Vous êtes sur la page 1sur 38

Phx-rtr

hostname PHX-RTR
ip dhcp excluded-address 172.25.65.128 172.25.65.131
ip dhcp excluded-address 172.25.64.0 172.25.64.3
ip dhcp excluded-address 172.25.65.0 172.25.65.3
ip dhcp pool PHX-LAN1
network 172.25.65.128 255.255.255.192
default-router 172.25.65.129
dns-server 172.25.70.2
ip dhcp pool PHX-LAN2
network 172.25.64.0 255.255.255.0
default-router 172.25.64.1
dns-server 172.25.70.2
ip dhcp pool PHX-LAN3
network 172.25.65.0 255.255.255.128
default-router 172.25.65.1
dns-server 172.25.70.2
username PHX-RTR-2 password 0 PPP-cisco
username guest privilege 15 password 0 cisco
ip domain-name CISco.com
ip name-server 172.25.70.2
interface Loopback1
description Used as always-on target for Ping & Telnet
ip address 172.25.66.29 255.255.255.252
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.100
description PHX-Switch Management, VLAN 100, 12 Users
encapsulation dot1Q 100
ip address 172.25.66.1 255.255.255.240
interface FastEthernet0/0.110
description PHX-Lan 1, VLAN 110, 50 Users
encapsulation dot1Q 110
ip address 172.25.65.129 255.255.255.192
ip access-group PHX-LAN-1 in
interface FastEthernet0/0.120
description PHX-Lan 2, VLAN 120, 150 Users
encapsulation dot1Q 120
ip address 172.25.64.1 255.255.255.0
ip access-group PHX-LAN-2 in
interface FastEthernet0/0.130
description PHX-Lan 3, VLAN 130, 75 Users
encapsulation dot1Q 130
ip address 172.25.65.1 255.255.255.128
ip access-group PHX-LAN-3 in
interface FastEthernet0/0.140
description PHX-Link to Wireless Router, VLAN 140, 5 Users
encapsulation dot1Q 140
ip address 172.25.66.17 255.255.255.248
ip access-group PHX-WIRELESS in
interface FastEthernet0/0.199
description Trunk Link Native VLAN 199 - No users
encapsulation dot1Q 199 native
no ip address
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
description Frame-relay link T1, DLCI 505 to BAN, DLCI 715 to CHG
no ip address
encapsulation frame-relay
interface Serial0/0/0.505 point-to-point
description WAN link to BAN
ip address 192.168.100.49 255.255.255.252
frame-relay interface-dlci 505
ip ospf network broadcast
interface Serial0/0/0.715 point-to-point
description WAN link to CHG
ip address 192.168.100.53 255.255.255.252
frame-relay interface-dlci 715
ip ospf network broadcast
interface Serial0/0/1
description PPP T1 to PHX-RTR-2
ip address 172.25.66.25 255.255.255.252
encapsulation ppp
ppp authentication chap
interface Vlan1
no ip address
shutdown
router ospf 50
log-adjacency-changes
redistribute static subnets
passive-interface Serial0/0/1
passive-interface FastEthernet0/0.100
passive-interface FastEthernet0/0.110
passive-interface FastEthernet0/0.120
passive-interface FastEthernet0/0.130
passive-interface FastEthernet0/0.140
network 172.25.64.0 0.0.0.255 area 0
network 172.25.65.0 0.0.0.127 area 0
network 172.25.65.128 0.0.0.63 area 0
network 172.25.66.0 0.0.0.15 area 0
network 172.25.66.16 0.0.0.7 area 0
network 172.25.66.24 0.0.0.3 area 0
network 172.25.66.28 0.0.0.3 area 0
network 192.168.100.52 0.0.0.3 area 0
network 192.168.100.48 0.0.0.3 area 0
ip route 172.25.67.0 255.255.255.0 Serial0/0/1
ip access-list extended PHX-LAN-1
permit ip 172.25.65.128 0.0.0.63 any
permit udp any any eq bootps
deny ip any any
ip access-list extended PHX-LAN-2
permit ip 172.25.64.0 0.0.0.255 any
permit udp any any eq bootps
deny ip any any
ip access-list extended PHX-LAN-3
permit ip 172.25.65.0 0.0.0.127 any
permit udp any any eq bootps
deny ip any any
ip access-list standard ALLOW-TECH
permit 172.25.72.0 0.0.0.127
deny any
ip access-list extended PHX-WIRELESS
permit tcp host 172.25.66.18 host 172.25.72.130 eq www
permit udp host 172.25.66.18 host 172.25.70.2 eq domain
deny ip host 172.25.66.18 172.25.64.0 0.0.15.255
deny ip host 172.25.66.18 192.168.100.32 0.0.0.31
permit ip host 172.25.66.18 any
deny ip any any
no cdp run
banner motd ^CAuthorized Users only - Log out if not permitted on system^^C
logging trap debugging
logging 172.25.70.2
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
access-class ALLOW-TECH in
login local
transport input ssh
ntp authentication-key 123 md5 0802657D0A16 7
ntp authenticate
ntp trusted-key 123
ntp server 173.45.238.221 key 123
end
CHG-rtr
hostname CHG-RTR
ip dhcp excluded-address 172.25.72.0 172.25.72.3
ip dhcp pool CHG-LAN1
network 172.25.72.0 255.255.255.128
default-router 172.25.72.1
dns-server 172.25.70.2
username BAN password 0 Yahoo
username guest privilege 15 password 0 cisco
ip domain-name CISco.com
ip name-server 172.25.70.2
interface Loopback1
description Used as always-on target for Ping & Telnet
ip address 172.25.72.161 255.255.255.252
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.200
description CHG-Switch Management, VLAN 200, 12 Users
encapsulation dot1Q 200
ip address 172.25.72.145 255.255.255.240
interface FastEthernet0/0.210
description CHG-Lan 1, VLAN 210, 90 Users
encapsulation dot1Q 210
ip address 172.25.72.1 255.255.255.128
ip access-group CHG-LAN-1 in
interface FastEthernet0/0.220
description CHG-Lan 2, VLAN 220, 10 Users
encapsulation dot1Q 220
ip address 172.25.72.129 255.255.255.240
ip access-group CHG-LAN-2 in
interface FastEthernet0/0.299
description Trunk Link Native VLAN 299 - No users
encapsulation dot1Q 299 native
no ip address
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
description DLCI 391 to PHX, DLCI 918 to BAN
no ip address
encapsulation frame-relay
frame-relay lmi-type ansi
interface Serial0/0/0.391 point-to-point
description WAN link to PHX
ip address 192.168.100.54 255.255.255.252
frame-relay interface-dlci 391
ip ospf network broadcast
interface Serial0/0/0.918 point-to-point
description WAN link to BAN
ip address 192.168.100.61 255.255.255.252
frame-relay interface-dlci 918
ip ospf network broadcast
interface Serial0/0/1
description link to Bangor
bandwidth 128
ip address 192.168.100.57 255.255.255.252
encapsulation ppp
ppp authentication pap
ppp pap sent-username CHG password 0 Yahoo
clock rate 128000
interface Vlan1
no ip address
shutdown
router ospf 50
log-adjacency-changes
passive-interface FastEthernet0/0.200
passive-interface FastEthernet0/0.210
passive-interface FastEthernet0/0.220
network 172.25.72.0 0.0.0.127 area 0
network 172.25.72.128 0.0.0.15 area 0
network 172.25.72.144 0.0.0.15 area 0
network 172.25.72.160 0.0.0.3 area 0
network 192.168.100.52 0.0.0.3 area 0
network 192.168.100.56 0.0.0.3 area 0
network 192.168.100.60 0.0.0.3 area 0
ip access-list standard ALLOW-TECH
permit 172.25.72.0 0.0.0.127
deny any
ip access-list extended CHG-LAN-1
permit ip 172.25.72.0 0.0.0.127 any
permit udp any any eq bootps
deny ip any any
ip access-list extended CHG-LAN-2
permit ip 172.25.72.128 0.0.0.15 any
permit udp any any eq bootps
deny ip any any
ip access-list extended BAN-WIRELESS
permit tcp 172.25.70.128 0.0.0.127 host 172.25.72.130 eq www
permit udp 172.25.70.128 0.0.0.127 host 172.25.70.2 eq domain
permit udp 172.25.70.128 0.0.0.127 host 172.25.70.2 eq tftp
permit udp any any eq bootps
deny ip 172.25.70.128 0.0.0.127 172.25.64.0 0.0.15.255
deny ip 172.25.70.128 0.0.0.127 192.168.100.32 0.0.0.31
permit ip 172.25.70.128 0.0.0.127 any
deny ip any any
no cdp run
banner motd ^CAuthorized Users only - Log out if not permitted on system^^C
logging trap debugging
logging 172.25.70.2
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
access-class ALLOW-TECH in
login local
transport input ssh
ntp authentication-key 123 md5 0802657D0A16 7
ntp authenticate
ntp trusted-key 123
ntp server 173.45.238.221 key 123
end
BAN RTR
hostname BAN-RTR
username CHG password 0 Yahoo
username guest privilege 15 password 0 cisco
ip domain-name CISco.com
ip name-server 172.25.70.2
interface Loopback1
description Ping & Telnet
ip address 172.25.71.17 255.255.255.252
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.300
description BAN-Switch Management, VLAN 300
encapsulation dot1Q 300
ip address 172.25.71.1 255.255.255.240
interface FastEthernet0/0.310
description BAN-Lan 1, VLAN 310
encapsulation dot1Q 310
ip address 172.25.70.1 255.255.255.128
ip access-group BAN-LAN-1 in
interface FastEthernet0/0.320
description BAN-Lan 2, VLAN 320
encapsulation dot1Q 320
ip address 172.25.68.1 255.255.254.0
ip helper-address 172.25.70.2
ip access-group BAN-LAN-2 in
interface FastEthernet0/0.330
description BAN-Wireless, VLAN 330
encapsulation dot1Q 330
ip address 172.25.70.129 255.255.255.128
ip helper-address 172.25.70.2
ip access-group BAN-WIRELESS in
interface FastEthernet0/0.399
description Trunk Link Native VLAN 399
encapsulation dot1Q 399 native
no ip address
interface FastEthernet0/0.500
description Link for Border Router
encapsulation dot1Q 500
ip address 192.168.100.41 255.255.255.248
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
description DLCI 218 to CHG, DLCI 847 to PHX
no ip address
encapsulation frame-relay
interface Serial0/0/0.218 point-to-point
description WAN link to CHG
ip address 192.168.100.62 255.255.255.252
frame-relay interface-dlci 218
ip ospf network broadcast
interface Serial0/0/0.847 point-to-point
description WAN link to PHX
ip address 192.168.100.50 255.255.255.252
frame-relay interface-dlci 847
ip ospf network broadcast
interface Serial0/0/1
description PPP link to CHG
bandwidth 128
ip address 192.168.100.58 255.255.255.252
encapsulation ppp
ppp authentication pap
ppp pap sent-username BAN password 0 Yahoo
interface Vlan1
no ip address
shutdown
router ospf 50
log-adjacency-changes
passive-interface FastEthernet0/0.300
passive-interface FastEthernet0/0.310
passive-interface FastEthernet0/0.320
passive-interface FastEthernet0/0.330
network 172.25.68.0 0.0.1.255 area 0
network 172.25.70.0 0.0.0.127 area 0
network 172.25.70.128 0.0.0.127 area 0
network 172.25.71.0 0.0.0.15 area 0
network 172.25.71.16 0.0.0.3 area 0
network 192.168.100.40 0.0.0.7 area 0
network 192.168.100.48 0.0.0.3 area 0
network 192.168.100.56 0.0.0.3 area 0
network 192.168.100.60 0.0.0.3 area 0
ip classless
ip access-list standard ALLOW-TECH
permit 172.25.72.0 0.0.0.127
deny any
ip access-list extended BAN-LAN-1
permit ip 172.25.70.0 0.0.0.127 any
permit udp any any eq bootps
deny ip any any
ip access-list extended BAN-LAN-2
permit ip 172.25.68.0 0.0.1.255 any
permit udp any any eq bootps
deny ip any any
ip access-list extended BAN-WIRELESS
permit tcp 172.25.70.128 0.0.0.127 host 172.25.72.130 eq www
permit udp 172.25.70.128 0.0.0.127 host 172.25.70.2 eq domain
permit udp any any eq bootps
deny ip 172.25.70.128 0.0.0.127 172.25.64.0 0.0.15.255
deny ip 172.25.70.128 0.0.0.127 192.168.100.32 0.0.0.31
permit ip 172.25.70.128 0.0.0.127 any
deny ip any any
no cdp run
banner motd ^CAuthorized Users only - Log out if not permitted on system^^C
logging trap debugging
logging 172.25.70.2
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
access-class ALLOW-TECH in
login local
transport input ssh
ntp authentication-key 123 md5 0802657D0A16 7
ntp authenticate
ntp trusted-key 123
ntp server 173.45.238.221 key 123
end
brdr-rtr
enable secret class
hostname BRDR-RTR
no ip domain-lookup
interface FastEthernet0/1
description Trunk link to PHX-RTR-2
switchport trunk native vlan 198
switchport mode trunk
interface FastEthernet0/10
description PHX-LAN4, VLAN 160
switchport access vlan 160
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/11
description PHX-LAN4, VLAN 160
switchport access vlan 160
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/12
description PHX-LAN4, VLAN 160
switchport access vlan 160
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/17
description PHX-LAN5, VLAN 170
switchport access vlan 170
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/18
description PHX-LAN5, VLAN 170
switchport access vlan 170
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/19
description PHX-LAN5, VLAN 170
switchport access vlan 170
switchport mode access
switchport port-security
switchport port-security maximum 25
interface Vlan1
no ip address
shutdown
interface Vlan150
description PHX-SW4 Management
ip address 172.25.67.162 255.255.255.240
ip default-gateway 172.25.67.161
banner motd ^CAuthorized Users only - Log out if not permitted on system^C
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
line vty 5 15
password cisco
logging synchronous
login
username guest privilege 15 password 0 cisco
ip domain-name CISco.com
ip name-server 172.25.70.2
interface FastEthernet0/0
description Link to CISco LAN
ip address 192.168.100.42 255.255.255.248
ip nat inside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
description WAN link to ISP
ip address 209.165.200.170 255.255.255.248
encapsulation frame-relay
frame-relay map ip 209.165.200.169 113 broadcast
ip access-group FROM-OUTSIDE in
ip access-group FROM-INSIDE out
ip nat outside
no cdp enable
interface Serial0/0/1
no ip address
shutdown
interface Vlan1
no ip address
shutdown
router ospf 50
log-adjacency-changes
passive-interface Serial0/0/0
network 192.168.100.40 0.0.0.7 area 0
default-information originate
ip nat pool CISco-POOL 209.165.200.170 209.165.200.173 netmask 255.255.255.248
ip nat inside source list ALLOW-NAT pool CISco-POOL overload
ip nat inside source static 172.25.72.130 209.165.200.174
ip classless
ip route 0.0.0.0 0.0.0.0 209.165.200.169
ip access-list standard FROM-INSIDE
permit 209.165.200.168 0.0.0.7
deny any
ip access-list standard ALLOW-TECH
permit 172.25.72.0 0.0.0.127
deny any
ip access-list standard ALLOW-NAT
permit 172.25.64.0 0.0.15.255
permit 192.168.100.32 0.0.0.31
deny any
ip access-list extended FROM-OUTSIDE
deny ip 172.25.64.0 0.0.15.255 any
deny ip 192.168.100.32 0.0.0.31 any
permit tcp any 209.165.200.168 0.0.0.7 established
permit tcp any host 209.165.200.174 eq www
permit tcp any host 209.165.200.174 eq 443
permit icmp any 209.165.200.168 0.0.0.7 echo-reply
permit udp any eq domain 209.165.200.168 0.0.0.7
permit udp host 173.45.238.221 209.165.200.168 0.0.0.7 eq 123
deny ip any any
no cdp run
banner motd ^CAuthorized access only! Log out immediately if not authorized!^^C
logging trap debugging
logging 172.25.70.2
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
access-class ALLOW-TECH in
login local
transport input ssh
ntp authentication-key 123 md5 0802657D0A16 7
ntp authenticate
ntp trusted-key 123
ntp server 173.45.238.221 key 123
end
PHX2 SW
enable secret class
hostname PHX-SW4
no ip domain-lookup
vlan 198
name Native
vlan 150
name Management
interface FastEthernet0/1
description Trunk link to PHX-RTR-2
switchport trunk native vlan 198
switchport mode trunk
interface FastEthernet0/10
description PHX-LAN4, VLAN 160, 100 Users
switchport access vlan 160
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/11
description PHX-LAN4, VLAN 160, 100 Users
switchport access vlan 160
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/12
description PHX-LAN4, VLAN 160, 100 Users
switchport access vlan 160
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/17
description PHX-LAN5, VLAN 170, 25 Users
switchport access vlan 170
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/18
description PHX-LAN5, VLAN 170, 25 Users
switchport access vlan 170
switchport mode access
switchport port-security
switchport port-security maximum 25
interface FastEthernet0/19
description PHX-LAN5, VLAN 170, 25 Users
switchport access vlan 170
switchport mode access
switchport port-security
switchport port-security maximum 25
interface Vlan1
no ip address
shutdown
interface Vlan150
description PHX-SW4 Management
ip address 172.25.67.162 255.255.255.240
ip default-gateway 172.25.67.161
banner motd ^CAuthorized Users only - Log out if not permitted on system^C
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
line vty 5 15
password cisco
logging synchronous
login
end
PHX-RTR 2
enable secret class
hostname PHX-RTR-2
ip dhcp excluded-address 172.25.67.0 172.25.67.3
ip dhcp excluded-address 172.25.67.128 172.25.67.131
ip dhcp pool PHX-LAN4
network 172.25.67.0 255.255.255.128
default-router 172.25.67.1
dns-server 172.25.70.2
ip dhcp pool PHX-LAN5
network 172.25.67.128 255.255.255.224
default-router 172.25.67.129
dns-server 172.25.70.2
username PHX-RTR password 0 PPP-cisco
username guest privilege 15 password 0 cisco
ip domain-name CISco.com
ip name-server 172.25.70.2
interface Loopback1
description Ping & Telnet
ip address 172.25.67.177 255.255.255.252
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.150
description PHX2-Management for switch, VLAN 150
encapsulation dot1Q 150
ip address 172.25.67.161 255.255.255.240
interface FastEthernet0/0.160
description PHX2-LAN4, VLAN 160
encapsulation dot1Q 160
ip address 172.25.67.1 255.255.255.128
ip access-group PHX-LAN-4 in
interface FastEthernet0/0.170
description PHX2-LAN5, VLAN 170
encapsulation dot1Q 170
ip address 172.25.67.129 255.255.255.224
ip access-group PHX-LAN-5 in
interface FastEthernet0/0.198
description Native VLAN for PHX2 trunked switch
encapsulation dot1Q 198 native
no ip address
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
description PPP Link to PHX-RTR
ip address 172.25.66.26 255.255.255.252
encapsulation ppp
ppp authentication chap
clock rate 1300000
interface Serial0/0/1
no ip address
shutdown
interface Vlan1
no ip address
shutdown
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip access-list extended PHX-LAN-4
permit ip 172.25.67.0 0.0.0.127 any
permit udp any any eq bootps
deny ip any any
ip access-list extended PHX-LAN-5
permit ip 172.25.67.128 0.0.0.31 any
permit udp any any eq bootps
deny ip any any
ip access-list standard ALLOW-TECH
permit 172.25.72.0 0.0.0.127
deny any
no cdp run
banner motd ^CAuthorized Users only - Log out if not permitted on system^C
logging trap debugging
logging 172.25.70.2
line con 0
password cisco
logging synchronous
login
line vty 0 4
access-class ALLOW-TECH in
logging synchronous
login local
transport input ssh
ntp authentication-key 123 md5 0802657D0A16 7
ntp authenticate
ntp trusted-key 123
ntp server 173.45.238.221 key 123
end
SW1 BAN
enable secret class
hostname BAN-SW1
no ip domain-lookup
spanning-tree vlan 300,310 priority 24576
interface FastEthernet0/1
description Trunk link to Bangor router
switchport trunk native vlan 399
switchport mode trunk
interface FastEthernet0/23
description Trunk link to Bangor Switch 3
switchport trunk native vlan 399
switchport mode trunk
interface FastEthernet0/24
description Trunk link to Bangor Switch 2
switchport trunk native vlan 399
switchport mode trunk
interface GigabitEthernet1/1
description Trunk link to Bangor Switch 3
switchport trunk native vlan 399
switchport mode trunk
interface GigabitEthernet1/2
description Trunk link to Bangor Switch 2
switchport trunk native vlan 399
switchport mode trunk
interface Vlan1
no ip address
shutdown
interface Vlan300
description Bangor Switch Management
ip address 172.25.71.2 255.255.255.240
ip default-gateway 172.25.71.1
banner motd ^CAuthorized Users only - Log out if not permitted on system^^C
line con 0
password cisco
logging synchronous
login
exec-timeout 0 0
line vty 0 4
password cisco
logging synchronous
login
transport input telnet
line vty 5 15
password cisco
logging synchronous
login
transport input telnet
end
hostname BRDR-RTR
username guest privilege 15 password 0 cisco
ip domain-name CISco.com
ip name-server 172.25.70.2
interface FastEthernet0/0
description Link to CISco LAN
ip address 192.168.100.42 255.255.255.248
ip nat inside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
description WAN link to ISP
ip address 209.165.200.170 255.255.255.248
encapsulation frame-relay
frame-relay map ip 209.165.200.169 113 broadcast
ip access-group FROM-OUTSIDE in
ip access-group FROM-INSIDE out
ip nat outside
no cdp enable
interface Serial0/0/1
no ip address
shutdown
interface Vlan1
no ip address
shutdown
router ospf 50
log-adjacency-changes
passive-interface Serial0/0/0
network 192.168.100.40 0.0.0.7 area 0
default-information originate
ip nat pool CISco-POOL 209.165.200.170 209.165.200.173 netmask 255.255.255.248
ip nat inside source list ALLOW-NAT pool CISco-POOL overload
ip nat inside source static 172.25.72.130 209.165.200.174
ip route 0.0.0.0 0.0.0.0 209.165.200.169
ip access-list standard FROM-INSIDE
permit 209.165.200.168 0.0.0.7
deny any
ip access-list standard ALLOW-TECH
permit 172.25.72.0 0.0.0.127
deny any
ip access-list standard ALLOW-NAT
permit 172.25.64.0 0.0.15.255
permit 192.168.100.32 0.0.0.31
deny any
ip access-list extended FROM-OUTSIDE
deny ip 172.25.64.0 0.0.15.255 any
deny ip 192.168.100.32 0.0.0.31 any
permit tcp any 209.165.200.168 0.0.0.7 established
permit tcp any host 209.165.200.174 eq www
permit tcp any host 209.165.200.174 eq 443
permit icmp any 209.165.200.168 0.0.0.7 echo-reply
permit udp any eq domain 209.165.200.168 0.0.0.7
permit udp host 173.45.238.221 209.165.200.168 0.0.0.7 eq 123
deny ip any any
no cdp run
banner motd ^CAuthorized access only! Log out immediately if not authorized!^^C
logging trap debugging
logging 172.25.70.2
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
access-class ALLOW-TECH in
login local
transport input ssh
ntp authentication-key 123 md5 0802657D0A16 7
ntp authenticate
ntp trusted-key 123
ntp server 173.45.238.221 key 123
end
709
hostname Scissor
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.11.1 192.168.11.10
ip dhcp excluded-address 192.168.11.129 192.168.11.139
ip dhcp pool 1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
ip dhcp pool WHOLESALE
network 192.168.11.0 255.255.255.128
default-router 192.168.11.1
ip dhcp pool RETAIL
network 192.168.11.128 255.255.255.192
default-router 192.168.11.129
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.10.1 255.255.255.0
ip nat inside
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.11.1 255.255.255.128
ip nat inside
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.11.129 255.255.255.192
ip nat inside
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
ip address 196.100.10.1 255.255.255.0
ip nat outside
interface Serial0/0/1
no ip address
shutdown
interface Serial0/1/0
no ip address
shutdown
interface Serial0/1/1
no ip address
shutdown
interface Vlan1
no ip address
shutdown
router rip
version 2
network 192.168.10.0
network 192.168.11.0
network 196.100.10.0
ip nat pool RETAIL 196.100.10.124 196.100.10.183 netmask 255.255.255.0
ip nat pool VLAN1 196.100.10.3 196.100.10.3 netmask 255.255.255.0
ip nat pool WHOLESALE 196.100.10.4 196.100.10.123 netmask 255.255.255.0
ip nat inside source list 1 pool VLAN1
ip nat inside source list 10 pool WHOLESALE
ip nat inside source list 20 pool RETAIL
ip classless
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 10 permit 192.168.11.1 0.0.0.128
access-list 20 permit 192.168.11.1 0.0.0.192
line con 0
line vty 0 4
login
end
hostname Paper
ip dhcp excluded-address 192.168.20.1 192.168.20.10
ip dhcp excluded-address 192.168.21.1 192.168.21.10
ip dhcp excluded-address 192.168.21.129 192.168.21.139
ip dhcp pool 1
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
ip dhcp pool WHOLESALE
network 192.168.21.0 255.255.255.128
default-router 192.168.20.1
ip dhcp pool RETAIL
network 192.168.21.128 255.255.255.192
default-router 192.168.21.129
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.20.1 255.255.255.0
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.21.1 255.255.255.128
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.21.129 255.255.255.192
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
ip address 196.100.10.2 255.255.255.0
ip nat inside
clock rate 56000
interface Serial0/0/1
ip address 64.26.91.2 255.255.255.252
ip nat outside
interface Serial0/1/0
no ip address
shutdown
interface Serial0/1/1
no ip address
shutdown
interface Vlan1
no ip address
shutdown
router rip
version 2
network 64.0.0.0
network 192.168.20.0
network 192.168.21.0
network 196.100.10.0
ip nat pool PAPER 24.58.96.254 24.58.96.254 netmask 255.255.255.252
ip nat pool SCISSORS 24.58.96.253 24.58.96.253 netmask 255.255.255.252
ip nat inside source list 1 pool SCISSORS overload
ip nat inside source list 10 pool PAPER overload
ip classless
access-list 1 permit 196.100.10.0 0.0.0.255
access-list 10 permit 192.168.20.0 0.0.1.255
line con 0
line vty 0 4
login
end
Lab 7.4.1
All Devices
enable
conf t
no ip domain-lookup
enable secret class
banner motd $Authorized Access Only!$
line con 0
logging synchronous
password cisco
350 Accessing the WAN: CCNA Exploration Labs and Study Guide
login
line vty 0 4
password cisco
login
end
copy run start
R1:
hostname R1
enable
conf t
no ip domain-lookup
enable secret class
banner motd $Authorized Access Only!$
line con 0
logging synchronous
password cisco
350 Accessing the WAN: CCNA Exploration Labs and Study Guide
login
line vty 0 4
password cisco
login
end
copy run start
int fa0/0
ip address 192.168.10.1 255.255.255.0
no shut
int fa0/0
ip address 192.168.11.1 255.255.255.0
no shut
int s0/0/0
ip address 10.1.1.1 255.255.255.252
clock rate 125000
router ospf 1
network 192.168.10.0 0.0.0.255 area 0
network 192.168.11.0 0.0.0.255 area 0
network 10.1.1.0 0.0.0.3 area 0
R2:
enable
conf t
no ip domain-lookup
enable secret class
banner motd $Authorized Access Only!$
line con 0
logging synchronous
password cisco
350 Accessing the WAN: CCNA Exploration Labs and Study Guide
login
line vty 0 4
password cisco
login
end
copy run start
hostname R2
int fa0/0
ip address 192.168.20.1 255.255.255.0
no shut
int s0/0/0
ip address 10.1.1.2 255.255.255.252
no shut
int s0/0/1
ip address 209.165.200.225 255.255.255.252
clock rate 125000
no shut
optional loopback interface in place of server
interface loopback 0
ip address 192.168.20.254 255.255.255.0
router ospf 1
network 10.1.1.0 0.0.0.3 area 0
network 192.168.20.0 0.0.0.255 area 0
ISP:
enable
conf t
no ip domain-lookup
enable secret class
banner motd $Authorized Access Only!$
line con 0
logging synchronous
password cisco
350 Accessing the WAN: CCNA Exploration Labs and Study Guide
login
line vty 0 4
password cisco
login
end
copy run start
hostname ISP
Chapter 7: IP Addressing Services 351
int s0/0/1
ip address 209.165.200.226 255.255.255.252
no shut
Running configs 741
hostname R1
enable secret class
no ip domain lookup
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
ip helper-address 10.1.1.2
no shutdown
interface FastEthernet0/1
ip address 192.168.11.1 255.255.255.0
ip helper-address 10.1.1.2
no shutdown
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
clock rate 125000
interface Serial0/0/1
no ip address
shutdown
router ospf 1
network 10.1.1.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.11.0 0.0.0.255 area 0
banner motd ^C!!!AUTHORIZED ACCESS ONLY!!!^C
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line aux 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
end
R2
hostname R2
enable secret class
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.11.1 192.168.11.10
ip dhcp pool R1Fa0
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.11.5
ip dhcp pool R1Fa1
network 192.168.11.0 255.255.255.0
dns-server 192.168.11.5
default-router 192.168.11.1
no ip domain lookup
interface Loopback0
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
ip nat inside
ip virtual-reassembly
interface Serial0/0/1
ip address 209.165.200.225 255.255.255.252
ip nat outside
ip virtual-reassembly
clock rate 125000
router ospf 1
network 10.1.1.0 0.0.0.3 area 0
network 192.168.20.0 0.0.0.255 area 0
default-information originate
ip route 0.0.0.0 0.0.0.0 209.165.200.226
no ip http server
no ip http secure-server
ip nat inside source list NAT interface Serial0/0/1 overload
ip nat inside source static 192.168.20.254 209.165.200.254
ip access-list extended NAT
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.255 any
banner motd ^C!!!AUTHORIZED ACCESS ONLY!!!^C
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line aux 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
end
ISP
hostname ISP
enable secret class
no ip domain lookup
interface Serial0/0/1
ip address 209.165.200.226 255.255.255.252
no shutdown
ip route 209.165.200.240 255.255.255.240 Serial0/0/1
!
banner motd ^C
!!!AUTHORIZED ACCESS ONLY!!!^C
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line aux 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
end
Lab 7.4.3 Corrected Script
R1
hostname R1
enable secret class
no ip domain lookup
interface FastEthernet0/0
ip address 172.16.10.1 255.255.255.0
ip helper-address 172.16.0.2
no shutdown
interface FastEthernet0/1
ip address 172.16.11.1 255.255.255.0
ip helper-address 172.16.0.2
no shutdown3
interface Serial0/0/0
ip address 172.16.0.1 255.255.255.252
clock rate 125000
no shutdown
router rip
version 2
network 172.16.0.0
no auto-summary
banner motd $AUTHORIZED ACCESS ONLY$
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
end
R2
hostname R2
enable secret class
ip dhcp excluded-address 172.16.10.1 172.16.10.3
ip dhcp excluded-address 172.16.11.1 172.16.11.3
ip dhcp pool R1_LAN10
network 172.16.10.0 255.255.255.0
default-router 172.16.10.1
dns-server 172.16.20.254
ip dhcp pool R1_LAN11
network 172.16.11.0 255.255.255.0
default-router 172.16.11.1
dns-server 172.16.20.254
no ip domain lookup
interface FastEthernet0/0
ip address 172.16.20.1 255.255.255.0
ip nat inside
no shutdown
interface Serial0/0/0
ip address 172.16.0.2 255.255.255.252
ip nat inside
no shutdown
interface Serial0/0/1
ip address 209.165.201.1 255.255.255.252
ip nat outside
clock rate 125000
no shutdown
router rip
version 2
network 172.16.0.0
default-information originate
no auto-summary
ip route 0.0.0.0 0.0.0.0 209.165.201.2
ip nat pool NAT_POOL 209.165.201.9 209.165.201.14 netmask 255.255.255.248
ip nat inside source list NAT_ACL pool NATPOOL overload
ip nat inside source list NAT_ACL pool NAT_POOL overload
ip nat inside source static 172.16.20.254 209.165.201.30
ip access-list standard NAT_ACL
permit 172.16.10.0 0.0.0.255
permit 172.16.11.0 0.0.0.255
banner motd $AUTHORIZED ACCESS ONLY$
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
end
ISP
hostname ISP
enable secret class
interface Serial0/0/1
ip address 209.165.201.2 255.255.255.252
no shutdown
ip route 0.0.0.0 0.0.0.0 Serial0/0/1
banner motd $AUTHORIZED ACCESS ONLY$
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
end
LAB BASIC CONFIGS CHANGE AS NEEDED
R1

Fa0/1 10.0.0.1 255.255.255.128 N/A
S0/0/0 172.16.0.1 255.255.255.252 N/A
S0/0/1 172.16.0.9 255.255.255.252 N/A

R2

Lo0 209.165.200.161 255.255.255.224 N/A
S0/0/0 172.16.0.2 255.255.255.252 N/A
S0/0/1 172.16.0.5 255.255.255.252 N/A

R3

Fa0/1 10.0.0.129 255.255.255.128 N/A
S0/0/0 172.16.0.10 255.255.255.252 N/A
S0/0/1 172.16.0.6 255.255.255.252 N/A

PC1

ip 10.0.0.10 255.255.255.128 10.0.0.1

PC3

ip 10.0.0.139 255.255.255.128 10.0.0.129
HELPFUL CONFIGS to Adjust for Labs
R1
enable
configure terminal
hostname CHG-RTR
banner motd #Authorized Users Only#
no ip domain-lookup
enable secret class
line console 0
password cisco
login
logging synchronous
exec-timeout 0 0
exit
line vty 0 4
password cisco
login
logging synchronous
exec-timeout 5
exit
interface fastEthernet0/1
ip address 10.0.0.1 255.255.255.128
no shutdown
exit
interface Serial0/0/0
ip address 172.16.0.1 255.255.255.252
clock rate 64000
no shutdown
exit
interface Serial0/0/1
ip address 172.16.0.9 255.255.255.252
no shutdown
exit
router rip
version 2
network 10.0.0.0
network 172.16.0.0
passive-interface fastEthernet0/1
no auto-summary
ex
username R2 password cisco
interface Serial0/0/0
encapsulation ppp
ppp authentication chap
exit
interface Serial0/0/1
encapsulation frame-relay
frame-relay map ip 172.16.0.9 101 broadcast
frame-relay map ip 172.16.0.10 101 broadcast
frame-relay interface-dlci 101
no keepalive
exit
access-list 101 permit tcp host 172.16.0.2 any eq 23
access-list 101 permit tcp host 172.16.0.5 any eq 23
access-list 101 deny tcp any any eq 23
access-list 101 permit ip any any
line vty 0 4
access-class 101 in
end

R2:

enable
configure terminal
hostname R2
banner motd #Authorized Users Only#
no ip domain-lookup
enable secret class
line console 0
password cisco
login
logging synchronous
exec-timeout 5
exit
line vty 0 4
password cisco
login
logging synchronous
exec-timeout 5
exit
interface Serial0/0/0
ip address 172.16.0.2 255.255.255.252
no shutdown
exit
interface Serial0/0/1
ip address 172.16.0.5 255.255.255.252
clock rate 64000
no shutdown
exit
interface Loopback0
ip address 209.165.200.161 255.255.255.224
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 Loopback0
router rip
version 2
network 172.16.0.0
no auto-summary
redistribute static
exit
username R1 password cisco
interface Serial0/0/0
encapsulation ppp
ppp authentication chap
exit
interface Serial0/0/1
encapsulation hdlc
exit
username cisco password cisco
aaa new-model
aaa authentication login LOCAL_AUTH local

line vty 0 4
login authentication LOCAL_AUTH
exit
no cdp run
access-list 102 deny tcp any host 10.0.0.10 eq 80
access-list 102 deny tcp any host 10.0.0.10 eq 23
access-list 102 deny tcp any host 10.0.0.10 eq 21
access-list 102 deny tcp any host 10.0.0.10 eq 20
access-list 102 permit ip any any
interface Loopback0
ip access-group 102 in
end
R3:

enable
configure terminal
hostname R3
banner motd #Authorized users only#
no ip domain-lookup
enable secret class
line console 0
password cisco
login
logging synchronous
exec-timeout 5
exit
line vty 0 4
password cisco
login
logging synchronous
exec-timeout 5
exit
interface fastEthernet0/1
ip address 10.0.0.129 255.255.255.128
no shutdown
exit
interface Serial0/0/0
ip address 172.16.0.10 255.255.255.252
clock rate 64000
no shutdown
exit
interface Serial0/0/1
ip address 172.16.0.6 255.255.255.252
no shutdown
exit
interface Serial0/0/0
encapsulation frame-relay
frame-relay map ip 172.16.0.10 101 broadcast
frame-relay map ip 172.16.0.9 101 broadcast
frame-relay interface-dlci 101
no keepalive
exit
interface Serial0/0/1
encapsulation hdlc
exit
router rip
version 2
network 10.0.0.0
network 172.16.0.0
passive-interface fastEthernet0/1
no auto-summary
exit
access-list 101 permit tcp host 172.16.0.2 any eq 23
access-list 101 permit tcp host 172.16.0.5 any eq 23
access-list 101 deny tcp any any eq 23
access-list 101 permit ip any any
line vty 0 4
access-class 101 in
exit
access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10
access-list 103 permit ip any any
interface Serial0/0/0
ip access-group 103 out
exit
interface Serial0/0/1
ip access-group 103 out
exit
access-list 104 permit ip 10.0.0.128 0.0.0.127 any
ip nat inside source list 104 interface Serial0/0/0 overload
interface fastEthernet0/1
ip access-group 104 in
ip nat inside
exit
interface Serial0/0/0
ip nat outside
exit
interface Serial0/0/1
ip nat outside
end
security options
line vty 0 4
login authentication LOCAL_AUTH
exit
no servicepad
no service finger
no service udp-small-server
no service tcp-small-server
no ip bootp server
no ip http server
no ip finger
no ip source-route
no ip gratuitous-arps
no cdp run
ip dhcp pool BAN-LAN-1
network 192.168.10.0 255.255.255.0
default-router 172.30.100.41
dns-server 140.198.8.14
ip dhcp pool BAN-Wireless
network 192.168.30.0 255.255.255.128
default-router 172.30.100.41
dns-server 140.198.8.14

network 192.168.10.0 255.255.255.0
default-router 172.30.100.41
dns-server 140.198.8.14
no ip dhcp pool BAN-Wireless
network 192.168.30.0 255.255.255.0
default-router 172.30.100.41
dns-server 140.198.8.14
no ip dhcp pool BAN-Wireless
network 192.168.30.0 255.255.255.128
default-router 172.30.100.41
dns-server 140.198.8.14
no ip access-list extended NO-TELNET
no ip access-list standard NAT-THESE
deny icmp any 172.17.50.128 0.0.0.127 echo-reply
ip nat pool OUTSIDE 209.165.200.172 209.165.200.174 net mask 255.255.255.248
ip nat inside source list NAT-THESE pool OUTSIDE overload
deny tcp any host 209.165.200.168 0.0.0.7 eq 21
ip name-server 140.198.8.14
ip domain-name www.msn.com
ip access-list extended NO-TELNET
ip access-list standard NAT-THESE
permit 172.17.0.0 0.0.255.255
permit 172.30.100.32 0.0.0.15
permit 192.168.0.0 0.0.127.255
deny any
ip access-list extended NO-TELNET
deny tcp any host 209.165.200.0 eq ftp
permit ip any any
ip access-list extended CHG-PHXWEB
deny icmp 192.168.50.140 neq echo 172.17.201.100 echo
permit ip any any
ip nat pool OUTSIDE 209.165.200.172 209.165.200.174 netmask 255.255.255.248
ip nat inside source list NAT-THESE pool OUTSIDE overload
ip nat inside source static 172.17.201.100 209.165.200.171
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 209.165.200.168 255.255.255.248 FastEthernet0/1
!
!
ip access-list standard NAT-THESE
permit 172.17.0.0 0.0.255.255
permit 172.30.100.32 0.0.0.15
permit 192.168.0.0 0.0.127.255
deny any
no ip access-list standard NO-BAN-PHX1
ip access-list standard NO-BAN-PHX1
deny 192.168.0.0 0.0.224.0
permit any
no ip access-list extended CHG-PHXWEB
ip access-list extended CHG-PHXWEB
deny icmp host 192.168.50.128 host 172.17.201.100 echo
permit ip any any