Simple SOHO style lab with R1 acting as the default gateway for the "office", configured with various types of NAT setup and providing DHCP services. R3 and R4 are used to simulate hosts (servers or desktops).
Diagram:
Objectives:
- Connect the routers as shown.
- Assign IP addresses to the interfaces on R1 and R2 as shown.
- Configure the DHCP server pools, and options on R1 and R2.
- Configure the interfaces for DHCP address assignment on R2, R3 and R4 as shown.
- Test connectivity from R2 to R1.
- Test connectivity from R3 and R4 to R2.
- Configure different types of NAT on R2.
Solution for R2 Only:
Configure the DHCP Server Pools, and Options on R1 and R2.
R2(config)#ip dhcp pool LAN_POOL
R2(dhcp-config)#network 192.168.0.0 255.255.255.0
R2(dhcp-config)#dns-server 192.168.0.1
R2(dhcp-config)#domain-name networkfoo.local
R2(dhcp-config)#default-router 192.168.0.1
By configuring the default-route command we tell the clients in this case routers to use 192.168.0.1 as the gateway of last resort
R3#sh ip route
!!!!! TRUNCATED !!!!!
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
C 192.168.0.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [254/0] via 192.168.0.1
Configure the Interfaces for DHCP Address Assignment on R2, R3 and R4 as shown.
R2(config)#interface fastethernet1/0
R2(config-if)#ip address dhcp
Test connectivity from R2 to R1
You can view the address R2 has leased from R1 with show dhcp lease.
R2#show dhcp lease
Temp IP addr: 10.0.0.2 for peer on Interface: FastEthernet1/0
Temp sub net mask: 255.255.255.224
DHCP Lease server: 10.0.0.1, state: 3 Bound
DHCP transaction id: 1E18
Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs
Temp default-gateway addr: 10.0.0.1
Next timer fires after: 11:59:51
Retry count: 0 Client-ID: cisco-cc02.59b4.0010-Fa1/0
Client-ID hex dump: 636973636F2D636330322E353962342E
303031302D4661312F30
Hostname: R2show interface fa1/0 wont tell you that the address was set via DHCP, but show ip interface brief will, as shown
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.0.1 YES manual up up
FastEthernet1/0 10.0.0.2 YES DHCP up up
Test connectivity using ping.
R2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
Configure Different Types of NAT on R2.
Configure PAT
In this section we'll setup and test different types of NAT. I haven't documented it but you will need to remove each previous NAT configuration before you move to the next one.
Create an access list to use in the NAT command. The access list is used to identify machines which should be NAT'd.
R2(config)#access-list 1 permit 192.168.0.0 0.0.0.255
Configure NAT. What were doing here is actually called PAT (Port Address Translation), which allows us to Translate many inside hosts to a single "public" IP address.
R2(config)#ip nat inside source list 1 interface fa1/0 overload
Configure the inside and outside interfaces
R2(config)#int fa0/0
R2(config-if)#ip nat inside
R2(config-if)#int fa1/0
R2(config-if)#ip nat outside
Now start a ping from both R3 and R4 to R1's 10.0.0.1 interface using ping 10.0.0.1 repeat 1000. On R2 you can view the nat translations with show ip nat translations as shown:
R2#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 10.0.0.2:0 192.168.0.2:0 10.0.0.1:0 10.0.0.1:0
icmp 10.0.0.2:1 192.168.0.2:1 10.0.0.1:1 10.0.0.1:1
icmp 10.0.0.2:4 192.168.0.3:4 10.0.0.1:4 10.0.0.1:4
icmp 10.0.0.2:5 192.168.0.3:5 10.0.0.1:5 10.0.0.1:5
Configuring Static NAT for R3
In some instances you may want to NAT a server to a more permanent IP address. In such cases you would use static NAT.
R2(config)#ip nat inside source static 192.168.0.3 10.0.0.10
That's all there really is to it. Use the show ip nat translations to view it.
R2#show ip nat tran
Pro Inside global Inside local Outside local Outside global
--- 10.0.0.10 192.168.0.3 --- ---
You could also start a debug ip packet trace on R1, which would allow you to see the NAT in action
*Mar 1 00:19:15.907: IP: tableid=0, s=10.0.0.10 (FastEthernet0/0), d=10.0.0.1 (FastEthernet0/0), routed via RIB
*Mar 1 00:19:15.911: IP: s=10.0.0.10 (FastEthernet0/0), d=10.0.0.1 (FastEthernet0/0), len 100, rcvd 3
Configure Dynamic NAT
R2(config)#ip nat pool NAT_POOL 10.0.0.11 10.0.0.20 netmask 255.255.255.224
R2(config)#ip nat inside source list 1 pool NAT_POOL
Once we start a ping from R3 and R4 to R1, you'll see the dynamic NAT translations it the NAT table
R2#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 10.0.0.12:0 192.168.0.2:0 10.0.0.1:0 10.0.0.1:0
--- 10.0.0.12 192.168.0.2 --- ---
icmp 10.0.0.11:0 192.168.0.3:0 10.0.0.1:0 10.0.0.1:0
--- 10.0.0.11 192.168.0.3 --- ---
Other Commands You Can Use in This Lab
- release dhcp fa0/1 - this is an exec level command which will release the dhcp lease on an interface.
- renew dhcp fa0/1 - the opposite of release.
- clear ip nat translations * - this will clear all the dynamic NAT translations from the NAT table.
- show ip dhcp pool - this command will show you some information about the DHCP server pool, including the address range and the number of leased addresses.
R2#sh ip dhcp pool
Pool LAN_POOL :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 2
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
192.168.0.4 192.168.0.1 - 192.168.0.254 2
