EWAN Lab 8 5 3 Instructor
-
Upload
gabriel-rodriguez-paladines -
Category
Documents
-
view
227 -
download
0
Transcript of EWAN Lab 8 5 3 Instructor
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 1/22
Lab 8.5.3: Troubleshooting Enterprise Networks 3 (InstructorVersion)
Topolog !iagra"
#$$ressing Table
!e%ice Inter&ace I' #$$ress ubnet ask !e&ault *atewa
+,
-a/ 192.168.10.1 255.255.255.0 N/A
-a/, 192.168.11.1 255.255.255.0 N/A
// 10.1.1.1 255.255.255.252 N/A
//, 10.3.3.1 255.255.255.252 N/A
+0
-a/, 192.168.20.1 255.255.255.0 N/A
// 10.1.1.2 255.255.255.252 N/A
//, 10.2.2.1 255.255.255.252 N/A
Lo 209.165.200.225 255.255.255.224 209.165.200.226
+3
-a/, N/A N/A N/A-a/,.,, 192.168.11.3 255.255.255.0 N/A
-a/,.3 192.168.30.1 255.255.255.0 N/A
// 10.3.3.2 255.255.255.252 N/A
//, 10.2.2.2 255.255.255.252 N/A
, VL#N, DHCP 255.255.255.0 N/A
0 VL#N,, 192.168.11.2 255.255.255.0 N/A
3 VL#N3 192.168.30.2 255.255.255.0 N/A
'1, NI1 192.168.10.10 255.255.255.0 192.168.10.1
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 1 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 2/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
'10 NI1 192.168.11.10 255.255.255.0 192.168.11.1
'13 NI1 192.168.30.10 255.255.255.0 192.168.30.1
T-T' er%er NI1 192.168.20.254 255.255.255.0 192.168.20.1
Learning 2becti%es
pon co%pletion o- tis la,& yo+ ill ,e a,le to
• Ca,le a netor accor)ing to te topology )iagra%.
• rase te start+p con-ig+ration an) reloa) a ro+ter to te )e-a+lt state.
• oa) te ro+ters an) sitces it s+pplie) scripts.
• in) an) correct all netor errors.
• Doc+%ent te correcte) netor.
cenario
or tis la, )o not +se login or passor) protection on any console lines to pre(ent acci)entalloco+t. se ciscoccna -or all passor)s in tis scenario.
Note 7eca+se tis la, is c+%+lati(e& yo+ ill ,e +sing all te nole)ge an) tro+,lesootingtecni+es tat yo+ a(e ac+ire) -ro% te pre(io+s %aterial to s+ccess-+lly co%plete tis la,.
+e4uire"ents
• $2 is te spanningtree root -or :AN 11& an) $3 is te spanningtree root -or :AN 30.
• $3 is a :*P ser(er it $2 as a client.
• *e serial lin ,eteen ;1 an) ;2 is ra%e ;elay.
• *e serial lin ,eteen ;2 an) ;3 +ses HDC encaps+lation.
• *e serial lin ,eteen ;1 an) ;3 is a+tenticate) +sing CHAP.
• ;2 %+st a(e sec+re login proce)+res ,eca+se it is te 'nternet e)ge ro+ter.
• All (ty lines& ecept tose ,elonging to ;2& allo connections only -ro% te s+,netsson in te topology )iagra%& ecl+)ing te p+,lic a))ress.
• $o+rce 'P a))ress spoo-ing so+l) ,e pre(ente) on all lins tat )o not connect to oter
ro+ters.
• ;o+ting protocols %+st ,e +se) sec+rely. <$P is +se) in tis scenario.
• ;3 %+st not ,e a,le to telnet to ;2 tro+g te )irectly connecte) serial lin.
• ;3 as access to ,ot :AN 11 an) 30 (ia its ast ternet port 0/1.
• *e **P ser(er so+l) not get any tra--ic tat as a so+rce a))ress o+tsi)e te s+,net.
All )e(ices a(e access to te **P ser(er.
• All )e(ices on te 192.168.10.0 s+,net %+st ,e a,le to get teir 'P a))resses -ro%
DHCP on ;1. *is incl+)es $1.
• All a))resses son in )iagra% %+st ,e reaca,le -ro% e(ery )e(ice.
Task ,: Loa$ +outers with the upplie$ cripts
!------------------------------------------! R1!------------------------------------------no service password-encryption!
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 2 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 3/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
hostname R1!boot-start-markerboot-end-marker!security passwords min-length 6
enable secret ciscoccna!ip cef!ip dhcp pool Access1 network 1921611" 2##2##2##" network 192161"" 2##2##2##"! $he network was mistyped% causing the pool to be unreachable to the! correct subnet default-router 192161"1!no ip domain lookup!
ip dhcp e&cluded-address 192161"2 192161"2#'! $his statement does not belong because it e&cludes all of the address! space available for ()*+!frame-relay switching!username R, password " ciscoccnausername ccna password " ciscoccna!interface ast.thernet"/" ip address 192161"1 2##2##2##" duple& auto speed auto no shutdown!interface ast.thernet"/1 ip address 19216111 2##2##2##" duple& auto speed autono shutdown!interface 0erial"/"/" ip address 1"111 2##2##2##2#2 encapsulation frame-relay no keepalive clockrate 12""" frame-relay map ip 1"111 2"1
frame-relay map ip 1"112 2"1 broadcast no frame-relay inverse-arp frame-relay intf-type dce no shutdown!interface 0erial"/"/1 ip address 1",,1 2##2##2##2#2 encapsulation ppp ppp authentication chap no shutdown
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 3 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 4/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
!interface 0erial"/1/" no ip address shutdown clockrate 2""""""!
interface 0erial"/1/1 no ip address shutdown!router ospf 1 log-adacency-changes passive-interface ast.thernet"/" network 1"11" """2## area " network 1"22" """2## area " network 1"11" """, area " network 1"22" """, area "! $he wrong wildcard mask was configured% using the more common /2'! instead of the correct /," mask
network 192161"" """2## area " network 1921611" """2## area "!ip http server!ip access-list standard Anti-spoofing permit 192161"" """2## deny anyip access-list standard $3 permit 1"""" "2##2##2## permit 192161"" """2## permit 1921611" """2## permit 192162"" """2## permit 19216,"" """2##!line con " e&ec-timeout # " logging synchronousline au& "line vty " ' access-class $3 in login local!end!------------------------------------------! R2!------------------------------------------
no service password-encryption!hostname R2!security passwords min-length 6enable secret ciscoccna!aaa new-model!aaa authentication login local4auth local
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 4 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 5/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
aaa session-id common!ip cef!no ip domain lookup!
username ccna password " ciscoccna!interface 5oopback" ip address 2"916#2""2'# 2##2##2##22' ip access-group private in!interface ast.thernet"/1 ip address 192162"1 2##2##2##" ip access-group $$+ out ip access-group Anti-spoofing in ip nat inside ip nat outside duple& auto
speed auto no shutdown!!interface 0erial"/"/" ip address 1"112 2##2##2##2#2 ip nat outside ip nat inside encapsulation frame-relay no keepalive frame-relay map ip 1"111 2"1 broadcast frame-relay map ip 1"112 2"1 no frame-relay inverse-arp no shutdown!interface 0erial"/"/1 ip address 1"221 2##2##2##2#2 ip access-group R,-telnet in no shutdown! $his command was forgotten% preventing a connection to R2 ip nat outside ip nat inside! $he inside and outside interfaces are applied backwardsclockrate 12"""
! A common mistake is to forget the clock rate for an interface% which! prevents the link from coming up!
!router ospf 1 passive-interface ast.thernet"/1 network 1"11" """, area " network 1"22" """, area " network 192162"" """2## area " default-information originate !ip classless
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 5 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 6/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
ip route """" """" 2"916#2""226!no ip http serverip nat inside source list nat interface ast.thernet"/"ip nat inside source list A$ interface ast.thernet"/" overload! $he access list was mistyped% specifying that no 7+ address will
! be translated Also the overload keyword was omitted $his! prevents more than one translation at a time!ip access-list standard Anti-spoofing permit 192162"" """2## deny anyip access-list standard A$ permit 1"""" "2##2##2## permit 19216"" ""2##2##ip access-list standard private deny 128""1 deny 1"""" "2##2##2## deny 182""" ",12##2##
deny 19216"" ""2##2## permit any!ip access-list e&tended R,-telnet deny tcp host 1"222 host 1"221 e telnet deny tcp host 1",,2 host 1"221 e telnet deny tcp host 1921611, host 1"221 e telnet deny tcp host 19216,"1 host 1"221 e telnet permit ip any any!ip access-list standard $$+permit 192162"" """2##
!line con " e&ec-timeout # " logging synchronousline au& " e&ec-timeout 1# " logging synchronous login authentication local4auth transport output telnetline vty " ' e&ec-timeout 1# " logging synchronous login authentication local4auth transport input telnet!
end!------------------------------------------! R,!------------------------------------------no service password-encryption!hostname R,!security passwords min-length 6enable secret ciscoccna
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 6 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 7/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
!no aaa new-model!ip cef!no ip domain lookup
!username R1 password ciscoccnausername ccna password ciscoccna!interface ast.thernet"/1 no ip address duple& auto speed auto no shutdown!interface ast.thernet"/111 encapsulation dot1: 12 encapsulation dot1: 11
! $he 5A was mistyped% which puts the subnet on the wrong 5A ip address 1921611, 2##2##2##" no snmp trap link-status!interface ast.thernet"/1," encapsulation dot1: ," ip address 19216,"1 2##2##2##" ip access-group Anti-spoofing in!!interface 0erial"/"/" ip address 1",,2 2##2##2##2#2 encapsulation ppp clockrate 12#""" ppp authentication chap no shutdown!interface 0erial"/"/1 ip address 1"222 2##2##2##2#2 encapsulation lapb encapsulation hdlc! $he interface was wrongly configured as a lapb link no shutdown!router ospf 1 passive-interface ast.thernet"/1," network 1"22" """, area 1
network 1",," """, area 1 network 1921611" """2## area 1 network 19216,"" """2## area 1 network 1"22" """, area " network 1",," """, area " network 1921611" """2## area " network 19216,"" """2## area "! $he networks were accidentally put into the wrong area!ip classless
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page # o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 8/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
!ip http server!ip access-list standard Anti-spoofing permit 19216,"" """2## deny any
ip access-list standard $3 permit 1"""" "2##2##2## permit 192161"" """2## permit 1921611" """2## permit 192162"" """2## permit 19216,"" """2##!line con " e&ec-timeout # " logging synchronousline au& " e&ec-timeout 1# " logging synchronous
line vty " ' access-class $3 in e&ec-timeout 1# " logging synchronous login local!end!-----------------------------------------! 01!-----------------------------------------no service password-encryption!hostname 01!security passwords min-length 6enable secret ciscoccna!no aaa new-modelvtp domain **A4$roubleshootingvtp mode transparentvtp password ciscoccnaip subnet-;ero!no ip domain-lookup!no file verify autospanning-tree mode pvst
spanning-tree e&tend system-id!vlan internal allocation policy ascending!vlan 1"!interface ast.thernet"/1 switchport access vlan 1" switchport mode access!
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 8 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 9/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
interface ast.thernet"/2 switchport access vlan 1" switchport mode access!interface range ast.thernet"/,-2'!
interface <igabit.thernet"/1 shutdown!interface <igabit.thernet"/2 shutdown!interface lan1 no ip address no ip route-cache!interface lan1" ip address dhcp no ip route-cache
!ip default-gateway 192161"1ip http server!line con " e&ec-timeout # " logging synchronousline vty " ' password ciscoccna loginline vty # 1# no login!end!-----------------------------------------! 02!-----------------------------------------no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname 02!security passwords min-length 6enable secret ciscoccna!
no aaa new-modelvtp domain **A4$roubleshootingvtp mode clientvtp password ciscoccnaip subnet-;ero!no ip domain-lookup!no file verify auto!
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 9 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 10/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
spanning-tree mode rapid-pvstspanning-tree e&tend system-idspanning-tree vlan 11 priority 2'#86spanning-tree vlan ," priority 2682!vlan internal allocation policy ascending
!interface ast.thernet"/1 switchport access vlan 11 switchport mode access!interface ast.thernet"/2 switchport access vlan 11 switchport mode access!interface ast.thernet"/, switchport trunk native vlan 99 switchport trunk allowed vlan 11%," switchport mode trunk
!interface ast.thernet"/' switchport trunk native vlan 99! $he native 5A was changed on 0, but was then forgotten $his native! 5A mismatch will produce errors while trunking switchport trunk allowed vlan 11%," switchport mode trunk!interface range ast.thernet"/#-2' shutdown!interface <igabit.thernet"/1 shutdown!interface <igabit.thernet"/2 shutdown!interface lan1 no ip address no ip route-cache!interface lan11 ip address 19216112 2##2##2##" no ip route-cache!ip http server!
line con " e&ec-timeout # " logging synchronousline vty " ' password ciscoccna loginline vty # 1# no login!end
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 10 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 11/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
!-----------------------------------------! 0,!-----------------------------------------no service password-encryption!hostname 0,
!security passwords min-length 6enable secret ciscoccna!no aaa new-modelvtp domain **A4$roubleshootingvtp mode 0ervervtp password ciscoccnaip subnet-;ero!no ip domain-lookup!no file verify auto
!spanning-tree mode rapid-pvstspanning-tree e&tend system-idspanning-tree vlan 11 priority 2682spanning-tree vlan ," priority 2'#86!vlan internal allocation policy ascending!vlan ,"vlan 11! 5A 11 must e&ist for it to be in the active management domain and! for traffic to traverse it!interface ast.thernet"/1 switchport trunk allowed vlan 11 switchport trunk allowed vlan add ,"! 5A ," was forgotten when designating which 5As were allowed on! the trunk to R, switchport mode trunk!interface ast.thernet"/2 switchport access vlan ," switchport mode access!interface ast.thernet"/, switchport trunk native vlan 99 switchport trunk allowed vlan 11%,"
switchport mode trunk!interface ast.thernet"/' switchport trunk native vlan 99 switchport trunk allowed vlan 11%," switchport mode trunk!interface range ast.thernet"/#-2' shutdown!
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 11 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 12/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
interface <igabit.thernet"/1 shutdown!interface <igabit.thernet"/2 shutdown!
interface lan1 no ip address no ip route-cache!interface lan," ip address 19216,"2 2##2##2##" no ip route-cache!ip default-gateway 19216,"1ip http server!line con " e&ec-timeout # "
logging synchronousline vty " 'password ciscoccna
loginline vty # 1# no login!end
Task 0: -in$ an$ 1orrect #ll Network Errors
Task 3: Veri& that +e4uire"ents #re -ull et
7eca+se ti%e constraints pre(ent tro+,lesooting a pro,le% on eac topic& only a select n+%,ero- topics a(e pro,le%s. Hoe(er& to rein-orce an) strengten tro+,lesooting sills& yo+ so+l)(eri-y tat eac re+ire%ent is %et. *o )o tis& present an ea%ple o- eac re+ire%ent =-orea%ple a show or $ebug co%%an)>.
*is is intentionally le-t (ag+e ,eca+se tere are %any ays to (eri-y te re+ire%ents. 7elo isan ea%ple -or re+ire%ent 1.
1 02=show spanning-tree 5A""11
0panning tree enabled protocol rstp Root 7( +riority 2'#8 Address ""1c#8ec2'" $his bridge is the root
)ello $ime 2 sec >a& Age 2" sec orward (elay 1#
?ridge 7( +riority 2'#8 @priority 2'#86 sys-id-e&t 11 Address ""1c#8ec2'" )ello $ime 2 sec >a& Age 2" sec orward (elay 1#
Aging $ime ,""
7nterface Role 0ts *ost +riobr $ype ---------------- ---- --- --------- -------- --------------------- a"/2 (esg B( 19 122 +2p
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 12 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 13/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
a"/, (esg B( 19 12, +2pa"/' (esg B( 19 12' +2p
5A""," 0panning tree enabled protocol rstp Root 7( +riority 2'6"6
Address ""1c#8ec1'" *ost 19 +ort , @ast.thernet"/, )ello $ime 2 sec >a& Age 2" sec orward (elay 1#
?ridge 7( +riority 28"2 @priority 2682 sys-id-e&t ," Address ""1c#8ec2'" )ello $ime 2 sec >a& Age 2" sec orward (elay 1#
Aging $ime ,""
7nterface Role 0ts *ost +riobr $ype ---------------- ---- --- --------- -------- --------------------- a"/, Root B( 19 12, +2p
a"/' Altn ?5C 19 12' +2p
Task : !ocu"ent the 1orrecte$ Network
!------------------------------------------! R1!------------------------------------------no service password-encryption!hostname R1!boot-start-markerboot-end-marker
!security passwords min-length 6enable secret ciscoccna!ip cef!ip dhcp pool Access1 network 192161"" 2##2##2##" default-router 192161"1!no ip domain lookupframe-relay switching!username R, password " ciscoccna
username ccna password " ciscoccna!interface ast.thernet"/" ip address 192161"1 2##2##2##" duple& auto speed auto!interface ast.thernet"/1 ip address 19216111 2##2##2##"
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 13 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 14/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
duple& auto speed auto!interface 0erial"/"/" ip address 1"111 2##2##2##2#2 encapsulation frame-relay
no keepalive clockrate 12""" frame-relay map ip 1"111 2"1 frame-relay map ip 1"112 2"1 broadcast no frame-relay inverse-arp frame-relay intf-type dce!interface 0erial"/"/1 ip address 1",,1 2##2##2##2#2 encapsulation ppp ppp authentication chap!interface 0erial"/1/"
no ip address shutdown clockrate 2""""""!interface 0erial"/1/1 no ip address shutdown!router ospf 1 log-adacency-changes passive-interface ast.thernet"/" network 1"11" """, area " network 1"22" """, area " network 192162"" """2## area " default-information originate always!ip http server!ip access-list standard Anti-spoofing permit 192161"" """2## deny anyip access-list standard $3 permit 1"""" "2##2##2## permit 192161"" """2## permit 1921611" """2## permit 192162"" """2## permit 19216,"" """2##
!line con " e&ec-timeout # " logging synchronousline au& "line vty " ' access-class $3 in login local!end
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 14 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 15/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
!------------------------------------------! R2!------------------------------------------no service password-encryption!hostname R2
!security passwords min-length 6enable secret ciscoccna!aaa new-model!aaa authentication login local4auth localaaa session-id common!ip cef!no ip domain lookup!
username ccna password " ciscoccna!interface 5oopback" ip address 2"916#2""2'# 2##2##2##22' ip access-group private in!interface ast.thernet"/1 ip address 192162"1 2##2##2##" ip access-group $$+ out ip access-group Anti-spoofing in ip nat outside duple& auto speed auto!!interface 0erial"/"/" ip address 1"112 2##2##2##2#2 ip nat inside encapsulation frame-relay no keepalive frame-relay map ip 1"111 2"1 broadcast frame-relay map ip 1"112 2"1 no frame-relay inverse-arp!interface 0erial"/"/1 ip address 1"221 2##2##2##2#2 ip access-group R,-telnet in
ip nat inside clockrate 12"""!!router ospf 1 passive-interface ast.thernet"/1 network 1"11" """, area " network 1"22" """, area " network 192162"" """2## area " default-information originate
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 15 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 16/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
!ip route """" """" 2"916#2""226!no ip http serverip nat inside source list A$ interface ast.thernet"/" overload!
ip access-list standard Anti-spoofing permit 192162"" """2## deny anyip access-list standard A$ permit 1"""" "2##2##2## permit 19216"" ""2##2##ip access-list standard private deny 128""1 deny 1"""" "2##2##2## deny 182""" ",12##2## deny 19216"" ""2##2## permit any!
ip access-list e&tended R,-telnet deny tcp host 1"222 host 1"221 e telnet deny tcp host 1",,2 host 1"221 e telnet deny tcp host 1921611, host 1"221 e telnet deny tcp host 19216,"1 host 1"221 e telnet permit ip any any!ip access-list standard $$+permit 192162"" """2##
!line con " e&ec-timeout # " logging synchronousline au& " e&ec-timeout 1# " logging synchronous login authentication local4auth transport output telnetline vty " ' e&ec-timeout 1# " logging synchronous login authentication local4auth transport input telnet!end!------------------------------------------! R,
!------------------------------------------no service password-encryption!hostname R,!security passwords min-length 6enable secret ciscoccna!no aaa new-model!
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 16 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 17/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
ip cef!no ip domain lookup!username R1 password " ciscoccnausername ccna password " ciscoccna
!interface ast.thernet"/1 no shutdown!interface ast.thernet"/111 encapsulation dot1: 11 ip address 1921611, 2##2##2##" no snmp trap link-status!interface ast.thernet"/1," encapsulation dot1: ," ip address 19216,"1 2##2##2##" ip access-group Anti-spoofing in
!!interface 0erial"/"/" ip address 1",,2 2##2##2##2#2 encapsulation ppp clockrate 12#""" ppp authentication chap!interface 0erial"/"/1 ip address 1"222 2##2##2##2#2!router ospf 1 passive-interface ast.thernet"/1," network 1"22" """, area " network 1",," """, area " network 1921611" """2## area " network 19216,"" """2## area "!ip http server!ip access-list standard Anti-spoofing permit 19216,"" """2## deny anyip access-list standard $3 permit 1"""" "2##2##2## permit 192161"" """2## permit 1921611" """2##
permit 192162"" """2## permit 19216,"" """2##!line con " e&ec-timeout # " logging synchronousline au& " e&ec-timeout 1# " logging synchronousline vty " '
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 1# o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 18/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
access-class $3 in e&ec-timeout 1# " logging synchronous login local!end
!-----------------------------------------! 01!-----------------------------------------no service password-encryption!hostname 01!security passwords min-length 6enable secret ciscoccna!no aaa new-modelvtp domain **A4$roubleshootingvtp mode transparent
vtp password ciscoccna!no ip domain-lookup!no file verify autospanning-tree mode pvstspanning-tree e&tend system-id!vlan internal allocation policy ascending!vlan 1"!interface ast.thernet"/1 switchport access vlan 1" switchport mode access!interface ast.thernet"/2 switchport access vlan 1" switchport mode access!interface range ast.thernet"/,-2'!interface <igabit.thernet"/1 shutdown!interface <igabit.thernet"/2 shutdown
!interface lan1 no ip address no ip route-cache!interface lan1" ip address dhcp no ip route-cache!ip default-gateway 192161"1
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 18 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 19/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
ip http server!line con " e&ec-timeout # " logging synchronousline vty " '
password ciscoccna loginline vty # 1# no login!end!-----------------------------------------! 02!-----------------------------------------no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption
!hostname 02!security passwords min-length 6enable secret ciscoccna!no aaa new-modelvtp domain **A4$roubleshootingvtp mode clientvtp password ciscoccna!no ip domain-lookup!no file verify auto!spanning-tree mode rapid-pvstspanning-tree e&tend system-idspanning-tree vlan 11 priority 2'#86spanning-tree vlan ," priority 2682!vlan internal allocation policy ascending!interface ast.thernet"/1 switchport access vlan 11 switchport mode access!interface ast.thernet"/2
switchport access vlan 11 switchport mode access!interface ast.thernet"/, switchport trunk native vlan 99 switchport trunk allowed vlan 11%," switchport mode trunk!interface ast.thernet"/' switchport trunk native vlan 99
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 19 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 20/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
switchport trunk allowed vlan 11%," switchport mode trunk!interface range ast.thernet"/#-2' shutdown!
interface <igabit.thernet"/1 shutdown!interface <igabit.thernet"/2 shutdown!interface lan1 no ip address no ip route-cache!interface lan11 ip address 19216112 2##2##2##" no ip route-cache
!ip http server!line con " e&ec-timeout # " logging synchronousline vty " ' password ciscoccna loginline vty # 1# no login!end!-----------------------------------------! 0,!-----------------------------------------no service password-encryption!hostname 0,!security passwords min-length 6enable secret ciscoccna!no aaa new-modelvtp domain **A4$roubleshootingvtp mode 0ervervtp password ciscoccna
!no ip domain-lookup!no file verify auto!spanning-tree mode rapid-pvstspanning-tree e&tend system-idspanning-tree vlan 11 priority 2682spanning-tree vlan ," priority 2'#86!
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 20 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 21/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
vlan internal allocation policy ascending!lan 11%,"!interface ast.thernet"/1 switchport trunk allowed vlan 11%,"
switchport mode trunk!interface ast.thernet"/2 switchport access vlan ," switchport mode access!interface ast.thernet"/, switchport trunk native vlan 99 switchport trunk allowed vlan 11%," switchport mode trunk!interface ast.thernet"/' switchport trunk native vlan 99
switchport trunk allowed vlan 11%," switchport mode trunk!interface range ast.thernet"/#-2' shutdown!interface <igabit.thernet"/1 shutdown!interface <igabit.thernet"/2 shutdown!interface lan1 no ip address no ip route-cache!interface lan," ip address 19216,"2 2##2##2##" no ip route-cache!ip default-gateway 19216,"1ip http server!line con " e&ec-timeout # " logging synchronousline vty " '
password ciscoccna loginline vty # 1# no login!end
All contents are Copyrigt ! 1992"200# Cisco $yste%s& 'nc. All rigts reser(e). *is )oc+%ent is Cisco P+,lic 'n-or%ation. Page 21 o- 22
8/13/2019 EWAN Lab 8 5 3 Instructor
http://slidepdf.com/reader/full/ewan-lab-8-5-3-instructor 22/22
CCNA ploration Accessing te AN Netor *ro+,lesooting a, 8.5.3 *ro+,lesooting nterprise Netors 3
Task 5: 1lean 6p
rase te con-ig+rations an) reloa) te ro+ters. Disconnect an) store te ca,ling. or PC oststat are nor%ally connecte) to oter netors =s+c as te scool AN or to te 'nternet>&reconnect te appropriate ca,ling an) restore te *CP/'P settings.