Dual Stack IPv6 and IPv4 configuration (CNA-04-006)

CCNA Exploration 4.0, Semester 4, "Dual Stack IPv6 and IPv4 configuration " Packet Tracer 5.0 practice file (CNA-04-006).

• CNA-04-006.pkt, (Backup Link)
• CNA-04-006-sol.pkt, (Backup Link)

This example is designed for you to practice basic IPv6 commands in IOS. You will also know the new fashion to start a routing protocol in IPv6.

Note: Packet Tracer 4.X does not support IPv6. Please use version 5.X and later to practice IPv6.

To simplify your task, I configured all the necessary IPv4/IPv6 addresses on the interfaces. You can just begin to observe and verify!

interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:1:1:1::1/64
!
interface Serial0/0/0
 ip address 10.2.2.1 255.255.255.0
 ipv6 address 2001:2:2:2::1/64
 clock rate 64000
!

You have to configure "routing protocol" yourself. To verify "Dual Stack", we will enable both IPv4 routing protocol and IPv6 routing protocol.

The IPv4 part (in this case, RIPv2) is very easy for you. Remember the basic two steps to start any IPv4 routing protocols in IOS:

1. Use one "router X" command, to start one routing protocol process
2. Use one or more "network Y" commands, to specify at which interfaces will this protocol being enabled

So the configuration is this:

router rip
 version 2
 network 10.0.0.0
 no auto-summary
!

For this simple IPv4 addressing, it is not necessary to include an "no auto-summary" command. It is always a good habit to add "no auto-summary" in today's VLSM world.

As to IPv6 part (RIPng), steps are quite different from IPv4:

1. We need to start the routing protocol process first. In addition, we also have to create a TAG name for it. This is because in IPv6 IOS supports multiple instances on routing protocols
2. Go directly to interface configuration mode to assign which "routing instance" to be enabled on this interface.

interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:1:1:1::1/64
 ipv6 rip CCNA enable 
!
interface Serial0/0/0
 ip address 10.2.2.1 255.255.255.0
 ipv6 address 2001:2:2:2::1/64
 ipv6 rip CCNA enable 
 clock rate 64000
!
interface Serial0/0/1
 no ip address
 shutdown
!
ipv6 router rip CCNA
!

In fact, the tag name "CCNA" is only locally significant. You can play by using different tags on two routers and verify it yourself.

How to describe 2^128, the total number of IPv6 addresses

I like the way described on Wiki about 2¹²⁸, the total number of IPv6 addresses:

... approximately 5×10²⁸ (roughly 2⁹⁵) addresses for each of the roughly 6.5 billion (6.5×10⁹) people alive in 2006. ...

You will get a share of "astronomical" number of addresses in IPv6: 5×10²⁸. I believe it is impressive enough for us all to imagine how large the number is!

I also found an interesting page questioning the correctness of some bold statements about this number, such as "IPv6 will let us individually address every proton on earth" or "the number of possible IPv6 addresses will be larger than the number of molecules in the universe".

I think this analysis is correct, so I won't use such statements anymore!

Configure NAT/PAT to enable outbound Internet connectivity (CNA-04-005)

CCNA Exploration 4.0, Semester 4, "Configure NAT/PAT to enable outbound Internet connectivity" Packet Tracer 5.0 practice file (CNA-04-005).

• CNA-04-005.pkt, (Backup Link)
• CNA-04-005-pat-sample-sol.pkt, (Backup Link)
• CNA-04-005-nat-sample-sol.pkt, (Backup Link)

The diagram is the same as the previous post, except that EIGRP between Router R0 and Router R1 is removed, and a new default route pointing to R0 (here it represents the Internet) has been added into R1.

Before we start to configure NAT/PAT, we can easily verify that any PCs or Switches below R1 cannot connect to R0. This is because R0 does not have any route to those network addresses (192.168.X.0/24) below R1. We must successfully configure NAT/PAT to translate all source IP addresses into those in network 10.1.1.0/24 to achieve outbound connectivity to R0 (Internet).

Recall that the 3 basic steps to configure NAT/PAT:

1. Specify "Inside" interfaces: source addresses of packets coming through these interfaces need to be translated
2. Specify Outside interfaces: destination addresses of packets coming through these interfaces need to be recovered
3. Define translation rule: this step is quite different between NAT and PAT. I will discuss PAT and NAT in different sections later

Step 1 and 2 are all the same in all modes:

interface FastEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.11.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 10.1.1.1 255.255.255.0
 ip nat outside
 clock rate 64000
!

[PAT]

The only difference is at Step 3. Let's start from PAT.

PAT enable us to reuse the IP address of Router R1's "Serial0/0/0" interface for all inside hosts. Since every host is translated into the same IP address, we can only tell which packets should be recovered to which source host by its TCP/UDP port number.

Now, we need ACL here again! We use ACL to classify packets. If the classification result is permit, then it will be translated; otherwise if the result is deny, it will NOT be translated.

Key configuration fragment is as below:

ip nat inside source list 100 interface Serial0/0/0 overload
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.11.0 0.0.0.255 any
!

Here is the translation result of PAT. NOTE: If you want to see similar results as I do, you must create some connections outbound to R0, such as TELNET. The screen capture is done when 2 PCs are having 2 active TELNET sessions to Router R0.

R1>show ip nat translation
Pro  Inside global     Inside local       Outside local      Outside global
tcp 10.1.1.1:1024      192.168.10.10:1025 10.1.1.2:23        10.1.1.2:23
tcp 10.1.1.1:1025      192.168.11.10:1025 10.1.1.2:23        10.1.1.2:23

R1>

We can see clearly the effect of PAT on Router R0. R0 thought it was 2 connections sourced from 10.1.1.1.

R0>show user
    Line       User       Host(s)              Idle       Location
* 67 vty 0                idle                 00:00:00 10.1.1.1
  68 vty 1                idle                 00:01:48 10.1.1.1

  Interface    User               Mode         Idle     Peer Address
R0>

[NAT]

In NAT, each local IP address will occupy one public global address when we configure NAT instead. Here I assume IP addresses from 10.1.1.101 to 10.1.1.200 is reserved as a pool for NAT use.

NOTE: IP address pool here is similar to car parking slot pool. One car, one slot, and in "first-come-first-serve" way. In above example, only the first 100 local hosts making outbound connections will get its own address. If the pool is full, starting from 101st late comer, no new local hosts can be served by NAT and thus cannot make outbound connections at all!

Key configuration fragment is as below:

ip nat pool INET-POOL 10.1.1.101 10.1.1.200 netmask 255.255.255.0
ip nat inside source list 100 pool INET-POOL
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.11.0 0.0.0.255 any
!

The screen capture is done as before when 2 PCs are having 2 active TELNET sessions to Router R0.

R1>show ip nat translation
Pro  Inside global     Inside local       Outside local      Outside global
---  10.1.1.101        192.168.10.10      ---                ---
---  10.1.1.102        192.168.11.10      ---                ---

R1>

The effect of NAT is clearer on Router R0. R0 thought they were connecting from 10.1.1.101 and 10.1.1.102.

R0>show users
    Line       User       Host(s)              Idle       Location
*  0 con 0                idle                 00:00:00 
  67 vty 0                idle                 00:01:45 10.1.1.101
  68 vty 1                idle                 00:01:35 10.1.1.102

  Interface    User               Mode         Idle     Peer Address
R0>