LAB4-CHAP-ACL-NAT-DHCP
Task 1 : Basic configuration
+ Configure VLAN and Inter-VLAN routing : vlan 10, 20, 30, 40.
+ On R1, configure the default route to Internet
+ DHCP : start ip : + 10; maximum users : 100. Assign ip address for host of vlan 10,20,30. Pool name : VLAN10,VLAN20,VLAN30. Enable DHCP relay agent.
Task 2 : CHAP
Configure CHAP 1-way, BKACADGATE send user Internet pass cisco@123 to ISP (Internet).
Task 3 : NAT
+ Static NAT : The map of Inside local and Inside Global address as the following:
155.55.40.3-203.18.1.3
155.55.40.4-203.18.1.4
+ NAT overload : configure NAT overload to all user in VLAN 10,20,30 can access to the Internet. Using acl 10.
Task 4 : ACL
+ Create extended name acls “IN-TO-OUT” on BKACADGATE router to implement the policy :
Permit ICMP, WEB, MAIL, DNS request traffic from vlan 10,20,30 to Internet.
Permit WEB, MAIL respond traffic from web, mail servers to all client.
Apply this ACL on BKACADGATE-s0/0/0 out.
+ Create standard number ACL 20 to allow only users in Vlan 10 can telnet to BKACADGATE router. Apply this acl on line vty 0 4.
Note : The packets is going from the inside network to the outside network on BKACADGATE will be processed by NAT rules before ACLs check.
_________________________________________________________________________________
hostname BKACADGATE
!
enable password cisco
!
username Internet password 0 cisco@123
username admin password 0 cisco
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 155.55.10.1 255.255.255.0
ip helper-address 155.55.40.2
ip nat inside
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 155.55.20.1 255.255.255.0
ip helper-address 155.55.40.2
ip nat inside
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 155.55.30.1 255.255.255.0
ip helper-address 155.55.40.2
ip nat inside
!
interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 155.55.40.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 203.18.1.1 255.255.255.248
encapsulation ppp
ip access-group IN-TO-OUT out
ip nat outside
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 10 interface Serial0/0/0 overload
ip nat inside source static 155.55.40.3 203.18.1.3
ip nat inside source static 155.55.40.4 203.18.1.4
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
!
access-list 10 permit 155.55.10.0 0.0.0.255
access-list 10 permit 155.55.20.0 0.0.0.255
access-list 10 permit 155.55.30.0 0.0.0.255
ip access-list extended IN-TO-OUT
permit icmp host 203.18.1.1 any echo
permit tcp host 203.18.1.1 any eq www
permit tcp host 203.18.1.1 any eq smtp
permit tcp host 203.18.1.1 any eq pop3
permit udp host 203.18.1.1 any eq domain
permit tcp host 203.18.1.3 eq www any
permit tcp host 203.18.1.4 eq smtp any
permit tcp host 203.18.1.4 eq pop3 any
access-list 20 permit 155.55.10.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
access-class 20 in
login local
!
end
_________________________________________________________________________________
hostname Internet
!
username BKACADGATE password 0 cisco@123
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 8.8.8.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
ip address 203.18.1.2 255.255.255.248
encapsulation ppp
ppp authentication chap
clock rate 64000
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
_________________________________________________________________________________
hostname SW1
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 40
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
_________________________________________________________________________________
hostname Switch
!
spanning-tree mode pvst
!
interface Vlan1
no ip address
shutdown
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
_________________________________________________________________________________
Không có nhận xét nào:
Đăng nhận xét