content
- IP protocol
- DHCP protocol
- NAT technology
A, IP protocol
The IP (the Internet Protocol) , also translated Internet Protocol or Internet Protocol, is used in the TCP / IP protocol stack in the network layer protocol; protocol is interconnected to a computer network designed for communication. In the Internet, which is connected to all the computer network enables the Internet communicate with each other to achieve a set of rules, the rules specified computers to communicate over the Internet to be followed. Any computer system manufacturers, as long as you comply with the IP protocol can communicate with the Internet interconnection.
IPv6 is the abbreviation for Internet Protocol Version 6, which is the IETF (Internet Engineering Task Force, Internet Engineering Task Force) next-generation IP protocol used to replace the current version IP4 design.
IPv4 addresses are divided into five categories: A category reserved for government agencies, Class B assigned to medium-sized companies, class C is assigned to anyone in need, for multicast class D, E class for experiments. The number of different kinds of addresses that can be accommodated. When the IP address written in binary form, A Class 1 address bit is always 0, 10 always, two front top three class C address of Class B addresses are always 110.
- Class A addresses
- A Class 1 byte for the network address of the first address, the other three bytes for the host address. (The first byte is fixed to the first bit 0)
- Class A network number range address: 1.0.0.0 ~ 126.0.0.0.
- A reserved addresses and private addresses in the address class is as follows:
- 10.XXX is a private address (not used on the Internet, is used in a local area network address); range: 10.0.0.0 ~ 10.255.255.255.
- 127.XXX address is reserved for use as a test cycle.
- Class B addresses
- Class B addresses 1 byte and 2 bytes for the network address, 2 bytes for the other host address. Its first byte 10 is fixed to the front two.
- Class B network address range of numbers: 128.0.0.0 ~ 191.255.0.0.
- Class B addresses and private addresses reserved as follows:
-
- Private Address: 172.16.0.0 ~ 172.31.255.255
- Reserved Address: 169.254.XX. If your IP address is automatically obtain an IP address, but they did not find an available DHCP server on the network, you will get one IP address.
-
- Class C addresses
- Class C addresses the first byte, the second byte and the third byte for the network address, the first 4 bytes of the host address. Further the first byte 110 is fixed to the front three.
- Class C network number range of addresses: 192.0.0.0 ~ 233.255.255.0.
- Class C addresses private address: 192.168.XX (192.168.0.0 ~ 192.168.255.255).
- Class D address
- Class D addresses, regardless of the network address and host address, the first byte of its front four fixed to 1110.
- Class D address range: 244.0.0.0 ~ 239.255.255.255.
- Class E address
- Class E addresses, regardless of the network address and host address, which the first byte is fixed to the front 5 11110.
- Class E addresses range: 224.0.0.0 ~ 255.255.255.254.
If only the IP address ABCDE class division, it will cause a lot of waste. For example, a network of 500 hosts can not use the class C address. But if you use a class B address, more than 60,000 host addresses only 500 are used, it will cause a lot of wasted IP addresses. Thus, IP addresses supports VLSM (Variable Length Subnet Mask, variable length subnet) technology, based on the ABC network, to further subnetting.
Two, DHCP protocol
DHCP (Dynamic Host Configure Protocol, Dynamic Host Configuration Protocol), is a local area network protocol, uses UDP protocol to work, there are two main purposes: First, to automatically assign IP addresses to the internal network or Internet service provider, the second is to the user internal network administrator or as a means for central management of all computers. DHCP has three ports, UDP67 and UDP68 as normal DHCP service port, respectively, as the DHCP Server and DHCP Client service port.
在一个使用TCP/IP协议的网络中,每一台计算机都必须至少有一个IP地址,才能与其他计算机连接通信。为了便于统一规划和管理网络中的IP地址,DHCP应运而生了。这种网络服务有利于对校园网络中的客户机IP地址进行有效管理,而不需要一个一个的手动指定IP地址。
DHCP用一台或一组DHCP服务器来管理网络参数的分配,这种方案具有容错性。即使在一个仅拥有少量机器的网络中,DHCP仍让是有用的,因为一台机器可以几乎不造成任何影响地被增加到本地网络中。
甚至对于那些很少改变地址的服务器来说,DHCP仍然被建议用来设置它们的地址。如果服务器需要被重新分配地址的时候,就可以在尽可能少的地方去做这些改动。对于一些设备,如路由器和防火墙,则不应使用DHCP。把TFTP或SSH服务器放在同一台运行DHCP的机器上也是有用的,目的是为了集中管理。
DHCP也可用于直接为服务器和桌面计算机分配地址,并且通过一个PPP代理,也可为拨号及住宅NAT网关和路由器分配地址。DHCP一般不适用于使用在无边际路由器和DNS服务器上。
三、NAT技术
NAT(Network Address Translation)网络地址转换,当在专用网内部的一些主机本来已经分配到了本地IP地址,但现在又想和因特网上的主机通信时,可使用NAT方法。NAT的实现方式有三种:静态转换(Static NAT)、动态转换(Dynamic NAT)和端口多路复用(Port Address Translation)。
- 静态NAT设置起来最简单,内部网络中的每个主机都被永久映射成外部网络中的某个合法的地址。静态转换是指将内部网络的私有IP地址转换为公有IP地址,IP地址对是一对一的,是一成不变的,某个私有IP地址只转换为某个公有IP地址。借助静态转换,可以实现外部网络对内部网络中某些特定设备如服务器的访问。
- 动态NAT是指将内部网络的私有IP地址转换为公用IP地址,IP地址是不确定的,是随机的,所有被授权访问上Internet的私有IP地址可随机转换为任何指定的合法IP地址。也就是说,只要指定哪些内部地址可以进行转换以及用哪些合法地址作为外部地址时,就可以进行动态转换。动态转换可以使用多个合法外部地址集。当ISP提供的合法IP地址略少于网络内部的计算机数量时,就可以采用动态转换的方式。
- 端口多路复用是指改变外出数据包的源端口并进行端口转换,即端口地址转换。内部网络的所有主机均可共享一个合法外部IP地址实现对Internet的访问,从而可以最大限度地节约IP地址资源。同时,又可隐藏网络内部的所有主机,有效避免来自Internet的攻击。因此,目前网络中应用最多的就是端口多路复用技术。
在配置网络地址转换的过程之前,首先必须搞清楚内部接口和外部接口,以及在哪个外部接口上启动NAT。通常情况下,连接到用户内部网络的接口是NAT内部接口,而连接到外部网络的接口是NAT外部接口。
假设内部局域网使用的IP地址段为192.168.0.1~192.168.0.254 ,路由器局域网端(默认网关)的IP地址为192.168.0.1,子网掩码为255.255.255.0。网络分配的合法IP地址范围为 61.159.62.128~61.159.62.135,路由器在广域网中的IP地址为61.159.62.129,子网掩码为255.255.255.248,可用于转换的IP地址范围为61.159.62.130~61.159.62.134。要求将内部网址 192.168.0.2~192.168.0.6分别转换为合法IP地址61.159.62.130~61.159.62.134。
第一步,设置外部端口。
interface serial 0
ip address 61.159.62.129 255.255.255.248
ip nat outside第二步,设置内部端口。
interface ethernet 0 ip address 192.168.0.1 255.255.255.0 ip nat inside
第三步,在内部本地与外部合法地址之间建立静态地址转换。
ip nat inside source static 内部本地地址 外部合法地址 示例:ip nat inside source static 192.168.0.2 61.159.62.130 //将内部网络地址192.168.0.2转换为合法IP地址61.159.62.130
至此,静态地址转换配置完毕。