Lab 7.4.1: Basic DHCP and NAT Configuration: Topology Diagram
Lab 7.4.1: Basic DHCP and NAT Configuration: Topology Diagram
Lab 7.4.1: Basic DHCP and NAT Configuration: Topology Diagram
Topology Diagram
Addressing Table
Learning Objectives
Upon completion of this lab, you will be able to:
Prepare the network
Perform basic router configurations
Configure a Cisco IOS DHCP server
Configure static and default routing
Configure static NAT
Configure dynamic NAT with a pool of addresses
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
Scenario
In this lab, you will configure the DHCP and NAT IP services. One router is the DHCP server. The other
router forwards DHCP requests to the server. You will also configure both static and dynamic NAT
configurations, including NAT overload. When you have completed the configurations, verify the
connectivity between the inside and outside addresses.
Step 1: Cable a network that is similar to the one in the topology diagram.
You can use any current router in your lab as long as it has the required interfaces shown in the topology.
Note: If you use a 1700, 2500, or 2600 series router, the router outputs and interface descriptions may
look different. On older routers some commands may be different, or not exist.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
R1:
hostname R1
int fa0/0
ip address 192.168.10.1 255.255.255.0
no shut
int fa0/0
ip address 192.168.11.1 255.255.255.0
no shut
int s0/0/0
ip address 10.1.1.1 255.255.255.252
clock rate 125000
!
router ospf 1
network 192.168.10.0 0.0.0.255 area 0
network 192.168.11.0 0.0.0.255 area 0
network 10.1.1.0 0.0.0.3 area 0
R2:
hostname R2
int fa0/0
ip address 192.168.20.1 255.255.255.0
no shut
int s0/0/0
ip address 10.1.1.2 255.255.255.252
no shut
int s0/0/1
ip address 209.165.200.225 255.255.255.252
clock rate 125000
no shut
!optional loopback interface in place of server
!interface loopback 0
!ip address 192.168.20.254 255.255.255.0
!
router ospf 1
network 10.1.1.0 0.0.0.3 area 0
ISP:
hostname ISP
int s0/0/1
ip address 209.165.200.226 255.255.255.252
no shut
!
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
Scroll down and highlight Internet Protocol (TCP/IP). Click on the Properties button.
Make sure the button is selected that says Obtain an IP address automatically.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
Once this has been done on both PC1 and PC2, they are ready to receive an IP address from a DHCP
server.
Note: There is not a DNS server at 192.168.11.5. You are configuring the command for practice only.
Because devices from the network 192.168.11.0/24 also request addresses from R2, a separate pool
must be created to serve devices on that network. The commands are similar to the commands shown
above:
R2(config)#ip dhcp pool R1Fa1
R2(dhcp-config)#network 192.168.11.0 255.255.255.0
R2(dhcp-config)#dns-server 192.168.11.5
R2(dhcp-config)#default-router 192.168.11.1
What are the results of your test? ____________________________________ No IP address has been
automatically obtained.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
3031.632e.3537.6563.
2e30.3634.302d.566c.
31
The show ip dhcp pool command displays information on all currently configured DHCP pools on the
router. In this output, the pool R1Fa0 is configured on R1. One address has been leased from this pool.
The next client to request an address will receive 192.168.10.12.
R2#show ip dhcp pool
Pool R1Fa0 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 1
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
192.168.10.12 192.168.10.1 - 192.168.10.254 1
The debug ip dhcp server events command can be extremely useful when troubleshooting DHCP
leases with a Cisco IOS DHCP server. The following is the debug output on R1 after connecting a host.
Notice that the highlighted portion shows DHCP giving the client an address of 192.168.10.12 and mask
of 255.255.255.0
*Sep 13 21:04:18.072: DHCPD: Sending notification of DISCOVER:
*Sep 13 21:04:18.072: DHCPD: htype 1 chaddr 001c.57ec.0640
*Sep 13 21:04:18.072: DHCPD: remote id 020a0000c0a80b01010000000000
*Sep 13 21:04:18.072: DHCPD: circuit id 00000000
*Sep 13 21:04:18.072: DHCPD: Seeing if there is an internally specified pool
class:
*Sep 13 21:04:18.072: DHCPD: htype 1 chaddr 001c.57ec.0640
*Sep 13 21:04:18.072: DHCPD: remote id 020a0000c0a80b01010000000000
*Sep 13 21:04:18.072: DHCPD: circuit id 00000000
*Sep 13 21:04:18.072: DHCPD: there is no address pool for 192.168.11.1.
*Sep 13 21:04:18.072: DHCPD: Sending notification of DISCOVER:
R1#
*Sep 13 21:04:18.072: DHCPD: htype 1 chaddr 001c.57ec.0640
*Sep 13 21:04:18.072: DHCPD: remote id 020a0000c0a80a01000000000000
*Sep 13 21:04:18.072: DHCPD: circuit id 00000000
*Sep 13 21:04:18.072: DHCPD: Seeing if there is an internally specified pool
class:
*Sep 13 21:04:18.072: DHCPD: htype 1 chaddr 001c.57ec.0640
*Sep 13 21:04:18.072: DHCPD: remote id 020a0000c0a80a01000000000000
*Sep 13 21:04:18.072: DHCPD: circuit id 00000000
R1#
*Sep 13 21:04:20.072: DHCPD: Adding binding to radix tree (192.168.10.12)
*Sep 13 21:04:20.072: DHCPD: Adding binding to hash tree
*Sep 13 21:04:20.072: DHCPD: assigned IP address 192.168.10.12 to client
0063.6973.636f.2d30.3031.632e.3537.6563.2e30.3634.302d.566c.31.
*Sep 13 21:04:20.072: DHCPD: Sending notification of ASSIGNMENT:
*Sep 13 21:04:20.072: DHCPD: address 192.168.10.12 mask 255.255.255.0
*Sep 13 21:04:20.072: DHCPD: htype 1 chaddr 001c.57ec.0640
*Sep 13 21:04:20.072: DHCPD: lease time remaining (secs) = 86400
*Sep 13 21:04:20.076: DHCPD: Sending notification of ASSIGNMENT:
*Sep 13 21:04:20.076: DHCPD: address 192.168.10.12 mask 255.255.255.0
R1#
*Sep 13 21:04:20.076: DHCPD: htype 1 chaddr 001c.57ec.0640
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
Allow a few seconds for R1 to learn the default route from R2 and then check the R1 routing table.
Alternatively, you can clear the routing table with the clear ip route * command. A default route pointing
to R2 should appear in the R1 routing table. From R1, ping the serial 0/0/1 interface on ISP
(209.165.200.226). The pings should be successful. Troubleshoot if the pings fail.
Note: If using a simulated inside server, assign the ip nat inside command to the loopback interface.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
Step 2: Create an extended access control list to identify which inside addresses are translated.
R2(config)#ip access-list extended NAT
R2(config-ext-nacl)#permit ip 192.168.10.0 0.0.0.255 any
R2(config-ext-nacl)#permit ip 192.168.11.0 0.0.0.255 any
Step 3: Establish dynamic source translation by binding the pool with the access control list.
A router can have more than one NAT pool and more than one ACL. The following command tells the
router which address pool to use to translate hosts that are allowed by the ACL.
R2(config)#ip nat inside source list NAT pool MY-NAT-POOL
To troubleshoot issues with NAT, you can use the debug ip nat command. Turn on NAT debugging and
repeat the ping from PC1.
R2#debug ip nat
IP NAT debugging is on
R2#
*Sep 13 21:15:02.215: NAT*: s=192.168.10.11->209.165.200.241, d=209.165.200.226 [25]
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
Step 2: Configure PAT on R2 using the serial 0/0/1 interface public IP address.
The configuration is similar to dynamic NAT, except that instead of a pool of addresses, the interface
keyword is used to identify the outside IP address. Therefore, no NAT pool is defined. The overload
keyword enables the addition of the port number to the translation.
Because you already configured an ACL to identify which inside IP addresses to translate as well as
which interfaces are inside and outside, you only need to configure the following:
R2(config)#ip nat inside source list NAT interface S0/0/1 overload
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
Outside interfaces:
Serial0/0/1
Inside interfaces:
Serial0/0/0, Loopback0
Hits: 48 Misses: 6
CEF Translated packets: 46, CEF Punted packets: 0
Expired translations: 5
Dynamic mappings:
-- Inside Source
[Id: 2] access-list NAT interface Serial0/0/1 refcount 1
Queued Packets: 0
Note: In the previous task, you could have added the keyword overload to the ip nat inside source list
NAT pool MY-NAT-POOL command to allow for more than six concurrent users.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
^C
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line aux 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
R2#show run
!
hostname R2
!
!
enable secret class
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.11.1 192.168.11.10
!
ip dhcp pool R1Fa0
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.11.5
!
ip dhcp pool R1Fa1
network 192.168.11.0 255.255.255.0
dns-server 192.168.11.5
default-router 192.168.11.1
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
!
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
ip nat inside
ip virtual-reassembly
!
interface Serial0/0/1
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
ISP#show run
<output omitted>
!
hostname ISP
!
enable secret class
!
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 14
CCNA Exploration
Accessing the WAN: IP Addressing Services Lab 7.4.1: Basic DHCP and NAT Configuration
no ip domain lookup
!
interface Serial0/0/1
ip address 209.165.200.226 255.255.255.252
no shutdown
!
!
!
ip route 209.165.200.240 255.255.255.240 Serial0/0/1
!
banner motd ^C
***********************************
!!!AUTHORIZED ACCESS ONLY!!!
***********************************
^C
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line aux 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
!
end
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 14 of 14