Network Address Translation

Private IP Addresses: RFC 1918

The following table lists the address ranges as specified in RFC 1918 that can be used by anyone as internal private addresses. These will be your “inside-the-LAN” addresses that will have to be translated into public addresses that can be routed across the Internet. Any network is allowed to use these addresses; however, these addresses are not allowed to be routed onto the public Internet.


Configuring Dynamic NAT: One Private to One Public Address Translation



Configuring PAT: Many Private to One Public Address Translation

All private addresses use a single public IP address and numerous port numbers for translation.




NOTE: You can have an IP NAT pool of more than one address, if needed. The syntax for this is as follows:

Corp(config)#ip nat pool scott 64.64.64.70 74.64.64.128 netmask 255.255.255.128


You would then have a pool of 63 addresses (and all of their ports) available for translation.


Configuring Static NAT: One Private to One Permanent Public Address Translation


CAUTION: Make sure that you have in your router configurations a way for packets to travel back to your NAT router. Include a static route on the ISP router advertising your NAT pool and how to travel back to your internal network. Without this in place, a packet can leave your network with a public address, but it will not be able to return if your ISP router does not know where the pool of public addresses exists in the network. You should be advertising the pool of public addresses, not your private addresses.


Verifying NAT and PAT Configurations


Troubleshooting NAT and PAT Configurations

Configuration Example: Single Area OSPF

Austin Router


Houston Router


Galveston Router

Single Area OSPF

OSPF: Mandatory Commands




Using Wildcard Masks with OSPF Areas

When compared to an IP address, a wildcard mask identifies which addresses get matched for placement into an area:

• A 0 (zero) in a wildcard mask means to check the corresponding bit in the address for an exact match.

• A 1 (one) in a wildcard mask means to ignore the corresponding bit in the address—can be either 1 or 0.

TIP: An octet of all 0s means that the octet has to match exactly to the address. An octet of all 1s means that the octet can be ignored.




Configuring OSPF: Optional Commands

The following commands, although not mandatory, enable you to have a more controlled and efficient deployment of OSPF in your network.


Loopback Interfaces


Router ID


DR/BDR Elections


Modifying Cost Metrics


Authentication: Simple


Authentication: Using MD5 Encryption


Timers


Propagating a Default Route



Verifying OSPF Configuration


Troubleshooting OSPF

Configuration Example: EIGRP

Austin Router




Houston Router

EIGRP

Configuring Enhanced Interior Gateway Routing Protocol (EIGRP)



NOTE: tos is a reference to the original Interior Gateway Routing Protocol (IGRP) intention to have IGRP perform type-of-service routing. Because this was never adopted into practice, the tos field in this command is always set to zero (0).

NOTE: With default settings in place, the metric of EIGRP is reduced to the slowest bandwidth plus the sum of all the delays of the exit interfaces from the local router to the destination network.

TIP: For two routers to form a neighbor relationship in EIGRP, the k values must match.

CAUTION: Unless you are very familiar with what is occurring in your network, it is recommended that you do not change the k values.


EIGRP Auto-Summarization



CAUTION: EIGRP automatically summarizes networks at the classful boundary. A poorly designed network with discontiguous subnets could have problems with connectivity if the summarization feature is left on. For instance, you could have two routers advertise the same network—172.16.0.0/16—when in fact they wanted to advertise two different networks—172.16.10.0/24 and 172.16.20.0/24.

Recommended practice is that you turn off automatic summarization if necessary, use the ip summary-address command, and summarize manually what you need to.


Load Balancing: variance


NOTE: If a path is not a feasible successor, it is not used in load balancing.

NOTE: EIGRP supports up to six unequal-cost paths.


Bandwidth Use


NOTE: By default, EIGRP is set to use only up to 50 percent of the bandwidth of an interface to exchange routing information. Values greater than 100 percent can be configured. This configuration option might prove useful if the bandwidth is set artificially low for other reasons, such as manipulation of the routing metric or to accommodate an oversubscribed multipoint Frame Relay configuration.

NOTE: The ip bandwidth-percent command relies on the value set by the bandwidth command.


Authentication



NOTE: For the start time and the end time to have relevance, ensure that the router knows the correct time. Recommended practice dictates that you run Network Time Protocol (NTP) or some other time-synchronization method if you intend to set lifetimes on keys.


Verifying EIGRP


Troubleshooting EIGRP

RIP

The ip classless Command


NOTE: A supernet route is a route that covers a range of subnets with a single entry.

NOTE: The ip classless command is enabled by default in Cisco IOS Software Release 11.3 and later.


RIP Routing: Mandatory Commands


NOTE: You need to advertise only the classful network number, not a subnet:

Router(config-router)#network 172.16.0.0
not
Router(config-router)#network 172.16.10.0

If you advertise a subnet, you will not receive an error message, because the router will automatically convert the subnet to the classful network address.


RIP Routing: Optional Commands



Troubleshooting RIP Issues



Configuration Example: RIPv2 Routing


Cancun Router



Acapulco Router


Mazatlan Router