DHCP and NAT Lab

This is a short lab to demonstrate how to set up DHCP and NAT on a Cisco router. We will again use
GNS3 as the virtual environment to configure. If you dont know what DHCP or NAT are please visit the
following links. This lab also utilizes a very simple access control list. You do not need to be an expert
on ACLs in order to complete this lab. However, a link is provided to give you some info on ACLs with
respect to Cisco equipment.
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
http://en.wikipedia.org/wiki/Network_address_translation
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.sh
tml
Great explanation of how NAT works.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml
Cisco NAT configuration documentation
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
1)
2)
3)
4)
5)
6)
7)

Layout and label the topology

Configure the external router with a static IP address
Configure our gateway with DHCP
Add a DCHP interface on each client PC
Configure NAT on the gateway router
Verify everything is working
Turn In

Layout and label the topology

Your topology should look like the picture below. These are all 3640 routers and I just changed the icons
to something more appropriate for this lab setup. The switch, however, is a Ethernet Switch in GNS3.
All the default settings are okay for the switch. So all ports should be defaulted to access ports on the
switch.

Configure the external router with a static IP address

First step is to get our external network configured. This is basically acting as our internet router or ISP
gateway for our internal network. Configure the static address as follows.
en
conf t
int f0/0
ip address 10.10.10.2 255.255.255.0
no shut

Configure our gateway with DHCP

Now we begin configuring our Internal Gateway router with DHCP. The following commands will
configure a DHCP pool for the 192.168.1.0/24 network. You can have many pools for many different
networks on a router. For example, if you have several vlans in your network which are trunked they
can all have pools on this Gateway Router. This lab will only demonstrate a single pool. The following
commands will create the add addresses which are excluded in the DHCP offers and the DHCP pool.
en
conf t
ip dhcp exclude-address 192.168.1.1
ip dhcp pool subnet1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1

Add a DCHP interface on each client PC

From here DHCP should function on the Gateway. We now need to configure the clients to get their
addresses from our Gateway. The following is the configuration to place on each client machine. Add
this configuration to all client machines on the 192.168.1.0/24 network.
en
conf t
int f0/0
ip address dhcp

You should now be able to ping the gateway from each client. Do this to ensure the DHCP is functioning
properly. We still are unable to ping the external router at this point.

Configure NAT on the gateway router

If you dont understand what NAT is please read the NAT related links at the top of this document. Now
we will add network translation to our Gateway router. We will use the overload method which uses
ports for each separate connection. Enter the following commands on the Gateway Router to get NAT
configured.
en
conf t
ip nat pool overload 10.10.10.1 10.10.10.1 prefix-length 24
ip nat inside source list 1 pool overload overload
int f0/0
ip nat inside
int f1/0
ip nat outside

We are still not done. We have enabled a NAT access to only computers in access control list 1. So lets
quickly define what should be permitted in this list.
en
conf t
access-list 1 permit 192.168.1.0 0.0.0.255

Verify everything is working

Everything should be working at this point. From here lets listen with wireshark on the external router
interface f0/0 and see what shows up when we ping the external router from one of our clients. Your
pings should show they are coming from the Gateway IP address and not our internal clients IP.

Turn In
As always turn in a zip file with all router configs and the GNS3 file. Also include the following:
1) A wireshark capture of the external interface showing that internal pings are showing the
Gateway IP address as the sender.