Note: ISP Zone, all PCs and servers in two sites area configured completely.
The tasks are performed by following parameters:
1. Troubleshoot :
Router GATE2 (Ha Noi Office) had configure password and you must recovery password to access the router.
2. IP Address planning and Routing Protocol configuration:
Assign IP address for router’s interface with the rule as follow: Gate1 +1, Gate2 +2, R3 +3, R4 +4 …
Example: G0/0 of Gate1 has IP address 200.200.1.1/30 and 2000:1::1/64.
3. Route redistribution
3.1 On router GATE3:
+ Into EIGRP: bandwidth 10, delay 10, reliability 10, load 10,
MTU 10.
+ Into OSPFv2: cost = 200 , E1, subnets
3.2 On router GATE2:
+ Into OSPF : cost = 100, E2, subnets
+ Into RIP : metric = 2.
3.3 On router GATE1:
+Advertise the default route to OSPF domain.
3.4 On GATE2.HCM:
+Advertise the default route to EIGRP domain.
3.5 On R6
+ Into EIGRP: redistribute RIPng route with bandwidth 1, delay 1, reliability 1, load 1, MTU 1; and redistribute connected route.
+ Into RIPng: redistribute EIGRP route with metric 1; and redistribute connected route.
4. NAT configuration:
a) NAT overload:
On router GATE1 (HA NOI office) configure access-list 1 to permit all user on Ha Noi’s LAN connect toward the Internet, using public IP address of interface G0/0 of router GATE 1
b) Static NAT:
On router GATE1 config static NAT to public Web server and Mail server to the Internet, using public IP address 200.0.0.10; 200.0.0.20.
5. Security :
+ On all routers GATE1,GATE2,GATE3,GATE4,BR1,BR2 configure as a telnet server using password “cisco@telnet”, secret password as “cisco@sec”, and create access-list 10, permit only Tech’s Lan (172.16.1.0/24) can telnet to router.
+ On router GATE 1 configure IPv4 access-list 100 permit request traffic(web, mail,dns and TFTP) from all users sent to DMZ LAN and apply to interface GATE1-G0/2
+ On router GATE 1 config IPv6 access-list(name DMZ-SERVER) permit request traffic(web, mail,dns and TFTP) from all users sent to DMZ LAN and apply to interface GATE1-G0/2
_____________________________________________________________________________
hostname BR1
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
license udi pid CISCO2911/K9 sn FTX1524QAPV
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
!
ip classless
!
access-list 10 permit 172.16.1.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
access-class 10 in
password cisco@telnet
login
!
end
_____________________________________________________________________________
hostname BR2
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
license udi pid CISCO2911/K9 sn FTX15249933
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 10.2.2.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.2.23.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
network 10.2.2.0 0.0.0.255
network 10.2.23.0 0.0.0.255
auto-summary
!
ip classless
!
access-list 10 permit 172.16.1.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
access-class 10 in
password cisco@telnet
login
!
end
_____________________________________________________________________________
hostname GATE1
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX152422NV
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 200.2.2.1 255.255.255.252
ip nat outside
duplex auto
speed auto
ipv6 address 2001:1::1/64
!
interface GigabitEthernet0/1
ip address 192.168.123.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.33.1 255.255.255.0
ip access-group 100 out
ipv6 traffic-filter DMZ-SERVER out
ip nat inside
duplex auto
speed auto
ipv6 address 2003:3::1/64
!
interface Serial0/0/0
ip address 172.16.14.1 255.255.255.0
ip nat inside
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 192.168.123.0 0.0.0.255 area 0
network 192.168.33.0 0.0.0.255 area 0
network 172.16.14.0 0.0.0.255 area 1
default-information originate
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static 192.168.33.10 200.0.0.10
ip nat inside source static 192.168.33.20 200.0.0.20
ip classless
ip route 0.0.0.0 0.0.0.0 200.2.2.2
!
ipv6 route ::/0 2001:1::2
!
access-list 1 permit any
access-list 10 permit 172.16.1.0 0.0.0.255
access-list 100 permit tcp any 192.168.33.0 0.0.0.255 eq www
access-list 100 permit tcp any 192.168.33.0 0.0.0.255 eq smtp
access-list 100 permit tcp any 192.168.33.0 0.0.0.255 eq pop3
access-list 100 permit udp any 192.168.33.0 0.0.0.255 eq domain
access-list 100 permit udp any 192.168.33.0 0.0.0.255 eq tftp
ipv6 access-list DMZ-SERVER
permit tcp any 2003:3::/64 eq www
permit tcp any 2003:3::/64 eq smtp
permit tcp any 2003:3::/64 eq pop3
permit udp any 2003:3::/64 eq domain
permit udp any 2003:3::/64 eq tftp
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
access-class 10 in
password cisco@telnet
login
!
end
_____________________________________________________________________________
hostname Gate2.HCM
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX1524158P
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2001:2::2/64
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
ipv6 address 2012:26::2/64
ipv6 eigrp 200
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ipv6 router eigrp 200
router-id 20.2.2.2
no shutdown
redistribute static
!
ip classless
!
ipv6 route ::/0 2001:2::1
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
ipv6 access-class TELNET in
login
!
end
_____________________________________________________________________________
hostname GATE3
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
license udi pid CISCO2911/K9 sn FTX1524UO05
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.123.3 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.2.23.3 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
redistribute ospf 1 metric 10 10 10 10 10
network 10.2.23.0 0.0.0.255
auto-summary
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute eigrp 100 metric 200 metric-type 1 subnets
network 192.168.123.0 0.0.0.255 area 0
!
ip classless
!
access-list 10 permit 172.16.1.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
access-class 10 in
password cisco@telnet
login
!
end
_____________________________________________________________________________
hostname GATE4
!
enable secret 5 $1$mERr$l.9Pgdsd6iLCoy0MniCV60
!
license udi pid CISCO2911/K9 sn FTX1524I2BP
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 172.16.1.4 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 172.16.14.4 255.255.255.0
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 1
network 172.16.14.0 0.0.0.255 area 1
!
ip classless
!
access-list 10 permit 172.16.1.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
access-class 10 in
password cisco@telnet
login
!
end
_____________________________________________________________________________
hostname R6
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX15240EYD
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2011:67::6/64
ipv6 rip R6R7 enable
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
ipv6 address 2012:26::6/64
ipv6 eigrp 200
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
ipv6 address 2012:6::6/64
ipv6 eigrp 200
!
interface Vlan1
no ip address
shutdown
!
ipv6 router eigrp 200
router-id 20.6.6.6
no shutdown
redistribute rip R6R7 metric 1 1 1 1 1
redistribute connected
!
ipv6 router rip R6R7
redistribute eigrp 200 metric 1
redistribute connected
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
ipv6 access-class TELNET in
login
!
end
_____________________________________________________________________________
hostname R7
!
ipv6 unicast-routing
!
license udi pid CISCO2911/K9 sn FTX1524OSM0
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2011:67::7/64
ipv6 rip R6R7 enable
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
ipv6 address 2011:7::7/64
ipv6 rip R6R7 enable
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ipv6 router rip R6R7
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
ipv6 access-class TELNET in
login
!
end
_____________________________________________________________________________
Không có nhận xét nào:
Đăng nhận xét