Cisco Router DHCP and NAT Configuration

Posted on Jun 8, 2025 in ICT Systems Engineering

DHCP Server Configuration on Cisco Routers

This section details the commands required to configure a DHCP server on a Cisco router, enabling automatic IP address assignment to network clients.

Mandatory DHCP Commands

• Router(config)# service dhcp
  (Enables the DHCP service on the router.)
• Router(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10
  (Excludes a specific range of IP addresses from being assigned by the DHCP pool. Both the start and end IP addresses are inclusive.)
• Router(config)# ip dhcp pool LAN_AWO
  (Creates a DHCP address pool named “LAN_AWO” and enters DHCP pool configuration mode.)
• Router(DHCP-config)# network 192.168.1.0 255.255.255.0
  (Specifies the network address and subnet mask for the DHCP pool, defining the IP range from which clients will receive addresses.)
• Router(DHCP-config)# default-router 192.168.1.1
  (Configures the default gateway IP address that DHCP clients will receive.)
• Router(DHCP-config)# lease 10
  (Sets the lease duration for IP addresses, specified in days (ranging from 1 to 365). While not strictly mandatory for basic operation, it’s commonly used to control how long clients retain their assigned IPs.)

Optional DHCP Commands

• Router(DHCP-config)# dns-server 192.168.1.2
  (Indicates the IP address of the DNS server that DHCP clients will use for name resolution.)
• Router(DHCP-config)# netbios-name-server 192.168.1.3
  (Specifies the IP address of the NetBIOS Name Server (WINS server). It is often recommended to use IP addresses from the previously excluded range for these servers to prevent conflicts.)
• Router(DHCP-config)# domain-name awoisoak.org
  (Assigns a domain name to DHCP clients, which they can use for DNS lookups.)
• Router(DHCP-config)# option 150 ip 192.168.15.3
  (Configures a specific DHCP option. Option 150 is commonly used to indicate the TFTP server IP address for special devices like IP phones.)

Network Address Translation (NAT) Configuration

Network Address Translation (NAT) allows private IP addresses to be translated into public IP addresses, enabling devices on a private network to access the internet.

Static NAT Configuration

Static NAT provides a one-to-one, permanent mapping between a local (inside) IP address and a global (outside) IP address. This is typically used for servers or devices that need consistent external accessibility.

1. Configure the Static NAT Mapping

   • R2(config)# ip nat inside source static 192.168.20.254 209.165.200.254
     (Maps the internal IP address 192.168.20.254 to the public IP address 209.165.200.254.)

2. Specify NAT Internal and External Interfaces

   • R2(config)# interface Serial 0/0/1
     R2(config-if)# ip nat outside
     (Designates Serial 0/0/1 as the outside interface for NAT, facing the public network.)
   • R2(config-if)# interface FastEthernet 0/0
     R2(config-if)# ip nat inside
     (Designates FastEthernet 0/0 as the inside interface for NAT, facing the private network.)

Dynamic NAT Configuration

Dynamic NAT translates a group of internal IP addresses to a pool of public IP addresses. The mapping is dynamic and depends on the availability of addresses within the defined pool.

1. Define the NAT Pool

   • R2(config)# ip nat pool NAT-MY-POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248
     (Creates a NAT pool named “NAT-MY-POOL” with a range of public IP addresses from 209.165.200.241 to 209.165.200.246 and a specified netmask.)

2. Create an Access Control List (ACL)

   This ACL identifies which internal addresses are permitted to be translated by dynamic NAT.

   • R2(config)# ip access-list extended NAT
     R2(config-ext-nacl)# permit ip any 192.168.10.0 0.0.0.255
     R2(config-ext-nacl)# permit ip any 192.168.11.0 0.0.0.255
     (Creates an extended ACL named “NAT” that permits traffic from the 192.168.10.0/24 and 192.168.11.0/24 networks for translation.)

3. Establish Dynamic Translation (Link ACL to Pool)

   This command links the defined NAT pool with the access control list, instructing the router which set of public addresses to use for translating hosts allowed by the ACL.

   • R2(config)# ip nat inside source list NAT pool NAT-MY-POOL
     (Configures dynamic NAT, translating traffic originating from hosts matching ACL “NAT” using available addresses from “NAT-MY-POOL”.)

4. Set NAT Internal and External Interfaces

   Similar to static NAT, interfaces must be designated as inside or outside. Here, the serial interface connected to R1 is added as an internal interface.

   • R2(config)# interface Serial 0/0/0
     R2(config-if)# ip nat inside
     (Designates Serial 0/0/0 as an inside interface for NAT.)

NAT Overload (PAT) Configuration

NAT Overload, also known as Port Address Translation (PAT), allows multiple internal IP addresses to share a single public IP address by using different port numbers. This is the most common form of NAT used in home and small office networks due to its efficiency in conserving public IP addresses.

1. Remove Previous Dynamic NAT Configuration (if applicable)

   If you are transitioning from dynamic NAT to NAT overload using the same pool/ACL, you might need to remove the old configuration first to avoid conflicts.

   • R2(config)# no ip nat pool NAT-MY-POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248
   • R2(config)# no ip nat inside source list NAT pool NAT-MY-POOL

   If you receive a “% Pool MY-NAT-POOL in use, can not destroy” message, clear existing NAT translations before proceeding:

   • R2# clear ip nat translation *

2. Configure NAT Overload on the Public Interface

   The configuration is similar to dynamic NAT, but instead of a pool of addresses, the interface keyword is used to identify the external IP address. The overload keyword enables port number translation, allowing many-to-one mapping.

   Since an ACL (named “NAT”) is already configured to identify which internal IP addresses should be translated, and internal/external interfaces are set, only the following command is needed:

   • R2(config)# ip nat inside source list NAT interface Serial0/0/1 overload
     (Configures NAT overload, translating traffic from hosts matching ACL “NAT” using the IP address of the Serial0/0/1 interface, with port address translation.)