DHCP
Manual Allocation //tu gan IP bang tay cho thiet bi
Automatic Allocation //Cap IP tu dong cho may nao se mai mai khong thay doi IP – no lease
Dynamic Allocation //Cap dong dia chi IP
DHCP Discover – Broadcast //Di hoi trong mang may chu DHCP
DHCP Offer //Dua thong tin IP ma DHCP quan ly
DHCP Request – Broadcast //Gui ban tin yeu cau cap IP
DHCP ACK/Pack //Gui ban tin chua IP cap cho may tinh tram
Ban tin 2, 3, 4 la broadcast hay unicast phu thuoc vao OS
End-device de IP tinh: Server, Gateway, Printer/Scanner
Thiet bi co kha nang DHCP: Server, Router, Modem, Access Point, Firewall
B1: Tao ra giai IP co kha nang cap
(config)#ip dhcp pool LAN1
(dhcp-config)#network 192.168.1.0 255.255.255.0
(dhcp-config)#default-router 192.168.1.1
(dhcp-config)#dns-server 8.8.8.8 8.8.4.4
(dhcp-config)#domain-name cisco.com
(config)#ip dhcp excluded-address 192.168.1.1
(config)#ip dhcp excluded-address 192.168.1.100 192.168.254
PC>ipconfig /all
PC>ipconfig /release
PC>ipconfig /renew
(config)#interface fa 0/0
(config-if)#ip address dhcp
#show ip dhcp pool
DHCP Relay
(config)#interface fa0/0 //cong noi voi end-device khac mang can cap IP dong
(config-if)#ip helper-address 192.168.1.254 //Dia chi IP cua DHCP Server
_________
(config)#interface fa0/0
(config-if)#ip helper-address 192.168.2.255
(config)#interface fa0/1
(config-if)#ip directed-broadcast
_________
dong mo dich vu cua ip helper-address
(config)#ip forward-protocol udp 37
_________
Xem DHCP Server da cap cho may nao thi danh
#show ip dhcp blinding
IPv6
Anycast address //truyen cho 1 nhom gan nguon nhat
Link local (FE80::/10) //HDH tu sinh ra giong voi 169.254.x.x
Site local (FEC0::/10) //private 10. 172.16. 192.168.
Global = Public
Multicast address (FF00::/8) //giong 224.
IPv6 Global Unicast and Anycast address
Documenting Your Network
1.Network configuration table
2.End-system configuration table
3.Network topology diagram //so do chi tiet he thong mang
– ping //kiem tra routing tang 3
– telnet //kiem tra giao thuc tang 7
– show ip interface brief //kiem tra trang thai tom tat cac cong
– show ip route //xem bang dinh tuyen
– show cdp neighbor detail //thu thap thong tin hang xom
NAT
Khi NAT thi Router luu vao bang NAT Table
PC – R – ISP – Website
192.168.1.10 ———–[ 192.168.1.1 || 11.0.0.1 ]————[ ISP ]——– 100.0.0.100
Inside //dia chi do minh gan & quan ly 192.168.1.10 & 11.0.0.1
Outside //dia chi duoc quan ly va gan boi nguoi khac 100.0.0.100
Global //Chi nhung dia chi hoat dong trong vung dinh tuyen ben ngoai 11.0.0.1 & 100.0.0.100
Local //Dia chi nam trong goi tin co the hoat dong trong vung Inside 192.168.1.10 & 100.0.0.100
Inside local address //la dia chi private tren cac thiet bi duoc NAT 192.168.1.10
Inside global address //La dia chi minh gan co kha nang hoat dong ben ngoai 11.0.0.1
Outside global address //khong thuoc quyen quan ly cua minh, chay ngoai mang va dinh tuyen duoc 100.0.0.100
Outside local address //Dia chi ben ngoai hoat dong trong mang cua minh 100.0.0.100
//Khi show bang thi Outside global va Outside local trung nhau
The Forms of NAT
Static NAT //NAT theo kieu one-to-one, 1 dia chi private ra 1 dia chi public, anh xa nay la co dinh
Dynamic NAT //NAT theo kieu one-to-one, nhung anh xa nay khong co dinh, luc ra 1 dia chi nay luc ra 1 dia chi khac (khi co 1 dai dia chi public)
PAT / NAT Overloading //NAT theo kieu many-to-one, thuong dung pho bien
Static NAT
(config)#ip nat inside source static 192.168.1.10 11.0.0.1
(config)#interface fa0/0
(config-if)#ip nat inside
(config)#interface s0/0/0
(config-if)#ip nat outside
Dynamic NAT
Eg: 12.0.0.0/29 => 12.0.0.1 .. 12.0.0.6
(config)#ip nat pool POOL1 12.0.0.1 12.0.0.6 netmask 255.255.255.248
(config)#ip nat pool POOL1 12.0.0.1 12.0.0.6 prefix 29
(config)#access-list 1 permit 192.168.1.0 0.0.0.255
(config)#ip nat source list 1 pool POOL1
(config)#interface fa0/0
(config-if)#ip nat inside
(config)#interface s0/0/0
(config-if)#ip nat outside
PAT / NAT Overloading
1 public IP
(config)#access-list 1 permit 192.168.1.0 0.0.0.255
(config)#ip nat inside source list 1 interface s0/0/0 overload
(config)#interface fa0/0
(config-if)#ip nat inside
(config)#interface s0/0/0
(config-if)#ip nat outside
More public IP
(config)#access-list 1 permit 192.168.1.0 0.0.0.255
(config)#ip nat pool POOL1 12.0.0.1 12.0.0.6 netmask 255.255.255.248
(config)#ip nat inside source list 1 pool POOL1 overload
(config)#interface fa0/0
(config-if)#ip nat inside
(config)#interface s0/0/0
(config-if)#ip nat outside
Su dung port de phan biet cac may trong mang NAT ra ngoai, neu trung port thi may nao ra sau thi port+1
Static NAT dung voi port forwarding de public service ra ben ngoai
Port Forwarding
(config)#ip nat source static tcp 192.168.1.10 80 11.0.0.1 80
#clear ip nat translation *
#show ip nat translation
#debug ip nat
Chu y: khi DNS ISP tro ve Web server thi phai tro toi ip public + Port Forwarding cho Webserver