Professional Documents
Culture Documents
Exercício
prático
de
configuração
de
redes
e
serviços.
©
2015
Ricardo
Morla
1
Network
Topology
Management Address
Switch A Switch C Networks
and Router ID
F0/1
Management
Station
F0/1 Office PC1
Management 10.1.0.0/16
Router A 10.1.0.1
2
Equipment
• 3
Cisco
2900
Routers
• 3
Cisco
3560
Switches
• 1
DLink
DWL-‐2100AP
Wireless
Access
Point
• 12
Linux
boxes
• 3
Racks.
Each
has
a
router,
a
switch,
4
Linux
boxes,
and
a
patch
panel.
• Assortment
of
cables
Equipment
Reset
1. Setup
the
cables
in
each
rack
with
the
standard
lab
configuration.
a. eth0
on
box
X
connects
to
Fa0/X
on
the
switch
b. G0/1
on
the
switch
connects
to
the
top
left
port
on
the
patch
panel.
2. Switches:
erase
startup-‐config
and
vlan.dat,
and
reload.
delete flash:vlan.dat
write erase
reload
3. Routers:
Erase
startup-‐config
and
reload.
write erase
reload
4. PCs
sudo apt-get purge openvswitch-switch # on store switches /
# top box on racks B and C
Before
you
leave
the
lab:
set
back
to
Lab
default
1. Switches
(X
is
the
rack
number)
del flash:vlan.dat
copy flash:tuxX-clean startup-config
reload
2. Routers
copy flash:tuxX-clean startup-config
reload
3
Configuration
Guidelines
1. Use
the
group
of
three
racks
close
to
one
of
the
walls
that
was
specified
for
you,
or
pick
one.
Rack
A
is
the
one
closest
to
the
door.
2. Do
the
initial
switch
setup
on
the
switch
on
rack
A.
a. Turn
on
the
top
Linux
box.
This
will
be
your
management
station.
Get
the
patch
panel
connections
straight
so
that
you
have
an
RS-‐232
connection
to
the
Switch’s
console.
b. Erase
startup-‐config
and
vlan.dat.
Reload
the
switch
configuration.
c. Configure
the
switch
name
(SwitchA)
and
message
of
the
day
(netlab is cool)
d. Secure
access
to
the
switch’s
privileged
exec
mode,
console,
and
SSH-‐enabled
VTY
lines.
Use
the
default
password
for
the
network
devices
in
the
lab.
e. Make
sure
any
passwords
are
securely
stored
in
the
configuration
files.
f. Setup
synchronous
message
logging
to
the
console.
g. Disable
name
resolution.
h. Save
the
running
configuration
to
the
NVRAM
startup
file.
3. Configure
a
management
network
that
will
allow
you
to
remotely
access
your
routers
and
switches.
The
following
applies
to
switch
A
unless
otherwise
specified.
a. Create
VLAN
88.
Name
it
“NotUsed”.
b. Disable
all
Ethernet
ports,
set
them
on
VLAN
88,
and
disable
automatic
VLAN
negotiation.
c. Connect
switch
A
to
switch
B
and
switch
A
to
switch
C
according
to
the
port
table
provided.
d. Create
VLAN
199.
Name
it
“Management”.
e. Configure
the
ports
on
switch
A
that
connect
to
switches
B
and
C
to
carry
management
traffic.
Note:
in
the
remaining
of
this
setup
these
ports
will
need
to
be
configured
to
carry
other
traffic
as
well.
f. Give
switch
A
an
address
on
the
management
network.
g. Setup
the
port
on
switch
A
to
which
the
management
station
will
connect.
h. Configure
the
IP
address
of
the
management
station.
Test
the
ssh
connection
to
switch
A
from
the
management
station.
i. Perform
the
initial
configuration
on
the
other
switches
and
routers
and
setup
SSH
access
to
their
consoles
from
the
management
station.
Use
the
patch
panel
schematics
to
understand
how
to
connect
the
switches
and
routers
to
the
RS-‐232
port
of
the
management
station.
For
sake
of
time
you
just
need
to
1)
erase
startup-‐config
and
vlan.dat
files
and
reload
the
switch
configuration,
2)
configure
the
names
of
the
switches
and
routers,
3)
setup
SSH
access,
and
4)
give
them
addresses
on
the
management
network.
4
5
6. Routing
a. Configure
dynamic
routing
between
all
the
networks
except
for
management
and
public
networks.
Identify
the
routers
with
their
management
interface.
Use
a
single
area
OSPF
process
ID
100
on
routers
A,
B,
and
C
and
on
switch
A.
b. Propagate
the
default
route
to
the
Internet.
Verify
that
there
is
no
connectivity
to
the
Internet
from
all
devices
except
Router
A.
c. Configure
routing
such
that
it
only
sends
routing
control
messages
on
required
interfaces.
7. Store
Networks
a. The
store
switches
are
the
top
Linux
boxes
on
rack
B
(store
1)
and
C
(store
2).
They
will
be
running
a
software
switch
called
openvswitch.
You
need
to
install
and
configure
each
of
the
two
switches/boxes
as
follows.
• Connect
the
top
Linux
box
to
the
lab
network
on
the
first
port
of
the
patch
panel.
• Reboot
the
box
with
the
“ubuntu-‐server
labwork”
image.
You
will
need
the
lab’s
username
(labroot)
and
password
(bill9gates).
• Do
sudo apt-get update
• Do
sudo apt-get install openvswitch-switch
• Configure
the
store
switch
as
follows.
Setup
the
links
to
the
store
PC
and
the
router
on
the
patch
panel
accordingly.
ovs-vsctl add-br br-store1
ovs-vsctl add-port br-store1 eth0
ovs-vsctl add-port br-store1 eth1
ovs-vsctl add-port br-store1 eth2 tag=303
#tag=304 for store 2
ifconfig eth0 promisc up
ifconfig eth1 promisc up
ifconfig eth2 promisc up
b. Configure
the
router
B
and
C
network
interfaces
on
the
Core12
network
using
VLAN
112
through
the
store
switches.
Make
sure
dynamic
routing
knows
about
this
link
and
network.
c. Configure
routers
B
and
C
to
provide
first
hop
redundancy
using
the
Hot
Standby
Routing
Protocol.
C
is
the
standby
router
of
store
1
and
B
the
standby
router
of
store
2.
Use
the
second
host
address
of
the
store
network
for
the
standby
router
and
the
last
host
address
for
the
default
gateway.
6
8. Connectivity
for
the
nodes
on
the
Server,
Offices,
Guests,
and
Store
networks.
a. Configure
DHCP
for
the
nodes
in
these
networks
in
router
A.
Exclude
manually
assigned
addresses.
Activate
DHCP
relaying
where
needed.
Test
node
connectivity
to
router
A’s
Core00
interface.
b. Allow
NAT
access
to
the
Internet
from
nodes
in
these
networks
and
from
nodes
on
the
Public
network.
Use
a
standard
access
list
with
two
rules
only.
c. Configure
DHCP
such
that
the
nodes
use
the
lab’s
DNS
server
located
at
172.16.1.1.
d. Configure
the
wireless
access.
Wireless
nodes
should
be
on
the
Guests
network.
• Reset
the
AP
and
configure
the
admin
password.
The
default
IP
address
is
192.168.0.50.
• Configure
WPA-‐PSK
security
using
password
netlab123.
• Setup
the
wireless
node
and
check
connectivity
to
the
Internet.
9. Access
control
a. Configure
access
control
between
access
networks
as
follows.
Place
the
access
rules
where
they
can
stop
more
traffic
from
flowing
in
the
network.
• Nodes
on
the
Server,
Offices,
and
Stores
networks
should
not
have
access
to
the
Core,
Public,
and
Guests
networks.
• Nodes
on
the
Guests
network
should
only
have
access
to
the
Internet.
b. Don’t
allow
packets
out
to
the
Internet
if
their
destination
address
is
one
of
the
internal
networks.
Use
a
standard
access
list
with
a
single
rule.
c. Configure
port
forwarding
such
that
the
Web
server
on
the
Public
network
can
respond
to
SSH,
HTTP,
and
HTTPS
requests
that
are
made
from
the
Internet
to
the
external
DHCP-‐assigned
IP
address.
d. Block
all
requests
from
the
Internet
except
for:
• ICMP
requests
• The
SSH,
HTTP,
and
HTTPS
services
offered
by
the
Web
server.
• NAT
connections
to
the
internal
networks.
Make
sure
internal
nodes
can
ping
nodes
on
the
Internet.
10. Save
the
6
configuration
files
of
the
routers
and
switches
on
a
folder
in
the
management
station.
7