Scribd Logo
Upload

Welcome to Scribd!

  • Project

    Uploaded by

    Qaxraman Sadullaev
    196 views12 pages
    This document contains configurations for several network devices: - ISP1, R1, and R2 are configured with IP addresses on their interfaces to establish connectivity between them. VLANs and routing protocols are configured. - RCom connects R1 and R2 and participates in OSPF routing. - HQ-CS, HQ-AS1, and HQ-AS2 are configured as access switches with VLANs, trunking, and default gateways. - BR-CS and BR-AS1 are similarly configured to connect the HQ and remote networks, with inter-VLAN routing.

    Original Description:

    фффы

    Original Title

    project

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains configurations for several network devices: - ISP1, R1, and R2 are configured with IP addresses on their interfaces to establish connectivity between them. VLANs and routing protocols are configured. - RCom connects R1 and R2 and participates in OSPF routing. - HQ-CS, HQ-AS1, and HQ-AS2 are configured as access switches with VLANs, trunking, and default gateways. - BR-CS and BR-AS1 are similarly configured to connect the HQ and remote networks, with inter-VLAN routing.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    196 views12 pages

    Project

    Uploaded by

    Qaxraman Sadullaev
    This document contains configurations for several network devices: - ISP1, R1, and R2 are configured with IP addresses on their interfaces to establish connectivity between them. VLANs and routing protocols are configured. - RCom connects R1 and R2 and participates in OSPF routing. - HQ-CS, HQ-AS1, and HQ-AS2 are configured as access switches with VLANs, trunking, and default gateways. - BR-CS and BR-AS1 are similarly configured to connect the HQ and remote networks, with inter-VLAN routing.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    ISP 1

    en
    conf t
    hostname ISP1
    service password-encryption
    enable secret class
    line con 0
    password cisco
    login
    exit
    int gigabitEthernet 0/0
    ip address 209.17.21.1 255.255.255.252
    no shutdown
    int gigabitEthernet 0/1
    ip address 209.17.22.1 255.255.255.252
    no shutdown
    int gigabitEthernet 0/2
    ip address 209.17.23.1 255.255.255.252
    no shutdown
    exit

    R1

    en
    conf t
    hostname R1
    enable secret class
    service password-encryption
    ip domain-name iitu.local
    no ip domain-lookup
    username user privilege 0 secret cisco
    username admin privilege 15 secret cisco
    cry key generate rsa
    1024
    ip ssh version 2
    line vty 0 15
    access-class 99 in
    transport input ssh
    login local
    logging synchronous
    exit
    line con 0
    login local
    int g0/0/0
    ip address 209.17.21.2 255.255.255.252
    no shutdown
    int s0/1/0
    ip add 10.27.21.2 255.255.255.252
    no shutdown
    exit
    interface g0/0/1
    no shutdown
    interface g0/0/1.10
    description VLAN10
    en dot 10
    ip add 10.17.21.1 255.255.255.0
    interface g0/0/1.20
    description VLAN20
    en dot 20
    ip add 10.17.22.1 255.255.255.0
    interface g0/0/1.40
    description VLAN40
    en dot 40
    ip add 10.17.24.1 255.255.255.0
    exit
    router ospf 1
    network 209.17.21.0 0.0.0.3 area 0
    network 10.27.21.0 0.0.0.3 area 0
    network 10.17.21.0 0.0.0.255 area 0
    network 10.17.22.0 0.0.0.255 area 0
    passive-interface g0/0/1.10
    passive-interface g0/0/1.20
    passive-interface g0/0/1.40
    exit
    ip route 209.17.23.0 255.255.255.252 209.17.21.1
    ip dhcp pool Vlan10
    network 10.17.21.0 255.255.255.0
    default-router 10.17.21.1
    dns-server 8.8.8.8
    exit
    ip dhcp pool Vlan20
    network 10.17.22.0 255.255.255.0
    default-router 10.17.422.1
    dns-server 8.8.8.8
    exit
    ip dhcp excluded-address 10.17.21.1
    ip dhcp excluded-address 10.17.22.1
    ip dhcp excluded-address 10.17.24.1
    ip dhcp excluded-address 10.17.21.252

    crypto isakmp policy 10


    encryption aes 256
    authentication pre-share
    group 5

    access-list 100 permit ip 10.110.23.0 0.0.4.255 10.110.21.0 0.0.4.255


    crypto isakmp key secretkey address 10.210.21.2
    crypto ipsec transform-set R2->R1 esp-aes 256 esp-sha-hmac

    crypto map IPSEC-MAP 10 ipsec-isakmp


    set peer 10.210.21.2
    set pfs group5
    set security-association lifetime seconds 86400
    set transform-set R2->R1
    match address 100

    int s0/1/0
    crypto map IPSEC-MAP
    R2

    en
    conf t
    hostname R2
    enable secret class
    service password-encryption
    ip domain-name iitu.local
    no ip domain-lookup
    username user privilege 0 secret cisco
    username admin privilege 15 secret cisco
    cry key generate rsa
    1024
    ip ssh version 2
    line vty 0 15
    access-class 99 in
    transport input ssh
    login local
    logging synchronous
    exit
    line con 0
    login local
    int g0/0/1
    ip address 209.17.22.2 255.255.255.252
    no shutdown
    int s0/1/0
    ip add 10.27.22.2 255.255.255.252
    no shutdown
    exit
    interface g0/0/0
    no shutdown
    interface g0/0/0.30
    description VLAN30
    en dot 30
    ip add 10.17.23.1 255.255.255.0
    interface g0/0/0.50
    description VLAN50
    en dot 50
    ip add 10.17.25.1 255.255.255.0
    interface g0/0/0.40
    description VLAN40
    en dot 40
    ip add 10.17.24.1 255.255.255.0
    exit
    router ospf 1
    network 209.17.22.0 0.0.0.3 area 0
    network 10.17.23.0 0.0.0.255 area 0
    network 10.27.22.0 0.0.0.3 area 0
    network 10.17.25.0 0.0.0.255 area 0
    passive-interface g0/0/0.30
    passive-interface g0/0/0.50
    passive-interface g0/0/0.40
    exit
    ip route 209.17.23.0 255.255.255.252 209.17.22.1
    ip dhcp pool Vlan30
    network 10.17.23.0 255.255.255.0
    default-router 10.17.43.1
    dns-server 8.8.8.8
    exit
    ip dhcp pool Vlan50
    network 10.17.25.0 255.255.255.0
    default-router 10.17.25.1
    dns-server 8.8.8.8
    exit
    ip dhcp excluded-address 10.17.23.1
    ip dhcp excluded-address 10.17.25.1
    ip dhcp excluded-address 10.17.24.1
    ip dhcp excluded-address 10.17.21.252

    crypto isakmp policy 10


    encryption aes 256
    authentication pre-share
    group 5

    access-list 100 permit ip 10.110.23.0 0.0.4.255 10.110.21.0 0.0.4.255


    crypto isakmp key secretkey address 10.210.21.2
    crypto ipsec transform-set R2->R1 esp-aes 256 esp-sha-hmac

    crypto map IPSEC-MAP 10 ipsec-isakmp


    set peer 10.210.21.2
    set pfs group5
    set security-association lifetime seconds 86400
    set transform-set R2->R1
    match address 100

    int s0/1/0
    crypto map IPSEC-MAP

    Rcom

    en
    conf t
    hostname RCom
    service password-encryption
    enable secret class
    line con 0
    password cisco
    login
    exit
    int s0/3/0
    ip address 10.27.21.1 255.255.255.252
    no shutdown
    int s0/3/1
    ip address 10.27.22.1 255.255.255.252
    no shutdown
    exit
    router ospf 1
    network 10.27.21.0 0.0.0.3 area 0
    network 10.27.22.0 0.0.0.3 area 0
    network 10.17.21.0 0.0.0.255 area 0
    network 10.17.22.0 0.0.0.255 area 0
    network 10.17.23.0 0.0.0.255 area 0
    network 10.17.25.0 0.0.0.255 area 0

    HQ-CS
    en
    conf t
    hostname HQ-CS
    enable secret class
    service password-encryption
    ip domain-name iitu.local
    no ip domain-lookup
    username user privilege 0 secret cisco
    username admin privilege 15 secret cisco
    cry key generate rsa
    1024
    ip ssh version 2
    line vty 0 15
    transport input ssh
    login local
    exit
    line con 0
    login local
    exit
    vlan 40
    name Management
    vlan 99
    name Native
    interface FastEthernet0/1
    switchport mode access
    switchport access vlan 10
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    int range f0/23-24
    channel-group 1 mode on
    no channel-protocol lacp
    no shutdown
    int range f0/21-22
    channel-group 2 mode on
    no channel-protocol lacp
    no shutdown
    exit
    int range f0/21-24
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan 10,20,99
    switchport nonegotiate
    no shutdown
    interface GigabitEthernet0/1
    switchport mode trunk
    switchport trunk native vlan 99
    switchport nonegotiate
    switchport trunk allowed vlan 10,20,99
    no shutdown
    int range f0/2-20, g0/2
    shutdown
    int vlan 40
    description Management
    ip add 10.17.24.2 255.255.255.0
    no shut
    exit
    int po1
    switchport mode trunk
    switchport trunk native vlan 99
    switchport nonegotiate
    switchport trunk allowed vlan 10,20,99
    int po2
    switchport mode trunk
    switchport trunk native vlan 99
    switchport nonegotiate
    switchport trunk allowed vlan 10,20,99
    exit
    ip def 10.17.24.1

    HQ-AS1
    en
    conf t
    hostname HQ-AS1
    enable secret class
    service password-encryption
    ip domain-name iitu.local
    no ip domain-lookup
    username user privilege 0 secret cisco
    username admin privilege 15 secret cisco
    cry key generate rsa
    1024
    ip ssh version 2
    line vty 0 15
    transport input ssh
    login local
    exit
    line con 0
    login local
    exit
    vlan 40
    name Management
    vlan 99
    name Native
    interface FastEthernet0/1
    switchport mode access
    switchport access vlan 10
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    interface FastEthernet0/2
    switchport mode access
    switchport access vlan 20
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    int range f0/23-24
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan 10,20,99
    switchport nonegotiate
    no shutdown
    channel-group 1 mode on
    no channel-protocol lacp
    int range f0/3-22, g0/1-2
    shutdown
    int vlan 40
    description Management
    ip add 10.17.24.3 255.255.255.0
    no shut
    exit
    ip def 10.17.24.1

    HQ-AS2
    en
    conf t
    hostname HQ-AS2
    enable secret class
    service password-encryption
    ip domain-name iitu.local
    no ip domain-lookup
    username user privilege 0 secret cisco
    username admin privilege 15 secret cisco
    cry key generate rsa
    1024
    ip ssh version 2
    line vty 0 15
    transport input ssh
    login local
    exit
    line con 0
    login local
    exit
    vlan 40
    name Management
    vlan 99
    name Native
    interface FastEthernet0/1
    switchport mode access
    switchport access vlan 10
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    interface FastEthernet0/2
    switchport mode access
    switchport access vlan 20
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    int range f0/23-24
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan 10,20,99
    switchport nonegotiate
    no shutdown
    channel-group 2 mode on
    no channel-protocol lacp
    int range f0/3-22, g0/1-2
    shutdown
    int vlan 40
    description Management
    ip add 10.17.24.4 255.255.255.0
    no shut
    exit
    ip def 10.17.24.1

    BR-CS
    enable
    configure terminal
    hostname BR-CS
    enable secret class
    username user privilege 0 secret cisco
    username admin privilege 15 secret cisco
    no ip domain-lookup
    ip domain-name iitu.local
    crypto key generate rsa
    1024
    line vty 0 15
    transport input ssh
    login local
    exit
    ip ssh version 2
    service password-encryption
    line con 0
    login local
    exit
    vlan 40
    name Management
    vlan 99
    name Native
    int range f0/23-24
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan 30,50,99
    switchport nonegotiate
    channel-group 1 mode on
    no channel-protocol lacp
    no shutdown
    int range f0/21-22
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan 30,50,99
    switchport nonegotiate
    channel-group 2 mode on
    no channel-protocol lacp
    no shutdown
    interface GigabitEthernet0/1
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan 30,50,99
    switchport nonegotiate
    no shutdown
    int range f0/1-20, g0/2
    shutdown
    exit
    int vlan 40
    description Management
    ip add 10.17.24.2 255.255.255.0
    exit
    ip def 10.17.24.1

    BR-AS1
    en
    conf t
    hostname BR-AS1
    enable secret class
    service password-encryption
    ip domain-name iitu.local
    no ip domain-lookup
    username user privilege 0 secret cisco
    username admin privilege 15 secret cisco
    cry key generate rsa
    1024
    ip ssh version 2
    line vty 0 15
    transport input ssh
    login local
    exit
    line con 0
    login local
    exit
    vlan 40
    name Management
    vlan 99
    name Native
    interface FastEthernet0/1
    switchport mode access
    switchport access vlan 30
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    interface FastEthernet0/2
    switchport mode access
    switchport access vlan 50
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    int range f0/23-24
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan 30,50,99
    switchport nonegotiate
    no shutdown
    channel-group 1 mode on
    no channel-protocol lacp
    int range f0/3-22, g0/1-2
    shutdown
    int vlan 40
    description Management
    ip add 10.17.24.3 255.255.255.0
    no shut
    exit
    ip def 10.17.24.1

    BR-AS2
    en
    conf t
    hostname BR-AS2
    enable secret class
    service password-encryption
    ip domain-name iitu.local
    no ip domain-lookup
    username user privilege 0 secret cisco
    username admin privilege 15 secret cisco
    cry key generate rsa
    1024
    ip ssh version 2
    line vty 0 15
    transport input ssh
    login local
    exit
    line con 0
    login local
    exit
    vlan 40
    name Management
    vlan 99
    name Native
    interface FastEthernet0/1
    switchport mode access
    switchport access vlan 30
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    interface FastEthernet0/2
    switchport mode access
    switchport access vlan 50
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address sticky
    spanning-tree portfast
    spanning-tree bpduguard enable
    no shutdown
    int range f0/23-24
    switchport mode trunk
    switchport trunk native vlan 99
    switchport trunk allowed vlan 30,50,99
    switchport nonegotiate
    no shutdown
    channel-group 2 mode on
    no channel-protocol lacp
    int range f0/3-22, g0/1-2
    shutdown
    int vlan 40
    description Management
    ip add 10.17.24.4 255.255.255.0
    no shut
    exit
    ip def 10.17.24.1

    R1
    access-list 1 permit host 10.27.21.1
    access-list 1 permit host 10.27.22.1
    ip nat inside source list 1 interface g0/0/0 overload

    int g0/0/1
    ip nat inside
    no sh

    int g0/0/0
    ip nat outside
    no sh
    exit
    ip nat inside source static 209.17.21.2 64.17.25.1

    R2
    access-list 1 permit host 10.17.23.1
    access-list 1 permit host 10.17.25.1
    ip nat inside source list 1 interface g0/0/1 overload

    int g0/0/0
    ip nat inside

    int g0/0/1
    ip nat outside
    exit

    You might also like