Полезная информация

cc/td/doc/product/software/ios120/12cgcr
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Configuring Easy IP

Configuring Easy IP

The Easy IP (Phase 1) feature combines Network Address Translation (NAT) and PPP/Internet Protocol Control Protocol (IPCP). This feature enables a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server and to enable all remote hosts to access the global Internet using this single registered IP address. Because Easy IP (Phase 1) uses existing port-level multiplexed NAT functionality within the Cisco IOS software, IP addresses on the remote LAN are invisible to the Internet.

For a complete description of the Easy IP commands in this chapter, refer to the "Easy IP Commands" chapter of the Dial Solutions Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.


Note Simple translations, either static or dynamic, are not supported in non-Plus Cisco IOS software images. In order to enable dynamic or static simple translation along with Easy IP (Phase  1), you need to obtain the full NAT Plus Cisco IOS software image.

Benefits

Easy IP (Phase 1) provides the following benefits:

List of Terms

PPP/Internet Protocol Control Protocol (IPCP)---Defined in RFC 1332, this protocol provides the ability to dynamically configure IP addresses over Point-to-Point Protocol (PPP). A Cisco IOS Easy IP (Phase 1) router uses PPP/IPCP to dynamically negotiate its own registered WAN interface IP address from a central access server or Dynamic Host Configuration Protocol (DHCP) server.

Network Address Translation (NAT)---Operates on a router that connects two or more networks together. In Easy IP (Phase 1), at least one of these networks (designated as "inside" or "LAN") is addressed with private addresses that must be converted into a registered address before packets can be forwarded to the other registered network (designated as "outside" or "WAN"). Within the context of Easy IP (Phase 1), port-level multiplexed NAT is used to translate all internal private addresses to a single outside registered IP address.

How Easy IP Works

Easy IP (Phase 1) assumes that all clients have statically configured IP addresses. The PPP/IPCP address negotiation functionality in Easy IP is used to assign an IP address from a central device (PPP/IPCP option 3---"IP Address") to the Easy IP router.

Figure 127 shows a typical scenario for using the Easy IP feature.


Figure 127: Telecommuter and Branch Office LANs Using Easy IP


Steps 1 through 4 illustrate how Easy IP (Phase 1) works.

Step 1 When a SOHO host generates "interesting" traffic (as defined by access control lists) for dialup (first-time only), the Easy IP router requests a single registered IP address from the central site's access server via PPP/IPCP. See Figure 128.


Figure 128: Easy IP Router Requests a Dynamic Global IP Address


Step 2 The central site router replies with a dynamic global address from a local DHCP IP address pool. See Figure 129.


Figure 129: Dynamic Global IP Address Delivered to the Easy IP Router


Step 3 The Easy IP router uses port-level NAT functionality to automatically create a translation that associates the WAN interface's registered IP address with the client's private IP address. See Figure 130.


Figure 130: Port-Level NAT Functionality Used for IP Address Translation


Step 4 The remote hosts contain multiple static IP addresses while the Easy IP router obtains a single registered IP address using PPP/IPCP. The Easy IP router then creates port-level multiplexed NAT translations between these addresses so that each remote host address (inside private address) is translated to a single external address assigned to the Easy IP router. This many-to-one address translation is also called port-level multiplexing or port address translation (PAT). Note that the NAT port-level multiplexing function can be used to conserve global addresses by allowing the remote routers to use one global address for many local addresses. See Figure 131.


Figure 131: Multiple Private Internal IP Addresses are Bound to a Single Global IP Address


Prerequisites

Complete the following tasks before using Easy IP (Phase 1):

For information about configuring ISDN switch types, refer to the "Setting Up ISDN Basic Rate Service" chapter earlier in this book. For information about configuring static routes, refer to the "Configuring IP Services" chapter in the Network Protocols Configuration Guide, Part 1. For information about NAT, refer to the "Configuring Network Address Translation" chapter in this book.

Configuration Task List

In its most simple configuration, an Easy IP (Phase 1) router or access server will have a single LAN interface and a single WAN interface. Based on this model, you must complete the following tasks to use Easy IP (Phase 1):

For configuration examples, refer to the section "Examples" later in this chapter.

Define the NAT Pool

The first step in enabling Easy IP (Phase 1) is to create a pool of internal IP addresses to be translated. To define the NAT pool, perform the following tasks in global configuration mode:
Step Command Purpose

1 . 

access-list access-list-number permit source [source-wildcard]

Define a standard access list permitting those addresses that are to be translated.

2 . 

ip nat inside source list access-list-number interface dialer-name overload

Establish dynamic source translation, identifying the access list defined in the prior step.

For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book. For information about creating access lists, refer to the chapter "Configuring IP Services" in the Network  Protocols Configuration Guide, Part 1.

Configure the LAN Interface

To configure the LAN interface, perform the following tasks in interface configuration mode:
Step Command Purpose

1 . 

interface type number

Select a specific LAN interface.

2 . 

ip address address mask

Define the IP address and subnet mask for this interface.

For information about assigning IP addresses and subnet masks to network interfaces, refer to the "Configuring IP Services" chapter in the Network Protocols Configuration Guide, Part 1.

Define NAT for the LAN Interface

To ensure that the LAN interface is connected to the inside network (and therefore subject to NAT), perform the following task in interface configuration mode:
Command Purpose

ip nat inside

Define the interface as internal for network address translation.

For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book.

Configure the WAN Interface

To configure the WAN interface, perform the following tasks in interface configuration mode:
Step Command Purpose

1 . 

interface type number

Select the WAN interface.

2 . 

no ip address

Remove any associated IP address from this interface.

3 . 

encapsulation ppp

Select PPP as the encapsulation method for this interface.

4 . 

dialer pool-member number

Bind the WAN interface to the dialer interface.

Enable PPP/IPCP Negotiation

To enable PPP/IPCP negotiation on the dialer interface, perform the following tasks in interface configuration mode:
Step Command Purpose

1 . 

interface dialer-name

Select the dialer interface.

2 . 

ip address negotiated

Enable PPP/IPCP negotiation for this interface.

Define NAT for the Dialer Interface

To define that the dialer interface is connected to the outside network, perform the following tasks in interface configuration mode:
Step Command Purpose

1 . 

interface dialer-name

Select the dialer interface.

2 . 

ip nat outside

Define the interface as external for network address translation.

For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book.

Configure the Dialer Interface

To configure the dialer interface information, perform the following tasks in interface configuration mode:
Step Command Purpose

1 . 

interface dialer-name

Select the dialer interface.

2 . 

dialer wait-for-carrier-time seconds

Specify for a dialer interface the length of time the interface waits for a carrier before timing out.

3 . 

dialer hold-queue packets

Create a dialer hold queue and specify the number of packets to be held in it.

4 . 

dialer remote-name name

Specify the remote router CHAP authentication name.

5 . 

dialer idle-timeout seconds

Specify the amount of idle time that can pass before calls to the central access server are disconnected.

6 . 

dialer string string

Specify the telephone number required to reach the central access server.

7 . 

dialer pool number

Specify the dialing pool to use.

8 . 

dialer-group number

Assign the dialer interface to a dialer group.

Examples

The following example shows how to configure BRI interface 0 (shown as interface bri0) to obtain its IP address via PPP/IPCP address negotiation:

! The following command defines the NAT pool.
ip nat inside source list 101 interface dialer1 overload
!
! The following commands define the ISDN switch type.
isdn switch type vn3
isdn tei-negotiation first-call
!
!The following commands define the LAN address and subnet mask.
interface ethernet0
  ip address 10.0.0.4 255.0.0.0
!The following command defines ethernet0 as internal for NAT.
  ip nat inside
!
!The following commands binds the physical interface to the dialer1 interface.
interface bri0
  no ip address
  encapsulation ppp
  dialer pool-member 1
!
interface dialer1
!
!The following command enables PPP/IPCP negotiation for this interface.
  ip address negotiated
  encapsulation ppp
!
!The following command defines dialer1 interface as external for NAT.
  ip nat outside
  dialer remote-name dallas
  dialer idle-timeout 180
!
!The following command defines the dialer string for central access server.
  dialer string 4159991234
  dialer pool 1
  dialer-group 1
!
!The following commands define the static route to the WAN interface.
ip route 0.0.0.0 0.0.0.0 dialer1
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip list 101

The following example shows how to configure an asynchronous interface (interface async1) to obtain its IP address via PPP/IPCP address negotiation:

! This command defines the NAT pool.
ip nat inside source list 101 interface dialer 1 overload
!
!The following commands define the LAN IP address and subnet mask.
interface ethernet0
  ip address 10.0.0.4 255.0.0.0
!
!The following command defines ethernet0 as internal for NAT.
  ip nat inside
!
!The following commands bind the physical dialer1 interface.
interface async1
  no ip address
  encapsulation ppp
  async mode dedicated
  dialer pool-member 1
!
interface dialer1
!
!The following command enables PPP/IPCP negotiation for this interface.
  ip address negotiated
  encapsulation ppp
!
!The following command defines dialer1 interface as external for NAT.
  ip nat outside
  dialer wait-for-carrier-time 30
  dialer hold-queue 10
  dialer remote-name dallas
  dialer idle-timeout 180
!
!The following command defines the dialer string for central access server.
  dialer string 4159991234
  dialer pool 1
  dialer-group 1
!
!The following commands define the static route to the WAN interface.
ip route 0.0.0.0 0.0.0.0 dialer1
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip list 101



hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1998 © Cisco Systems Inc.