CCNA Enterprise 200 301 Modul4

Module 4: IP Services
• Lesson 1: Configure and verify inside source • Lesson 6: Configure and verify DHCP client
NAT using static and pools and relay
• Lesson 2: Configure and verify NTP operating • Lesson 7: Explain the forwarding per-hop
in a client and server mode behavior (PHB) for QoS such as classification,
marking, queuing, congestion, policing,
shaping
• Lesson 3: Explain the role of DHCP and DNS
within the network
• Lesson 8: Configure network devices for
remote access using SSH
• Lesson 4: Explain the function of SNMP in
network operations
• Lesson 9: Describe the capabilities and
function of TFTP/FTP in the network
• Lesson 5: Describe the use of syslog features
including facilities and levels
Lesson 1: Configure and verify inside source NAT using static and
pools
• Configure and verify inside

source NAT using static and
pools
Lesson 1: Configure and verify inside source NAT using static
and pools
• Network Address Translation (NAT)
• Map multiple local private
addresses to a public one before
transferring the information.
• May need to make the best use of
the small amount of public IPs
assigned to you by the ISP
• Secure way to communicate
outside the private network
• Port Address Translation (PAT)
• Type of NAT
• Many IPs can be mapped to one
using ports
Lesson 1: Configure and verify inside source NAT using static
and pools
• Public vs private IP addressing
• TCP/IP RFC 1918 defines a set of private
networks that can be used for
internetworks that do not connect to the
Internet.
• This set of private networks will never be Public IP Networks
assigned by ICANN (Internet Corporation
for Assigned Names and Number) to any
organization for use as registered public
network numbers.
• Any org can use these network numbers.
However, no org is allowed to advertise
these networks using a routing protocol
on the Internet.
pools
Address Translation Types
Term Definition
Inside Addresses located inside the network
Outside Addresses located outside the network
Local IP address physically assigned to a device
Global Public IP address physically or logically assigned to a device
Inside local IP address Inside device with an assigned private IP address
Inside global IP address Inside device with a registered public IP address
Outside global IP address Outside device with a registered public IP address
Outside local IP address Outside device with an assigned private IP address
pools
Address Translation Types
Translation Type Definition
Simple One IP address is translated to another IP address
Extended One IP address and one port number are mapped to a different IP
address and possibly a port number
Static A manual address translation is performed between two addresses and
possibly port numbers
Dynamic An address translation device automatically performs address
translation between two addresses and possibly port numbers
Network Address Translation (NAT) Only IP addresses are translated
Port Address Translation (PAT) Many inside IP addresses are translated to a single IP address where
each inside address is given a different port number
pools
Static NAT
• Uses one-to-one mapping of local and
global IP addresses
• Useful for when a device such as a web
server need to have a consistent address
that is accessible from the Internet
• Commonly used to translate IP addresses
as they come into the network
Dynamic NAT
• Uses a pool of public addresses
• Assigns them when a private device
makes a request for public access to the
Internet
• Define two sets of addresses, one set for
the inside addresses and one set for the
outside addresses
pools
Port Address Translation (PAT)
• Also known as NAT overload
• Maps multiple IP addresses to one using ports to
differentiate the addresses mapping
• Will see the following items with PAT:
• Inside local IP address (original source private IP)
• Inside local port number (original source port number
• Inside global IP address (translated public source IP)
• Inside global port number (new source port number)
• Outside global IP address (destination public address)
• Outside global port number (destination port number)
pools
Port Address Redirection (PAR)
• Also known as static PAT
• Used when your ISP give you a single public IP which
you use to allow users to access the Internet. But at
the same time, you need the outside world to access
your internal web server (for example).
• Set a PAR so if a request comes in with the specific IP
and port number (80, for example) the traffic will be
routed to the web server
pools
NAT Advantages and Disadvantages
NAT Advantages NAT Disadvantages
Conservers registered IPv4 space by sharing single public IP Degraded performance – Address translation takes time
Provides flexibility when connecting to the public network. Degraded end to end functionality – occurs when
applications require packets to not be modified
Permits existing IP scheme to stay in place when Degraded traceability – More difficult to trace a packet
implementing a new public IP addressing scheme when its IP address gets changed
Provides network security because private network are not Tunneling (IPSec) becomes more complicated as NAT
advertised publicly modifies values in headers that interfere with integrity
checks
pools
NAT Configuration
• Static NAT
• IP nat inside source static – defines the
translation
• Inside – inside source local IP address
are translated to an inside global IP
address when LEAVING the network
• Outside – changes the outside
DESTINATION global IP address to an
outside local address
pools
NAT Configuration
• Dynamic NAT
• IP nat inside source list – requires an ACL
which has list of inside source addresses.
These are the addresses that will be
translated
• IP nat pool – creates the pool of inside
global IP addresses
pools
NAT Configuration
• PAT
• Same process as dynamic NAT, but
adding the word overload
• IP nat inside source list – use the word
overload which is what enables PAT
• IP nat pool – creates the pool of inside
global IP addresses
pools
NAT Verification
• Show ip nat translations
• Show ip nat statistics
• Clear ip nat translation
• Clears table entries
• Debug ip nat
shaping
within the network
network operations
Lesson 2: Configure and verify NTP operating in a client and server
mode
• Configure and verify NTP

operating in a client and
server mode
mode
NTP – Network Time Protocol
• Used to synchronize the clocks on computer networks to
within a few milliseconds of universal coordinated time
(UTC).
• Enables devices to request and receive UTC from a server
that, in turn, receives precise time from an atomic clock.
• An atomic clock is a clock whose timekeeping mechanism
is based on the interaction of electromagnetic radiation
with the excited states of certain atoms.
• Stratum
• Hierarchy of time servers
• Describes how many NTP hops away a machine is from an
authoritative time source. A stratum 1 time server typically has
an authoritative time source (atomic clock) directly attached, a
stratum 2 time server receives its time via NTP from a stratum
1 time server, and so on.
• Level 0 = atomic clock
• Maximum level is 15
• Clients
• Synchronize time from NTP servers
• Servers
• Will be at a certain stratum and provide clients with time
• Synchronize their time from next stratum level server
mode
Reasons NTP is important:
• Accurate clock synchronization is needed for
events in syslog data to have correct
timestamps
• Clock synchronization is needed for digital
signatures
Ways to set the time on a router:
• Manually configure date and time with clock
set command
• Use NTP
• NTP uses UDP port 123
• Can use broadcast, multicast, or unicast
for messaging
mode
NTP – Network Time Protocol
Column Description Column Description

address IP address of NTP peers reach Peers reachability in octal
ref clock IP address where peers are getting their time delay Round trip delay in milliseconds to the peer
st Stratum level of the peer offset Relative time of the peers clock to the local routers clock in
milliseconds
when Time since the last NTP message was received
disp Dispersion show maximum clock difference ever reported
poll Polling interval the router uses to contact a peer
between server and local clock (in seconds)
mode
NTP Configuration
• Goal is to have an updated time on the
client and that it is received from the NTP
server
• Ntp server followed by IP address is what
sets the server
• Ntp authenticate command is used to
setup authentication
NTP Verification
• Show ntp status
• Show ntp associations
shaping
within the network
network operations
Lesson 3: Explain the role of DHCP and DNS within the network
• Explain the role of DHCP and

DNS within the network
DHCP – Dynamic Host Configuration Protocol
• Automated means of managing host IP addresses
• Don’t have to manually configure every host!
• Created as an extension of BOOTP so the host can

be provided with many configuration information
items
• Clients send messages to server via port 67 on UDP
• Servers send clients messages via port 68 on UDP
• Can run from windows server, dedicated appliance

(IPAM), network router, etc
• No DHCP server? APIPA (Automatic Private IP Addressing

-169.254.x.x)
• Dynamic assignment
• Most widely used - leases the address to the client for a
certain amount of time, until the client wants to
abandon the lease (PC shuts down) or the lease time
expires and is not renewed by client.
• Static assignment
• Admin manually enters addresses into the DHCP server
for computers or other hosts
• Scope
• The pool of IP addresses that can be given out
• Specify start address, end address and subnet mask
• Scope options
• Default Gateway
• Domain name and DNS servers
• Exclusion ranges
• IP addresses which will not be given out in a scope
• Can specify either a specific address or a range
• Reservation
• Exclude certain addresses from a scope that are configured manually,
such as routers or DNS servers which will have the same IP address all
the time
Ipconfig /release
• Lease time Ipconfig /renew
• Option that can be configured which specifies the amount of time a
client can use an IP address
• Windows default is 8 days
• Once the lease time is up, the client will attempt to renew the lease if it
cannot, it moves to INIT state and starts the DHCP process over
• If it is renewed or a new IP address is received it is in BOUND state
• Available leases
• IP addresses in the pool that are not currently being used
• DHCP relay
• For used when clients are on different subnets from the DHCP server
• DHCP requests are forwarded by the router and server responses are
returned to the client
• IP helper/UDP forwarding
• Configuration on a Cisco router which points to the DHCP server
• Ip helper-address x.x.x.x
• Forwards the UDP broadcast traffic as a unicast toward the DHCP server
DHCP – Configuration
• Service dhcp
• Enables DHCP on the router
• Ip dhcp pool
• Creates the name for the DHCP server address pool
• network
• Specifies the subnet network number and mask of the DHCP address pool.
• Domain-name
• Specifies the domain name to be assigned to the client
• Dns-server
• IP address of DNS server that is available to the DHCP client (multiple can be
specified)
• Default-router
• IP address of the default gateway to be assigned to the DHCP client
• Lease
• Duration of the lease. IP addresses are leased to hosts on a temporary basis
• Ip dhcp excluded-address
• Specifies the IP addresses the DHCP server should NOT assign to DHCP clients
• IP helper-address
• Applied to an interface
• Used if the DHCP scope is outside the broadcast domain of the clients
• Show ip dhcp binding
• Shows the IP addresses that have been assigned from the pool
DNS – Domain Name Services

• Computers use addresses when exchanging data with
each other. These are known as MAC addresses (at layer
2) and IP addresses (at layer3).
• For humans, these type of addresses are hard to
remember. It is important to give devices alphanumeric
names so that humans can more easily work with them
• DNS provides the ability for names to be used for devices
• BIND – Berkeley Internet Name Domain
• One of the first implementations of DNS
• What is DNS…
• Distributed, hierarchical database with local control and
availability throughout the network
• Nameservers contain info about some segments of
the database and make that info available
• Resolvers are clients that create queries and send
them to nameservers
• Global hierarchy
• The topmost entry in the DNS hierarchy is
called the root domain and is represented
by the period (.)
• Root DNS servers
• authoritative name servers that serve the Organizational Top Level Domains include:
DNS root zone
Domain Description
• Underneath the root are top level com Commercial organizations
domains edu Educational institutions
• Geographical gov U.S. government entities
• .au for Australia, .uk for United Kingdom
mil U.S. military entities
• Organizational
int International organizations
org Nonprofit organizations
arpa Inverse address lookups
• Fully Qualified Domain Names (FQDNs)

• At each level a fully qualified domain name is
created by concatenating the local name with
the names of the domains above it in the
hierarchy
• Zone transfers
• Zone – partition of the domain into
subdomains
• One DNS server might be authority for
en.Wikipedia.org and another might be
authority for sco.Wikipedia.org
• A zone transfer occurs when a secondary DNS
server contacts a server that I primary for that
zone and finds it needs to obtain changes to
the database.
DNS
Configuration
• Ip•domain
Actually lookup
enabled by default, but sometimes
can be disabled
• Enables the cisco device to perform DNS
lookups
• Ip name server
• Specifies the DNS server where the lookup will
be performed.
• Show hosts
• Verifies that the device is configured to
perform domain lookups
shaping
within the network
network operations
Lesson 4: Explain the function of SNMP in network operations
• Explain the function of SNMP

in network operations
• SNMP
• Simple Management Network Protocol
• Collection of metrics – counters
• Agent – runs on device that SNMP needs to gather metrics
on
• OID – Object identifier – specific set of counters
• NMS – Network management solution
• Collector of statistics from network devices
• Show views of device metrics ‘single pane of glass’
• Alert on instances where thresholds are exceeded (configurable)
• Commands
• SNMP get – request from SNMP polling device to get OID info
• SNMP trap – sent by device when a configured threshold is crossed
• Community Name
• Authentication method for NMS to communicate with a device
• Default community name is ‘public’
• Versions
• SNMPv1 – original and not used anymore
• SNMPv2 – minor updates – see it in use today
• SNMPv3 – adds encryption and updates authentication method
• OIDs and MIB
• OID – objects on a device that can be queried or configured
• MIB – management information base - database of OIDs
SNMP Configuration
• The following are SNMPv2 commands. All strings
are sent in clear text
• Snmp-server location city state building etc
• Snmp-server contact team, name, phone number etc
• snmp-server community string ro
• Read only access.
• Snmp-server community string rw
• Read write access
• Snmp-server host NMS IP traps string
• Snmp-server enable traps
• These two commands enable the sending of
SNMP traps to the SNMP management station
• SNMPv3 commands are more complicated and

provide the ability to use authentication
shaping
within the network
network operations
Lesson 5: Describe the use of syslog features including facilities and
levels
• Describe the use of syslog

features including facilities
and levels
levels
Logging
• Keeps track of events and incidents that
happen on network devices
• Critical component for management,
security, and troubleshooting
• Logging support more types of messages
than SNMP traps
• Messages are sent to network devices
console port by default
• Can also be sent to terminal lines, internal
memory, SNMP traps, syslog server (most
common)
levels
Syslog Server Advantages
• Ability to centralize logging messages
from all devices
• Frees up network device resources since
the logs don’t need to be stored there
• Able to keep historical record of logging
information
levels
Logging messages
Each message has the following
information:
• Timestamp – date and time of occurrence
• Log message name – name of message
• Security level – severity level of log
message
• Message text – description and
information of the event
levels
Logging severity levels
Level Name Description
0 Emergency Device is unusable
1 Alert Immediate attention (temp too high)
2 Critical Router running out of memory
3 Errors Invalid memory size
4 Warnings Crypto operation failed
5 Notification Normal event – interface changed state
6 Informational Router dropped a packet due to an ACL filter
7 Debug Used when debugging is turned on
levels
Logging Configuration
• Service timestamps - By default the date and time are not
added to the log message. Service timestamps adds it
• Logging host - Specifies the syslog server that logs will be

sent to
• Logging trap - Defines severity level for logs. Whatever level

is specified, it will include that level and higher (Level 4 will
include 1,2,3,4)
• Logging console - Defines logging level for console line

• Logging on - Enables logging (however messages will be sent
to console by default)
• Logging buffered - Defines logging level for messages stored
in RAM
• Logging monitor - Defines logging level for messages sent to

other lines such as VTYs
• Logging facility - Directs logging information to a specific file

on a syslog server
• Logging source-interface - Defines the interface on the

router that will be used to reach the syslog server
levels
Logging Verification
• Show logging – provides all logging info. If logging to buffer,
log messages will show at bottom of output
• Logging to a syslog server – Access the syslog server to

view the messages
levels
Logging
Verification
• Logging to a
syslog server –
Access the syslog
server to view the
messages
shaping
within the network
network operations
Lesson 6: Configure and verify DHCP client and relay
• Configure and verify DHCP

client and relay
DHCP – Configuration
• Service dhcp
• Enables DHCP on the router
• Ip dhcp pool
• Creates the name for the DHCP server address pool
• network
• Specifies the subnet network number and mask of the DHCP address pool.
• Domain-name
• Specifies the domain name to be assigned to the client
• Dns-server
• IP address of DNS server that is available to the DHCP client (multiple can be
specified)
• Default-router
• IP address of the default gateway to be assigned to the DHCP client
• Lease
• Duration of the lease. IP addresses are leased to hosts on a temporary basis
• Ip dhcp excluded-address
• Specifies the IP addresses the DHCP server should NOT assign to DHCP clients
• IP helper-address
• Applied to an interface
• Used if the DHCP scope is outside the broadcast domain of the clients
• Show ip dhcp binding
• Shows the IP addresses that have been assigned from the pool
DHCP Client Router DHCP Server

• Configure and verify DHCP (Relay
Agent)
client and relay
1. Client sends discover message (broadcast) à à 2. Agent changes the discover message to a unicast message
and forward to the server à
4. Agent send the offer to the client (broadcast) ß 3. Offer is sent back to relay agent (unicast) ß
ß
5. Client send a request message (broadcast) à à 6. Agent forward the request to the server (unicast) à
8. Agent forwards the acknowledgment ß 7. Server responds with an acknowledgement (unicast) ß
(broadcast) ß
shaping
within the network
network operations
Lesson 7: Explain the forwarding per-hop behavior (PHB) for QoS
• Classification
• Marking
• Queuing
• Congestion
• Policing
• Shaping
Quality of Service
• Enables the ability to determine
how much bandwidth to provide to
certain types of network traffic
• Primarily used to prioritize voice
and video traffic
• Decisions are made based on • Trust Boundary – where packets are
classified and marked (almost always at
bandwidth and performance the edge device)
• When a packet is received by a • Trusted domain – part of the
router or a frame received by a network where only administrator
switch, it can be marked for a managed
certain type of service which will devices are found such as routers and
switches
determine the level of priority it is
given • Untrusted domain – part of the network
that is not being actively managed such as
PCs, and printers
Classification and Marking

DSCP Code Description
• Classification – device analyzes the Expedited Used for packets that require low latency
header of the packet to determine what Forwarding (EF) and low packet loss. Voice traffic would use
type of traffic it is (ACLs set for specific EF. VoIP phone mark traffic EF by default
networks)
Assured Forwarding Used to mark queues for a packet and their
• Marking – once the packet has been (AF) drop priority. Format is AFXY where X is the
classified, it gets marked for a Type of queue for the packet (1 to 4) and Y is the
Service drop priority value (1 to 3).
• Type of Service (ToS) field in the packet
marked with a Differentiated Services Class Selector (CS) Applies the packet to a class. Has a value of
Code Point (DSCP) CSX where X has a value (0 to7).
• 8 bits, 3 of which are used for IP Precedence
field in the header
• For a frame, there is a field in the 802.1q

header called Class of Service (CoS)
• 3 bits, called the Priority Code Point (PCP)
• Wireless traffic – considered layer 2 but
uses ToS instead of CoS
Queuing
• Used for when an interface is busy
• Device places message in a queue, and
the forwarding of traffic is based on
priority
• Modern
• Classqueueing mechanisms
Based Weighted Fair Queuing (CBWFQ): provides
fairness and bandwidth guarantees for all traffic, but does
not provide latency guarantee. Used for data traffic.
• Low Latency Queueing (LLQ): Similar to CBWFQ but with
stricter priorities for real time traffic. Provides latency and
and bandwidth guarantees.
Congestion
• Occurs when more traffic comes in one side of a
device and the other side cannot send out at
the
same rate
• Priority and queueing features can be used to
ensure delay sensitive traffic is processes first
Policies
• Can be used to limit the bit rate of a link
• Monitor traffic and compare it to the Committed
Information Rate (CIR)
• You can then drop or re-mark the exceeded traffic
Shaping
• Usually used by ISPs to enforce bandwidth utilized by
customer based on their contract
• Similar to policies, but you buffer exceeded
traffic instead of dropping it
shaping
within the network
network operations
Lesson 8: Configure network devices for remote access using SSH
• Configure network devices for

Remote access to Cisco devices

• Secure Shell (SSH) port 22 TCP
• Enables two computers to
communicate securely
• Used for remote login to devices
on network
• Telnet port23 TCP

• Provides access through terminal
emulation to a system
• Used for remote login to devices
on network
• Clear text (not secure)
Telnet Configuration
• Enable password password
• Must be done before remotely accessing
a Cisco device
• Enable secret password
• line vty 0 15
• Takes you to the vty lines
• Password password
• Specifies the telnet password
• Login
• Specifies the ability to login
• Ability to login from other IOS device, PC
command line, or application such as
Putty
• telnet IP address of device
SSH Configuration
• Hostname and domain name must be specified for the
rsa key to be generated
• Username user password password
• Sets the credentials to permit SSH access
• Crypto key generate rsa
• This is the encryption key to secure the session. Choose
1024 bits.
• Ip ssh version 2
• Not required but sets the version of SSH
• Line vty 0 15
• Moves to the lines
• Login local
• Tells the lines to use local database for the password
• Transport input ssh

• Sets the access protocol
• Ssh –l username host_IP

• Command to allow SSH access to a device
Remote access to Cisco devices
• Terminal emulator
• Provides console access to a
network device
• Can use serial/usb (local), or
SSH/telnet (remote)
• SSH largely preferred method
of connectivity
• Putty is a popular free terminal
emulator
• SecureCRT more feature rich
shaping
within the network
network operations
Lesson 9: Describe the capabilities and function of TFTP/FTP in the
network
• Describe the capabilities and

function of TFTP/FTP in the
network
network
File Transfer Protocol (FTP)
• TCP port 20/21
• Used to transfer files between two
machines
• As a protocol FTP is used by
applications
• FTP can be an application as well
and can be used to transfer files
• In addition to file transfer, FTP
allows for access to directories as
well
• Ability to set username and
password
network
Trivial File Transfer Protocol (TFTP)
• Stripped down form of FTP
• UDP port 69
• Used to transfer files between two
machines
• Must specify the specific file
• No directory browsing capabilities
• No authentication
network
TFTP and FTP applications
• Tftp32
• Also Tftp64
• Filezilla
• FTP
network
TFTP and FTP IOS commands
• TFTP
• Use keyword ‘copy’
• FTP
• Set username
• Set password
• Run a FTP server
• Use keyword
‘copy’
Thank You !!!

CCNA Enterprise 200 301 Modul4

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA Enterprise 200 301 Modul4

Uploaded by

Copyright:

Available Formats

Module 4: IP Services

• Configure and verify inside

• Configure and verify NTP

Column Description Column Description

• Explain the role of DHCP and

• Don’t have to manually configure every host!

• Created as an extension of BOOTP so the host can

• Clients send messages to server via port 67 on UDP

• Servers send clients messages via port 68 on UDP

• Can run from windows server, dedicated appliance

• No DHCP server? APIPA (Automatic Private IP Addressing

DNS – Domain Name Services

DNS – Domain Name Services

DNS – Domain Name Services

• Fully Qualified Domain Names (FQDNs)

• Explain the function of SNMP

• SNMPv3 commands are more complicated and

• Describe the use of syslog

• Logging host - Specifies the syslog server that logs will be

• Logging trap - Defines severity level for logs. Whatever level

• Logging console - Defines logging level for console line

• Logging monitor - Defines logging level for messages sent to

• Logging facility - Directs logging information to a specific file

• Logging source-interface - Defines the interface on the

• Logging to a syslog server – Access the syslog server to

• Configure and verify DHCP

DHCP Client Router DHCP Server

Classification and Marking

• For a frame, there is a field in the 802.1q

• Configure network devices for

Remote access to Cisco devices

• Telnet port23 TCP

• Transport input ssh

• Ssh –l username host_IP

Remote access to Cisco devices

• Describe the capabilities and

You might also like