Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
327 views3 pages

Ewan Practice PT Sba

The document describes steps to configure routing, DHCP, WAN links, NAT, and ACLs on routers R1, R2, and R3. It configures R3 as the DHCP server, establishes PPP, HDLC, and Frame Relay WAN links, sets up EIGRP routing, adds a default route on R2, enables NAT on R2, and applies ACLs to implement security policies between the LANs and Internet traffic.

Uploaded by

Steve Smith
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
327 views3 pages

Ewan Practice PT Sba

The document describes steps to configure routing, DHCP, WAN links, NAT, and ACLs on routers R1, R2, and R3. It configures R3 as the DHCP server, establishes PPP, HDLC, and Frame Relay WAN links, sets up EIGRP routing, adds a default route on R2, enables NAT on R2, and applies ACLs to implement security policies between the LANs and Internet traffic.

Uploaded by

Steve Smith
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Step 1: Configure and Verify R3 as the DHCP Server. a.

Configure R3 as the DHCP server for the LAN attached to Fa0/0 using the follo wing guidelines: Use the case-sensitive DHCP pool name of R3_LAN. Exclude the first three host addresses in the subnet. R3(config)#ip dhcp exclude-address 172.16.1.129 172.16.1.131 R3(config)#ip dhcp pool R3_LAN R3#(config-dhcp)#network 172.16.1.128 255.255.255.192 R3#(config-dhcp)#default router 172.16.1.129 b. Verify that PC3 now has full IP addressing. It may be necessary to toggle bet ween Static and DHCP on the IP Configuration screen for PC3 before PC3 will send a D HCP request. PC3 should be able to ping the default gateway.

Step 2: Configure WAN Technologies. a. The link between R3 and R2 uses PPP with CHAP. The password is ciscochap. Ver ify that R3 and R2 can ping each other. R3(config)#username R2 password ciscochap R3#int s0/0/1 R3(config-if)#encapsulation ppp R3(config-if)#ppp authentication chap R2(config)#username R3 password ciscochap R2#int s0/0/0 R2(config-if)#encapsulation ppp R2(config-if)#ppp authentication chap b. The link between R3 and R1 uses HDLC. R3 should be able to ping the other sid e of the link. Verify that R3 and R1 can ping each other. R3#int s0/0/0 R3(config-if)#encapsulation hdlc R1#int s0/0/0 R1(config-if)#encapsulation hdlc c. The link between R1 and R2 uses point-to-point Frame Relay subinterfaces. Ver ify that R1 and R2 can ping each other. R1(config)#int s0/0/1 R1(config-if)#encapsulation frame-relay R1(config-if)#int s0/0/1.101 point-to-point R1(config-subif)ip address 10.10.10.1 255.255.255.252 R1(config-subif)#frame-relay interface-dlci 101 show frame-relay-map show frame-relay lmi show frame-relay pvc [dlci-number] debug frame-relay lmi R2(config)#int s0/0/1 R2(config-if)#encapsulation frame-relay R2(config-if)#int s0/0/1.201 point-to-point

R2(config-subif)ip address 10.10.10.2 255.255.255.252 R2(config-subif)#frame-relay interface-dlci 201 Step 3: Configure and Verify EIGRP Routing. a. Configure EIGRP routing on R1, R2, and R3. Use AS number 100. Do not use the wildcard mask argument. Do not advertise the network between R2 and the Internet.

R1(config)#router eigrp 100 R1(router)#no auto-summary R1(router)#network 10.0.0.0 R1(router)#network 172.16.0.0 R1(router)#network 172.30.0.0 R1(router)#passive-interface fa0/0 R2(config)#router eigrp 100 R2(router)#no auto-summary R2(router)#network 10.0.0.0 R2(router)#network 172.30.0.0 R3(config)#router eigrp 100 R3(router)#no auto-summary R3(router)#network 172.16.0.0 R3(router)#network 172.30.0.0 b. Configure R2 with a default route using the outbound interface argument. Use one command to propagate the default route into the EIGRP routing process. R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0 R2(router)#redistribute static c. Verify PC1 and PC3 can ping each other as well as R1, R2 and R3. You will not be able to ping Internet hosts yet.

Step 4: Configure R2 with a NAT. a. Configure NAT on R2 using the following guidelines: Only addresses in the 172.16.1.128/25 address space will be translated. Use the number 1 for the access list. Configure PAT on the R2 S0/1/0 interface. R2(config)#access-list 1 permit 172.16.1.128 0.0.0.127 R2(config)#ip nat inside source list 1 interface s0/1/0 overload R2(config)int s0/0/0 R2(config-if)#ip nat inside R2(config)int s0/0/1.201 point-to-point R2(config-if)#ip nat inside R2(config)int s0/1/0 R2(config-if)#ip nat outside

b. Verify that PC1 and PC3 can ping the Internet hosts.

Step 5: Configure Access Control Lists to Satisfy a Security Policy. a. Configure and apply an ACL with the number 50 that implements the following p olicy: Deny any host from the R3 LAN from accessing hosts on the R1 LAN. Hosts on the R3 LAN should be able to ping any other destination. R1(config)#access-list 50 deny 172.16.1.192 0.0.0.63 R1(config)#access-list 50 permit any R1(config)#int fa0/0 R1(config-if)#access-group 50 out b. Verify that ACL 50 is operating as intended.

c. Configure and apply a named ACL with the case-sensitive name FIREWALL that im plements the following policy: Deny ping requests sourced from the Internet. Deny Telnet and HTTP traffic sourced from the Internet. Allow all other traffic. R2(config)#ip access-list extended FIREWALL R2(config-ext-nacl)#deny icmp any any echo R2(config-ext-nacl)#deny tcp any any eq telnet R2(config-ext-nacl)#deny tcp any any eq www R2(config-ext-nacl)#permit ip any any R2(config)#int 0/1/0 R2(config-if)#access-group FIREWALL in

d. Verify the FIREWALL ACL is operating as intended.

You might also like