Académique Documents
Professionnel Documents
Culture Documents
Topology Diagram
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
Fa0/1 10.0.0.1 255.255.255.128 N/A
R1 S0/0/0 172.16.0.1 255.255.255.252 N/A
S0/0/1 172.16.0.9 255.255.255.252 N/A
Lo0 209.165.200.161 255.255.255.224 N/A
R2 S0/0/0 172.16.0.2 255.255.255.252 N/A
S0/0/1 172.16.0.5 255.255.255.252 N/A
Fa0/1 10.0.0.129 255.255.255.128 N/A
R3 S0/0/0 172.16.0.10 255.255.255.252 N/A
S0/0/1 172.16.0.6 255.255.255.252 N/A
PC1 NIC 10.0.0.10 255.255.255.128 10.0.0.1
PC3 NIC 10.0.0.139 255.255.255.128 10.0.0.129
Scenario
This lab tests you on the skills and knowledge that you learned in Exploration 4. Use cisco for all
passwords in this lab, except for the enable secret password, which is class.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 16
Task 1: Prepare the Network
Step 1: Cable a network that is similar to the one in the topology diagram.
Step 2: Clear any existing configurations on the routers.
Task 2: Perform Basic Device Configurations
Configure the R1, R2, and R3 routers according to the following guidelines:
Configure the router hostname.
Disable DNS lookup.
Configure an EXEC mode password.
Configure a message-of-the-day banner.
Configure a password for console connections.
Configure synchronous logging.
Configure a password for vty connections.
R1
ho R1
no ip domain-lookup
enable secret class
banner motd #R1#
!
!
line con 0
exec-timeout 0 0
logging synchronous
password cisco
login
!
line vty 0 4
password cisco
login
R2
ho R2
no ip domain-lookup
enable secret class
banner motd #R2#
!
!
line con 0
exec-timeout 0 0
logging synchronous
password cisco
login
!
line vty 0 4
password cisco
login
R3
ho R3
no ip domain-lookup
enable secret class
banner motd #R3#
!
!
line con 0
exec-timeout 0 0
logging synchronous
password cisco
login
!
line vty 0 4
password cisco
login
R2
!
interface Loopback0
ip address 209.165.200.161 255.255.255.224
!
!
interface Serial0/0/0
ip address 172.16.0.2 255.255.255.252
no shutdown
!
interface Serial0/0/1
ip address 172.16.0.5 255.255.255.252
clock rate 64000
no shutdown
R3
!
interface FastEthernet0/1
ip address 10.0.0.129 255.255.255.128
no shutdown
!
interface Serial0/0/1
ip address 172.16.0.6 255.255.255.252
no shutdown
!
interface Serial0/0/0
ip address 172.16.0.10 255.255.255.252
no shutdown
clock rate 64000
R1
username R2 password cisco
interface serial0/0/0
encapsulation ppp
ppp authentication chap
R2
username R1 password cisco
interface serial0/0/0
encapsulation ppp
ppp authentication chap
R2
interface Serial0/0/1
encapsulation hdlc
R3
interface Serial0/0/1
encapsulation hdlc
R1
interface Serial0/0/1
encapsulation frame-relay
frame-relay map ip 172.16.0.9 101 broadcast
frame-relay map ip 172.16.0.10 101 broadcast
frame-relay interface-dlci 101
no keepalive
R3
interface Serial0/0/0
encapsulation frame-relay
frame-relay map ip 172.16.0.10 101 broadcast
frame-relay map ip 172.16.0.9 101 broadcast
frame-relay interface-dlci 101
no keepalive
Task 5: Configure RIP
Step 1: Configure RIP on R1, R2, and R3.
Step 2: Test connectivity with the ping command.
Step 3: Verify the routing table with the appropriate command.
R1
router rip
version 2
passive-interface FastEthernet0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
R2
router rip
version 2
network 10.0.0.0
network 172.16.0.0
network 209.165.200.0
passive-interface Lo0
no auto-summary
!
R3
router rip
version 2
passive-interface FastEthernet0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
R2
username cisco password cisco
aaa new-model
aaa authentication login LOCAL_AUTH local
line vty 0 4
login authentication LOCAL_AUTH
transport input ssh
sau
aaa new-model
username cisco password 0 cisco
line vty 0 4
transport input SSH
sau o fi SSH simplu????
R1
access-list 101 permit tcp 172.16.0.2 0.0.0.3 172.16.0.1 0.0.0.3 eq telnet
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
!
interface Serial0/0/0
ip access-group 101 in
!
interface Serial0/0/1
ip access-group 101 in
R3
R3(config)#access-list 101 permit tcp 172.16.0.5 0.0.0.3 172.16.0.6 0.0.0.3 eq telnet
R3(config)#access-list 101 deny tcp any any eq telnet
R3(config)#access-list 101 permit ip any any
!
access-list 101 permit tcp 172.16.0.5 0.0.0.3 172.16.0.6 0.0.0.3 eq telnet
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
interface Serial0/0/0
ip access-group 101 in
!
interface Serial0/0/1
ip access-group 101 in
!
Step 2: Do not allow HTTP, Telnet, and FTP traffic from the Internet to PC1.
FTP port 20 si 21
Telnet port 23
R1
access-list 102 deny tcp any eq 80 host 10.0.0.10
access-list 102 deny tcp any eq 23 host 10.0.0.10
access-list 102 deny tcp any eq 21 host 10.0.0.10
access-list 102 deny tcp any eq 20 host 10.0.0.10
access-list 102 permit ip any any
interface fa0/1
ip access-group 102 out
Step 3: Do not allow PC1 to receive traffic from the 10.0.0.128 /25 network.
R3
access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10
access-list 103 permit ip any any
interface fa0/1
ip access-group 103 in
Step 4: Verify that PC3 cannot ping PC1, but can ping 10.0.0.1.
Task 8: Configure NAT.
Step 1: Configure NAT to allow PC3 to ping PC1.
Step 2: Verify that PC3 can reach PC1.
R3
ip nat pool ping 10.0.0.129 10.0.0.254 netmask 255.255.255.128
access-list 110 permit icmp any any
ip nat inside source list 110 pool ping overload
interface fa0/1
ip access-group 110 in
ip nat inside
interface s0/0/0
ip nat outside
interface s0/0/1
ip nat outside
!
hostname R1
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
!
!
!
username R2 password 0 cisco
!
!
!
!
!
no ip domain-lookup
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.128
ip access-group 102 out
duplex auto
speed auto
!
interface Serial0/0/0
ip address 172.16.0.1 255.255.255.252
encapsulation ppp
ppp authentication chap
ip access-group 101 in
clock rate 64000
!
interface Serial0/0/1
ip address 172.16.0.9 255.255.255.252
encapsulation frame-relay
frame-relay map ip 172.16.0.9 101 broadcast
frame-relay map ip 172.16.0.10 101 broadcast
frame-relay interface-dlci 101
no keepalive
ip access-group 101 in
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
passive-interface FastEthernet0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip classless
!
!
access-list 101 permit tcp 172.16.0.0 0.0.0.3 172.16.0.0 0.0.0.3 eq telnet
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
access-list 102 deny tcp any eq www host 10.0.0.10
access-list 102 deny tcp any eq telnet host 10.0.0.10
access-list 102 deny tcp any eq ftp host 10.0.0.10
access-list 102 deny tcp any eq 20 host 10.0.0.10
access-list 102 permit ip any any
!
banner motd ^CR1^C
!
!
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
!
!
!
end
!
hostname R2
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
aaa new-model
!
aaa authentication login LOCAL_AUTH local
!
username R1 password 0 cisco
username cisco password 0 cisco
!
no ip domain-lookup
!
interface Loopback0
ip address 209.165.200.161 255.255.255.224
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 172.16.0.2 255.255.255.252
encapsulation ppp
ppp authentication chap
!
interface Serial0/0/1
ip address 172.16.0.5 255.255.255.252
clock rate 64000
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip classless
!
banner motd #R2#
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login authentication LOCAL_AUTH
line vty 0 4
password cisco
login authentication LOCAL_AUTH
transport input ssh
!
!
!
end
!
hostname R3
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
no ip domain-lookup
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
ip address 10.0.0.129 255.255.255.128
duplex auto
speed auto
!
interface Serial0/0/0
ip address 172.16.0.10 255.255.255.252
encapsulation frame-relay
frame-relay map ip 172.16.0.10 101 broadcast
frame-relay map ip 172.16.0.9 101 broadcast
frame-relay interface-dlci 101
no keepalive
ip access-group 101 in
clock rate 64000
!
interface Serial0/0/1
ip address 172.16.0.6 255.255.255.252
ip access-group 101 in
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
passive-interface FastEthernet0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip classless
!
banner motd #R3#
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
!
!
!
end
!
hostname R3
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
no ip domain-lookup
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
ip address 10.0.0.129 255.255.255.128
ip access-group 110 in
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
ip address 172.16.0.10 255.255.255.252
encapsulation frame-relay
frame-relay map ip 172.16.0.10 101 broadcast
frame-relay map ip 172.16.0.9 101 broadcast
frame-relay interface-dlci 101
no keepalive
ip access-group 101 in
ip nat outside
clock rate 64000
!
interface Serial0/0/1
ip address 172.16.0.6 255.255.255.252
ip access-group 101 in
ip nat outside
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
passive-interface FastEthernet0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip nat pool ping 10.0.0.129 10.0.0.254 netmask 255.255.255.128
ip nat inside source list 110 pool ping overload
ip classless
!
!
access-list 101 permit tcp 172.16.0.4 0.0.0.3 172.16.0.4 0.0.0.3 eq telnet
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10
access-list 103 permit ip any any
access-list 110 permit icmp any any
!
banner motd #R3#
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
!
end