Thứ Hai, 16 tháng 6, 2014

Semester 2 - Openlab full - CCNA 2014



Note: Internet Zone and all Servers are configured completely. All PCs are configured service, but not have IP address. Address for routers are configured, except sub-interface of R1,R2, and SITE2.Core2-intervlan.
1.      Access, Trunking









2.   VTP
3.      Vlan, IP address for Vlan

4.      Routing and Inter-vlan routing
-          Inter-vlan Routing:
On SITE1 :
·          SITE1.R1 , SITE1.R2: config router on a stick, create sub-interface (example : G0/0.X with X as vlan-id). SITE1.R1 creat 2 sub for VLAN 10,20; SITE1.R2 create 3 sub-interface for vlan 30,40,50. The 4th octet for sub-interface is: SITE1 +1; SITE2 +2.

 On SITE2
Core2.SITE2 : using SVI for vlan 11,22,33. The 4th octet for interface is 1
-          Routing for IPv4:
On SITE1 : Enable OSPFv2 on GATE,R1,R2. Configure default route on GATE to internet using ip nexthop and propagate the default route in OSPF domain (process-id = 1, area = 0)
On SITE2 : Enable OSPFv2 on SITE2.GATE and Core2 (process-id = 1, area = 0). Configure default route on GATE to internet using ip nexthop and propagate the default route in OSPF domain. Enable RIPv2 on Core2 and SITE2.Building2 router. Redistribute between RIP and OSPF domain.
Using metric :
Into RIP : Metric =2
Into OSPF : Metric = 200, metric-type = 1

-          Routing for IPv6:
·          Enable RIPng on SITE1.GATE, SITE1-R2 using name SITE1-RIPng. Configure a default route on GATE using ip next-hop and propagate this route into RIPng domain

 NOTE: using ‘show” commands to see IPv4 and IPv6 address had assigned for routers.



5.      DHCP, NAT, management switches
-          DHCP:


On SITE1.R2 : configure stateless DHCPv6 (option2), advertise only DNS server’s IP address (2000:1609::8) for vlan 50, with pool name as IPv6STATELESS.

-          NAT:
On SITE1 :Configure access-list name SITE1NAT-ACL in router Gate to permit all user (10.1.0.0/16) can connect toward the Internet, using public IP address of interface G0/2.
Configure static NAT to public Web server (10.1.100.253 – 200.1.1.3) and Mail server (10.1.100.254 – 200.1.1.4).

On SITE2 : Configure access-list name SITE2-NATOVERLOAD in router Gate to permit all user (10.2.0.0/16 and 172.16.0.0/16) can connect toward the Internet, using public IP address of interface G0/0.
-          SECURITY : On SITE1.R2-G0/2

 -          Configure IPv4 name ACL : SERVICE-ALLOW permit web, email (SMTP and POP), Remote Desktop (TCP 3389) request traffic to network 10.1.100.0/24.

 -          Configure IPv6 name ACL : SERVICE-ALLOW-IPv6 permit web, email (SMTP and POP), Remote Desktop (TCP 3389) request traffic to network 2014:100::/64

 -           

 -          Send mail from Student_PC to Ins_PC, and vice versa, and check the result.

________________________________________________________________
hostname Access1.SITE1
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport mode trunk
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 20
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname Acces2.SITE1
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport mode trunk
!
interface FastEthernet0/3
 switchport access vlan 40
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 50
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end

________________________________________________________________
hostname Core1.SITE1
!
spanning-tree mode pvst
spanning-tree vlan 1 priority 24576
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport mode trunk
!
interface GigabitEthernet1/1
 switchport mode trunk
!
interface GigabitEthernet1/2
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname SITE1.GATE
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX1524H60R
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 10.1.13.2 255.255.255.252
 ip nat inside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.1.23.2 255.255.255.252
 ip nat inside
 duplex auto
 speed auto
 ipv6 address 2014:23::1/64
 ipv6 rip SITE1-RIPng enable
 ipv6 rip SITE1-RIPng default-information originate
!
interface GigabitEthernet0/2
 ip address 200.1.1.2 255.255.255.252
 ip nat outside
 duplex auto
 speed auto
 ipv6 address 2014:1::2/64
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 10.1.13.0 0.0.0.255 area 0
 network 10.1.23.0 0.0.0.255 area 0
 default-information originate
!
ipv6 router rip SITE1-RIPng
!
ip nat inside source list SITE1NAT-ACL interface GigabitEthernet0/2 overload
ip nat inside source static 10.1.100.253 200.1.1.3
ip nat inside source static 10.1.100.254 200.1.1.4
ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2
!
ipv6 route ::/0 2014:1::1
!
ip access-list standard SITE1NAT-ACL
 permit 10.1.0.0 0.0.255.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname SITE1.R1
!
license udi pid CISCO2911/K9 sn FTX1524V34Y
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 10.1.13.1 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.1.200.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.10
 encapsulation dot1Q 10
 ip address 10.1.10.1 255.255.255.0
 ip helper-address 10.1.200.10
!
interface GigabitEthernet0/2.20
 encapsulation dot1Q 20
 ip address 10.1.20.1 255.255.255.0
 ip helper-address 10.1.200.10
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 10.1.13.0 0.0.0.255 area 0
 network 10.1.10.0 0.0.0.255 area 0
 network 10.1.20.0 0.0.0.255 area 0
 network 10.1.200.0 0.0.0.255 area 0
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname SITE1.R2
!
ipv6 unicast-routing
!
!
ipv6 dhcp pool IPv6STATELESS
 dns-server 2009:1609::8
 domain-name bkacad.com
!
license udi pid CISCO2911/K9 sn FTX1524TYQ0
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 10.1.30.2 255.255.255.0
 ip helper-address 10.1.200.10
!
interface GigabitEthernet0/0.40
 encapsulation dot1Q 40
 ip address 10.1.40.2 255.255.255.0
 ip helper-address 10.1.200.10
!
interface GigabitEthernet0/0.50
 encapsulation dot1Q 50
 no ip address
 ipv6 address 2014:50::2/64
 ipv6 rip SITE1-RIPng enable
 ipv6 dhcp server IPv6STATELESS
!
interface GigabitEthernet0/1
 ip address 10.1.23.1 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2014:23::2/64
 ipv6 rip SITE1-RIPng enable
!
interface GigabitEthernet0/2
 ip address 10.1.100.2 255.255.255.0
 ip access-group SERVICE-ALLOW out
 ipv6 traffic-filter SERVICE-ALLOW-IPv6 out
 duplex auto
 speed auto
 ipv6 address 2014:100::2/64
 ipv6 rip SITE1-RIPng enable
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 10.1.23.0 0.0.0.255 area 0
 network 10.1.30.0 0.0.0.255 area 0
 network 10.1.40.0 0.0.0.255 area 0
 network 10.1.100.0 0.0.0.255 area 0
!
ipv6 router rip SITE1-RIPng
!
ip classless
!
ip access-list extended SERVICE-ALLOW
 permit tcp any 10.1.100.0 0.0.0.255 eq www
 permit tcp any 10.1.100.0 0.0.0.255 eq smtp
 permit tcp any 10.1.100.0 0.0.0.255 eq pop3
 permit tcp any 10.1.100.0 0.0.0.255 eq 3389
ipv6 access-list SERVICE-ALLOW-IPv6
 permit tcp any 2014:100::/64 eq www
 permit tcp any 2014:100::/64 eq smtp
 permit tcp any 2014:100::/64 eq pop3
 permit tcp any 2014:100::/64 eq 3389
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname Access2.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 11
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname Access3.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 22
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname SITE2.Building2
!
license udi pid CISCO2911/K9 sn FTX1524GF50
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 172.16.33.2 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 172.16.44.2 255.255.255.0
 ip helper-address 172.16.33.1
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router rip
 version 2
 network 172.16.0.0
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname Core2.SITE2
!
ip dhcp excluded-address 10.2.11.1 10.2.11.19
ip dhcp excluded-address 10.2.11.220 10.2.11.254
ip dhcp excluded-address 10.2.22.1 10.2.22.19
ip dhcp excluded-address 10.2.22.220 10.2.22.254
ip dhcp excluded-address 172.16.44.1 172.16.44.19
ip dhcp excluded-address 172.16.44.220 172.16.44.254
!
ip dhcp pool INS
 network 10.2.11.0 255.255.255.0
 default-router 10.2.11.1
 dns-server 209.16.9.8
ip dhcp pool STUDENT
 network 10.2.22.0 255.255.255.0
 default-router 10.2.22.1
 dns-server 209.16.9.8
ip dhcp pool SALE
 network 172.16.44.0 255.255.255.0
 default-router 172.16.44.2
 dns-server 209.16.9.8
ip routing
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/1
 no switchport
 ip address 10.2.99.1 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan11
 ip address 10.2.11.1 255.255.255.0
!
interface Vlan22
 ip address 10.2.22.1 255.255.255.0
!
interface Vlan33
 ip address 172.16.33.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 redistribute rip metric 200 metric-type 1 subnets
 network 10.2.11.0 0.0.0.255 area 0
 network 10.2.22.0 0.0.0.255 area 0
 network 10.2.99.0 0.0.0.255 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 2
 network 172.16.0.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname SITE2.GATE
!
license udi pid CISCO2911/K9 sn FTX15245B42
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 200.2.2.2 255.255.255.252
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.2.99.2 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 10.2.99.0 0.0.0.255 area 0
 default-information originate
!
ip nat inside source list SITE2-NATOVERLOAD interface GigabitEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 200.2.2.1
!
ip access-list standard SITE2-NATOVERLOAD
 permit 10.2.0.0 0.0.255.255
 permit 172.16.0.0 0.0.255.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end
________________________________________________________________
hostname Access1.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 33
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________
hostname Access2.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 11
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end

________________________________________________________________
hostname Access3.SITE2
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 22
 switchport mode access
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end
________________________________________________________________

Người đăng: vào lúc
Nhãn: ,

2 nhận xét:

  1. Unknownlúc 22:55 26 tháng 9, 2017

    a ơi, a có thể cho e xin file .pka của bài trên k ạ

    Trả lờiXóa
    Trả lời
    1. Unknownlúc 18:41 1 tháng 12, 2017

      bạn ơi bạn có bài đấy không cho mình xin với

      Xóa

Đăng ký: Đăng Nhận xét (Atom)