Ch.

1 – Scaling IP Addresses
NAT/PAT and DHCP

CCNA 4 version 3.0

Rick Graziani
Cabrillo College
Note to instructors

• If you have downloaded this presentation from the Cisco Networking

Academy Community FTP Center, this may not be my latest version of
this PowerPoint.
• For the latest PowerPoints for all my CCNA, CCNP, and Wireless
classes, please go to my web site:
http://www.cabrillo.edu/~rgraziani/
• The username is cisco and the password is perlman for all of
my materials.
• If you have any questions on any of my materials or the curriculum,
please feel free to email me at [email protected] (I really don’t
mind helping.) Also, if you run across any typos or errors in my
presentations, please let me know.
• I will add “(Updated – date)” next to each presentation on my web site
that has been updated since these have been uploaded to the FTP
center.
Thanks! Rick
Rick Graziani [email protected] 2
Overview

• Identify private IP addresses as described in RFC 1918

• Discuss characteristics of NAT and PAT
• Explain the benefits of NAT
• Explain how to configure NAT and PAT, including static translation,
dynamic translation, and overloading
• Identify the commands used to verify NAT and PAT configuration
• List the steps used to troubleshoot NAT and PAT configuration
• Discuss the advantages and disadvantages of NAT
• Describe the characteristics of DHCP
• Explain the differences between BOOTP and DHCP
• Explain the DHCP client configuration process
• Configure a DHCP server
• Verify DHCP operation
• Troubleshoot a DHCP configuration
• Explain DHCP relay requests

Rick Graziani [email protected] 3

 Private addressing

• 172.16.0.0 – 172.31.255.255: 172.16.0.0/12

– Where does the /12 come from?

12 bits in common
10101100 . 00010000 . 00000000 . 00000000 – 172.16.0.0
10101100 . 00011111 . 11111111 . 11111111 – 172.31.255.255
-------------------------------------------------------------
10101100 . 00010000 . 00000000 . 00000000 – 172.16.0.0/12

Rick Graziani [email protected] 4

Introducing NAT
and PAT

• NAT is designed to conserve IP addresses and enable networks to use

private IP addresses on internal networks.
• These private, internal addresses are translated to routable, public
addresses.
• NAT, as defined by RFC 1631, is the process of swapping one address for
another in the IP packet header.
• In practice, NAT is used to allow hosts that are privately addressed to access
the Internet.
• NAT translations can occur dynamically or statically.
• The most powerful feature of NAT routers is their capability to use port
address translation (PAT), which allows multiple inside addresses to map to
the same global address.
• This is sometimes called a many-to-one NAT.
Rick Graziani [email protected] 5
NAT Example

• Inside local address – The IP address assigned to a host on the

inside network. This address is likely to be an RFC 1918 private
address.
• Inside global address – A legitimate (Internet routable or public) IP
address assigned the service provider that represents one or more
inside local IP addresses to the outside world.
• Outside local address – The IP address of an outside host as it is
known to the hosts on the inside network.
Rick Graziani [email protected] 6
 NAT Example

1 2

DA SA DA SA

128.23.2.2 10.0.0.3 .... Data 128.23.2.2 179.9.8.80 .... Data

IP Header IP Header
1 2
• The translation from Private source IP address to Public source IP
address.
Rick Graziani [email protected] 7
 NAT Example

1 2

• Inside local address – The IP address assigned to a host on the

inside network.
• Inside global address – A legitimate (Internet routable or public) IP
address assigned the service provider.
• Outside global address – The IP address assigned to a host on the
outside network. The owner of the host assigns this address.
Rick Graziani [email protected] 8
 NAT Example

4 3

DA SA DA SA

10.0.0.3 128.23.2.2 .... Data 179.9.8.80 128.23.2.2 .... Data

4 IP Header 3 IP Header

• Translation back, from Public destination IP address to Private

destination IP address.
Rick Graziani [email protected] 9
NAT Example

• NAT allows you to have more than your allocated number of IP

addresses by using RFC 1918 address space with smaller mask.
• However, because you have to use your Public IP addresses for the
Internet, NAT still limits the number of hosts you can have access the
Internet at any one time (depending upon the number of hosts in your
public network mask.)
Rick Graziani [email protected] 10
PAT – Port Address Translation

• PAT (Port Address Translation) allows you to use a single Public IP

address and assign it up to 65,536 inside hosts (4,000 is more
realistic).
• PAT modifies the TCP/UDP source port to track inside Host addresses.
• Tracks and translates SA, DA and SP (which uniquely identifies each
connection) for each stream of traffic.
Rick Graziani [email protected] 11
 PAT Example

NAT/PAT table
maintains translation
of:
DA, SA, SP
DA SA DP SP DA SA DP SP

128.23.2.2 10.0.0.3 80 1331 Data 128.23.2.2 179.9.8.80 80 3333 Data

IP Header TCP/UDP IP Header TCP/UDP

1 Header 2 Header

DA SA DP SP DA SA DP SP

128.23.2.2 10.0.0.2 80 1555 Data 128.23.2.2 179.9.8.80 80 2222 Data

IP Header TCP/UDP IP Header TCP/UDP

Header Header

Rick Graziani [email protected] 12

PAT Example

NAT/PAT table maintains

translation of:
SA (DA), DA (SA), DP (SP)
DA SA DP SP DA SA DP SP

10.0.0.3 128.23.2.2 1331 80 Data 179.9.8.80 128.23.2.2 3333 80 Data

IP Header TCP/UDP IP Header TCP/UDP

4 Header 3 Header

DA SA DP SP DA SA DP SP

10.0.0.2 128.23.2.2 1555 80 Data 179.9.8.80 128.23.2.2 2222 80 Data

IP Header TCP/UDP IP Header TCP/UDP

Header Header

Rick Graziani [email protected] 13

PAT – Port Address Translation

• With PAT a multiple private IP addresses can be translated by a single

public address (many-to-one translation).
• This solves the limitation of NAT which is one-to-one translation.

Rick Graziani [email protected] 14

 PAT – Port Address Translation

DA SA DP SP DA SA DP SP

128.23.2.2 10.0.0.3 80 1331 Data 128.23.2.2 179.9.8.80 80 3333 Data

IP Header TCP/UDP IP Header TCP/UDP

1 Header 2 Header

DA SA DP SP DA SA DP SP

128.23.2.2 10.0.0.2 80 1555 Data 128.23.2.2 179.9.8.80 80 2222 Data

IP Header TCP/UDP IP Header TCP/UDP

Header Header

From CCNP 2 curriculum”

• “As long as the inside global port numbers are unique for each inside
local host, NAT overload will work. For example, if the host at 10.1.1.5
and 10.1.1.6 both use TCP port 1234, the NAT router can create the
extended table entries mapping 10.1.1.5:1234 to 171.70.2.2:1234 and
10.1.1.6:1234 to 171.70.2.2:1235. In fact, NAT implementations do
not necessarily try to preserve the original port number.”
Rick Graziani [email protected] 15
Configuring Static NAT

Rick Graziani [email protected] 16

 Configuring Dynamic NAT

Translate to these
outside addresses

Start
here

Source IP address
must match here

Rick Graziani [email protected] 17

Configure PAT – Overload

• In this example a single Public IP addresses is used, using PAT, source

ports, to differentiate between connection streams.
Rick Graziani [email protected] 18
Configure PAT – Overload

This is a different
example, using the IP
address of the outside
interface instead
specifying an IP
address

Rick Graziani [email protected] 19

NAT/PAT Clear Commands

Rick Graziani [email protected] 20

Verifying NAT/PAT

Rick Graziani [email protected] 21

Troubleshooting NAT/PAT

Rick Graziani [email protected] 22

 Issues with NAT/PAT

• NAT also forces some applications that use IP addressing to stop functioning because it
hides end-to-end IP addresses.
• Applications that use physical addresses instead of a qualified domain name will not
reach destinations that are translated across the NAT router.
• Sometimes, this problem can be avoided by implementing static NAT mappings.

Rick Graziani [email protected] 23

 DHCP
Dynamic Host Configuration Protocol

The first several slides should be a review of DHCP

from CCNA 1.
We will start with the discussion of configuring DHCP on
a Cisco router.
Please read the online curriculum if you need a review.
Introducing DHCP

Rick Graziani [email protected] 25

BOOTP and DHCP differences

There are two primary differences between DHCP and BOOTP:

• DHCP defines mechanisms through which clients can be assigned an

IP address for a finite lease period.
– This lease period allows for reassignment of the IP address to
another client later, or for the client to get another assignment, if
the client moves to another subnet.
– Clients may also renew leases and keep the same IP address.
• DHCP provides the mechanism for a client to gather other IP
configuration parameters, such as WINS and domain name.

Rick Graziani [email protected] 26

Major DHCP features

Rick Graziani [email protected] 27

DHCP Operation

Rick Graziani [email protected] 28

Configuring DHCP

• Note: The network statement enables DHCP on any router

interfaces belonging to that network.
– The router will act as a DHCP server on that interface.
– It is also the pool of addresses that the DHCP server will
use.
Rick Graziani [email protected] 29
Configuring DHCP

• The ip dhcp excluded-address command configures the router to

exclude an individual address or range of addresses when assigning
addresses to clients.
• Other IP configuration values such as the default gateway can be set from the
DHCP configuration mode.
• The DHCP service is enabled by default on versions of Cisco IOS that support
it. To disable the service, use the no service dhcp command.
• Use the service dhcp global configuration command to re-enable the DHCP
server process.
Rick Graziani [email protected] 30
Configuring DHCP

• DHCP options

Rick Graziani [email protected] 31

Verifying and Troubleshooting DHCP

Rick Graziani [email protected] 32

DHCP Relay

• DHCP clients use IP broadcasts to find the DHCP server on the

segment.
• What happens when the server and the client are not on the same
segment and are separated by a router?
– Routers do not forward these broadcasts.
• When possible, administrators should use the ip helper-address
command to relay broadcast requests for these key UDP services.
Rick Graziani [email protected] 33
Using helper addresses

Rick Graziani [email protected] 34

Configuring IP helper addresses

By default, the ip helper-address command forwards the eight UDPs services.

Rick Graziani [email protected] 35

 Configuring IP helper addresses

Broadcast Unicast
To configure RTA e0, the interface that receives the Host A broadcasts, to
relay DHCP broadcasts as a unicast to the DHCP server, use the
following commands:
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.9
Rick Graziani [email protected] 36
 Configuring IP helper addresses

Broadcast Unicast
Helper address configuration that relays broadcasts to all servers on the
segment.
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.255
But will RTA forward the broadcast?
Rick Graziani [email protected] 37
Directed Broadcast

• Notice that the RTA interface e3, which connects to the server farm, is not
configured with helper addresses.
• However, the output shows that for this interface, directed broadcast
forwarding is disabled.
• This means that the router will not convert the logical broadcast 172.24.1.255
into a physical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-FF.
• To allow all the nodes in the server farm to receive the broadcasts at Layer 2,
e3 will need to be configured to forward directed broadcasts with the following
command:
RTA(config)#interface e3
RTA(config-if)#ip
Rick Graziani [email protected]
directed-broadcast 38
 Configuring IP helper addresses

L3 Broadcast L2 Broadcast

Helper address configuration that relays broadcasts to all servers on the

segment.
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.255
RTA(config)#interface e3
RTA(config-if)#ip directed-broadcast
Rick Graziani [email protected] 39
Ch. 1 – Scaling IP Addresses
NAT/PAT and DHCP

CCNA 4 version 3.0

Rick Graziani
Cabrillo College