Lab DHCP (IPv4, IPv6) reply bài 1

Phần 1: Thiết lập topo và cấu hình IPv4, IPv6

- Thiết lập topo như hình dưới:

- Cấu hình enable IPv6 trên các router

ipv6 source-route

ipv6 unicast-routing

ipv6 cef accounting prefix-length

- Cấu hình IPv4, IPv6 trên ASA

...............................config ip cho interface.........................

+, Cấu hình cisco ASA

interface GigabitEthernet0/0

 nameif Farm

 security-level ?

 ip address 10.10.20.1 255.255.255.0 

 ipv6 address 3a01:7c8:aab5:4cd::1/64

 ipv6 enable

!

interface GigabitEthernet0/1

 nameif inside

 security-level 100

 ip address 172.16.10.1 255.255.255.0 

 ipv6 address 23::1/64

 ipv6 enable

..............................config routing IPv4, IPv6 trên ASA................

ipv6 route inside 2001:db8:1::/64 23::2

ipv6 route inside 2001:db8:2::/64 23::2

ipv6 route Farm 2a01:7c8:aab5:4cd::/64 3a01:7c8:aab5:4cd::2

route inside 192.0.2.0 255.255.255.0 172.16.10.2 1

route Farm 192.0.3.0 255.255.255.0 10.10.20.2 1

route inside 192.0.4.0 255.255.255.0 172.16.10.2 1

- Cấu hình IPv4, IPv6 trên router R17

interface Ethernet0/0

 ip address 172.16.10.2 255.255.255.0

 ipv6 address 23::2/64

 ipv6 enable

!

interface Ethernet0/1

 ip address 192.0.2.1 255.255.255.0

 ipv6 address 2001:DB8:2::1/64

 ipv6 enable

!

interface Ethernet0/2

 ip address 192.0.4.1 255.255.255.0

 ipv6 address 2001:DB8:1::1/64

 ipv6 enable

..............................config routing R17................

ip route 0.0.0.0 0.0.0.0 172.16.10.1

!

ipv6 route ::/0 23::1

 - Cấu hình IPv4, IPv6 trên router R20

interface Ethernet0/0

 ip address 10.10.20.2 255.255.255.0

 ipv6 address 3A01:7C8:AAB5:4CD::2/64

 ipv6 enable

!

interface Ethernet0/1

 ip address 192.0.3.1 255.255.255.0

 ipv6 address 2A01:7C8:AAB5:4CD::1/64

 ipv6 enable

..............................config routing R20................

ip route 0.0.0.0 0.0.0.0 10.10.20.1

ipv6 route ::/0 3A01:7C8:AAB5:4CD::1

..........................config routing R19

ip route 0.0.0.0 0.0.0.0 192.0.2.1

ipv6 route ::/0 2001:DB8:2::1

........................config routing R25

ip route 0.0.0.0 0.0.0.0 192.0.4.1

ipv6 route ::/0 2001:DB8:1::1

Phần 2: Cấu hình cấu hình DHCPv4 reply, DHCPv6 reply và check client nhận (lease) IPv4 Dynamic, IPv6 Dynamic.

- Cấu hình DHCPv4 replay, DHCPv6 replay trên ASA

........................config interface....................

interface GigabitEthernet0/0

 ipv6 nd managed-config-flag

 ipv6 nd other-config-flag

!

interface GigabitEthernet0/1

 ipv6 nd managed-config-flag

 ipv6 nd other-config-flag

.....................config enable dhcp reply............

ipv6 dhcprelay server 2a01:7c8:aab5:4cd::2 Farm

ipv6 dhcprelay enable inside

.....

dhcprelay server 192.0.3.2 Farm

dhcprelay enable inside

dhcprelay setroute inside

.....................Conifg access-list................

object-group service DM_INLINE_UDP_1 udp

 port-object eq bootpc

 port-object eq bootps

!

object-group service DM_INLINE_UDP_2 udp

 port-object eq bootpc

 port-object eq bootps

!

access-list Farm_access_in extended permit udp any any object-group DM_INLINE_UDP_1 

access-list Farm_access_in extended permit udp any any eq 546 

access-list Farm_access_in extended permit udp any any eq 547 

access-list Farm_access_in extended permit icmp any any 

access-list Farm_access_in extended permit icmp6 any any 

!

access-list inside_access_in extended permit icmp any any 

access-list inside_access_in extended permit udp any any object-group DM_INLINE_UDP_2 

access-list inside_access_in extended permit udp any any eq 547 

access-list inside_access_in extended permit udp any any eq 546 

access-list inside_access_in extended permit icmp6 any any 

!

access-group Farm_access_in in interface Farm

access-group inside_access_in in interface inside

- Cấu hình DHCPv4 replay, DHCPv6 replay trên router (trong các interface đã cấu hình ip)

! 

 ip helper-address 192.0.3.2

!

 ipv6 nd managed-config-flag

 ipv6 nd other-config-flag

 ipv6 dhcp relay destination  2A01:7C8:AAB5:4CD::2

!

- Cấu hình client là router nhận ip daynamic (dhcp) trên interface router R19, R25

interface Ethernet0/0

 ip address dhcp                    // nhận IPv4 có subnet do máy chủ dhcp cấp

 ipv6 address dhcp               // nhận IPv6 prefix /128 không thể routing

 ipv6 address autoconfig     // để nhận IPv6 có prefix routing 

 ipv6 enable

!

- Cấu hình trên client là VPC

sử dụng command: ip dhcp

- Cấu hình trên client là windows 10

card mạng để auto

- Kiểm tra ip nhận được

R19#show ip interface 

  Ethernet0/0 is up, line protocol is up

  Internet address is 192.0.2.2/24

  Broadcast address is 255.255.255.255

..........

!

R19#show ipv6 interface 

Ethernet0/0 is up, line protocol is up

  IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE01:3000 

  No Virtual link-local address(es):

  Stateless address autoconfig enabled

  Global unicast address(es):

    2001:DB8:2::201, subnet is 2001:DB8:2::201/128 

    2001:DB8:2:0:A8BB:CCFF:FE01:3000, subnet is 2001:DB8:2::/64 [EUI/CAL/PRE]

      valid lifetime 2591931 preferred lifetime 604731

  Joined group address(es):

    FF02::1

    FF02::2

    FF02::FB

    FF02::1:FF00:201

    FF02::1:FF01:3000

  MTU is 1500 bytes

!

.............

R25#show ip interface       

Ethernet0/0 is up, line protocol is up

  Internet address is 192.0.4.2/24

  Broadcast address is 255.255.255.255

  Address determined by DHCP

  MTU is 1500 bytes

...

R25#show ipv6 interface 

Ethernet0/0 is up, line protocol is up

  IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE01:9000 

  No Virtual link-local address(es):

  Stateless address autoconfig enabled

  Global unicast address(es):

    2001:DB8:1::201, subnet is 2001:DB8:1::201/128 

    2001:DB8:1:0:A8BB:CCFF:FE01:9000, subnet is 2001:DB8:1::/64 [EUI/CAL/PRE]

      valid lifetime 2591822 preferred lifetime 604622

  Joined group address(es):

    FF02::1

    FF02::2

    FF02::FB

    FF02::1:FF00:201

    FF02::1:FF01:9000

  MTU is 1500 bytes

......................check VPC-2..................

VPCS> ip dhcp

DORA IP 192.0.2.3/24 GW 192.0.2.1

VPCS> show ip

NAME        : VPCS[1]

IP/MASK     : 192.0.2.3/24

GATEWAY     : 192.0.2.1

DNS         : 192.0.2.1  192.0.2.2

DHCP SERVER : 192.0.3.2

DHCP LEASE  : 3594, 3600/900/1800

DOMAIN NAME : example.org

MAC         : 00:50:79:66:68:1d

LPORT       : 20000

RHOST:PORT  : 127.0.0.1:30000

MTU         : 1500

VPCS> show ipv6

NAME              : VPCS[1]

LINK-LOCAL SCOPE  : fe80::250:79ff:fe66:681d/64

GLOBAL SCOPE      : 2001:db8:2:0:2050:79ff:fe66:681d/64

DNS               : 

ROUTER LINK-LAYER : aa:bb:cc:01:10:10

MAC               : 00:50:79:66:68:1d

LPORT             : 20000

RHOST:PORT        : 127.0.0.1:30000

MTU:              : 1500

VPCS> 

......................Check VPC-1.......................

VPCS> ip dhcp

DORA IP 192.0.4.3/24 GW 192.0.4.1

VPCS> show ip

NAME        : VPCS[1]

IP/MASK     : 192.0.4.3/24

GATEWAY     : 192.0.4.1

DNS         : 192.0.2.1  192.0.2.2

DHCP SERVER : 192.0.3.2

DHCP LEASE  : 3594, 3600/900/1800

DOMAIN NAME : example.org

MAC         : 00:50:79:66:68:1e

LPORT       : 20000

RHOST:PORT  : 127.0.0.1:30000

MTU         : 1500

VPCS> show ipv6

NAME              : VPCS[1]

LINK-LOCAL SCOPE  : fe80::250:79ff:fe66:681e/64

GLOBAL SCOPE      : 2001:db8:1:0:2050:79ff:fe66:681e/64

DNS               : 

ROUTER LINK-LAYER : aa:bb:cc:01:90:00

MAC               : 00:50:79:66:68:1e

LPORT             : 20000

RHOST:PORT        : 127.0.0.1:30000

MTU:              : 1500

VPCS> 

!..............................VPC-2 Ping VPC-1

VPCS> ping 192.0.4.3

84 bytes from 192.0.4.3 icmp_seq=1 ttl=63 time=7.216 ms

84 bytes from 192.0.4.3 icmp_seq=2 ttl=63 time=4.566 ms

84 bytes from 192.0.4.3 icmp_seq=3 ttl=63 time=4.660 ms

84 bytes from 192.0.4.3 icmp_seq=4 ttl=63 time=2.810 ms

84 bytes from 192.0.4.3 icmp_seq=5 ttl=63 time=5.718 ms

VPCS> ping 2001:db8:1:0:2050:79ff:fe66:681e

2001:db8:1:0:2050:79ff:fe66:681e icmp6_seq=1 ttl=60 time=35.131 ms

2001:db8:1:0:2050:79ff:fe66:681e icmp6_seq=2 ttl=60 time=6.495 ms

2001:db8:1:0:2050:79ff:fe66:681e icmp6_seq=3 ttl=60 time=6.222 ms

2001:db8:1:0:2050:79ff:fe66:681e icmp6_seq=4 ttl=60 time=10.718 ms

...........................VPC-1 Ping VPC-2

VPCS> ping 192.0.2.3

84 bytes from 192.0.2.3 icmp_seq=1 ttl=63 time=3.561 ms

84 bytes from 192.0.2.3 icmp_seq=2 ttl=63 time=3.302 ms

84 bytes from 192.0.2.3 icmp_seq=3 ttl=63 time=1.350 ms

84 bytes from 192.0.2.3 icmp_seq=4 ttl=63 time=1.866 ms

84 bytes from 192.0.2.3 icmp_seq=5 ttl=63 time=4.826 ms

VPCS> ping 2001:db8:2:0:2050:79ff:fe66:681d

2001:db8:2:0:2050:79ff:fe66:681d icmp6_seq=1 ttl=60 time=3.992 ms

2001:db8:2:0:2050:79ff:fe66:681d icmp6_seq=2 ttl=60 time=4.511 ms

2001:db8:2:0:2050:79ff:fe66:681d icmp6_seq=3 ttl=60 time=4.712 ms

2001:db8:2:0:2050:79ff:fe66:681d icmp6_seq=4 ttl=60 time=6.020 ms

2001:db8:2:0:2050:79ff:fe66:681d icmp6_seq=5 ttl=60 time=4.425 ms

....................................client windows 10

Ethernet adapter Ethernet2:

   Connection-specific DNS Suffix  . : example.org

   IPv6 Address. . . . . . . . . . . : 2001:db8:2::203

   IPv6 Address. . . . . . . . . . . : 2001:db8:2:0:3cdf:e0ca:9f5:ece3

   Temporary IPv6 Address. . . . . . : 2001:db8:2:0:e0c0:9b43:b199:c610

   Link-local IPv6 Address . . . . . : fe80::3cdf:e0ca:9f5:ece3%21

   IPv4 Address. . . . . . . . . . . : 192.0.2.5

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : fe80::a8bb:ccff:fe01:3000%21

                                       fe80::a8bb:ccff:fe01:1010%21

                                       192.0.2.1

...

C:\>tracert 192.0.4.2

Tracing route to 192.0.4.2 over a maximum of 30 hops

  1     1 ms     1 ms     2 ms  192.0.2.1

  2     3 ms     4 ms     2 ms  192.0.4.2

...

C:\>tracert 192.0.2.3

Tracing route to HAIPV1-01 [192.0.2.3]

over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  HAIPV1-01 [192.0.2.3]

Trace complete.

...  //connect to dhcp server

C:\>tracert 192.0.3.2

Tracing route to 192.0.3.2 over a maximum of 30 hops

  1     1 ms     1 ms     1 ms  192.0.2.1

  2     6 ms     7 ms     5 ms  10.10.20.2

  3    12 ms     7 ms     8 ms  192.0.3.2

Trace complete.

.....

C:\> tracert 2001:db8:1::201

Tracing route to 2001:db8:1::201 over a maximum of 30 hops

  1     2 ms     1 ms     1 ms  2001:db8:2::1

  2     2 ms     2 ms     2 ms  2001:db8:1::201

Trace complete.

....

C:\> tracert 2001:db8:2::201

Tracing route to 2001:db8:2::201 over a maximum of 30 hops

  1     1 ms     2 ms     3 ms  2001:db8:2::201

Trace complete.

................................

C:\>  ping 2a01:7c8:aab5:4cd::2

Pinging 2a01:7c8:aab5:4cd::2 with 32 bytes of data:

Reply from 2a01:7c8:aab5:4cd::2: time=9ms

Reply from 2a01:7c8:aab5:4cd::2: time=8ms

Reply from 2a01:7c8:aab5:4cd::2: time=10ms

Reply from 2a01:7c8:aab5:4cd::2: time=17ms

Ping statistics for 2a01:7c8:aab5:4cd::2:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 8ms, Maximum = 17ms, Average = 11ms

C:\> tracert 2a01:7c8:aab5:4cd::2

Tracing route to 2a01:7c8:aab5:4cd::2 over a maximum of 30 hops

  1     9 ms     4 ms     3 ms  2001:db8:2::1

  2    11 ms     9 ms     7 ms  3a01:7c8:aab5:4cd::2

  3     9 ms     7 ms    12 ms  2a01:7c8:aab5:4cd::2

Trace complete.

..........................................