1
00:00:09,440 --> 00:00:13,520
In this lab, you need to configure network address, translation or net.

2
00:00:21,170 --> 00:00:21,440
Okay.

3
00:00:21,440 --> 00:00:28,880
So in this lab we've been told to configure the router with dhcp on the internet facing interface.

4
00:00:29,330 --> 00:00:34,070
So on the router I can see that it's just booted up.

5
00:00:37,540 --> 00:00:45,550
So enable first thing I'll do is configure the router with a hostname of let's say write a one per the

6
00:00:45,550 --> 00:00:57,130
diagram interface gigabit 001 IP address and we're going to use DHCP on that interface and I'll know

7
00:00:57,150 --> 00:00:58,480
shut the interface.

8
00:00:59,830 --> 00:01:02,590
So show IP interface brief.

9
00:01:04,230 --> 00:01:06,750
We can see that the interfaces up up.

10
00:01:06,900 --> 00:01:09,240
But no address has been assigned yet.

11
00:01:09,750 --> 00:01:16,890
Notice this link is showing orange, so we may have to wait a while for spending tree to converge.

12
00:01:16,890 --> 00:01:17,640
And there we go.

13
00:01:17,640 --> 00:01:18,690
It's gone green.

14
00:01:19,080 --> 00:01:27,270
In this lab, this DHCP server is allocating addresses to the router, so it may take a while to receive

15
00:01:27,270 --> 00:01:28,350
an IP address.

16
00:01:28,680 --> 00:01:39,150
So while we waiting, I'll configure the inside interface with an IP address of ten 11254 slash 24 and

17
00:01:39,150 --> 00:01:41,160
no, shut the interface.

18
00:01:42,330 --> 00:01:46,710
As you can see here, spanning trees, also converging on the side.

19
00:01:47,070 --> 00:01:54,450
And while that was happening, we've now been allocated an IP address on the gigabyte 001 interface.

20
00:01:57,200 --> 00:01:59,720
So show IP interface brief.

21
00:02:00,110 --> 00:02:03,980
We've got an IP address on the routers internet facing interface.

22
00:02:04,400 --> 00:02:06,620
It was allocated via DHCP.

23
00:02:06,920 --> 00:02:11,930
We've also got an IP address configured on the inside interface.

24
00:02:12,440 --> 00:02:17,000
Can the router ping the DNS server?

25
00:02:18,210 --> 00:02:19,290
Yes, it can.

26
00:02:19,320 --> 00:02:20,400
Can it ping?

27
00:02:20,400 --> 00:02:21,690
Swisscom.

28
00:02:23,250 --> 00:02:25,430
Now I've found with packet trace.

29
00:02:25,470 --> 00:02:31,770
You may have to wait a bit when you do your initial pings, so just be patient and see what it does.

30
00:02:32,220 --> 00:02:35,010
But in this example, I can ping Cisco dot com.

31
00:02:35,370 --> 00:02:37,770
Can I ping facebook.com?

32
00:02:38,630 --> 00:02:41,180
So ping facebook.com.

33
00:02:42,700 --> 00:02:43,900
Yes, I can.

34
00:02:44,020 --> 00:02:44,990
So that's good.

35
00:02:45,010 --> 00:02:52,870
Internet site is working and now we need to configure DHCP on the internal network.

36
00:02:55,190 --> 00:03:08,900
So conf t ip dhcp pool and I'll just call this net network is going to be ten 110 slash 24 mask per

37
00:03:09,320 --> 00:03:15,860
this information default router is going to be ten 11254.

38
00:03:16,730 --> 00:03:21,140
DNS server is going to be Google.

39
00:03:21,560 --> 00:03:22,760
So there we go.

40
00:03:23,240 --> 00:03:24,320
Show run.

41
00:03:24,530 --> 00:03:30,500
That's our DHCP configuration show IP, DHCP pool.

42
00:03:30,950 --> 00:03:32,720
There's the pull information.

43
00:03:33,050 --> 00:03:35,690
We've got IP addresses in this range.

44
00:03:36,530 --> 00:03:39,860
Now the router is using this IP address.

45
00:03:41,260 --> 00:03:47,230
So you don't have to do this for this lab, but in the real world, you're going to want to create an

46
00:03:47,230 --> 00:03:48,520
exclusion range.

47
00:03:48,760 --> 00:03:53,410
So let's exclude IP addresses, say, in this range.

48
00:03:54,710 --> 00:03:58,130
Now remember again, these are challenge labs.

49
00:03:58,460 --> 00:04:01,820
Hopefully you've learned something by watching this video.

50
00:04:01,850 --> 00:04:06,000
If you didn't configure an exclusion range, be careful.

51
00:04:06,020 --> 00:04:10,190
In the real world, you probably want to do that in the exam.

52
00:04:10,430 --> 00:04:13,610
They'll be more specific about what you need to do.

53
00:04:14,480 --> 00:04:19,820
We don't want the Rada allocating its own IP address via DHCP.

54
00:04:19,850 --> 00:04:22,130
That does sometimes happen.

55
00:04:22,820 --> 00:04:25,760
So again, show IP DHCP pool.

56
00:04:27,260 --> 00:04:34,940
The pull range is this, but we've got an exclusion range, so we've excluded the Router's IP address

57
00:04:35,540 --> 00:04:38,060
show IP DHCP binding.

58
00:04:38,360 --> 00:04:42,080
At the moment, no clients have got IP addresses.

59
00:04:42,260 --> 00:04:48,200
So let's go onto one of the clients, go to the desktop, go to command, prompt.

60
00:04:50,410 --> 00:04:51,700
And use the command.

61
00:04:51,730 --> 00:04:52,870
IP config.

62
00:04:52,990 --> 00:04:54,970
No IP addresses allocated.

63
00:04:55,300 --> 00:05:03,740
So let's do a new to force the PC to send out a DHCP request and ask for an IP address.

64
00:05:03,760 --> 00:05:05,410
So there's the IP address.

65
00:05:05,770 --> 00:05:08,190
So can we ping the router?

66
00:05:10,160 --> 00:05:11,330
Yes, we can.

67
00:05:11,930 --> 00:05:14,090
Can we ping the DNS server?

68
00:05:15,980 --> 00:05:17,690
And the answer is no.

69
00:05:17,720 --> 00:05:23,420
And that's because we need to configure network address translation on the router.

70
00:05:24,470 --> 00:05:34,490
So on the router interface gigabit 001 IP, Nat, and this is going to be the outside interface interface

71
00:05:34,490 --> 00:05:36,350
gigabit 000.

72
00:05:36,380 --> 00:05:39,530
This is going to be the inside interface.

73
00:05:40,220 --> 00:05:41,450
So we've configured.

74
00:05:42,430 --> 00:05:44,740
Outside and inside interfaces.

75
00:05:45,520 --> 00:05:54,230
Now we need to use the command IP net and we are netting inside devices based on a source list.

76
00:05:54,250 --> 00:05:55,990
In other words, an access list.

77
00:05:56,630 --> 00:06:01,460
In this example, to keep things simple, I'm going to use access list one.

78
00:06:02,060 --> 00:06:05,750
You could have used a different access list if you wanted to.

79
00:06:06,830 --> 00:06:11,480
Interface is going to be gigabit 001.

80
00:06:11,630 --> 00:06:15,140
And don't forget to add the word overload.

81
00:06:15,320 --> 00:06:19,250
You must overload the interface to enable Pat.

82
00:06:19,940 --> 00:06:26,390
And then the last step is to create an access list where you decide which traffic to permit.

83
00:06:26,810 --> 00:06:30,380
In this example, I'm going to permit any in the real world.

84
00:06:30,380 --> 00:06:32,300
You probably want to limit that.

85
00:06:32,390 --> 00:06:35,630
So don't just permit anything to be netted.

86
00:06:37,660 --> 00:06:40,960
So on the PC now, can we ping the DNS server?

87
00:06:41,050 --> 00:06:42,310
Yes, we can.

88
00:06:45,190 --> 00:06:48,340
So back on the broader show, IP DHCP binding.

89
00:06:49,280 --> 00:06:53,130
This client has been allocated an IP address.

90
00:06:53,150 --> 00:06:55,400
Show IP net translation.

91
00:06:55,820 --> 00:07:00,680
Notice we can see that this client has been netted.

92
00:07:01,550 --> 00:07:08,150
To this IP address, which is the IP address on.

93
00:07:09,520 --> 00:07:11,140
The outside interface.

94
00:07:11,290 --> 00:07:12,970
In other words, the router.

95
00:07:13,890 --> 00:07:25,290
On this interface has been allocated to this IP address via DHCP and the PCs are being netted to that

96
00:07:25,290 --> 00:07:26,240
IP address.

97
00:07:26,250 --> 00:07:32,160
So this PC has been netted to the Router's IP address.

98
00:07:33,580 --> 00:07:37,870
So close the desktop down and open up a web browser.

99
00:07:40,500 --> 00:07:43,860
Can the PC get to Cisco dot com?

100
00:07:44,280 --> 00:07:45,450
Yes, it can.

101
00:07:45,660 --> 00:07:51,450
So Cisco dot com is reachable from the first PC.

102
00:07:51,840 --> 00:07:54,690
What about Facebook dot com?

103
00:07:55,620 --> 00:07:57,330
Facebook is also reachable.

104
00:07:58,230 --> 00:07:59,910
So I'm happy with that.

105
00:07:59,940 --> 00:08:03,210
This PC can access both Cisco and Facebook.

106
00:08:03,390 --> 00:08:05,790
What about the second PC?

107
00:08:06,180 --> 00:08:12,120
So command prompt IP config and no IP address has been allocated.

108
00:08:12,760 --> 00:08:18,130
So what I'm going to do is force the PC to get an IP address through DHCP.

109
00:08:19,160 --> 00:08:21,770
It's now been allocated this IP address.

110
00:08:21,800 --> 00:08:25,460
Can it ping the DNS server?

111
00:08:25,490 --> 00:08:26,570
Yes, it can.

112
00:08:26,600 --> 00:08:28,880
Can it ping Cisco dot com?

113
00:08:28,940 --> 00:08:30,170
Yes, it can.

114
00:08:31,300 --> 00:08:34,419
Can it ping Facebook.com?

115
00:08:34,450 --> 00:08:35,679
Yes, it can.

116
00:08:37,190 --> 00:08:38,960
So I'll go to the web browser.

117
00:08:42,070 --> 00:08:50,680
This PC can access Cisco dot com and it can access Facebook.com.

118
00:08:52,600 --> 00:08:54,580
Let's configure the lost PC.

119
00:08:55,000 --> 00:09:01,750
So desktop command prompt IP config need to get an IP address via DHCP.

120
00:09:02,470 --> 00:09:06,280
So force the PC to request an IP address.

121
00:09:06,310 --> 00:09:07,390
There you go.

122
00:09:10,770 --> 00:09:14,220
So can it ping Cisco dot com?

123
00:09:14,250 --> 00:09:15,050
Yes, it can.

124
00:09:15,060 --> 00:09:18,030
Can it ping facebook.com?

125
00:09:18,060 --> 00:09:19,110
Yes, it can.

126
00:09:20,540 --> 00:09:23,450
And as a last test, I'll open up a web browser.

127
00:09:26,530 --> 00:09:27,850
Facebook.com.

128
00:09:29,620 --> 00:09:30,760
Cisco dot com.

129
00:09:32,130 --> 00:09:33,240
I'm happy with that.

130
00:09:33,270 --> 00:09:39,840
The PCs in the internal network have been allocated IP addresses of via DHCP.

131
00:09:40,260 --> 00:09:48,390
The router has been allocated an IP address of DHCP and the internal PCs can access the internet because

132
00:09:48,480 --> 00:09:53,850
the router is netting the IP addresses.

133
00:09:54,600 --> 00:09:56,790
So show IP net translation.

134
00:09:57,270 --> 00:10:00,660
Here are a whole bunch of net translations.

135
00:10:01,050 --> 00:10:03,270
Notice we've got PCs.

136
00:10:04,360 --> 00:10:09,250
Sending DNS requests to the DNS server support.

137
00:10:09,250 --> 00:10:15,610
53 is DNS and 8.82.8.8 is the DNS server.

138
00:10:16,670 --> 00:10:18,090
We can see a PC.

139
00:10:18,110 --> 00:10:20,180
This is the second PC.

140
00:10:20,210 --> 00:10:26,270
PC one accessing swisscom using HTTP.

141
00:10:26,870 --> 00:10:36,290
So the internal hosts are using random or what are called ephemeral ports, greater than 1023 to access

142
00:10:36,830 --> 00:10:38,330
servers on the internet.

143
00:10:38,630 --> 00:10:55,190
Notice how the inside a local address has a different port number to the inside global address because

144
00:10:55,190 --> 00:10:56,600
we're using pat.

145
00:10:56,630 --> 00:10:58,940
The router needs to differentiate.

146
00:10:59,580 --> 00:11:04,380
Between different translations here they the same.

147
00:11:04,530 --> 00:11:07,680
But notice here we have differences.

148
00:11:08,550 --> 00:11:15,420
The Rada needs to be able to differentiate between different sessions going to the same server.

149
00:11:16,230 --> 00:11:24,680
So here the first host and the second host chose the same ephemeral or random port number.

150
00:11:24,690 --> 00:11:31,560
But the rudder has changed those values to allow it to differentiate between the sessions.

151
00:11:32,280 --> 00:11:38,700
So if traffic comes back to the router going to this destination IP address and port number, the router

152
00:11:38,700 --> 00:11:45,450
knows that it needs to send the traffic to PC one, this PC with this IP address.

153
00:11:45,990 --> 00:11:53,220
But if the traffic comes back from Cisco going to this IP address and port number, so same IP address

154
00:11:53,310 --> 00:11:54,960
but a different port number.

155
00:11:55,110 --> 00:12:01,140
The router knows that it needs to send the traffic to the first PC PC zero.

156
00:12:01,740 --> 00:12:10,950
So that's a nice example of port address translation or Pat creating a unique inside global entries

157
00:12:10,950 --> 00:12:16,680
to allow it to differentiate between different inside local IP addresses.

158
00:12:18,130 --> 00:12:25,600
That is a typical example of what you'll see with a network address translation, but specifically port

159
00:12:25,600 --> 00:12:33,730
address translation where one IP address is being shared between multiple devices on the inside network.

160
00:12:35,190 --> 00:12:38,880
As a last step, I'll save the configuration of the router.

161
00:12:39,240 --> 00:12:40,440
So how did you do?

162
00:12:40,470 --> 00:12:42,600
Were you able to complete the lab?

163
00:12:42,960 --> 00:12:44,430
Did you get it working?

164
00:12:44,790 --> 00:12:48,390
And did you verify that things work properly?

165
00:12:49,080 --> 00:12:51,420
It's important to verify your work.

166
00:12:52,140 --> 00:12:54,480
I want to wish you all the very best.