Thứ Bảy, 26 tháng 7, 2014

S3-OpenLab Full - test thử

1.      Access, Trunking, Etherchannel

 2.      VTP,VLAN and Spanning-tree

3. Assign IP address for Router’s interfaces with rules as follow: Gate1 +1; Gate2 +2; SW.STAFF-Core : + 1

 4.      Routing and Inter-Vlan routing
  
5.      DHCP, HSRP
5.1 DHCP:
+  GATE1 : config as DHCP server for vlan 20 and 30 with information in the table below
+STAFF-DHCPv4 : Enable DHCP relay agent on SW.STAFF-Core
5.2 HSRP: 
Configure HSRP in GATE1 and GATE2 for Server_Farm lan with group 10 and IP default gateway as 10.1.1.10 . GATE1 has priority as 200, GATE2 has priority as 100
6.      Wireless router
-          Internet interface’s IP address: 199.99.10.2/24
-          Lan port’s IP address: 172.16.1.1/24
-          DHCP: start IP: +10; maximum user: 220
-          SSID: student.BK
- Channel : 6
-          Security: WPA2 Personal, password “bkacadcisco”
7. Configure mail server
________________________________________________________________
hostname GATE
!
ipv6 unicast-routing
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 20.1.1.2 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2013:20:1::3/64
 ipv6 eigrp 99
!
interface GigabitEthernet0/1
 ip address 20.1.1.5 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2013:20:2::3/64
 ipv6 eigrp 99
!
interface GigabitEthernet0/2
 ip address 200.0.0.1 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2013:14::3/64
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 20.1.1.0 0.0.0.3 area 0
 network 20.1.1.4 0.0.0.3 area 0
 default-information originate
!
ipv6 router eigrp 99
 router-id 3.3.3.3
 no shutdown
 redistribute static
!
ip classless
ip route 0.0.0.0 0.0.0.0 200.0.0.2
!
ipv6 route ::/0 2013:14::2
!
no cdp run
!
end

hostname GATE1(DHCPv4&v6)
!
ip dhcp excluded-address 199.99.30.1 199.99.30.19
ip dhcp excluded-address 199.99.20.1 199.99.20.9
ip dhcp excluded-address 199.99.30.120 199.99.30.254
ip dhcp excluded-address 199.99.20.210 199.99.20.254
!
ip dhcp pool Insipv4
 network 199.99.30.0 255.255.255.0
 default-router 199.99.30.1
 dns-server 8.8.8.8
ip dhcp pool Studentipv4
 network 199.99.20.0 255.255.255.0
 default-router 199.99.20.1
 dns-server 8.8.8.8
ipv6 unicast-routing
!
!
ipv6 dhcp pool ipv6r&d
 dns-server 2013:100::100
!
license udi pid CISCO2911/K9 sn FTX152463OW
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2013:46::1/64
 ipv6 eigrp 99
 standby version 2
 standby 10 ip 10.1.1.10
 standby 10 priority 200
!
interface GigabitEthernet0/1
 ip address 20.1.1.1 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2013:20:1::1/64
 ipv6 eigrp 99
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.10
 encapsulation dot1Q 10
 ip address 199.99.10.1 255.255.255.0
!
interface GigabitEthernet0/2.20
 encapsulation dot1Q 20
 ip address 199.99.20.1 255.255.255.0
!
interface GigabitEthernet0/2.30
 encapsulation dot1Q 30
 ip address 199.99.30.1 255.255.255.0
!
interface GigabitEthernet0/2.40
 encapsulation dot1Q 40
 ip address 199.99.40.1 255.255.255.0
!
interface GigabitEthernet0/2.44
 encapsulation dot1Q 44
 no ip address
 ipv6 address 2013:44::1/64
 ipv6 nd other-config-flag
 ipv6 eigrp 99
 ipv6 dhcp server ipv6r&d
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 20.1.1.0 0.0.0.3 area 0
 network 10.1.1.0 0.0.0.255 area 0
 network 199.99.10.0 0.0.0.255 area 0
 network 199.99.20.0 0.0.0.255 area 0
 network 199.99.30.0 0.0.0.255 area 0
 network 199.99.40.0 0.0.0.255 area 0
!
ipv6 router eigrp 99
 router-id 1.1.1.1
 no shutdown
!
ip classless
!
End

hostname GATE2
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX1524XXE7
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 10.1.1.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2013:46::2/64
 ipv6 eigrp 99
 standby version 2
 standby 10 ip 10.1.1.10
!
interface GigabitEthernet0/1
 ip address 20.1.1.6 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2013:20:2::2/64
 ipv6 eigrp 99
!
interface GigabitEthernet0/2
 ip address 199.99.55.2 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 20.1.1.4 0.0.0.3 area 0
 network 10.1.1.0 0.0.0.255 area 0
 network 199.99.55.0 0.0.0.255 area 0
!
ipv6 router eigrp 99
 router-id 2.2.2.2
 no shutdown
!
ip classless
!
End

hostname Switch
!
spanning-tree mode pvst
!
interface Vlan1
 no ip address
 shutdown
!
End

hostname SW.INS-01
!
spanning-tree mode pvst
spanning-tree vlan 10,20,30,40 priority 24576
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 channel-protocol lacp
 channel-group 1 mode active
 switchport mode trunk
!
interface FastEthernet0/3
 channel-protocol lacp
 channel-group 1 mode active
 switchport mode trunk
!
interface FastEthernet0/4
 switchport access vlan 30
 switchport mode access
 spanning-tree portfast
!
interface Port-channel 1
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
End

hostname SW.INS-02
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 channel-protocol lacp
 channel-group 1 mode active
 switchport mode trunk
!
interface FastEthernet0/3
 channel-protocol lacp
 channel-group 1 mode active
 switchport mode trunk
!
interface FastEthernet0/4
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 44
 switchport mode access
 spanning-tree portfast
!
interface Port-channel 1
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
End

hostname SW.STAFF-Client1
!
spanning-tree mode pvst
spanning-tree vlan 33,44 priority 24576
spanning-tree vlan 11,22 priority 28672
!
interface FastEthernet0/1
channel-protocol pagp
 channel-group 1 mode desirable
 switchport mode trunk
!
interface FastEthernet0/2
channel-protocol pagp
 channel-group 1 mode desirable
 switchport mode trunk
!
interface FastEthernet0/3
 switchport access vlan 11
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
!
interface FastEthernet0/5
 channel-group 3 mode on
 switchport mode trunk
!
interface FastEthernet0/6
 channel-group 3 mode on
 switchport mode trunk
!
interface Port-channel 1
 switchport mode trunk
!
interface Port-channel 3
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
End

hostname SW.STAFF-Client2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport access vlan 22
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
!
interface FastEthernet0/3
channel-protocol pagp
 channel-group 2 mode desirable
 switchport mode trunk
!
interface FastEthernet0/4
channel-protocol pagp
 channel-group 2 mode desirable
 switchport mode trunk
!
interface FastEthernet0/5
 channel-group 3 mode on
 switchport mode trunk
!
interface FastEthernet0/6
 channel-group 3 mode on
 switchport mode trunk
!
interface Port-channel 2
 switchport mode trunk
!
interface Port-channel 3
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
End

hostname SW.STAFF-Core
!
ip routing
!
spanning-tree mode pvst
spanning-tree vlan 11,22 priority 24576
spanning-tree vlan 33,44 priority 28672
!
interface FastEthernet0/1
channel-protocol pagp
 channel-group 1 mode desirable
!
interface FastEthernet0/2
channel-protocol pagp
 channel-group 1 mode desirable
!
interface FastEthernet0/3
channel-protocol pagp
 channel-group 2 mode desirable
!
interface FastEthernet0/4
channel-protocol pagp
 channel-group 2 mode desirable
!
interface FastEthernet0/5
 no switchport
 ip address 199.99.55.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/6
 switchport access vlan 33
 switchport mode access
 spanning-tree portfast
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 188.88.11.1 255.255.255.0
 ip helper-address 188.88.33.10
!
interface Vlan22
 ip address 188.88.22.1 255.255.255.0
 ip helper-address 188.88.33.10
!
interface Vlan33
 ip address 188.88.33.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 188.88.11.0 0.0.0.255 area 0
 network 188.88.22.0 0.0.0.255 area 0
 network 188.88.33.0 0.0.0.255 area 0
 network 199.99.55.0 0.0.0.255 area 0
!
ip classless
!
end


Người đăng: vào lúc Không có nhận xét nào:
Nhãn: , ,

Thứ Năm, 17 tháng 7, 2014

S2 OpenLab Final CCNAv4 - EIGRP RIP RIPng OSPF NAT CLI




Note: ISP Zone, all PCs and servers in two sites area configured completely.
The tasks are performed by following parameters:
1.     Troubleshoot :
Router GATE2 (Ha Noi Office) had configure password and you must recovery password to access the router.
2.     IP Address planning and Routing Protocol configuration:

Assign IP address for router’s interface with the rule as follow: Gate1 +1, Gate2 +2, R3 +3, R4 +4 …
Example: G0/0 of Gate1 has IP address 200.200.1.1/30 and 2000:1::1/64.
3.     Route redistribution
3.1 On router GATE3:
+ Into EIGRP: bandwidth 10, delay 10, reliability 10, load 10,
MTU 10.
+ Into OSPFv2: cost = 200 , E1, subnets
3.2 On router GATE2:
+ Into OSPF : cost = 100, E2, subnets
+ Into RIP : metric = 2.
3.3 On router GATE1:
+Advertise the default route to OSPF domain.
3.4 On GATE2.HCM:
+Advertise the default route to EIGRP domain.
3.5 On R6
+ Into EIGRP: redistribute  RIPng route with bandwidth 1, delay 1, reliability 1, load 1, MTU 1; and redistribute connected route.
+ Into RIPng: redistribute EIGRP route with metric 1; and redistribute connected route.

4.     NAT configuration:
a)    NAT overload:
On router GATE1 (HA NOI office) configure access-list 1 to permit all user on Ha Noi’s LAN connect toward the Internet, using public IP address of interface G0/0 of router GATE 1
b)    Static NAT:
On router GATE1 config static NAT to public Web server and Mail server to the Internet, using public IP address 200.0.0.10; 200.0.0.20.
5.     Security :
+ On all routers GATE1,GATE2,GATE3,GATE4,BR1,BR2 configure as a telnet server using password “cisco@telnet”, secret password as “cisco@sec”, and create access-list 10, permit only Tech’s Lan (172.16.1.0/24) can telnet to router.
+ On router GATE 1 configure IPv4 access-list 100 permit request traffic(web, mail,dns and TFTP) from all users sent to DMZ LAN and apply to interface GATE1-G0/2
+ On router GATE 1 config IPv6 access-list(name DMZ-SERVER) permit request traffic(web, mail,dns and TFTP) from all users sent to DMZ LAN and apply to interface GATE1-G0/2
_____________________________________________________________________________
hostname BR1
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
license udi pid CISCO2911/K9 sn FTX1524QAPV
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.1.12.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router rip
 version 2
 network 10.0.0.0
!
ip classless
!
access-list 10 permit 172.16.1.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 access-class 10 in
 password cisco@telnet
 login
!
end

_____________________________________________________________________________
hostname BR2
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
license udi pid CISCO2911/K9 sn FTX15249933
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 10.2.2.2 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.2.23.2 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 100
 network 10.2.2.0 0.0.0.255
 network 10.2.23.0 0.0.0.255
 auto-summary
!
ip classless
!
access-list 10 permit 172.16.1.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 access-class 10 in
 password cisco@telnet
 login
!
end
_____________________________________________________________________________
hostname GATE1
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX152422NV
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 200.2.2.1 255.255.255.252
 ip nat outside
 duplex auto
 speed auto
 ipv6 address 2001:1::1/64
!
interface GigabitEthernet0/1
 ip address 192.168.123.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 192.168.33.1 255.255.255.0
 ip access-group 100 out
 ipv6 traffic-filter DMZ-SERVER out
 ip nat inside
 duplex auto
 speed auto
 ipv6 address 2003:3::1/64
!
interface Serial0/0/0
 ip address 172.16.14.1 255.255.255.0
 ip nat inside
!
interface Serial0/0/1
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 192.168.123.0 0.0.0.255 area 0
 network 192.168.33.0 0.0.0.255 area 0
 network 172.16.14.0 0.0.0.255 area 1
 default-information originate
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static 192.168.33.10 200.0.0.10 
ip nat inside source static 192.168.33.20 200.0.0.20 
ip classless
ip route 0.0.0.0 0.0.0.0 200.2.2.2 
!
ipv6 route ::/0 2001:1::2
!
access-list 1 permit any
access-list 10 permit 172.16.1.0 0.0.0.255
access-list 100 permit tcp any 192.168.33.0 0.0.0.255 eq www
access-list 100 permit tcp any 192.168.33.0 0.0.0.255 eq smtp
access-list 100 permit tcp any 192.168.33.0 0.0.0.255 eq pop3
access-list 100 permit udp any 192.168.33.0 0.0.0.255 eq domain
access-list 100 permit udp any 192.168.33.0 0.0.0.255 eq tftp
ipv6 access-list DMZ-SERVER
 permit tcp any 2003:3::/64 eq www
 permit tcp any 2003:3::/64 eq smtp
 permit tcp any 2003:3::/64 eq pop3
 permit udp any 2003:3::/64 eq domain
 permit udp any 2003:3::/64 eq tftp
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 access-class 10 in
 password cisco@telnet
 login
!
end
_____________________________________________________________________________
hostname Gate2.HCM
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX1524158P
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:2::2/64
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2012:26::2/64
 ipv6 eigrp 200
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ipv6 router eigrp 200
 router-id 20.2.2.2
 no shutdown 
 redistribute static
!
ip classless
!
ipv6 route ::/0 2001:2::1
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 ipv6 access-class TELNET in
 login
!
end
_____________________________________________________________________________
hostname GATE3
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
license udi pid CISCO2911/K9 sn FTX1524UO05
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 192.168.123.3 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.2.23.3 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 100
 redistribute ospf 1 metric 10 10 10 10 10 
 network 10.2.23.0 0.0.0.255
 auto-summary
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 redistribute eigrp 100 metric 200 metric-type 1 subnets 
 network 192.168.123.0 0.0.0.255 area 0
!
ip classless
!
access-list 10 permit 172.16.1.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 access-class 10 in
 password cisco@telnet
 login
!
end
_____________________________________________________________________________
hostname GATE4
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
license udi pid CISCO2911/K9 sn FTX1524I2BP
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 172.16.1.4 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 ip address 172.16.14.4 255.255.255.0
!
interface Serial0/0/1
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 network 172.16.1.0 0.0.0.255 area 1
 network 172.16.14.0 0.0.0.255 area 1
!
ip classless
!
access-list 10 permit 172.16.1.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 access-class 10 in
 password cisco@telnet
 login
!
end
_____________________________________________________________________________
hostname R6
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX15240EYD
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2011:67::6/64
 ipv6 rip R6R7 enable 
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2012:26::6/64
 ipv6 eigrp 200
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 ipv6 address 2012:6::6/64
 ipv6 eigrp 200
!
interface Vlan1
 no ip address
 shutdown
!
ipv6 router eigrp 200
 router-id 20.6.6.6
 no shutdown 
 redistribute rip R6R7  metric 1 1 1 1 1 
 redistribute connected
!
ipv6 router rip R6R7
 redistribute eigrp 200 metric 1 
 redistribute connected 
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 ipv6 access-class TELNET in
 login
!
end
_____________________________________________________________________________
hostname R7
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX1524OSM0
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2011:67::7/64
 ipv6 rip R6R7 enable 
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2011:7::7/64
 ipv6 rip R6R7 enable 
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ipv6 router rip R6R7
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 ipv6 access-class TELNET in
 login
!
end
_____________________________________________________________________________ 

Người đăng: vào lúc Không có nhận xét nào:
Nhãn: , , , , ,
Đăng ký: Bài đăng (Atom)