Configure DHCP

Configuring DHCP is pretty straighforward, you just need to decide what network is going to be served, the DNS server and the default router information that are going to be pushed to the clients. Before beginning, make sure you have assigned an IP address to your router interface.

ip dhcp excluded-address $first_excluded_ip $last_excluded_ip
ip dhcp pool LAN
network $dhcp_network $netmask
dns-server $dns_ip
default-router $router_ip

DHCP relay

Most of the time, you will find DHCP servers on networks rather than DHCP services on routers. In cases like this, the DHCP server might be on a remote network, so by default, requests from clients for an IP address will fail (the client sends a broadcast to request an IP address, but broadcasts are blocked by routers). In this scenario you need to configure an IP helper address on the router that is going to take care of DHCP requests and will be used to forward them to the DHCP server.

To do this, go into interface configuration mode (the interface should be the local LAN interface of clients requesting IP addresses) and type the following command:

ip helper-address $DHCP_server_ip

This request will be encapsulate in a unicast frame for the DHCP server, and the source IP address will be the router’s incoming interface. This will assure that the DHCP server will be able to pick an IP address from the correct address pool based on the subnet of the LAN from which the request is coming.

NAT

The steps to follow to configure NAT vary based on the type of NAT you want to configure: static, dynamic or PAT (also called NAT overload).

Static NAT

These are the high level steps necessary to configure static NAT:

  1. Identify interfaces
  2. Configure mappings and enable NAT

And these are the IOS commands to do it:

ip nat inside # On the inside interface
ip nat outside # On the outside interface
ip nat inside source static $inside_local_address $inside_global_address

Dynamic NAT

These are the high level steps necessary to configure dynamic NAT:

  1. Identify interfaces
  2. Use an ACL to configure the address pool that is going to be translated
  3. Configure the pool of outside addresses to use
  4. Enable NAT using these two pools

And these are the IOS commands to do it:

ip nat inside # On the inside interface
ip nat outside # On the outside interface
access-list $acl_number permit 192.168.1.0 0.0.0.255 # A standard ACL is enough
ip nat pool $pool_name $first_address $last_address
ip nat inside source list $acl_number netmask $netmask

PAT

These are the high level steps necessary to configure PAT:

  1. Identify interfaces
  2. Use an ACL to configure the address pool that is going to be translated
  3. Enable NAT using this ACL and the outside interface, specifying it’s going to be NAT overload

And these are the IOS commands to do it:

ip nat inside # On the inside interface
ip nat outside # On the outside interface
access-list $acl_number permit 192.168.1.0 0.0.0.255 # A standard ACL is enough
ip nat inside source list $acl_number interface $outside_interface overload

NAT overload is optional of course, but without it, only the first client will get an outside IP address and will therefore get connected to the external network.