Practical: Skill test on INTER-VLAN, RIP2, DYNAMIC NAT, ACL

Configure the network according to following table:

Network Description Net Address Mask Gateway Clock Rate
Vlan 10(Teacher) 172.16.10.0 255.255.255.0 172.16.10.1 NA
Vlan 20 (Student) 172.16.11.0 255.255.255.0 172.16.11.1 NA
Management Vlan 30(Managemrnt) 172.16.12.0

172.16.13.0

255.255.255.248 172.16.12.1

172.16.13.1

NA
R1 (Internal) to R2(AIUB) Serial 192.168.10.0 255.255.255.252 192.168.10.1 and 192.168.10.2 64000
R2 (AIUB) to R3(ISP) 192.168.11.0 255.255.255.252 192.168.11.1 and 192.168.11.2 64000
PC1(Vlan 10) connected to Switch 1 172.16.10.2 255.255.255.0 172.16.10.1 NA
Server(Vlan 20) connected to Switch 2 172.16.11.2 255.255.255.0 172.16.11.1 NA

 Required to configure the following : 

All Switch must be remotely accessible 

Perform inter vlan routing

Apply RIP version 2 in Internal and AIUB routers

RIP update must not go to any LAN

Configure default route from AIUB to ISP and propagate it to all router in RIP

Propagate default route to all router in RIP

Configure static route from ISP to AIUB and Internal networks

Apply numbered extended ACL to stop ping from PC1 to Server and Stop telnet to server form PC1

AIUB to ISP perform dynamic PAT for all internal networks towards ISP. Use public IP 200.20.2.1/30

solution

Topology Configuration

All Switch must be remotely accessible:
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1
SW1(config)#line console 0
SW1(config-line)#logging synchronous
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#exit

SW1(config)#line vty 0 5
SW1(config-line)#logging synchronous
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#exit
SW1(config)#

SW1(config)#enable secret cisco
SW1(config)#service password-encryption
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW2
SW2(config)#line console 0
SW2(config-line)#logging sy
SW2(config-line)#logging synchronous
SW2(config-line)#password cisco
SW2(config-line)#login
SW2(config-line)#exit
SW2(config)#
SW2(config)#
SW2(config)#line vty 0 5
SW2(config-line)#logging syn
SW2(config-line)#logging synchronous
SW2(config-line)#password cisco
SW2(config-line)#login
SW2(config-line)#exit
SW2(config)#

SW2(config)#enable secret cisco
SW2(config)#service password-encryption
SW2(config)#
Perform inter vlan routing:
SW1(config)#vlan 10
SW1(config-vlan)#name Teacher
SW1(config-vlan)#exit
SW1(config)#vlan 20
SW1(config-vlan)#name Student
SW1(config-vlan)#exit
SW1(config)#vlan 30
SW1(config-vlan)#name Management
SW1(config-vlan)#exit
SW1(config)#
SW1(config)#vlan 99
SW1(config-vlan)#name native
SW1(config-vlan)#
SW1(config)#int vlan 30
SW1(config-if)#ip address 172.16.12.3 255.255.255.248
SW1(config-if)#ip default-gateway 172.16.12.1
SW1(config)#exit
SW1(config)#int fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#exit
SW1(config)#
SW1(config)#int fa0/1
SW1(config-if)#no shutdown

SW1(config)#int fa0/2
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20,30,99
SW1(config-if)#switchport trunk native vlan 99
SW1(config-if)#

SW1(config)#int fa0/2
SW1(config-if)#no shutdown
SW1(config-if)#exit
SW1(config)#

SW2#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vlan 10
SW2(config-vlan)#name Teacher
SW2(config-vlan)#exit
SW2(config)#vlan 20
SW2(config-vlan)#name Student
SW2(config-vlan)#exit
SW2(config)#vlan 30
SW2(config-vlan)#name Management
SW2(config-vlan)#exit
SW2(config)#vlan 99
SW2(config-vlan)#name native
SW2(config-vlan)#exit
SW2(config)#
SW2(config)#int vlan 30
SW2(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up

SW2(config-if)#ip address 172.16.13.2 255.255.255.248
SW2(config-if)#ip default-gateway 172.16.13.1
SW2(config)#exit
SW2#
%SYS-5-CONFIG_I: Configured from console by console

SW2#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int fa0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 20
SW2(config-if)#exit
SW2(config)#
SW2(config)#int fa0/1
SW2(config-if)#no shutdown
SW2(config-if)#exit
SW2(config)#

SW2(config)#int fa0/2
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport trunk allowed vlan 10,20,30,99
SW2(config-if)#switchport trunk native vlan 99
SW2(config-if)#exit
SW2(config)#

SW2(config)#int fa0/2
SW2(config-if)#no shutdown
SW2(config-if)#exit
SW2(config)#

INTERNAL ROUTER CONFIG:
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname INTERNAL
INTERNAL(config)#

INTERNAL(config)#int g0/0
INTERNAL(config-if)#no shutdown
INTERNAL(config)#int g0/0.10
INTERNAL(config-subif)#encapsulation dot1q 10
INTERNAL(config-subif)#ip address 172.16.10.1 255.255.255.0
INTERNAL(config-subif)#exit

INTERNAL(config)#int g0/0.30
INTERNAL(config-subif)#encapsulation dot1q 30
INTERNAL(config-subif)#ip address 172.16.12.1 255.255.255.248
INTERNAL(config-subif)#exit
INTERNAL(config)#

INTERNAL(config)#int g0/1.20
INTERNAL(config-subif)#en
INTERNAL(config-subif)#encapsulation
INTERNAL(config-subif)#encapsulation dot1Q 20
INTERNAL(config-subif)#ip address 172.16.11.1 255.255.255.0
INTERNAL(config-subif)#exit
INTERNAL(config)#

NTERNAL(config)#int g0/1.30
INTERNAL(config-subif)#en
INTERNAL(config-subif)#encapsulation
INTERNAL(config-subif)#encapsulation dot1Q 30
INTERNAL(config-subif)#ip address 172.16.13.1 255.255.255.248
INTERNAL(config-subif)#exit
INTERNAL(config)#
INTERNAL(config)#int g0/1
INTERNAL(config-if)#no shutdown
Apply RIP version 2 in Internal and AIUB routers:

INTERNAL(config)#
INTERNAL(config)#int s0/1/0
INTERNAL(config-if)#ip address 192.168.10.1 255.255.255.252
INTERNAL(config-if)#no shutdown

%LINK-5-CHANGED: Interface Serial0/1/0, changed state to down
INTERNAL(config-if)#clock rate 64000
INTERNAL(config-if)#exit
INTERNAL(config)#

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname AIUB
AIUB(config)#
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname AIUB
AIUB(config)#int s0/1/0
AIUB(config-if)#ip address 192.168.10.2 255.255.255.252
AIUB(config-if)#no shutdown

AIUB(config-if)#
%LINK-5-CHANGED: Interface Serial0/1/0, changed state to up
exit
AIUB(config)#

AIUB(config)#int s0/1/1
AIUB(config-if)#ip address 192.168.11.1 255.255.255.252
AIUB(config-if)#clock rate 64000
AIUB(config-if)#no shut

%LINK-5-CHANGED: Interface Serial0/1/1, changed state to down
AIUB(config-if)#
AIUB(config-if)#

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname ISP
ISP(config)#int s0/3/0
ISP(config-if)#ip address 192.168.11.2 255.255.255.252
ISP(config-if)#no shutdown

ISP(config-if)#
%LINK-5-CHANGED: Interface Serial0/3/0, changed state to up

ISP(config-if)#
INTERNAL(config)#router rip
INTERNAL(config-router)#version 2
INTERNAL(config-router)#network 172.16.0.0
INTERNAL(config-router)#network 192.168.0.0
INTERNAL(config-router)#exit
INTERNAL(config)#

AIUB(config)#router rip
AIUB(config-router)#version 2
AIUB(config-router)#network 192.168.10.0
AIUB(config-router)#network 192.168.11.0
AIUB(config-router)#exit
AIUB(config)#

Propagate default route to all router in RIP :

AIUB(config)#router rip
AIUB(config-router)#version 2
AIUB(config-router)#default-information originate
AIUB(config-router)#

AIUB(config)router rip
AIUB(config-router)#version 2
AIUB(config-router) redistribute static
AIUB to ISP perform dynamic PAT for all internal networks towards ISP. Use public IP 200.20.2.1/30

AIUB(config)#ip nat pool INTERNET 200.20.2.1 200.20.2.3 netmask 255.255.255.252
AIUB(config)#
AIUB(config)#ip nat inside source list 1 pool INTERNET
AIUB(config)#ip nat inside source static 192.168.10.2 200.20.2.4
AIUB(config)#ip access-list standard 1
AIUB(config-std-nacl)#permit 172.16.10.0 0.0.0.255
AIUB(config-std-nacl)#permit 172.16.11.0 0.0.0.255
AIUB(config-std-nacl)#int s0/1/0
AIUB(config-if)#ip nat inside
AIUB(config-if)#exit
AIUB(config)#

AIUB(config)#int s0/1/1
AIUB(config-if)#ip nat outside
AIUB(config-if)#

AIUB#show ip nat translations

Configure default route from AIUB to ISP and propagate it to all router in RIP

Internal(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0
AIUB(config)#ip route 0.0.0.0 0.0.0.0 Serial0/1/1

RIP update must not go to any LAN:
Internal(config)#router rip
Internal(config)# version 2
Internal(config)# passive-interface GigabitEthernet0/0
Internal(config)# passive-interface GigabitEthernet0/1

Apply numbered extended ACL to stop ping from PC1 to Server and Stop telnet to server form PC1
Internal(config)#ip access-list extended 110
Internal(config-ext-nacl)#
Internal(config-ext-nacl)#permit tcp any any eq telnet
Internal(config-ext-nacl)#deny tcp 172.16.10.2 0.0.0.255 eq telnet 172.16.13.2 0.0.0.7 eq telnet
Internal(config-ext-nacl)#deny icmp 172.16.10.2 0.0.0.255 172.16.11.2 0.0.0.255 echo
Internal(config-ext-nacl)#deny icmp 172.16.10.2 0.0.0.255 172.16.11.2 0.0.0.255 echo-reply

Thank you

Momataj Momo

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s