Chapter 6 – Troubleshooting Addressing Services Objectives
Contents
1. Chapter 6 Troubleshooting Addressing Services Objectives Describe NAT amp PAT operation amp troubleshooting techniques Describe DHCP operation amp troubleshooting techniques Describe the different methods of IPv6 address assignment Explain the operation of OSPFv3 and RIPng Describe typical IPv6 troubleshooting techniques Chapter 6 Benefits Conserves the legally registered addressing scheme Increases the flexibility of connections to the public network Provides consistency for internal network addressing schemes Provides network security 2 Chapter 6 Configuring Static Inside Network Outside 192168101 209 165 200 253 1 2 Fa 0 0 S0 0 0 Server 192 168 10 254 Inside Local Inside Global Ri config ip nat inside source static 192 168 10 254 209 165 200 254 R1 config int 50 0 0 Ri config if ip nat outside R1 config if int fa0 0 Ri config if ip nat inside Static In this case inside local locally significant and inside global globally significant addresses are mapped one to one This mapping is particularly useful when an inside device must be accessible from the outside network such as the case of web servers in an Internet data center Chapter 6 Configuring Dynamic Inside Network 192 168 10 uu 165 200 253 SE2. BIRMINGHAM City University 192 168 10 11 Ri config nat pool POOLI 209 165 200 226 209 165 200 240 netmask 255 255 255 224 Ri config access list 1 permit 192 168 10 0 0 0 0 255 R1 config ip inside source list 1 pool POOL1 R1 config int 50 0 0 Ri config if ip nat outside R1 config if Aint 0 0 Ri config if ip nat inside Dynamic NAT translates addresses following the same underlying technology as static NAT however local addresses are translated toa group poo of global addresses Creates issues related to the size of that global pool as there is a one to one translation once a global address has been selected Chapter 6 em m NA T Overload Sin le Inside Network Address Mii Outside SS 192 168 10 gt 2 2 22 165 200 253 E Fa vi 3E 50 0 0 Soo 1921681011 Riconfig access list 2 permit 192 168 10 0 0 0 0 255 Ri config ip inside source list Z interface serial 0 0 0 overload R1 config int 50 0 0 Ri config if ip nat outside R1 config if int 0 0 Ri config if ip nat inside With only one public IP address the overload configuration typically assigns that public address to the outside interface that connects to the ISP All inside addresses are translated to the single IP address when leaving the outside interface Chapter 6 co Configuring NAT Overload Multiple We m Inside Netw
3. Multicast is essential to the basic operation of IPv6 particularly some FFO2 D All PIM of its plug and play features such as Routers neighbour discovery and autoconfiguration Chapter 6 Assigning IPv6 Addresses 64 Bits Global Routing Prefix Subnet ID Interface ID BIRMINGHAM City University IPv6 addresses use interface identifiers to identify interfaces a link Interface identifiers are required to be unique on a specific link Interface identifiers are always 64 bits and can be dynamically derived from a Layer 2 address IPv6 address ID can be assigned statically or dynamically 1 Static assignment using a manual interface ID 2 Static assignment using an Extended Universal Identifier 64 EUI 64 interface ID 3 Stateless auto configuration 4 DHCP for IPv6 DHCPv6 Chapter 6 Networking Academy Stateless Address Autoconfiguration BIRMINGHAM City University R2 config if ipv6 address autoconfig R2 show ipv6 interface f0 0 FastEthernetO O is up line protocol is up IPv6 is enabled link local address is FE80 219 55FF FEFO B7DO Global unicast address es 13 219 55FF FEFO B7DO subnet is 13 64 PRE Valid lifetime 2591941 preferred lifetime 604741 Joined group address es FFO2 1 FFO2 2 FFO2 1 FF13 3 FFO02 1 FFFO B7DO MTU is 1500 bytes ICMP error messages limited to one every 100 millisecond
4. 218 B9FF FECD BEFO SerialO 0 1 FECO 12 0 112 0 0 via SerialO 0 O FECO 12 1 128 0 0 via SerialO 0 O FECO 13 0 112 0 0 50 0 0 via 5 0 0 1 DCE 0 13 11128 0 0 16 1123 via SerialO O 1 FECO 23 64 110 65 via FE80 2 Serial0 0 0 via FE80 218 B9FF FECD BEFO Serial0 0 1 L FFOO 8 0 0 via lt Multicast bit bucket Chapter 6 9 0 13 0 112 50 0 1 E73 OSPFv3 Frame Rela Conf uration Networking Academy PIPMINSHAM City University 12 12 1 64 12 12 2 64 50 0 0 z 13 13 1 64 77 24 24 1 64 Routing protocols use the Area 1 link local address to send Area 2 routing information to 13 13 3 64 neighbors Fa0 0 24 24 3 64 eIf the link local addresses do not have a mapping to DLCIs the OSPF Hellos will not be sent across the NBMA 103 103 3 64 Network Ri config int 50 0 0 Ri config if fram ipv6 FE80 219 55FF FE92 A442 122 broadcast Ri config if end Chapter 6 RIPng Configuration Ri config ipv6 unicast routing Ri config ipv6 cef Ri config ipv6 router RTO R1 config interface 0 0 Ri config if ipv6 address 2001 db8 1 1 48 eui 64 Ri config if rip RTO enable R2 config ipv6 unicast routing R2 config ipv6 cef R2 config ipv6 router rip RTO Ri config interface 0 0 Ri config if
5. E Verify NAT Networking BIRMINGHAM Academy Inside Network Outside City University 3 eS 209 165 200 253 S Fa 0 0 50 0 0 192 168 10 10 192 168 1 50 Ri show ip nat statistics 75 S Total active translations 2 1 static 1 dynamic extended Server Outside interfaces 192 168 10 11 Serial 0 0 0 Inside interfaces FastEthernetO O Hits 10 Misses O CEF Translated packets 5 CEF Punted packets O Expired translations O Dynamic mappings Appl doors O Normal doors O Queued Packets O Chapter 6 E Verify NAT 2 Inside Network Outside City University 192 168 10 1 ere 209 165 200 253 SS Fa 0 0 iw 60 0 0 277 192 168 10 10 Rs EE Server 192 168 10 11 Ri tdebug ip nat IP NAT debugging is on 3 13 01 28 162 s 192 168 1 50 d 209 165 200 254 gt 192 168 10 11 10202 13 01 28 162 s 192 168 10 10 gt 209 165 200 253 d 192 168 1 50 210 13 01 30 991 s 192 168 1 50 d 209 165 200 254 gt 192 168 10 11 10370 192 168 1 50 asterisk next to NAT indicates that the translation is occurring in the fast switched path Chapter 6 Dynamic Host Confiquration Protocol 3 DHCP PC 1 1 Discover Broadcast DHCP So Server DHCP Pool 192 168 1 4 192 168 1 5 192 168 1 6 BIRMINGHAM City University 2 O
6. ipv6 address 2001 db8 1 1 48 eui 64 Ri config if rip RTO enable 2 2001 db8 1 2 64 R1 config if interface 0 1 37 Ri config if ipv6 address 2001 db8 1 2 48 eui 64 Ri config if ipv6 rip RTO enable Chapter 6 IPv Redistribution R2 show ipv6 protocols IPv6 Routing Protocol is connected IPv6 Routing Protocol is static IPv6 Routing Protocol is rip RIPoFR Interfaces FastEthernetO O Serial0 0 0 Redistribution Redistributing protocol rip RIPoTU with metric 5 IPv6 Routing Protocol is rip RIPoTU Interfaces Loopback101 TunnelO Redistribution Redistributing protocol rip RIPoFR with metric 15 R2 config ipv6 router rip RIPoTU R2 config rtr redistribute rip RIPoFR metric 10 Chapter 6 Networking Academy IPv6 Diagnostic Tools FE debug routing display debugging messages for 6 routing table updates and route cache updates debug display debugging messages for IPv6 Internet Control Message Protocol ICMP ND transactions debug packet display debugging messages for IPv6 packets The debugging information includes packets received generated and forwarded Note that fast switched packets do not generate messages show ipv6 interface displays the usability status of interfaces configured for IPv6 or to validate the status of an interface and its configured addresses show routers
7. 0 0 Serial0 0 0 is up line protocol is up 0 2 1 112 is enabled link local address is FE80 219 6FF FE23 4380 No Virtual link local address es 50 0 0 Global unicast address es 12 1 subnet is FECO 12 0 112 Joined group address es FFO2 1 FFO2 2 FFO2 1 FF12 1 B MTU is 1500 bytes eee FECO 3 1 112 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled R1 config interface serial0 0 0 Ri config if address 80 1 link local When pinging link local addresses specify an ND DAD is enabled number of DAD attempts 1 outgoing interface because the addresses are not routed and the routing table Chapter 6 0 13 0 112 50 0 1 ICMP unreachables are sent pe V erif y OSPF 3 BIRMINGHAM Ri show route IPv6 Routing Table 11 entries Codes C Connected L Local S Static R RIP B BGP U Per user Static route I1 ISIS L1 I2 ISISL2 IA ISIS interarea IS ISIS summary OSPF intra OI OSPF inter OE1 OSPF ext 1 OE2 OSPF ext 2 OSPF NSSA ext 1 ON2 OSPF NSSA ext 2 D EIGRP EX EIGRP external LoopbackO 10 1 2 1 24 L 7 Link Local bit bucket 1 0 112 0 0 lt Subnet via LoopbackO via LoopbackO FECO 2 1 128 110 64 via FE80 2 Serial0 0 0 Link Local next hop FECO 3 1 128 110 64 via FE80
8. This is an IPv6 specific command doesn t have an 4 counterpart you can use to display IPv6 router advertisement RA information received from onlink routers show route displays the contents of the IPv6 routing table show protocols displays the parameters and current state of the active IPv6 routing protocol processes Chapter 6 Chapter 6 Troubleshooting Addressing Services Objectives Describe NAT amp PAT operation amp troubleshooting techniques Describe DHCP operation amp troubleshooting techniques Describe the different methods of IPv6 address assignment Explain the operation of OSPFv3 and RIPng Describe typical IPv6 troubleshooting techniques Chapter 6 CISCO Any Questions Chapter 6
9. there are often instances in which other components such as routing protocols need to change when the specific migration or tunneling method changes Chapter 6 BIRMINGHAM City University IPv Address Types e Unicast Address is for a single interface IPv6 has several types for example global and IPv4 mapped Multicast Broadcasts are replaced by multicast addresses Multicast enables efficient network operation by using functionally specific multicast groups to send requests fo a limited number of computers on the network packet sent to a multicast address is delivered to all interfaces identified by that address Anycast IPv6 also defines a new type of address called anycast An anycast address identifies a list of devices or nodes therefore an anycast address identifies multiple interfaces Routers decide on closest device to reach that destination Suitable for load balancing and content delivery services Chapter 6 Multicast Address Structure Networking BIRMINGHAM City University 8 Bits 4Bits 4 Bits 112 Bits gt gt Add TERT multicast address identifies not one device but set of devices FFO2 1 All Nodes multicast group packet being sent to a multicast FFO2 5 OSPFv3 group is originated by a single device Routers a multicast packet has a unicast address as its source and a multicast address as its destination
10. 302f 30 10 1 1 2 1 00 07 41 859 DHCPD Finding a relay for client 0063 6973 636f 2d63 3030 312e 3066 3163 2e30 3030 302d 4661 302f 30 on interface FastEthernetO 1 Mar 1 00 07 54 775 DHCPD DHCPDISCOVER received from client 0063 6973 636f 2d63 3030 312e 3066 3163 2e30 3030 302d 4661 302f 30 on interface FastEthernetO O Mar 1 00 07 54 779 DHCPD Allocate an address without class information 10 1 1 0 Mar 1 00 07 56 783 DHCPD Sending DHCPOFFER to client 0063 6973 636f 2d63 3030 312e 3066 3163 2e30 3030 302d 4661 302f 30 10 1 1 2 1 00 07 56 787 DHCPD broadcasting BOOTREPLY to client c001 0f1c 0000 Mar 1 00 07 56 879 DHCPD DHCPREQUEST received from client 0063 6973 636f 2d63 3030 312e 3066 3163 2e30 3030 302d 4661 302f 30 1 00 07 56 887 DHCPD No default domain to append abort update Mar 1 00 07 56 887 DHCPD Sending DHCPACK to client 0063 6973 636f 2d63 3030 312e 3066 3163 2e30 3030 302d 4661 302f 30 10 1 1 2 1 00 07 56 891 DHCPD broadcasting BOOTREPLY to client 2 apter Troubleshooting IPv6 Issues TE ity Universit y Examining IPv6 issues reveals that there are many common configuration mistakes Mis configured auto configuration on routers IPv6 routing problems such as suboptimal routing due to improper summarization and parameter mismatches on protocols such as OSPF that negotiate parameters For tunnel scenarios due to the great variety of methods
11. 6 PM R1 clear ip dhcp conflict Chapter 6 BIRMINGHAM City University DHCP Server Host 10 1 1 2 Ri sh ip dhcp server statistics 1 25307 verify that messages ress pools Database agents being received or sent by the router use the show ip dhcp Automatic bindings Manual bindings server statistics command Expired bindings Malformed messages Secure arp entries This command displays count Message Received information regarding the BOOTREQUEST 0 DHCPDISCOVER 8 number of DHCP messages DHCPREQUEST 1 that have been sent and DHCPDECLINE 0 DHCPRELEASE 0 received DHCPINFORM 0 Chapter 6 BIRMINGHAM City University DHCP Server Host 10 1 1 2 R1 sh ip dhcp pool Pool POOL1 Utilization mark high low 100 0 Subnet size first next 0 0 Total addresses 254 Leased addresses 1 Pending event oa 1 subnet is currently in the pool Current index IP address range Leases addresses 10 1 1 3 10 1 1 2 10 1 1 254 1 Chapter 6 Verifying DHCP Networking Academy BIRMINGHAM City University DHCP Server Host 10 112 Ri tdebug ip dhcp server packet Mar 1 00 07 39 867 DHCPD DHCPRELEASE message received from client 0063 6973 636f 2d63 3030 312e 3066 3163 2e30 3030 302d 4661 302f 30 10 1 1 2 1 00 07 41 855 DHCPD DHCPRELEASE message received from client 0063 6973 636f 2d63 3030 312e 3066 3163 2e30 3030 302d 4661
12. e 1 to create the 128 bit link local address This address is associated with the interface and tagged tentative B Phase3 Before final association it is necessary to verify the address s uniqueness on the link called duplicate address detection DAD Phase4 This phase removes the tentative tag and formally assigns the address to the network interface The system can now communicate with its neighbors on the link Chapter 6 Neighbour Discovery Protocol NOP The most distinct characteristic of IPv6 after it s increased address space are it s plug and play features NDP is the enable of these features using the following functions Router Discovery Prefix Discovery Parameter Discovery Address Auto configuration Address Resolution e Next Hop Determination e Neighbour Unreachability Detection Duplicate Address Detection Redirect Chapter 6 BIRMINGHAM NOP Messages anya Router Advertisement RA Originated by routers to advertise their presence and link specific parameters such as link prefixes MTU and hop limits Sent periodically every 200 seconds in Cisco routers and in response to Router Solicitation messages Router Solicitation RS Originated by hosts to request that router sends an RA Neighbour Solicitation NS Originated by nodes to request another node s link layer address and also for duplicate address detection DAD and neighbour reachabili
13. ffer Unicast do you want 192 168 1 3 3 Request Broadcast yes please 5 EE 4 Acknowledge Unicast you have 192 168 1 3 _ DHCP DECLINE Client to server communication indicating that the IP address is already in use DHCP Server to client communication This is the server s response to a client REQUEST This message includes all configuration parameters DHCP Server to client communication This is the server s negative response to a client s REQUEST indicating the original OFFER is no longer available DHCP RELEASE Client to server communication The client relinquishes its IP address other parameters Chapter 6 DHCP Configuration usin Importing ery Ri config ip dhcp excluded address 10 0 0 1 10 0 0 5 Ri config ip dhcp pool CENTRAL R1 dhcp config network 10 0 0 0 255 255 255 0 Ri dhcp config default router 10 0 0 1 Ri dhcp config domain name central com R1 dhcp config dns server 10 0 0 2 R1 dhcp config tnetbios name server 10 0 0 2 Ri config interface fastethernetO O Ri config if ip address 10 0 0 1 255 255 255 0 Networking Academy R2 config ip dhcp excluded address 20 0 0 2 R2 dhcp config ip dhcp pool CLIENT R2 dhcp config network 20 0 0 0 255 255 255 0 R2 dhcp config default router 20 0 0 1 R2 dhcp config import all Chapter 6 Host 10 112 DHCP clie
14. ide to Inside IPsec decr tion IPsec decryption Input ACL 4 Input ACL eit Pal i outside to inside routing Policy routing Redirect to web cache routing inside to outside Redirect to web cache Crypto map check Crypto map check Output ACL Output ACL Firewall inspect Firewall inspect TCP intercept intercept Encryption Encryption Chapter 6 Common Problems An ACL referenced by a NAT configuration is incorrect Inside and outside interfaces are not correctly assigned Incorrect IP addresses or address ranges referenced by a NAT configuration Applications are NAT aware A routing loop occurs as a result of a NAT address translation Chapter 6 E Verify NAT Networking Academy BIRMINGHAM Inside Network Outside City University 192 168 10 1 ere 209 165 200 253 SS FADA Soo 192 168 10 10 75 SS Server 192 168 10 11 R1 show ip nat translations 192 168 1 50 Pro Inside global Inside local Outside local Outside global 209 165 200 254 192 168 10 11 tcp 209 165 200 254 23 192 168 10 10 23 192 168 1 50 1158 192 168 1 50 1158 R1 clear ip nat translation R1 show ip nat translations Pro Inside global Inside local Outside local Outside global 209 165 200 254 192 168 10 11 Chapter 6
15. nts use IP broadcasts to find the DHCP server on the segment Routers do not forward these broadcasts When possible administrators should use the ip helper address command to relay broadcast requests for key UDP services DNS Other protocols that are forwarded by a DHCP relay agent include the following Domain Name System DNS Internet Time Service ITS NetBIOS name server NetBIOS datagram server BootP 5 Chapter 6 E Confiquring IP helper addresses Ed TFTP 172 24 1 14 _DHcP 172 24 19 Host 10 1 1 2 DNS To configure R1 0 0 the interface that receives the Host broadcasts to relay DHCP broadcasts as a unicast to the DHCP server use the following commands R1 config interface 0 0 R1 config if ip helper address 172 24 1 9 Chapter 6 Common DHCP Problems router not forwarding broadcasts e DHCP pool out of IP addresses Misconfiguration Duplicate IP addresses Redundant services not communicating pull nature of DHCP Chapter 6 Verif DHCP BIRMINGHAM DHCP Server 10 11 1 Host 10 11 2 R1 sh dhcp binding IP address Client ID Lease expiration Type Hardware address 10 1 1 2 0000 0C9B 9C83 Feb 11 2010 06 14 Automatic Ri clear ip dhcp binding Ri show ip dhcp conflict IP address Detection method Detection time 10 1 1 2 Ping Oct 15 2009 8 5
16. ork Adar esses Aare 192 168 10 2 2 02 165 200 253 i 3 ES 22 vi 3E 50 0 0 Soo 192 168 10 11 Ri config nat pool 00 1209 165 200 226 209 165 200 240 netmask 255 255 255 224 Riconfig access list_ permit 192 168 10 0 0 0 0 255 Ri config ip inside source list 2 pool POOLI overload R1 config int 50 0 0 Ri config if ip nat outside R1 config if Aint 0 0 Ri config if ip nat inside the scenario where the ISP has provided more than one public IP address NAT overload is configured to use a pool primary difference between this configuration and the configuration for dynamic one to one NAT is that the overload keyword is used Chapter 6 Drawbacks Some applications or protocols have direct with NAT or PAT VPNs encapsulates the original IP address and doesn t provide access to UDP or TCP port numbers NAT Transparency or NAT Traversal required Multimedia applications negotiate ports at the moment of connection or have IP addresses embedded in the payload of the packets requiring NAT to be application aware Applications and protocols as such might be labeled as NAT sensitive Kerberos X windows rsh SIP SNMP FTP and DNS Chapter 6 Router Interface Order of Networking Thside Network Opera TIONS Outside eS 209 165 200 253 ES LS Inside Outside Outs
17. s ICMP redirects are enabled ND DAD is enabled number of DAD attempts 1 ND reachable time is 30000 milliseconds ND advertised reachable time is O milliseconds ND advertised retransmit interval is O milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses Chapter 6 IPv6 Address Types _ Link Local Unicast 1111111010 80 10 2 4 Global Unicast Or 3 4 Chapter 6 Link Local Address BIRMINGHAM City University 128 Bits 1111 1110 10 Remaining 54 Bits 000C 29FF FEC2 52FF 64 Bits FE80 10 Mandatory address for communication between two IPv6 devices similar to ARP but at Layer 3 Automatically assigned by router as soon as IPv6 is enabled using stateless auto configuration Also used for neighbour relationships and next hop calculation in routing protocols MAC Address 00 OC 29 C2 52 FF EUI 64 conversion OO0C 29FF FEC2 52FF locally administered EUI 64 conversion O20C 29FF FEC2 52FF universal Chapter 6 Phases of Stateless Auto confiquration Phase 1 The most common method to obtain a unique identifier on an Ethernet link is by using the EUI 48 MAC address and applying the modified IEEE EUZ 64 standard algorithm Phase 2 The well known link local prefix 7 80 64 is prepended to the 64 bit identifier from phas
18. ty Neighbour Advertisement NA sent in response to NS messages Redirect Allows routers to advise clients of better exit gateways Barer BIRMINGHAM City University IPv6 Routing Protocols The following routing protocols have been developed to support IPv6 1 Routing Information Protocol next generation RIPng is a distance vector routing protocol with a limit of 15 hops that uses split horizon and poison reverse to prevent routing loops 2 OSPFv3 is Based on OSPF version 2 OSPFv2 with enhancements 2 IPv6 15 15 with large address support facilitates the IPv6 address family 4 EIGRP IPv6 runs over an IPv6 transport communicates only with IPv6 peers and advertises only IPv6 routes 5 Multiprotocol BGP MBGP RFC 2858 which replaces the obsolete RFC 2283 defines multiprotocol extensions for BGP4 Chapter 6 0 0 0 2001 16 2001 1 0410 00001 48 Ri config ipv6 unicast routing OSPFv3 Configuration 233 Ri config ipv6 cef IPv6 Internet R1 config ipv6 router ospf 1 Ri config router router ID 1 1 1 1 Ri config interface 0 0 Ri config if ipv6 address 2001 4010 0001 1 48 Ri config if ospf 1 area Ri config if ipv6 ospf priority 20 Ri config if ospf cost 20 R1 config ipv6 router ospf 1 R1 config router area range 2001 0410 32 Chapter 6 V erif y OSPF 3 BIRMINGHAM Ri show interface serial 0
Download Pdf Manuals
Related Search