Professional Documents
Culture Documents
Topology Diagram
IP Address
10.0.0.1 172.16.0.1 172.16.0.9 209.165.200.161 172.16.0.2 172.16.0.5 10.0.0.129 172.16.0.10 172.16.0.6
Subnet Mask
255.255.255.128 255.255.255.252 255.255.255.252 255.255.255.224 255.255.255.252 255.255.255.252 255.255.255.128 255.255.255.252 255.255.255.252
Default Gateway
N/A N/A N/A N/A N/A N/A N/A N/A N/A
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
Device
PC1 PC3
Interface
NIC NIC
IP Address
10.0.0.10 10.0.0.139
Subnet Mask
255.255.255.128 255.255.255.128
Default Gateway
10.0.0.1 10.0.0.129
Learning Objectives
To complete this lab: Cable a network according to the topology diagram Erase the startup configuration and reload a router to the default state Perform basic configuration tasks on a router Configure and activate interfaces Configure and activate serial interfaces (PPP with CHAP, HDLC, and Frame Relay) Configure RIP on all the routers Configure basic router security Configure ACLs Configure basic NAT
Scenario
This lab tests you on the skills and knowledge that you learned in Exploration 4. Use cisco for all passwords in this lab, except for the enable secret password, which is class.
R1:
Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#banner motd #R1# R1(config)#no ip domain-lookup R1(config)#enable secret class
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 9
R1(config)#line console 0 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#logging synchronous R1(config-line)#exec-timeout 5 R1(config-line)#exit R1(config)#line vty 0 4 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#logging synchronous R1(config-line)#exec-timeout 5 R1(config-line)#exit
R2:
Router>enable Router#configure terminal Router(config)#hostname R2 R2(config)#banner motd #R2# R2(config)#no ip domain-lookup R2(config)#enable secret class R2(config)#line console 0 R2(config-line)#password cisco R2(config-line)#login R2(config-line)#logging synchronous R2(config-line)#exec-timeout 5 R2(config-line)#exit R2(config)#line vty 0 4 R2(config-line)#password cisco R2(config-line)#login R2(config-line)#logging synchronous R2(config-line)#exec-timeout 5 R2(config-line)#exit
R3:
Router>enable Router#configure terminal Router(config)#hostname R3 R3(config)#banner motd #R3# R3(config)#no ip domain-lookup R3(config)#enable secret class R3(config)#line console 0 R3(config-line)#password cisco R3(config-line)#login R3(config-line)#logging synchronous R3(config-line)#exec-timeout 5 R3(config-line)#exit
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 9
R1:
R1(config)#interface fastEthernet0/1 R1(config-if)#ip address 10.0.0.1 255.255.255.128 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface Serial0/0/0 R1(config-if)#ip address 172.16.0.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface Serial0/0/1 R1(config-if)#ip address 172.16.0.9 255.255.255.252 R1(config-if)#no shutdown R1(config-if)#end R1#show ip interface brief
R2:
R2(config)#interface Serial0/0/0 R2(config-if)#ip address 172.16.0.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface Serial0/0/1 R2(config-if)#ip address 172.16.0.5 255.255.255.252 R1(config-if)#clock rate 64000 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface Loopback0 R2(config-if)#ip address 209.165.200.161 255.255.255.224 R2(config-if)#no shutdown R2(config-if)#end R2#show ip interface brief
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 9
R3:
R3(config)#interface fastEthernet0/1 R3(config-if)#ip address 10.0.0.129 255.255.255.128 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#interface Serial0/0/0 R3(config-if)#ip address 172.16.0.10 255.255.255.252 R3(config-if)#clock rate 64000 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#interface Serial0/0/1 R3(config-if)#ip address 172.16.0.6 255.255.255.252 R3(config-if)#no shutdown R3(config-if)#end R3#show ip interface brief
R1:
R1#configure terminal R1(config)#username R2 password cisco R1(config)#interface Serial0/0/0 R1(config-if)#encapsulation ppp R1(config-if)#ppp authentication chap R1(config-if)#exit R1(config)#interface Serial0/0/1 R1(config-if)#encapsulation frame-relay R1(config-if)#frame-relay map ip 172.16.0.9 101 broadcast R1(config-if)#frame-relay map ip 172.16.0.10 101 broadcast R1(config-if)#frame-relay interface-dlci 101 R1(config-if)#no keepalive R1(config-if)#end R1#show R1#show R3#show R3#show interface Serial0/0/0 interface Serial0/0/1 frame-relay pvc frame-relay map
R2:
R2#configure terminal R2(config)#username R1 password cisco R2(config)#interface Serial0/0/0 R2(config-if)#encapsulation ppp
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 9
R2(config-if)#ppp authentication chap R2(config-if)#exit R2(config)#interface Serial0/0/1 R2(config-if)#encapsulation hdlc R2(config-if)#end R2#show interface Serial0/0/0 R2#show interface Serial0/0/1
R3:
R3#configure terminal R3(config)#interface Serial0/0/0 R3(config-if)#encapsulation frame-relay R3(config-if)#frame-relay map ip 172.16.0.10 101 broadcast R3(config-if)#frame-relay map ip 172.16.0.9 101 broadcast R3(config-if)#frame-relay interface-dlci 101 R3(config-if)#no keepalive R3(config-if)#exit R3(config)#interface Serial0/0/1 R3(config-if)#encapsulation hdlc R3(config-if)#end R3#show R3#show R3#show R3#show interface Serial0/0/0 interface Serial0/0/1 frame-relay pvc frame-relay map
R1:
R1#configure terminal R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 10.0.0.0 R1(config-router)#network 172.16.0.0 R1(config-router)#passive-interface fastEthernet0/1 R1(config-router)#no auto-summary R1(config-router)#end R1#show ip protocols R1#show ip route
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 9
R2:
R2#configure terminal R2(config)#ip route 0.0.0.0 0.0.0.0 Loopback0 R2(config)#router rip R2(config-router)#version 2 R2(config-router)#network 172.16.0.0 R2(config-router)#no auto-summary R2(config-router)#redistribute static R2(config-router)#end R2#show ip protocols R2#show ip route
R3:
R3#configure terminal R3(config)#router rip R1(config-router)#version 2 R3(config-router)#network 10.0.0.0 R3(config-router)#network 172.16.0.0 R3(config-router)#passive-interface fastEthernet0/1 R3(config-router)#no auto-summary R3(config-router)#end R3#show ip protocols R3#show ip route
R2:
R2#configure terminal R2(config)#username cisco password cisco R2(config)#aaa new-model R2(config)#aaa authentication login LOCAL_AUTH local R2(config)#line vty 0 4 R2(config-line)#login authentication LOCAL_AUTH R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no service pad service finger service udp-small-server service tcp-small-server ip bootp server ip http server ip finger ip source-route ip gratuitous-arps
Page 7 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
R1:
R1#configure terminal R1(config)#access-list R1(config)#access-list R1(config)#access-list R1(config)#access-list 101 101 101 101 permit tcp host 172.16.0.2 any eq 23 permit tcp host 172.16.0.5 any eq 23 deny tcp any any eq 23 permit ip any any
R2:
R2#configure terminal R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list 102 102 102 102 102 deny tcp any host deny tcp any host deny tcp any host deny tcp any host permit ip any any 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.10 eq eq eq eq 80 23 21 20
R3:
R3#configure terminal R3(config)#access-list R3(config)#access-list R3(config)#access-list R3(config)#access-list 101 101 101 101 permit tcp host 172.16.0.2 any eq 23 permit tcp host 172.16.0.5 any eq 23 deny tcp any any eq 23 permit ip any any
R3(config)#line vty 0 4 R3(config-line)#access-class 101 in R3(config-line)#end R3(config)#access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10 R3(config)#access-list 103 permit ip any any
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 9
R3(config)#interface Serial0/0/0 R3(config-if)#ip access-group 103 out R3(config-if)#exit R3(config)#interface Serial0/0/1 R3(config-if)#ip access-group 103 out R3(config-if)#end R3#show ip access-lists
R3:
R3#configure terminal R3(config)#access-list 104 permit ip 10.0.0.128 0.0.0.127 any R3(config)#ip nat inside source list 104 interface Serial0/0/0 overload R3(config)#interface fastEthernet0/1 R3(config-if)#ip access-group 104 in R3(config-if)#ip nat inside R3(config-if)#exit R3(config)#interface Serial0/0/0 R3(config-if)#ip nat outside R3(config-if)#exit R3(config)#interface Serial0/0/1 R3(config-if)#ip nat outside R3(config-if)#end R3#show ip access-lists
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 9