Every device that connects to a network needs an IP address. Network administrators assign static IP addresses to routers, servers, and other network devices whose locations (physical and logical) are not likely to change. Administrators enter static IP addresses manually when they configure devices to join the network. However, computers in an organization often change locations, physically and logically. Desktop clients do not require a static address. Instead, a workstation can use any address within a range of addresses. This range is typically within an IP subnet. A workstation within a specific subnet can be assigned any address within a specified range. Other items such as the subnet mask, default gateway, and Domain Name System (DNS) server are assigned a value which is common either to that subnet or entire administrated network.
DHCP assigns IP addresses and other important network configuration information dynamically. Providing IP addresses to clients is the most fundamental task performed by a DHCP server. DHCP includes three different address allocation mechanisms to provide flexibility when assigning IP addresses:
- Manual Allocation: The administrator assigns a pre-allocated IP address to the client and DHCP only communicates the IP address to the device.
- Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to a device.
- Dynamic Allocation: DHCP automatically dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address.
DHCP works in a client/server mode and operates like any other client/server relationship. When a PC connects to a DHCP server, the server assigns or leases an IP address to that PC. The PC connects to the network with that leased IP address until the lease expires. The host must contact the DHCP server periodically to extend the lease. This lease mechanism ensures that hosts that move or power off do not hold onto addresses that they do not need.
When the client boots or otherwise wants to join a network, it completes four steps in obtaining a lease. In the first step, the client broadcasts a DHCPDISCOVER message. The DHCPDISCOVER message finds DHCP servers on the network. Because the host has no valid IP information at bootup, it uses L2 and L3 broadcast addresses to communicate with the server.
When the DHCP server receives a DHCDISCOVER message, it finds an available IP address to lease, creates an ARP entry consisting of the MAC address of the requesting host and the leased IP address, and transmits a binding offer with a DHCPOFFER message. The DHCPOFFER message is sent as a unicast, using the L2 MAC address of the server as the source address and the L2 address of the client as the destination
When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST message. This message has two purposes: lease origination and lease renewal and verification. When used for lease origination, the DHCPREQUEST of the client is requesting that the IP information be verified just after it has been assigned. The message provides error checking to ensure that the assignment is still valid. The DHCPREQUEST also serves as a binding acceptance notice to the selected server and an implicit decline to any other servers that may have provided the host a binding offer.
Many enterprise networks use multiple DHCP servers. The DHCPREQUEST message is sent in the form of a broadcast to inform this DHCP server and any other DHCP servers about the accepted offer.
On receiving the DHCPREQUEST message, the server verifies the lease information, creates a new ARP entry for the client lease, and replies with a unicast DHCPACK message. The DHCPACK message is a duplicate of the DHCPOFFER, except for a change in the message type field. When the client receives the DHCPACK message, it logs the configuration information and performs an ARP lookup for the assigned address. If it does not receive a reply, it knows that the IP address is valid and starts using it as its own.
Clients lease the information from the server for an administratively defined period. Administrators configure DHCP servers to set the leases to time out at different intervals. Most ISPs and large networks use default lease durations of up to three days. When the lease expires, the client must ask for another address, although the client is typically reassigned the same address.
The DHCPREQUEST message also addresses the dynamic DHCP process. The IP information sent in the DHCPOFFER might have been offered to another client during the dynamic allocation. Each DHCP server creates pools of IP addresses and associated parameters. Pools are dedicated to individual, logical IP subnets. The pools allow multiple DHCP servers to respond and IP clients to be mobile. If multiple servers respond, a client can choose only one of the offers.
BOOTP and DHCP
The Bootstrap Protocol (BOOTP) is the predecessor of DHCP and shares some operational characteristics. BOOTP is a way to download address and boot configurations for diskless workstations. A diskless workstation does not have a hard drive or an operating system. Both DHCP and BOOTP are client/server based and use UDP ports 67 and 68. Those ports are still known as BOOTP ports.
DHCP and BOOTP have two components
The server is a host with a static IP address that allocates, distributes, and manages IP and configuration data assignments. Each allocation (IP and configuration data) is stored on the server in a data set called a binding. The client is any device using DHCP as a method for obtaining IP addressing or supporting configuration information.
There are three primary differences between DHCP and BOOTP:
- The main difference is that BOOTP was designed for manual pre-configuration of the host information in a server database, while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. When a BOOTP client requests an IP address, the BOOTP server searches a predefined table for an entry that matches the MAC address for the client. If an entry exists, the corresponding IP address for that entry is returned to the client. This means that the binding between the MAC address and the IP address must have already been configured in the BOOTP server.
- DHCP allows for recovery and reallocation of network addresses through a leasing mechanism. Specifically, DHCP defines mechanisms through which clients can be assigned an IP address for a finite lease period. This lease period allows for reassignment of the IP address to another client later, or for the client to get another assignment if the client moves to another subnet. Clients may also renew leases and keep the same IP address. BOOTP does not use leases. Its clients have reserved IP address which cannot be assigned to any other host.
- BOOTP provides a limited amount of information to a host. DHCP provides additional IP configuration parameters, such as WINS and domain name.
DHCP Message Format
The developers of DHCP needed to maintain compatibility with BOOTP and consequently used the same BOOTP message format.
DHCP Discovery and Offer Methods
When a client wants to join the network, it requests addressing values from the network DHCP server. If a client is configured to receive its IP settings dynamically, it transmits a DHCPDISCOVER message on its local physical subnet when it boots or senses an active network connection. Because the client has no way of knowing the subnet to which it belongs, the DHCPDISCOVER is an IP broadcast (destination IP address of 255.255.255.255). The client does not have a configured IP address, so the source IP address of 0.0.0.0 is used. As you see in the figure, the client IP address (CIADDR), default gateway address (GIADDR), and subnetwork mask are all marked with question marks.
The DHCP server manages the allocation of the IP addresses and answers configuration requests from clients.
When the DHCP server receives the DHCPDISCOVER message, it responds with a DHCPOFFER message. This message contains initial configuration information for the client, including the MAC address of the client, followed by the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. The subnet mask and default gateway are specified in the options field, subnet mask, and router options, respectively. The DHCPOFFER message can be configured to include other information, such as the lease renewal time, domain name server, and NetBIOS Name Service (Microsoft Windows Internet Name Service [Microsoft WINS]).
The server determines the configuration, based on the hardware address of the client as specified in the CHADDR field.
As shown in the diagram, the DHCP server has responded to the DHCPDISCOVER by assigning values to the CIADDR and subnetwork mask.
Administrators set up DHCP servers to assign addresses from predefined pools. Most DHCP servers also allow the administrator to define specifically which client MAC addresses can be serviced and automatically assign them the same IP address each time.
DHCP uses User Datagram Protocol (UDP) as its transport protocol. The client sends messages to the server on port 67. The server sends messages to the client on port 68.
Configuring a DHCP Server
The Cisco IOS DHCP server assigns and manages IP addresses from specified address pools within the router to DHCP clients.
The steps to configure a router as a DHCP server are as follows:
Step 1. Define a range of addresses that DHCP is not to allocate. These are usually static addresses reserved for the router interface, switch management IP address, servers, and local network printers.
Step 2. Create the DHCP pool using the ip dhcp pool command.
Step 3. Configure the specifics of the pool.
You should specify the IP addresses that the DHCP server should not assign to clients. Typically, some IP addresses belong to static network devices, such as servers or printers. DHCP should not assign these IP addresses to other devices. A best practice is to configure excluded addresses in global configuration mode before creating the DHCP pool. This ensures that DHCP does not assign reserved addresses accidentally. To exclude specific addresses, use the ip dhcp excluded-address command
Configuring a DHCP server involves defining a pool of addresses to assign. The ip dhcp pool command creates a pool with the specified name and puts the router in DHCP configuration mode, which is identified by the Router(dhcp-config)# prompt.
You must configure the available addresses and specify the subnet network number and mask of the DHCP address pool. Use the network statement to define the range of available addresses.
You should also define the default gateway or router for the clients to use with the default-router command. Typically, the gateway is the LAN interface of the router. One address is required, but you can list up to eight addresses.
The next DHCP pool commands are considered optional. For example, you can configure the IP address of the DNS server that is available to a DHCP client using the dns-server command. When configured, one address is required, but up to eight addresses can be listed.
Other parameters include configuring the duration of the DHCP lease. The default setting is one day, but you can change this by using the lease command. You can also configure a NetBIOS WINS server that is available to a Microsoft DHCP client
The DHCP service is enabled by default on versions of Cisco IOS software that support it. To disable the service, use the no service dhcp command. Use the service dhcp global configuration command to re-enable the DHCP server process.
Configuring a DHCP Client
To configure an Ethernet interface as a DHCP client, the ip address dhcp command must be configured.
Verifying DHCP
To verify the operation of DHCP, use the show ip dhcp binding command. This command displays a list of all IP address to MAC address bindings that have been provided by the DHCP service.
To verify that messages are being received or sent by the router, use the show ip dhcp server statistics command. This command displays count information regarding the number of DHCP messages that have been sent and received.
Another useful command to view multiple pools is the show ip dhcp pool command.
DHCP Relay
The problem is that the network clients typically are not on the same subnet as those servers. Therefore, the clients must locate the servers to receive services and often these services are located using broadcast messages.
In the figure, PC1 is attempting to acquire an IP address from the DHCP server located at 192.168.11.5. In this scenario router R1 is not configured as a DHCP server.
As a solution to this problem, an administrator could add DHCP servers on all the subnets. However, running these services on several computers creates both cost and administrative overhead.
A simpler solution is to configure the Cisco IOS helper address feature on intervening routers and switches. This solution enables routers to forward DHCP broadcasts to the DHCP servers. When a router forwards address assignment/parameter requests, it is acting as a DHCP relay agent.
For example, PC1 would broadcast a request to locate a DHCP server. If router R1 were configured as a DHCP relay agent, it would intercept this request and forward it to the DHCP server located on subnet 192.168.11.0.
To configure router R1 as a DHCP relay agent, you need to configure the nearest interface to the client with the ip helper-address interface configuration command. This command relays broadcast requests for key services to a configured address. Configure the IP helper address on the interface receiving the broadcast.
Router R1 is now configured as a DHCP relay agent. It accepts broadcast requests for the DHCP service and then forwards them as a unicast to the IP address 192.168.11.5.
DHCP is not the only service that the router can be configured to relay. By default, the ip helper-address command forwards the following eight UDP services:
To specify additional ports, use the ip forward-protocol command to specify exactly which types of broadcast packets to forward.
Troubleshooting DHCP
NAT
RFC 1918 specifies that private addresses are not to be routed over the Internet. This sometimes sees private addresses described as ""non-routable"". However, packets with private addresses can be routed within private internetworks. However, because you cannot route private addresses over the Internet, and there are not enough public addresses to allow organizations to provide one to every one of their hosts, networks need a mechanism to translate private addresses to public addresses at the edge of their network that works in both directions. Without a translation system, private hosts behind a router in the network of one organization cannot connect with private hosts behind a router in other organizations over the Internet.
Network Address Translation (NAT) provides this mechanism. When the client sends packets out of the network, NAT translates the internal IP address of the client to an external address. To outside users, all traffic coming to and going from the network has the same IP address or is from the same pool of addresses.
NAT has many uses, but its key use is to save IP addresses by allowing networks to use private IP addresses. NAT translates private, internal addresses into public, external addresses. A NAT-enabled device typically operates at the border of a stub network. In our example, R2 is the border router. A stub network is a network that has a single connection to its neighbor network. As seen from the ISP, R2 forms a stub network.
When a host inside the stub network, say PC1, PC2, or PC 3, wants to transmit to a host on the outside, the packet is forwarded to R2, the border gateway router. R2 performs the NAT process, translating the internal private address of the host to a public, outside, routable address.
In NAT terminology, the inside network is the set of networks that are subject to translation. The outside network refers to all other addresses. IP addresses have different designations based on whether they are on the private network or on the public network (Internet) and whether the traffic is incoming or outgoing.
The figure shows how to refer to the interfaces when configuring NAT. Assume that router R2 has been configured to provide NAT features. It has a pool of publicly available addresses to lend to inside hosts. This section uses the following terms when discussing NAT:
Static NAT
Remember that static NAT is a one-to-one mapping between an inside address and an outside address. Static NAT allows connections initiated by external devices to inside devices. For instance, you may want to map an inside global address to a specific inside local address that is assigned to your web server. Remember that static NAT is a one-to-one mapping between an inside address and an outside address. Static NAT allows connections initiated by external devices to inside devices. For instance, you may want to map an inside global address to a specific inside local address that is assigned to your web server.
The figure is a simple static NAT configuration applied to both interfaces. The router always translates packets from the host inside the network with the private address of 192.168.10.254 into an outside address of 209.165.200.254. The host on the Internet directs web requests to the public IP address 209.165.200.254, and router R2 always forwards that traffic to the server at 192.168.10.254.
Dynamic NAT
The figure is a simple static NAT configuration applied to both interfaces. The router always translates packets from the host inside the network with the private address of 192.168.10.254 into an outside address of 209.165.200.254. The host on the Internet directs web requests to the public IP address 209.165.200.254, and router R2 always forwards that traffic to the server at 192.168.10.254.
To configure dynamic NAT, you need an ACL to permit only those addresses that are to be translated. When developing your ACL, remember there is an implicit "deny all" at the end of each ACL. An ACL that is too permissive can lead to unpredictable results. Cisco advises against configuring access contol lists referenced by NAT commands with the permit any command. Using permit any can result in NAT consuming too many router resources, which can cause network problems.
This configuration allows translation for all hosts on the 192.168.10.0 and 192.168.11.0 networks when they generate traffic that enters S0/0/0 and exits S0/1/0. These hosts are translated to an available address in the 209.165.200.226 - 209.165.200.240 range.
Configuring NAT Overload (PAT) for a Single Public IP Address
There are two possible ways to configure overloading, depending on how the ISP allocates public IP addresses. In the first instance, the ISP allocates one public IP address to the organization, and in the other, it allocates more than one public IP address.
The figure shows the steps to follow to configure NAT overload with a single IP address. With only one public IP address, the overload configuration typically assigns that public address to the outside interface that connects to the ISP. All inside addresses are translated to the single IP address when leaving the outside interface.
The configuration is similar to dynamic NAT, except that instead of a pool of addresses, the interface keyword is used to identify the outside IP address. Therefore, no NAT pool is defined. The overload keyword enables the addition of the port number to the translation.
This example shows how NAT overload is configured. In the example, all hosts from network 192.168.0.0 /16 (matching ACL 1) sending traffic through router R2 to the Internet are translated to IP address 209.165.200.225 (interface S0/1/0 IP address). The traffic flows are identified by port numbers, because the overload keyword was used.
Configuring NAT Overload (PAT) for a Pool Public IP Address
In the scenario where the ISP has provided more than one public IP address, NAT overload is configured to use a pool. The primary difference between this configuration and the configuration for dynamic, one-to-one NAT is that the overload keyword is used. Remember that the overload keyword enables port address translation.
In this example, the configuration establishes overload translation for NAT pool NAT-POOL2. The NAT pool contains addresses 209.165.200.226 - 209.165.200.240 and is translated using PAT. Hosts in the 192.168.0.0 /16 network are subject to translation. Finally, the inside and outside interfaces are identified.
Port Forwarding
Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router. Port forwarding allows you to identify specific ports that can be forwarded to inside hosts. Different applications use different ports. For example, Telnet uses port 23, FTP uses ports 20 and 21, HTTP port 80, and SMTP uses port 25. This makes it predictable for applications and routers to identify network services. For example, HTTP operates through the well-known port 80
Verifying NAT and NAT Overload (PAT)
One of the most useful commands when verifying NAT operation is the show ip nat translations command. Before using the show commands to verify NAT, you must clear any dynamic translation entries that might still be present, because by default, dynamic address translations time out from the NAT translation table after a period of non-use. Adding verbose to the command displays additional information about each translation, including how long ago the entry was created and used.
The show ip nat statistics command displays information about the total number of active translations, NAT configuration parameters, how many addresses are in the pool, and how many have been allocated. Alternatively, use the show run command and look for NAT, access command list, interface, or pool commands with the required values.
By default, translation entries time out after 24 hours, unless the timers have been reconfigured with the ip nat translation timeouttimeout_ seconds command in global configuration mode.
The table in the figure is displaying the various ways to clear the NAT translations. You can be very specific about which translation to clear, or you can clear all translations from the table using the clear ip nat translation * global command, as shown in the example.
Troubleshooting NAT and NAT Overload (PAT)
Use the debug ip nat command to verify the operation of the NAT feature by displaying information about every packet that is translated by the router. The debug ip nat detailed command generates a description of each packet considered for translation. This command also outputs information about certain errors or exception conditions, such as the failure to allocate a global address.
When decoding the debug output, note what the following symbols and values indicate:
IPv6
Transition Richness
IPv4 will not disappear overnight. Rather, it will coexist with and then gradually be replaced by IPv6. For this reason, IPv6 was delivered with migration techniques to cover every conceivable IPv4 upgrade case. However, many were ultimately rejected by the technology community.
Currently, there are three main approaches:
IPv6 Address Representation
You know the 32-bit IPv4 address as a series of four 8-bit fields, separated by dots. However, larger 128-bit IPv6 addresses need a different representation because of their size. IPv6 addresses use colons to separate entries in a series of 16-bit hexadecimal.
The figure shows the address 2031:0000:130F:0000:0000:09C0:876A:130B. IPv6 does not require explicit address string notation. The figure shows how to shorten the address by applying the following guidelines:
IPv6 Tunneling
Tunneling is an integration method where an IPv6 packet is encapsulated within another protocol, such as IPv4. This method enables the connection of IPv6 islands without needing to convert the intermediary networks to IPv6. When IPv4 is used to encapsulate the IPv6 packet, a protocol type of 41 is specified in the IPv4 header, and the packet includes a 20-byte IPv4 header with no options and an IPv6 header and payload. It also requires dual-stack routers.
Tunneling presents these two issues. The maximum transmission unit (MTU) is effectively decreased by 20 octets if the IPv4 header does not contain any optional fields. In addition, a tunneled network is often difficult to troubleshoot.
Tunneling is an intermediate integration and transition technique and should not be considered as a final solution. A native IPv6 architecture should be the ultimate goal.
Manually Configured IPv6 Tunnel
A manually configured tunnel is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. The primary use is for stable connections that require regular secure communication between two edge routers or between an end system and an edge router, or for connection to remote IPv6 networks. The end routers must be dual stacked, and the configuration cannot change dynamically as network and routing needs change.
Administrators manually configure a static IPv6 address on a tunnel interface, and assign manually configured static IPv4 addresses to the tunnel source and the tunnel destination. The host or router at each end of a configured tunnel must support both the IPv4 and IPv6 protocol stacks. Manually configured tunnels can be configured between border routers or between a border router and a host.
Routing Configurations with IPv6
Like IPv4 classless interdomain routing (CIDR), IPv6 uses longest prefix match routing. IPv6 uses modified versions of most of the common routing protocols to handle longer IPv6 addresses and different header structures.
IPv6 Control Plane
Enabling IPv6 on a router starts its control plane operating processes specifically for IPv6. Protocol characteristics shape the performance of these processes and the amount of resources necessary to operate them:
IPv6 Data Plane
The data plane forwards IP packets based on the decisions made by the control plane. The forwarding engine parses the relevant IP packet information and does a lookup to match the parsed information against the forwarding policies defined by the control plane. IPv6 affects the performance of parsing and lookup functions:
In dual-stacked deployments, both RIP and RIPng are required.
Configuring a DHCP Server
The Cisco IOS DHCP server assigns and manages IP addresses from specified address pools within the router to DHCP clients.
The steps to configure a router as a DHCP server are as follows:
Step 1. Define a range of addresses that DHCP is not to allocate. These are usually static addresses reserved for the router interface, switch management IP address, servers, and local network printers.
Step 2. Create the DHCP pool using the ip dhcp pool command.
Step 3. Configure the specifics of the pool.
You should specify the IP addresses that the DHCP server should not assign to clients. Typically, some IP addresses belong to static network devices, such as servers or printers. DHCP should not assign these IP addresses to other devices. A best practice is to configure excluded addresses in global configuration mode before creating the DHCP pool. This ensures that DHCP does not assign reserved addresses accidentally. To exclude specific addresses, use the ip dhcp excluded-address command
Configuring a DHCP server involves defining a pool of addresses to assign. The ip dhcp pool command creates a pool with the specified name and puts the router in DHCP configuration mode, which is identified by the Router(dhcp-config)# prompt.
You must configure the available addresses and specify the subnet network number and mask of the DHCP address pool. Use the network statement to define the range of available addresses.
You should also define the default gateway or router for the clients to use with the default-router command. Typically, the gateway is the LAN interface of the router. One address is required, but you can list up to eight addresses.
The next DHCP pool commands are considered optional. For example, you can configure the IP address of the DNS server that is available to a DHCP client using the dns-server command. When configured, one address is required, but up to eight addresses can be listed.
Other parameters include configuring the duration of the DHCP lease. The default setting is one day, but you can change this by using the lease command. You can also configure a NetBIOS WINS server that is available to a Microsoft DHCP client
The DHCP service is enabled by default on versions of Cisco IOS software that support it. To disable the service, use the no service dhcp command. Use the service dhcp global configuration command to re-enable the DHCP server process.
Configuring a DHCP Client
To configure an Ethernet interface as a DHCP client, the ip address dhcp command must be configured.
Verifying DHCP
To verify the operation of DHCP, use the show ip dhcp binding command. This command displays a list of all IP address to MAC address bindings that have been provided by the DHCP service.
To verify that messages are being received or sent by the router, use the show ip dhcp server statistics command. This command displays count information regarding the number of DHCP messages that have been sent and received.
Another useful command to view multiple pools is the show ip dhcp pool command.
DHCP Relay
The problem is that the network clients typically are not on the same subnet as those servers. Therefore, the clients must locate the servers to receive services and often these services are located using broadcast messages.
In the figure, PC1 is attempting to acquire an IP address from the DHCP server located at 192.168.11.5. In this scenario router R1 is not configured as a DHCP server.
As a solution to this problem, an administrator could add DHCP servers on all the subnets. However, running these services on several computers creates both cost and administrative overhead.
A simpler solution is to configure the Cisco IOS helper address feature on intervening routers and switches. This solution enables routers to forward DHCP broadcasts to the DHCP servers. When a router forwards address assignment/parameter requests, it is acting as a DHCP relay agent.
For example, PC1 would broadcast a request to locate a DHCP server. If router R1 were configured as a DHCP relay agent, it would intercept this request and forward it to the DHCP server located on subnet 192.168.11.0.
To configure router R1 as a DHCP relay agent, you need to configure the nearest interface to the client with the ip helper-address interface configuration command. This command relays broadcast requests for key services to a configured address. Configure the IP helper address on the interface receiving the broadcast.
Router R1 is now configured as a DHCP relay agent. It accepts broadcast requests for the DHCP service and then forwards them as a unicast to the IP address 192.168.11.5.
DHCP is not the only service that the router can be configured to relay. By default, the ip helper-address command forwards the following eight UDP services:
- Port 37: Time
- Port 49: TACACS
- Port 53: DNS
- Port 67: DHCP/BOOTP server
- Port 68: DHCP/BOOTP client
- Port 69: TFTP
- Port 137: NetBIOS name service
- Port 138: NetBIOS datagram service
To specify additional ports, use the ip forward-protocol command to specify exactly which types of broadcast packets to forward.
Troubleshooting DHCP
NAT
RFC 1918 specifies that private addresses are not to be routed over the Internet. This sometimes sees private addresses described as ""non-routable"". However, packets with private addresses can be routed within private internetworks. However, because you cannot route private addresses over the Internet, and there are not enough public addresses to allow organizations to provide one to every one of their hosts, networks need a mechanism to translate private addresses to public addresses at the edge of their network that works in both directions. Without a translation system, private hosts behind a router in the network of one organization cannot connect with private hosts behind a router in other organizations over the Internet.
Network Address Translation (NAT) provides this mechanism. When the client sends packets out of the network, NAT translates the internal IP address of the client to an external address. To outside users, all traffic coming to and going from the network has the same IP address or is from the same pool of addresses.
NAT has many uses, but its key use is to save IP addresses by allowing networks to use private IP addresses. NAT translates private, internal addresses into public, external addresses. A NAT-enabled device typically operates at the border of a stub network. In our example, R2 is the border router. A stub network is a network that has a single connection to its neighbor network. As seen from the ISP, R2 forms a stub network.
When a host inside the stub network, say PC1, PC2, or PC 3, wants to transmit to a host on the outside, the packet is forwarded to R2, the border gateway router. R2 performs the NAT process, translating the internal private address of the host to a public, outside, routable address.
In NAT terminology, the inside network is the set of networks that are subject to translation. The outside network refers to all other addresses. IP addresses have different designations based on whether they are on the private network or on the public network (Internet) and whether the traffic is incoming or outgoing.
The figure shows how to refer to the interfaces when configuring NAT. Assume that router R2 has been configured to provide NAT features. It has a pool of publicly available addresses to lend to inside hosts. This section uses the following terms when discussing NAT:
- Inside local address - Usually not an IP address assigned by a RIR or service provider and is most likely an RFC 1918 private address. In the figure, the IP address 192.168.10.10 is assigned to the host PC1 on the inside network.
- Inside global address - Valid public address that the inside host is given when it exits the NAT router. When traffic from PC1 is destined for the web server at 209.165.201.1, router R2 must translate the address. In this case, IP address 209.165.200.226 is used as the inside global address for PC1.
- Outside global address - Valid public IP address assigned to a host on the Internet. For example, the web server is reachable at IP address 209.165.201.1.
- Outside local address - The local IP address assigned to a host on the outside network. In most situations, this address will be identical to the outside global address of that outside device.
NAT can translate between "outside" and "inside" public addresses.
Dynamic Mapping and Static Mapping
There are two types of NAT translation: dynamic and static.
- Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. When a host with a private IP address requests access to the Internet, dynamic NAT chooses an IP address from the pool that is not already in use by another host.
- Static NAT uses a one-to-one mapping of local and global addresses, and these mappings remain constant. Static NAT is particularly useful for web servers or hosts that must have a consistent address that is accessible from the Internet. These internal hosts may be enterprise servers or networking devices.
NAT Overload (PAT)
NAT overloading (sometimes called Port Address Translation or PAT) maps multiple private IP addresses to a single public IP address or a few addresses. This is what most home routers do. Your ISP assigns one address to your router, yet several members of your family can simultaneously surf the Internet.
With NAT overloading, multiple addresses can be mapped to one or to a few addresses because each private address is also tracked by a port number. When a client opens a TCP/IP session, the NAT router assigns a port number to its source address. NAT overload ensures that clients use a different TCP port number for each client session with a server on the Internet. When a response comes back from the server, the source port number, which becomes the destination port number on the return trip, determines to which client the router routes the packets. It also validates that the incoming packets were requested, thus adding a degree of security to the session.
The figure illustrates the process. NAT overload uses unique source port numbers on the inside global IP address to distinguish between translations. As NAT processes each packet, it uses a port number (1331 and 1555 in this example) to identify the client from which the packet originated. The source address (SA) is the inside local IP address with the TCP/IP assigned port number attached. The destination address (DA) is the outside local IP address with the service port number attached, in this case port 80: HTTP.
At the border gateway router (R2), NAT overload changes the SA to the inside global IP address of the client, again with the port number attached. The DA is the same address, but is now referred to as the outside global IP address. When the web server replies, the same path is followed but in reverse.
Port numbers are encoded in 16 bits. The total number of internal addresses that can be translated to one external address could theoretically be as high as 65,536 per IP address.
In the previous example, the client port numbers in the two SAs, 1331 and 1555, do not change at the border gateway. This is not a very likely scenario because there is a good chance that these numbers may have already been attached to other ongoing sessions.
NAT overload attempts to preserve the original source port. However, if this source port is already used, NAT overload assigns the first available port number starting from the beginning of the appropriate port group 0-511, 512-1023, or 1024-65535. When there are no more ports available and there is more than one external IP address configured, NAT overload moves to the next IP address to try to allocate the original source port again. This process continues until it runs out of available ports and external IP addresses.
In the figure, both hosts have somehow chosen the same port number 1444. This is acceptable for the inside address, because they both have unique private IP addresses. However, at the border gateway, the port numbers need to be changed-otherwise, two packets from two hosts would leave R2 with the same source address. NAT overload has given the second address the first available port number, which in this case happens to be 1445.
Differences Between NAT and NAT Overload (PAT)
NAT generally only translates IP addresses on a 1:1 correspondence between publicly exposed IP addresses and privately held IP addresses. NAT overload modifies both the private IP address and port number of the sender. NAT overload chooses the port numbers seen by hosts on the public network.
NAT routes incoming packets to their inside destination by referring to the incoming source IP address given by the host on the public network. With NAT overload, there is generally only one or a very few publicly exposed IP addresses. Incoming packets from the public network are routed to their destinations on the private network by referring to a table in the NAT overload device that tracks public and private port pairs. This is called connection tracking.
Static NAT
Remember that static NAT is a one-to-one mapping between an inside address and an outside address. Static NAT allows connections initiated by external devices to inside devices. For instance, you may want to map an inside global address to a specific inside local address that is assigned to your web server. Remember that static NAT is a one-to-one mapping between an inside address and an outside address. Static NAT allows connections initiated by external devices to inside devices. For instance, you may want to map an inside global address to a specific inside local address that is assigned to your web server.
The figure is a simple static NAT configuration applied to both interfaces. The router always translates packets from the host inside the network with the private address of 192.168.10.254 into an outside address of 209.165.200.254. The host on the Internet directs web requests to the public IP address 209.165.200.254, and router R2 always forwards that traffic to the server at 192.168.10.254.
Dynamic NAT
The figure is a simple static NAT configuration applied to both interfaces. The router always translates packets from the host inside the network with the private address of 192.168.10.254 into an outside address of 209.165.200.254. The host on the Internet directs web requests to the public IP address 209.165.200.254, and router R2 always forwards that traffic to the server at 192.168.10.254.
To configure dynamic NAT, you need an ACL to permit only those addresses that are to be translated. When developing your ACL, remember there is an implicit "deny all" at the end of each ACL. An ACL that is too permissive can lead to unpredictable results. Cisco advises against configuring access contol lists referenced by NAT commands with the permit any command. Using permit any can result in NAT consuming too many router resources, which can cause network problems.
This configuration allows translation for all hosts on the 192.168.10.0 and 192.168.11.0 networks when they generate traffic that enters S0/0/0 and exits S0/1/0. These hosts are translated to an available address in the 209.165.200.226 - 209.165.200.240 range.
Configuring NAT Overload (PAT) for a Single Public IP Address
There are two possible ways to configure overloading, depending on how the ISP allocates public IP addresses. In the first instance, the ISP allocates one public IP address to the organization, and in the other, it allocates more than one public IP address.
The figure shows the steps to follow to configure NAT overload with a single IP address. With only one public IP address, the overload configuration typically assigns that public address to the outside interface that connects to the ISP. All inside addresses are translated to the single IP address when leaving the outside interface.
The configuration is similar to dynamic NAT, except that instead of a pool of addresses, the interface keyword is used to identify the outside IP address. Therefore, no NAT pool is defined. The overload keyword enables the addition of the port number to the translation.
This example shows how NAT overload is configured. In the example, all hosts from network 192.168.0.0 /16 (matching ACL 1) sending traffic through router R2 to the Internet are translated to IP address 209.165.200.225 (interface S0/1/0 IP address). The traffic flows are identified by port numbers, because the overload keyword was used.
Configuring NAT Overload (PAT) for a Pool Public IP Address
In the scenario where the ISP has provided more than one public IP address, NAT overload is configured to use a pool. The primary difference between this configuration and the configuration for dynamic, one-to-one NAT is that the overload keyword is used. Remember that the overload keyword enables port address translation.
In this example, the configuration establishes overload translation for NAT pool NAT-POOL2. The NAT pool contains addresses 209.165.200.226 - 209.165.200.240 and is translated using PAT. Hosts in the 192.168.0.0 /16 network are subject to translation. Finally, the inside and outside interfaces are identified.
Port Forwarding
Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router. Port forwarding allows you to identify specific ports that can be forwarded to inside hosts. Different applications use different ports. For example, Telnet uses port 23, FTP uses ports 20 and 21, HTTP port 80, and SMTP uses port 25. This makes it predictable for applications and routers to identify network services. For example, HTTP operates through the well-known port 80
Verifying NAT and NAT Overload (PAT)
One of the most useful commands when verifying NAT operation is the show ip nat translations command. Before using the show commands to verify NAT, you must clear any dynamic translation entries that might still be present, because by default, dynamic address translations time out from the NAT translation table after a period of non-use. Adding verbose to the command displays additional information about each translation, including how long ago the entry was created and used.
The show ip nat statistics command displays information about the total number of active translations, NAT configuration parameters, how many addresses are in the pool, and how many have been allocated. Alternatively, use the show run command and look for NAT, access command list, interface, or pool commands with the required values.
By default, translation entries time out after 24 hours, unless the timers have been reconfigured with the ip nat translation timeouttimeout_ seconds command in global configuration mode.
The table in the figure is displaying the various ways to clear the NAT translations. You can be very specific about which translation to clear, or you can clear all translations from the table using the clear ip nat translation * global command, as shown in the example.
Troubleshooting NAT and NAT Overload (PAT)
Use the debug ip nat command to verify the operation of the NAT feature by displaying information about every packet that is translated by the router. The debug ip nat detailed command generates a description of each packet considered for translation. This command also outputs information about certain errors or exception conditions, such as the failure to allocate a global address.
When decoding the debug output, note what the following symbols and values indicate:
- * - The asterisk next to NAT indicates that the translation is occurring in the fast-switched path. The first packet in a conversation is always process-switched, which is slower. The remaining packets go through the fast-switched path if a cache entry exists.
- s= - Refers to the source IP address.
- a.b.c.d--->w.x.y.z - Indicates that source address a.b.c.d is translated to w.x.y.z.
- d= - Refers to the destination IP address.
- [xxxx] - The value in brackets is the IP identification number. This information may be useful for debugging in that it enables correlation with other packet traces from protocol analyzers.
Transition Richness
IPv4 will not disappear overnight. Rather, it will coexist with and then gradually be replaced by IPv6. For this reason, IPv6 was delivered with migration techniques to cover every conceivable IPv4 upgrade case. However, many were ultimately rejected by the technology community.
Currently, there are three main approaches:
- Dual stack
- 6to4 tunneling
- NAT-PT, ISATAP tunneling, and Teredo tunneling (last resort methods)
IPv6 Address Representation
You know the 32-bit IPv4 address as a series of four 8-bit fields, separated by dots. However, larger 128-bit IPv6 addresses need a different representation because of their size. IPv6 addresses use colons to separate entries in a series of 16-bit hexadecimal.
The figure shows the address 2031:0000:130F:0000:0000:09C0:876A:130B. IPv6 does not require explicit address string notation. The figure shows how to shorten the address by applying the following guidelines:
- Leading zeros in a field are optional. For example, the field 09C0 equals 9C0, and the field 0000 equals 0. So 2031:0000:130F:0000:0000:09C0:876A:130B can be written as 2031:0:130F:0000:0000:9C0:876A:130B.
- Successive fields of zeros can be represented as two colons "::". However, this shorthand method can only be used once in an address. For example 2031:0:130F:0000:0000:9C0:876A:130B can be written as 2031:0:130F::9C0:876A:130B.
- An unspecified address is written as "::" because it contains only zeros.
Using the "::" notation greatly reduces the size of most addresses as shown
IPv6 Global Unicast Address
IPv6 has an address format that enables aggregation upward eventually to the ISP. Global unicast addresses typically consists of a 48-bit global routing prefix and a 16-bit subnet ID. Individual organizations can use a 16-bit subnet field to create their own local addressing hierarchy. This field allows an organization to use up to 65,535 individual subnets.
The current global unicast address that is assigned by the IANA uses the range of addresses that start with binary value 001 (2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of assigned addresses. The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the five RIR registries (ARIN, RIPE NCC, APNIC, LACNIC, and AfriNIC).
Private Addresses
A block of IPv6 addresses is set aside for private addresses, just as is done in IPv4. These private addresses are local only to a particular link or site, and are therefore never routed outside of a particular company network. Private addresses have a first octet value of "FE" in hexadecimal notation, with the next hexadecimal digit being a value from 8 to F.
These addresses are further divided into two types, based upon their scope.
- Site-local addresses, are addresses similar to the RFC 1918 Address Allocation for Private Internets in IPv4 today. The scope of these addresses is an entire site or organization. In hexadecimal, site-local addresses begin with "FE" and then "C" to "F" for the third hexadecimal digit.
- Link-local addresses, are new to the concept of addressing with IP in the Network layer. These addresses have a smaller scope than site-local addresses; they refer only to a particular physical link (physical network). Routers do not forward datagrams using link-local addresses at all, not even within the organization; they are only for local communication on a particular physical network segment. They are used for link communications such as automatic address configuration, neighbor discovery, and router discovery. Many IPv6 routing protocols also use link-local addresses. Link-local addresses begin with "FE" and then have a value from "8" to "B" for the third hexadecimal digit.
Loopback Address
Just as in IPv4, a provision has been made for a special loopback IPv6 address for testing; datagrams sent to this address "loop back" to the sending device. However, in IPv6 there is just one address, not a whole block, for this function. The loopback address is 0:0:0:0:0:0:0:1, which is normally expressed using zero compression as "::1".
Unspecified Address
In IPv4, an IP address of all zeroes has a special meaning; it refers to the host itself, and is used when a device does not know its own address. In IPv6, this concept has been formalized, and the all-zeroes address (0:0:0:0:0:0:0:0) is named the "unspecified" address. It is typically used in the source field of a datagram that is sent by a device that seeks to have its IP address configured. You can apply address compression to this address; because the address is all zeroes, the address becomes just "::".
IPv6 Address Management
IPv6 addresses use interface identifiers to identify interfaces on a link. Think of them as the host portion of an IPv6 address. Interface identifiers are required to be unique on a specific link. Interface identifiers are always 64 bits and can be dynamically derived from a Layer 2 address (MAC).
You can assign an IPv6 address ID statically or dynamically:
- Static assignment using a manual interface ID
- Static assignment using an EUI-64 interface ID
- Stateless autoconfiguration
- DHCP for IPv6 (DHCPv6)
Manual Interface ID Assignment
One way to statically assign an IPv6 address to a device is to manually assign both the prefix (network) and interface ID (host) portion of the IPv6 address. To configure an IPv6 address on a Cisco router interface, use the ipv6 address ipv6-address/prefix-length command in interface configuration mode. The following example shows the assignment of an IPv6 address to the interface of a Cisco router:
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64
EUI-64 Interface ID Assignment
Another way to assign an IPv6 address is to configure the prefix (network) portion of the IPv6 address and derive the interface ID (host) portion from the Layer 2 MAC address of the device, which is known as the EUI-64 interface ID.
The EUI-64 standard explains how to stretch IEEE 802 MAC addresses from 48 to 64 bits by inserting the 16-bit 0xFFFE in the middle at the 24th bit of the MAC address to create a 64-bit, unique interface identifier.
To configure an IPv6 address on a Cisco router interface and enable IPv6 processing using EUI-64 on that interface, use the ipv6 address ipv6-prefix/prefix-length eui-64 command in interface configuration mode. The following example shows the assignment of an EUI-64 address to the interface of a Cisco router:
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64
Stateless Autoconfiguration
Autoconfiguration automatically configures the IPv6 address. In IPv6, it is assumed that non-PC devices, as well as computer terminals, will be connected to the network.
DHCPv6 (Stateful)
DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to IPv6 stateless address autoconfiguration (RFC 2462), and can be used separately or concurrently with IPv6 stateless address autoconfiguration to obtain configuration parameters
IPv6 Transition Strategies
The transition from IPv4 does not require upgrades on all nodes at the same time. Recall the advice: "Dual stack where you can, tunnel where you must." These two methods are the most common techniques to transition from IPv4 to IPv6.
Dual Stacking
Dual stacking is an integration method in which a node has implementation and connectivity to both an IPv4 and IPv6 network. This is the recommended option and involves running IPv4 and IPv6 at the same time. Router and switches are configured to support both protocols, with IPv6 being the preferred protocol.
Tunneling
The second major transition technique is tunneling. There are several tunneling techniques available, including:
- Manual IPv6-over-IPv4 tunneling - An IPv6 packet is encapsulated within the IPv4 protocol. This method requires dual-stack routers.
- Dynamic 6to4 tunneling - Automatically establishes the connection of IPv6 islands through an IPv4 network, typically the Internet. It dynamically applies a valid, unique IPv6 prefix to each IPv6 island, which enables the fast deployment of IPv6 in a corporate network without address retrieval from the ISPs or registries.
Other less popular tunneling techniques that are beyond the scope of this course include:
- Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunneling - Automatic overlay tunneling mechanism that uses the underlying IPv4 network as a link layer for IPv6.
- Teredo tunneling - An IPv6 transition technology that provides host-to-host automatic tunneling instead of gateway tunneling
NAT-Protocol Translation (NAT-PT)
Cisco IOS Release 12.3(2)T and later (with the appropriate feature set) also include NAT-PT between IPv6 and IPv4. This translation allows direct communication between hosts that use different versions of the IP protocol
Cisco IOS Dual Stack
Dual stacking is an integration method that allows a node to have connectivity to an IPv4 and IPv6 network simultaneously. Each node has two protocol stacks with the configuration on the same interface or on multiple interfaces.
The dual-stack approach to IPv6 integration, in which nodes have both IPv4 and IPv6 stacks, will be one of the most commonly used integration methods. A dual-stack node chooses which stack to use based on the destination address of the packet. A dual-stack node should prefer IPv6 when it is available. Old IPv4-only applications continue to work as before. New and modified applications take advantage of both IP layers.
A new application programming interface (API) has been defined to support IPv4 and IPv6 addresses and DNS requests. An API facilitates the exchange of messages or data between two or more different software applications. The API is built into software applications to translate IPv4 into IPv6, and vice versa using the IP conversion mechanism. New applications can use both IPv4 and IPv6.
Using IPv6 on a Cisco IOS router requires that you use the global configuration command ipv6 unicast-routing. This command enables the forwarding of IPv6 datagrams.
You must configure all interfaces that forward IPv6 traffic with an IPv6 address using the ipv6 addressIPv6-address [/prefix length] interface command
IPv6 Tunneling
Tunneling is an integration method where an IPv6 packet is encapsulated within another protocol, such as IPv4. This method enables the connection of IPv6 islands without needing to convert the intermediary networks to IPv6. When IPv4 is used to encapsulate the IPv6 packet, a protocol type of 41 is specified in the IPv4 header, and the packet includes a 20-byte IPv4 header with no options and an IPv6 header and payload. It also requires dual-stack routers.
Tunneling presents these two issues. The maximum transmission unit (MTU) is effectively decreased by 20 octets if the IPv4 header does not contain any optional fields. In addition, a tunneled network is often difficult to troubleshoot.
Tunneling is an intermediate integration and transition technique and should not be considered as a final solution. A native IPv6 architecture should be the ultimate goal.
Manually Configured IPv6 Tunnel
A manually configured tunnel is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. The primary use is for stable connections that require regular secure communication between two edge routers or between an end system and an edge router, or for connection to remote IPv6 networks. The end routers must be dual stacked, and the configuration cannot change dynamically as network and routing needs change.
Administrators manually configure a static IPv6 address on a tunnel interface, and assign manually configured static IPv4 addresses to the tunnel source and the tunnel destination. The host or router at each end of a configured tunnel must support both the IPv4 and IPv6 protocol stacks. Manually configured tunnels can be configured between border routers or between a border router and a host.
Routing Configurations with IPv6
Like IPv4 classless interdomain routing (CIDR), IPv6 uses longest prefix match routing. IPv6 uses modified versions of most of the common routing protocols to handle longer IPv6 addresses and different header structures.
IPv6 Control Plane
Enabling IPv6 on a router starts its control plane operating processes specifically for IPv6. Protocol characteristics shape the performance of these processes and the amount of resources necessary to operate them:
- IPv6 address size - Address size affects the information-processing functions of a router. Systems using a 64-bit CPU, bus, or memory structure can pass both the IPv4 source and destination address in a single processing cycle. For IPv6, the source and destination addresses require two cycles each-four cycles to process source and destination address information. As a result, routers relying exclusively on software processing are likely to perform slower than when in an IPv4 environment.
- Multiple IPv6 node addresses - Because IPv6 nodes can use several IPv6 unicast addresses, memory consumption of the Neighbor Discovery cache may be affected.
- IPv6 routing protocols - IPv6 routing protocols are similar to their IPv4 counterparts, but since an IPv6 prefix is four times larger than an IPv4 prefix, routing updates have to carry more information.
- Routing table Size -Increased IPv6 address space leads to larger networks and a much larger Internet. This implies larger routing tables and higher memory requirements to support them.
IPv6 Data Plane
The data plane forwards IP packets based on the decisions made by the control plane. The forwarding engine parses the relevant IP packet information and does a lookup to match the parsed information against the forwarding policies defined by the control plane. IPv6 affects the performance of parsing and lookup functions:
- Parsing IPv6 extension headers - Applications, including mobile IPv6, often use IPv6 address information in extension headers, thus increasing their size. These additional fields require additional processing
- IPv6 address lookup - IPv6 performs a lookup on packets entering the router to find the correct output interface. In IPv4, the forwarding decision process parses a 32-bit destination address. In IPv6, the forwarding decision could conceivably require parsing a 128-bit address.
RIPNg Routing Protocol
IPv6 routes use the same protocols and techniques as IPv4. Although the addresses are longer, the protocols used in routing IPv6 are simply logical extensions of the protocols used in IPv4.
RFC 2080 defines Routing Information Protocol next generation (RIPng) as a simple routing protocol based on RIP. RIPng is no more or less powerful than RIP, however, it provides a simple way to bring up an IPv6 network without having to build a new routing protocol.
RIPng is a distance vector routing protocol with a limit of 15 hops that uses split horizon and poison reverse updates to prevent routing loops. Its simplicity comes from the fact that it does not require any global knowledge of the network. Only neighboring routers exchange local messages.
RIPng includes the following features:
- Based on IPv4 RIP version 2 (RIPv2) and is similar to RIPv2
- Uses IPv6 for transport
- Includes the IPv6 prefix and next-hop IPv6 address
- Uses the multicast group FF02::9 as the destination address for RIP updates (this is similar to the broadcast function performed by RIP in IPv4)
- Sends updates on UDP port 521
- Is supported by Cisco IOS Release 12.2(2)T and later
Enabling IPv6 on Cisco Routers
There are two basic steps to activate IPv6 on a router. First, you must activate IPv6 traffic-forwarding on the router, and then you must configure each interface that requires IPv6.
By default, IPv6 traffic-forwarding is disabled on a Cisco router. To activate it between interfaces, you must configure the global command ipv6 unicast-routing.
The ipv6 address command can configure a global IPv6 address. The link-local address is automatically configured when an address is assigned to the interface. You must specify the entire 128-bit IPv6 address or specify to use the 64-bit prefix by using the eui-64 option.
IPv6 Address Configuration Example
You can completely specify the IPv6 address or compute the host identifier (rightmost 64 bits) from the EUI-64 identifier of the interface. In the example, the IPv6 address of the interface is configured using the EUI-64 format.
Alternatively, you can completely specify the entire IPv6 address to assign a router interface an address using the ipv6 addressipv6-address/prefix-length command in interface configuration mode.
Configuring an IPv6 address on an interface automatically configures the link-local address for that interface.
Configure RIPng with IPv6
When configuring supported routing protocols in IPv6, you must create the routing process, enable the routing process on interfaces, and customize the routing protocol for your particular network.
Before configuring the router to run IPv6 RIP, globally enable IPv6 using the ipv6 unicast-routing global configuration command, and enable IPv6 on any interfaces on which IPv6 RIP is to be enabled.
To enable RIPng routing on the router, use the ipv6 router rip name global configuration command. The name parameter identifies the RIP process. This process name is used later when configuring RIPng on participating interfaces.
For RIPng, instead of using the network command to identify which interfaces should run RIPng, you use the command ipv6 rip name enable in interface configuration mode to enable RIPng on an interface. The name parameter must match the name parameter in the ipv6 router rip command.
Enabling RIP on an interface dynamically creates a "router rip" process if necessary.
Example: RIPng for IPv6 Configuration
The example shows a network of two routers. Router R1 is connected to the default network. On both router R2 and router R1, the name RT0 identifies the RIPng process. RIPng is enabled on the first Ethernet interface of router R1 using the ipv6 rip RT0 enable command. Router R2 shows that RIPng is enabled on both Ethernet interfaces using the ipv6 rip RT0 enable command.
This configuration allows Ethernet 1 on router R2 and the Ethernet 0 interfaces of both routers to exchange RIPng routing information.
Verifying and Troubleshooting RIPng for IPv6
Nessun commento:
Posta un commento