Thursday, 31 March 2011

OSPF Single Area

Topology





Objectives


- Perform basic router configuration
- Configure OSPF routing
- Advertise router into OSPF

Configure router R1 interfaces

Router#configure terminal
Router(config)#hostname R1
R1(config)#int f0/0
R1(config-if)#description R1 to Server
R1(config-if)#ip add 148.1.1.254 255.255.0.0
R1(config-if)#no shut
R1(config-if)#exit

R1(config)#int s0/0
R1(config-if)#ip add 1.1.1.1 255.0.0.0
R1(config-if)#description R1 to R2
R1(config-if)#clock rate 64000
R1(config-if)#no shut
R1(config-if)#

Configure OSPF process 1 on router R1

R1#configure terminal
R1(config)#router ospf 1
R1(config-router)#net 148.1.0.0 0.0.255.255 are 0
R1(config-router)#net 1.0.0.0 0.255.255.255 area 0
R1(config-router)#^Z
R1#

To verify R1 routing table, issue the show ip route command

R1#show ip route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Serial0/0
O 2.0.0.0/8 [110/1562] via 1.1.1.2, 00:00:09, Serial0/0
C 148.1.0.0/16 is directly connected, FastEthernet0/0
O 148.2.0.0/16 [110/782] via 1.1.1.2, 00:00:09, Serial0/0
O 148.3.0.0/16 [110/1563] via 1.1.1.2, 00:00:09, Serial0/0
O 148.4.0.0/16 [110/1563] via 1.1.1.2, 00:00:09, Serial0/0
R1#



Configure router R2 interfaces

Router#config t
Router(config)#hostname R2
R2(config)#int s0/0
R2(config-if)#ip add 1.1.1.2 255.0.0.0
R2(config-if)#description R2 to R1
R2(config-if)#no shut
R2(config)#exit

R2(config)#interface s0/1
R2(config-if)#ip add 2.2.2.1 255.0.0.0
R2(config-if)#description R2 ot R3
R2(config-if)#clock rate 64000
R2(config-if)#no shut
R2(config-if)#exit

R2(config)#int f0/0
R2(config-if)#ip add 148.2.2.254 255.255.0.0
R2(config-if)#description R2 t PCA
R2(config-if)#no shut

Configure OSPF routing on R2

R2#configure terminal
R2(config)#router ospf 1
R2(config-router)#net 1.0.0.0 0.255.255.255 area 0
R2(config-router)#net 148.2.0.0 0.0.255.255 area 0
R2(config-router)#net 2.0.0.0 0.255.255.255 area 0
R2(config-router)#

to verify the routing table, run the show ip route on R2

R2#show ip route

C 1.0.0.0/8 is directly connected, Serial0/0
C 2.0.0.0/8 is directly connected, Serial0/1
O 148.1.0.0/16 [110/782] via 1.1.1.1, 00:35:43, Serial0/0
C 148.2.0.0/16 is directly connected, FastEthernet0/0
O 148.3.0.0/16 [110/782] via 2.2.2.2, 00:37:38, Serial0/1
O 148.4.0.0/16 [110/782] via 2.2.2.2, 00:37:38, Serial0/1
R2#


Configure R3 interfaces

Router#conf t
Router(config)#int f0/0
Router(config-if)#description R3 to PCB
Router(config-if)#ip add 148.4.3.254 255.255.0.0
Router(config-if)#no shut

Router(config-if)#int f1/0
Router(config-if)#description R3 to PCC
Router(config-if)#ip add 148.3.3.254 255.255.0.0
Router(config-if)#no shut

Router(config-if)#exit
Router(config)#int s0/1
Router(config-if)#ip add 2.2.2.2 255.0.0.0
Router(config-if)#description R3 to R2
Router(config-if)#no shut

Configure OSPF process 1 on router R3

Router(config-if)#exit
Router(config)#router ospf 1
Router(config-router)#net 2.0.0.0 0.255.255.255 area 0
Router(config-router)#net 148.4.0.0 0.0.255.255 area 0
Router(config-router)#network 148.3.0.0 0.0.255.255 area 0
Router(config-router)#exit
Router#


OSPF routing table verification on R3
Router#show ip route

O 1.0.0.0/8 [110/1562] via 2.2.2.1, 00:47:23, Serial0/1
C 2.0.0.0/8 is directly connected, Serial0/1
O 148.1.0.0/16 [110/1563] via 2.2.2.1, 00:45:21, Serial0/1
O 148.2.0.0/16 [110/782] via 2.2.2.1, 00:47:23, Serial0/1
C 148.3.0.0/16 is directly connected, FastEthernet1/0
C 148.4.0.0/16 is directly connected, FastEthernet0/0
Router#

Now Can you ping between all devices? if Not, verify your configuration step-by-step.

To finish, clear the routers for the next lab
Posted by at No comments:

Wednesday, 30 March 2011

Denying TELNET using standard Access-Lists

Topology





This lab configures access control list on R1, to PCB from telnetting to router R1. To best experience how this works, begin by configuring all the devices interfaces with their IP addresses and apply EIGRP on the routers. Leave the access-list to the end. Make sure you can ping between PCA and PCB, and telnet from PCB to R1.

Objectives


- Configuring Standard access-lists
- denying telnet cession using access-list

R1 Configuration

Router#configure terminal
Router(config)#hostname R1
R1(config)#line con 0
R1(config-line)#pass cisco
R1(config-line)#login

R1(config-line)#line vty 0 4
R1(config-line)#pass cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#enable password cisco

R1(config)#int f1/0
R1(config-if)#ip add 148.1.1.254 255.255.0.0
R1(config-if)#no shut

R1(config-if)#exit
R1(config)#int f0/0
R1(config-if)#ip add 1.1.1.1 255.0.0.0
R1(config-if)#no shut

Configure EIGRP or any protocol of your choice

R1(config-if)#exit
R1(config)#router eigrp 100
R1(config-router)#network 1.0.0.0 0.255.255.255

R1(config-router)#net 148.1.0.0 0.0.255.255
R1(config-router)#no auto-summary
R1(config-router)#exit

Configure your access-lists

R1(config)#access-list 99 deny 142.2.1.1 0.0.0.0
R1(config)#access-list 99 permit any

Apply your access list, as close to the line vty


R1(config-if)#exit
R1(config)#line vty 0 4
R1(config-line)#access-class 99 in
R1(config-line)#


R2 Configuration

Router#configure terminal
Router(config)#hostname R2

R2(config)#int f0/0
R2(config-if)#ip add 1.1.1.2 255.0.0.0
R2(config-if)#no shut
R2(config-if)#exit

R2(config)#int f1/0
R2(config-if)#ip add 148.2.1.254 255.255.0.0
R2(config-if)#no shut
R2(config-if)#exit

R2(config)#line con 0
R2(config-line)#pass cisco
R2(config-line)#login
R2(config-line)#exit

R2(config)#line vty 0 4
R2(config-line)#pass cisco
R2(config-line)#login
R2(config-line)#exit

R2(config)#router eigrp 100
R2(config-router)#network 148.2.0.0 0.0.255.255
R2(config-router)#network 1.0.0.0 0.255.255.255
R2(config-router)#no auto-summary
R2(config-router)#

Now try to telnet to R1 s0/0 interface, can you?

Clear your routers for the next Lab.
Posted by at No comments:

Friday, 25 March 2011

Static Routes

Now I am configuring static routing, to allow routers to exchange information without the use of routing protocols.

Topology



Objectives

Configure Static route
Configure a router description

Router R1 Configuration

Router#conf t
Router(config)#hostname R1
R1(config)#int s0/0
R1(config-if)#ip add 148.1.1.1 255.255.255.0
R1(config-if)#description R1 - to -R2
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown

Don't worry about the static route now.


Router R2 Configuration

Router#conf t
R2(config)#int s0/0
R2(config-if)#ip add 148.1.1.2 255.255.255.0
R2(config-if)#no shut

R2(config-if)#int s0/1
R2(config-if)#ip add 148.1.2.1 255.255.255.0
R2(config-if)#clock rate 64000
R2(config-if)#description R2- to -R3
R2(config-if)#no shut
R2(config-if)#

No static route now.


Router R3 Configuration

Router#conf t
Router(config)#hostname R3
R3(config)#int s0/0
R3(config-if)#description R3- to -R2
R3(config-if)#ip add 148.1.2.2 255.255.255.0
R3(config-if)#no shut

Ping from directly connected router should work between directly connected routers. R1 and R3 cannot exchange any data at this point.


Static routes Configuration

R1

R1#conf t
R1(config)#ip route 148.1.2.0 255.255.255.0 148.1.1.2
R1(config)#

R2
R2 doesn’t need a static route to talk to anyone, as they are directly connected.

R3

R3#conf t
R3(config)#ip route 148.1.1.0 255.255.255.0 148.1.2.1
R3(config)#

Run the show ip route command on R1 and R3. The s means static, and should appear in the routing table of both routers.

Gateway of last resort is not set
148.1.0.0/24 is subnetted, 2 subnets
C 148.1.1.0 is directly connected, Serial0/0
S 148.1.2.0 [1/0] via 148.1.1.2

Now R1 and R3 should ping each other.
Posted by at 1 comment:

Standard Access-Lists

To day I am configuring standard access-list.

Topology





Objectives


Configure a standard access-list to deny traffic from a given network
Test the ALC configuration


Router AR Configuration

Router#configure terminal
Router(config)#hostname AR
AR(config)#int f0/0
AR(config-if)#ip add 148.1.1.254 255.255.255.0
AR(config-if)#no shut
AR(config-if)#exit

Configure the clients IP Addresses as seen on the topology, the default gateway must be the IP Address of router AR interface(148.1.1.254).
Ping to ensure each client can reach the default gateway.


Access-list Configuration

AR(config)#access-list 50 deny 148.1.1.0 0.0.0.255
AR(config)#access-list 50 permit any

Pinging from the clients still works at this point.


Apply Access-List to Fastethernet interface

AR(config)#int f0/0
AR(config-if)#ip access-group 50 in
AR(config-if)#


Now ping the default gateway from the client computers...................
Posted by at No comments:
Subscribe to: Posts (Atom)