© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services Accessing the WAN – Chapter 7
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 2 Objectives Configuring DHCP in an enterprise branch network Configuring NAT on a Cisco router Configure new generation RIP (RIPng) to use IPv6
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 3
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 4
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 5 BOOTP and DHCP Differences
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 6
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 7
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 8
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 9 Using DHCP Relay when server and client are not on the same segment
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 10
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 11 Benefits of using private and public IP addressing
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 12
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 13
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 14
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 15
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 16
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 17
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 18
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 19 NAT OVERLOAD
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 20
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 21 Configuring port forwarding
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 22 Verifying and troubleshoot NAT and NAT overload configurations
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 23 Configure New Generation RIP (RIPng) to use IPv6 Based on figures as recent as January 2007, about 2.4 billion of the available IPv4 addresses are already assigned to end users or ISPs. That leaves roughly 1.3 billion addresses still available from the IPv4 address space. Despite this seemingly large number, IPv4 address space is running out.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 24 Shrinking IP Address Space
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 25 Where Are the IP Addresses Going? Population growth Mobile users Transportation Consumer electronics
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 26 IPv4 and IPv6 Addresses
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 27 IPV6 Address Representation
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 28 IPsec From Wikipedia, the free encyclopedia Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.protocol suiteInternet Protocol authenticatingencryptingIP packetmutual authentication cryptographic keys IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). [1] Internet LayerInternet Protocol Suite [1] Some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. Hence, IPsec protects any application traffic across an IP network. Applications do not need to be specifically designed to use IPsec. The use of TLS/SSL, on the other hand, must be designed into an application to protect the application protocols.Secure Sockets LayerTransport Layer SecuritySecure Shellupper layers IPsec is a successor of the ISO standard Network Layer Security Protocol (NLSP). NLSP was based on the SP3 protocol that was published by NIST, but designed by the Secure Data Network System project of the National Security Agency (NSA).NISTNational Security Agency IPsec is officially specified by the Internet Engineering Task Force (IETF) in a series of Request for Comment documents addressing various components and extensions. It specifies the spelling of the protocol name to be IPsec. [2]Internet Engineering Task ForceRequest for Comment [2]
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 29 IPv4 and IPv6 Headers
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 30 IPv6 Address Representation
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 31 IPv6 Address Representation
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 32 IPv6 Address Representation
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 33 IPv6 Addresses
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 34 IPv6 Addressing IPv6 Global Unicast Address range of addresses that start with binary value 001 (2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of assigned addresses. Reserved Addresses represent 1/256th of the total IPv6 address space. Private Addresses Site-local addresses (t hese addresses start with "FEC", "FED", "FEE", or "FEF“) Link-local addresses (these addresses start with "FE8", "FE9", "FEA", or "FEB“) Loopback Addresses (loopback address is 0:0:0:0:0:0:0:1) or (::1) Unspecified Address (0:0:0:0:0:0:0:0) or (“”)is named the "unspecified" address
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 35 Assigning IPv6 Addresses
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 36 EUI-64
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 37 Stateless Autoconfiguration
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 38 DHCPv6 (Stateful)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 39 EUI-64 to IPv6 Interface Identifier
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 40
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 41 Tunneling
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 42 Tunneling (beyond scope of this class)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 43
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 44
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 45
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 46 IPv6 Routing Considerations
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 47 RIPng Routing Protocol
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 48 Enabling IPv6 on Cisco Routers
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 49 IPv6 Address Configuration Example
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 50 Cisco IOS IPv6 Name Resolution
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 51 Configuring RIPng for IPv6
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 52 RIPng IPv6 Configuration
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 53 Verify and troubleshoot IPv6
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 54 Troubleshooting Commands
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 55 Summary Dynamic Host Control Protocol (DHCP) This is a means of assigning IP address and other configuration information automatically. DHCP operation –3 different allocation methods Manual Automatic Dynamic –Steps to configure DHCP Define range of addresses Create DHCP pool Configure DHCP pool specifics
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 56 Summary DHCP Relay Concept of using a router configured to listen for DHCP messages from DHCP clients and then forwards those messages to servers on different subnets Troubleshooting DHCP –Most problems arise due to configuration errors –Commands to aid troubleshooting Show ip dhcp Show run debug
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 57 Summary Private IP addresses –Class A = 10.x.x.x –Class B = x.x – x.x –Class C = x.x Network Address Translation (NAT) –A means of translating private IP addresses to public IP addresses –Type s of NAT Static Dynamic –Some commands used for troubleshooting Show ip nat translations Show ip nat statistics Debug ip nat
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 58 Summary IPv6 –A 128 bit address that uses colons to separate entries –Normally written as 8 groups of 4 hexadecimal digits Cisco IOS Dual Stack –A way of permitting a node to have connectivity to an IPv4 & IP v6 network simultaneously IPv6 Tunneling –An IPV6 packet is encapsulated within another protocol
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 59 Summary Configuring RIPng with IPv6 1 st globally enable IPv6 2 nd enable IPv6 on interfaces on which IPv6 is to be enabled 3 rd enable RIPng using either ipv6 rotuer rip name ipv6 router name enable
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 60