCP, and uses PAT functionality to enable all SOHO hosts to access the Internet using a single registered IP address. Because Cisco IOS Easy IP uses existing port-level multiplexed NAT functionality within Cisco IOS software, IP addresses on the remote LAN are invisible to the Internet, making the remote LAN more secure.
Cisco Easy IP provides the following benefits:
- Minimizes Internet access costs for remote offices
- Minimizes configuration requirements on remote access routers
- Enables transparent and dynamic IP address allocation for hosts in remote environments
- Improves network security capabilities at each remote site
- Conserves registered IP addresses
- Maximizes IP address manageability
Figure 1 shows a typical scenario for using the Cisco Easy IP feature.
Figure 1 Telecommuter and Branch Office LANs Using Cisco Easy IP
Steps 1 through 4 show how Cisco Easy IP works:
Step 1 When a SOHO host generates “interesting” traffic (as defined by Access Control Lists) for dialup (first time only), the Easy IP router requests a single registered IP address from the access server at the central site via PPP/IPCP. (See Figure 2.)
Figure 2 Cisco Easy IP Router Requests a Dynamic Global IP Address
Step 2 The central site router replies with a dynamic global address from a local DHCP IP address pool. (See Figure 3.)
Figure 3 Dynamic Global IP Address Delivered to the Cisco Easy IP Router
Step 3 The Cisco Easy IP router uses port-level NAT functionality to automatically create a translation that associates the registered IP address of the WAN interface with the private IP address of the client. (See Figure 4.)
Figure 4 Port-Level NAT Functionality Used for IP Address Translation
Step 4 The remote hosts contain multiple static IP addresses while the Cisco Easy IP router obtains a single registered IP address using PPP/IPCP. The Cisco Easy IP router then creates port-level multiplexed NAT translations between these addresses so that each remote host address (inside private address) is translated to a single external address assigned to the Cisco Easy IP router. This many-to-one address translation is also called port-level multiplexing or PAT. Note that the NAT port-level multiplexing function can be used to conserve global addresses by allowing the remote routers to use one global address for many local addresses. (See Figure 5.)
Figure 5 Multiple Private Internal IP Addresses Bound to a Single Global IP Address
How to Configure Cisco Easy IP
Before using Cisco Easy IP, perform the following tasks:
- Configure the ISDN switch type and service provider identifier (SPID), if using ISDN.
- Configure the static route from LAN to WAN interface.
- Configure the Cisco IOS DHCP server.
For information about configuring ISDN switch types, see the chapter “Setting Up ISDN Basic Rate Service” earlier in this publication. For information about configuring static routes, refer to the chapter “Configuring IP Services” in the Cisco IOS IP Configuration Guide .
The Cisco IOS DHCP server supports both DHCP and BOOTP clients and supports finite and infinite address lease periods. DHCP address binding information is stored on a remote host via remote copy protocol (RCP), FTP, or TFTP. Refer to the Cisco IOS IP Configuration Guide for DHCP configuration instructions.
In its most simple configuration, a Cisco Easy IP router or access server will have a single LAN interface and a single WAN interface. Based on this model, to use Cisco Easy IP you must perform the tasks in the following sections:
- Defining the NAT Pool (Required)
- Configuring the LAN Interface (Required)
- Defining NAT for the LAN Interface (Required)
- Configuring the WAN Interface (Required)
- Enabling PPP/IPCP Negotiation (Required)
- Defining NAT for the Dialer Interface (Required)
- Configuring the Dialer Interface (Required)
For configuration examples, see the section “Configuration Examples for Cisco Easy IP” at the end of this chapter.
Defining the NAT Pool
The first step in enabling Cisco Easy IP is to create a pool of internal IP addresses to be translated. To define the NAT pool, use the following commands in global configuration mode:
For information about creating access lists, refer to the chapter “Configuring IP Services” in the Cisco IOS IP Configuration Guide .
Configuring the LAN Interface
To configure the LAN interface, use the following commands beginning in global configuration mode:
For information about assigning IP addresses and subnet masks to network interfaces, refer to the chapter “Configuring IP Services” in the Cisco IOS IP Configuration Guide .
Defining NAT for the LAN Interface
To ensure that the LAN interface is connected to the inside network (and therefore subject to NAT), use the following command in interface configuration mode:
Configuring the WAN Interface
To configure the WAN interface, use the following commands beginning in global configuration mode:
Enabling PPP/IPCP Negotiation
To enable PPP/IPCP negotiation on the dialer interface, use the following commands beginning in global configuration mode:
Defining NAT for the Dialer Interface
To define that the dialer interface is connected to the outside network, use the following commands beginning in global configuration mode:
Configuring the Dialer Interface
To configure the dialer interface information, use the following commands beginning in global configuration mode:
Selects the dialer interface and begins interface configuration mode. |
||
Specifies for a dialer interface the length of time the interface waits for a carrier before timing out. |
||
Creates a dialer hold queue and specifies the number of packets to be held in it. |
||
Specifies the remote router Challenge Handshake Authentication Protocol (CHAP) authentication name. |
||
Specifies the amount of idle time that can pass before calls to the central access server are disconnected. See the next section “Timeout Considerations,” for more details on this setting. |
||
Specifies the telephone number required to reach the central access server. |
||
Timeout Considerations
Dynamic NAT translations time out automatically after a predefined default period. Although configurable, with the port-level NAT functionality in Cisco Easy IP, Domain Name System (DNS) User Datagram Protocol (UDP) translations time out after 5 minutes, while DNS translations time out after 1 minute by default. TCP translations time out after 24 hours by default, unless a TCP Reset (RST) or TCP Finish (FIN) is seen in the TCP stream, in which case the translation times out after 1 minute.
If the Cisco IOS Easy IP router exceeds the dialer idle-timeout period, it is expected that all active TCP sessions were previously closed via an RST or FIN. NAT times out all TCP translations before the Cisco Easy IP router exceeds the dialer idle-timeout period. The router then renegotiates another registered IP address the next time the WAN link is brought up, thereby creating new dynamic NAT translations that bind the IP addresses of the LAN host to the newly negotiated IP address.
Configuration Examples for Cisco Easy IP
The following example shows how to configure BRI interface 0 (shown as interface bri0) to obtain its IP address via PPP/IPCP address negotiation:
The following example shows how to configure an asynchronous interface (interface async1) to obtain its IP address via PPP/IPCP address negotiation:
Feedback