|
|
The Easy IP (Phase 1) feature combines Network Address Translation (NAT) and PPP/Internet Protocol Control Protocol (IPCP). This feature enables a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server and to enable all remote hosts to access the global Internet using this single registered IP address. Because Easy IP (Phase 1) uses existing port-level multiplexed NAT functionality within the Cisco IOS software, IP addresses on the remote LAN are invisible to the Internet.
For a complete description of the Easy IP commands in this chapter, refer to the "Easy IP Commands" chapter of the Dial Solutions Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
Easy IP (Phase 1) provides the following benefits:
PPP/Internet Protocol Control Protocol (IPCP)---Defined in RFC 1332, this protocol provides the ability to dynamically configure IP addresses over Point-to-Point Protocol (PPP). A Cisco IOS Easy IP (Phase 1) router uses PPP/IPCP to dynamically negotiate its own registered WAN interface IP address from a central access server or Dynamic Host Configuration Protocol (DHCP) server.
Easy IP (Phase 1) assumes that all clients have statically configured IP addresses. The PPP/IPCP address negotiation functionality in Easy IP is used to assign an IP address from a central device (PPP/IPCP option 3---"IP Address") to the Easy IP router.
Figure 127 shows a typical scenario for using the Easy IP feature.
Steps 1 through 4 illustrate how Easy IP (Phase 1) works.
Step 1 When a SOHO host generates "interesting" traffic (as defined by access control lists) for dialup (first-time only), the Easy IP router requests a single registered IP address from the central site's access server via PPP/IPCP. See Figure 128.
Step 2 The central site router replies with a dynamic global address from a local DHCP IP address pool. See Figure 129.
Step 3 The Easy IP router uses port-level NAT functionality to automatically create a translation that associates the WAN interface's registered IP address with the client's private IP address. See Figure 130.
Step 4 The remote hosts contain multiple static IP addresses while the Easy IP router obtains a single registered IP address using PPP/IPCP. The Easy IP router then creates port-level multiplexed NAT translations between these addresses so that each remote host address (inside private address) is translated to a single external address assigned to the Easy IP router. This many-to-one address translation is also called port-level multiplexing or port address translation (PAT). Note that the NAT port-level multiplexing function can be used to conserve global addresses by allowing the remote routers to use one global address for many local addresses. See Figure 131.
Complete the following tasks before using Easy IP (Phase 1):
For information about configuring ISDN switch types, refer to the "Setting Up ISDN Basic Rate Service" chapter earlier in this book. For information about configuring static routes, refer to the "Configuring IP Services" chapter in the Network Protocols Configuration Guide, Part 1. For information about NAT, refer to the "Configuring Network Address Translation" chapter in this book.
In its most simple configuration, an Easy IP (Phase 1) router or access server will have a single LAN interface and a single WAN interface. Based on this model, you must complete the following tasks to use Easy IP (Phase 1):
For configuration examples, refer to the section "Examples" later in this chapter.
The first step in enabling Easy IP (Phase 1) is to create a pool of internal IP addresses to be translated. To define the NAT pool, perform the following tasks in global configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| access-list access-list-number permit source [source-wildcard] | Define a standard access list permitting those addresses that are to be translated. | ||
| ip nat inside source list access-list-number interface dialer-name overload | Establish dynamic source translation, identifying the access list defined in the prior step. |
For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book. For information about creating access lists, refer to the chapter "Configuring IP Services" in the Network Protocols Configuration Guide, Part 1.
To configure the LAN interface, perform the following tasks in interface configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| interface type number | Select a specific LAN interface. | ||
| ip address address mask | Define the IP address and subnet mask for this interface. |
For information about assigning IP addresses and subnet masks to network interfaces, refer to the "Configuring IP Services" chapter in the Network Protocols Configuration Guide, Part 1.
| Command | Purpose |
|---|---|
ip nat inside | Define the interface as internal for network address translation. |
For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book.
To configure the WAN interface, perform the following tasks in interface configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| interface type number | Select the WAN interface. | ||
| no ip address | Remove any associated IP address from this interface. | ||
| encapsulation ppp | Select PPP as the encapsulation method for this interface. | ||
| dialer pool-member number | Bind the WAN interface to the dialer interface. |
| Step | Command | Purpose | ||
|---|---|---|---|---|
| interface dialer-name | Select the dialer interface. | ||
| ip address negotiated | Enable PPP/IPCP negotiation for this interface. |
To define that the dialer interface is connected to the outside network, perform the following tasks in interface configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| interface dialer-name | Select the dialer interface. | ||
| ip nat outside | Define the interface as external for network address translation. |
For information about configuring NAT, refer to the chapter "Configuring Network Address Translation" in this book.
To configure the dialer interface information, perform the following tasks in interface configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| interface dialer-name | Select the dialer interface. | ||
| dialer wait-for-carrier-time seconds | Specify for a dialer interface the length of time the interface waits for a carrier before timing out. | ||
| dialer hold-queue packets | Create a dialer hold queue and specify the number of packets to be held in it. | ||
| dialer remote-name username | Specify the remote router CHAP authentication name. | ||
| dialer idle-timeout seconds | Specify the amount of idle time that can pass before calls to the central access server are disconnected. | ||
| dialer string dialer-string | Specify the telephone number required to reach the central access server. | ||
| dialer pool number | Specify the dialing pool to use. | ||
| dialer-group group-number | Assign the dialer interface to a dialer group. |
The following example shows how to configure BRI interface 0 (shown as interface bri0) to obtain its IP address via PPP/IPCP address negotiation:
! The following command defines the NAT pool.ip nat inside source list 101 interface dialer1 overload!! The following commands define the ISDN switch type.isdn switch type vn3 isdn tei-negotiation first-call ! !The following commands define the LAN address and subnet mask.interface ethernet0ip address 10.0.0.4 255.0.0.0 !The following command defines ethernet0 as internal for NAT. ip nat inside ! !The following commands binds the physical interface to the dialer1 interface. interface bri0 no ip address encapsulation ppp dialer pool-member 1 ! interface dialer1 ! !The following command enables PPP/IPCP negotiation for this interface. ip address negotiated encapsulation ppp ! !The following command defines dialer1 interface as external for NAT. ip nat outside dialer remote-name dallas dialer idle-timeout 180 ! !The following command defines the dialer string for central access server. dialer string 4159991234 dialer pool 1 dialer-group 1 ! !The following commands define the static route to the WAN interface. ip route 0.0.0.0 0.0.0.0 dialer1 access-list 101 permit ip 10.0.0.0 0.255.255.255 any dialer-list 1 protocol ip list 101
The following example shows how to configure an asynchronous interface (interface async1) to obtain its IP address via PPP/IPCP address negotiation:
! This command defines the NAT pool.ip nat inside source list 101 interface dialer 1 overload !!The following commands define the LAN IP address and subnet mask.interface ethernet0ip address 10.0.0.4 255.0.0.0 ! !The following command defines ethernet0 as internal for NAT. ip nat inside ! !The following commands bind the physical dialer1 interface. interface async1 no ip address encapsulation ppp async mode dedicated dialer pool-member 1 ! interface dialer1 ! !The following command enables PPP/IPCP negotiation for this interface. ip address negotiated encapsulation ppp ! !The following command defines dialer1 interface as external for NAT. ip nat outside dialer wait-for-carrier-time30dialer hold-queue10dialer remote-name dallas dialer idle-timeout 180 ! !The following command defines the dialer string for central access server. dialer string 4159991234 dialer pool 1 dialer-group 1 ! !The following commands define the static route to the WAN interface. ip route 0.0.0.0 0.0.0.0 dialer1 access-list 101 permit ip 10.0.0.0 0.255.255.255 any dialer-list 1 protocol ip list 101
Posted: Mon May 3 12:00:38 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.