You are on page 1of 4

Initialize and reload the routers and switches.

........................
Erase the startup-config file on all routers. enable
R1#erase startup-config
Reload routers.
R1#reload
Erase the startup-config file on all switches and remove the old VLAN database.
S1#erase startup-config
S1#delete vlan.dat
Reload switches.
S1#reload
Verify VLAN database is absent from flash on both switches.
S1#show flash
----------------------------------
Step 2: Configure R1:
.....................
Disable DNS lookup
no ip domain lookup
Router name R1
hostname R1
Encrypted privileged exec password: class
enable secret class
Console access password: cisco
line console 0
logging synchronous
password cisco
Telnet access password: cisco
line vty 0 15
password cisco
login
Encrypt the clear text passwords
service password-encryption
MOTD banner Unauthorized Access is Prohibited!
banner motd #Unauthorized Access is Prohibited!#
Set Interface S0/0/0
interface s0/0/0
description R2 fele
ip address 172.16.12.1 255.255.255.252
clock rate 128000
no shutdown
Default route Configure a default route out S0/0/0.
Ip route 0.0.0.0 0.0.0.0 s0/0/0
--------------------------------------------
P: Configure Switch Security, VLANS, and Inter VLAN Routing
.......................
Step 1: Configure S1.
.....................
Create the VLAN database
Use Topology VLAN Key table to create and name each of the listed VLANS.
vlan 31
name Accounting
Assign the management IP address.
interface vlan 99
ip address 192.168.99.2 255.255.255.0
Assign the default-gateway
ip default-gateway 192.168.99.1
Force trunking on Interface F0/3
Use VLAN 1 as the native VLAN.
interface fa0/3
switchport mode trunk
switchport trunk native vlan 1
Configure all other ports as access ports
Use the interface range command.
interface range fa0/1-2, fa0/4, fa0/6-24, g0/1-2
switchport mode access
.......................
Step 3: Configure R1.
...................
Configure 802.1Q subinterface
.31 on G0/1
Description Accounting LAN
Assign VLAN 31.
Assign the first available address to this interface.
interface g0/1.31
encapsulation dotq1 31
description Accounting LAN
ip address 192.168.31.1 255.255.255.0
...........................
Step 1: Configure OSPFv2 on R1.
................................
OSPF Process ID 1
configure terminal
router ospf 1
Router ID 1.1.1.1
router-id 1.1.1.1
Advertise directly connected Networks
Use classless network addresses
Assign all directly connected networks to Area 0
network 172.16.12.0 0.0.0.3 area 0

Set all LAN interfaces as passive


passive-interface g0/1.31
Change the default cost reference bandwidth to support Gigabit interface
calculations 1000
auto-cost reference-bandwidth 1000
Set the serial interface bandwidth 128 Kb/s
interface s0/0/0
bandwidth 128
Adjust the metric cost of S0/0/0 Cost: 7500
ip ospf cost 7500
--------------------------------
Verify OSPF
......................
What command will display all connected OSPFv2 routers?
Show ip ospf neighbor
What command displays a summary list of OSPF interfaces that includes a column for
the cost of each interface?
Show ip interface brief
What command displays the OSPF Process ID, Router ID, Address summarizations,
Routing Networks, and passive interfaces configured on a router?
Show ip protocols
What command displays only OSPF routes?
Show ip route ospf
What command displays detail information about the OSPF interfaces, including the
authentication method?
Show ip OSPF interfaces
What command displays the OSPF section of the running-configuration?
sh run | section ospf
sh run | include ospf
-------------------------
Step 1: Configure R1 as the DHCP server for VLANs 31 and 33.
....................
Reserve the first 20 IP addresses in VLAN 31 for static configurations
ip dhcp excluded-address 192.168.31.1 192.168.31.20
Create a DHCP pool for VLAN 31 Name: ACCT
DNS-Server: 10.10.10.11
Domain-Name: ccna-sba.com
Set the default gateway.
ip dhcp pool ACCT
dns-server 10.10.10.11
domain-name ccna-sba.com
default-router 192.168.31.1
................................
Configure Static and Dynamic NAT on R2
.........................................
Create a local database with 1 user account Username: webuser
Password: cisco12345
Privilege level: 15
user webuser privilege 15 secret cisco12345
Create a static NAT to the Web Server
Inside Global Address: 209.165.200.229
ip nat inside static 10.10.10.1 209.165.200.229
Assign the inside and outside interface for the static NAT
interface g0/0
ip nat outside
interface g0/1
ip nat inside
Configure the dynamic NAT inside private ACL Access List: 1
access-list 1 permit 192.168.31.0 0.0.0.255

Define the pool of usable public IP addresses Pool Name: INTERNET


Pool of addresses include:
209.165.200.225 – 209.165.200.228
ip nat pool INTERNET 209.154.200.225 209.165.200.228 netmask 255.255.255.248
Define the dynamic NAT translation
ip nat source inside list 1pool INTERNET
.............................
Configure and Verify Access Control Lists (ACLs)
....................
Restrict access to VTY lines on R2.
......................
Configure a named access list to only allow R1 to telnet to R2. ACL Name: ADMIN-
MGT
configure terminal
ip access-list standard ADMIN-MGT permit host 172.16.12.1
Apply the named ACL to the VTY lines
line vty 0 15
access-class ADMIN-MGT in
Verify ACL is working as expected,
telnet 172.16.23.2
(Connection refused for foreign host)
..................
Step 2: Secure the network from Internet traffic.
.............................
Configure an Extended ACL to:
• Allow Internet hosts WWW access to the simulated web server on R2 by
accessing the static NAT address (209.165.200.229) that you configured in Part 3.
• Prevent traffic from the Internet from pinging internal networks, while
continuing to allow LAN interfaces to ping the Internet PC.ACL No.: 101
access-list 101 permit tcp any any host 209.165.200.229 eq 80
access-list 101 permit icmp out any echo-reply
Apply ACL to the appropriate interface(s) interface g0/0
ip access-group 101 in
-------------------------
..................
Display the matches an access-list has received since the last reset.
show access-lists
Reset access-list counters.
clear access-list counters
What command is used to display what ACL is applied to an interface and the
direction that it is applied
Show running-config
What command is used to clear dynamic NAT translations?
clear ip nat translation *