Tài liệu Lab FastTrack docx

interface Serial0 no ip address no ip mroute-cache shutdown no fair-queue clockrate 4000000!. interface Serial0/0 ip address 172.16.10.1 255.255.255.0 encapsulation frame-relay no i

Trang 1

These are the first 71 CCIE Labs from www.ccprep.com's Lab

FastTrack Enjoy!

Welcome, Sebastion! To access subscriber

questions, select blue button on left To update profile, please go to My Account

Welcome to the Lab FastTrack

As a subscriber, you now have access to practice labs If you have anyspecific questions about a lab, please email us at the following

address: labs@ccprep.com

Lab 01 - Trouble-Shooting Lab 02 - Policy Routing Lab 03 - Frame Relay & IPX Tunneling (GRE) Lab 04 - Time Protocol

Lab 05 - Frame Relay & AppleTalk Tunneling (Cayman) Lab 06 - Password Recovery Trouble-Shooting

Lab 07 - ISDN Lab 08 - NAT Translation Lab 09 - Frame Relay Lab 10 - BGP Trouble-Shooting Lab 11 - IP Access Lists Lab 12 - Configure IPX Lab 13 - Fast EtherChannel between Catalyst 5000 Switches Lab 14 - Virtual Link Lab

Lab 15 - Trouble-Shooting Lab 16 - Trouble-Shooting Lab 17 - Trouble-Shooting Lab 18 - ISDN Trouble-Shooting Lab 19 - BGP External and Internal Lab 20 - X-25 Lab

Lab 21 - HSRP Lab 22 - Trouble-Shooting Lab 23 - IP DHCP Server Lab 24 - Trouble-Shooting Lab 25 - AppleTalk Trouble-Shooting Lab 26 - Lost IOS Trouble-Shooting Lab 27 - DLSw+ Translation between Ethernet & Token Ring Lab 28 - AppleTalk

Lab 29 - Floating Static Route Lab 30 - Bridging

Lab 31 - Trouble-Shooting Lab 32 - OSPF

Lab 33 - Cisco's Network Address Translation with Overload Lab 34 - Configuring DECnet

Lab 35 - Trouble-Shooting Lab 36 - Variable Length Subnet Masking (VLSM) Lab 37 - IGRP Load Balancing

Lab 38 - Trouble-Shooting Lab 39 - Trouble-Shooting Lab 40 - Reverse Telnet Lab 41 - Configuring Multiple Routing Protocols Lab 42 - Trouble-Shooting

Lab 43 - Configure AppleTalk Lab 44 - Network Address Translation and Extended Access-Lists Lab 45 - Queuing

Lab 46 - Queuing Lab 47 - Multicasting Lab 48 - Traffic Shaping Lab 49 - ISDN LAB (Caller ID) Lab 50 - ISDN LAB

Lab 51 - Tacacs Lab Lab 52 - Stun Lab Lab 53 - Protocol Translation - X.25/TCP

Trang 2

Lab 54 - Trouble-Shooting Lab 55 - Trouble-Shooting Lab 56 - AppleTalk Configuration Lab 57 - AppleTalk Configuration Lab 58 - OSPF over Frame-relay LAB Lab 59 - Using Your AUX Port as a DDR Interface Lab 60 - RIPv2/OSPF Redistribution LAB

Lab 61 - Using Route-Map Statements to Redirect Traffic Lab 62 - Locating Network Devices Without a Topology Map Lab 63 - Changing Update and Hold Down Timers for EIGRP Lab 64 - Setting up a router as a frame-relay switch Lab 65 - Integrated Routing and Bridging

Lab 66 - Configuring Dec and performing LAT translation to TCP Lab 67 - Frame-relay traffic-shaping

Lab 68 - Configuring a Cisco router to provide dial-in access Lab 69 - Troubleshooting OSPF

Lab 70 - UDP Flooding Lab 71 - Gateway redundancy

Trang 3

Current configuration:

! version 11.2

no service password-encryption

no service udp-small-servers

no service tcp-small-servers

! hostname Router_A

! interface Ethernet0

ip address 172.16.4.17 255.255.255.240

no ip address shutdown

! interface Serial0

ip address 10.16.0.5 255.255.255.252

no fair-queue

! interface Serial1

ip address 10.16.1.5 255.255.255.252

ip rip authentication mode 0

! router ospf 100 network 10.16.0.0 0.0.0.255 area 0 network 10.16.1.0 0.0.0.255 area 1 area 1 virtual-link 10.16.1.6

message-digest-key 10 md5 Router_C

!

no ip classless

! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login

! end Router_A#sh ip ospf vir Router_A#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.16.1.6 is up Run as demand circuit

DoNotAge LSA allowed.

Transit area 1, via interface Serial1,

Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40,

Wait 40, Retransmit 5 Hello due in 00:00:02 Adjacency State FULL (Hello suppressed) Router_A#sh ip ospf vir

Router_A#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.16.1.6 is down Run as demand circuit

Trang 4

Transit area 1, Cost of using 65535

Transmit Delay is 1 sec, State DOWN,

Timer intervals configured, Hello 10, Dead 40,

Wait 40, Retransmit 5

Router_C

Router_C#sh run Building configuration

! version 11.3

! hostname Router_C

! interface Serial0

ip address 10.16.1.6 255.255.255.252

no ip mroute-cache

no fair-queue clockrate 56000

! interface Serial1

ip address 10.16.2.6 255.255.255.252 clockrate 56000

! router ospf 100 network 10.16.2.0 0.0.0.255 area 2 network 10.16.1.0 0.0.0.255 area 1 area 1 virtual-link 10.16.1.5

message-digest-key 10 md5 Router_A

!

ip classless

! line con 0 line 1 8 line aux 0 line vty 0 4

! end

After lunch you have noticed a problem:

Router_A#sh ip ospf vir Router_A#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.16.1.6 is down Run as demand circuit

Transit area 1, Cost of using 65535 Transmit Delay is 1 sec, State DOWN, Timer intervals configured, Hello 10,

Dead 40, Wait 40, Retransmit 5

After which, you check the configurations of both routers and discoverthat NO changes have been made!

What is the problem?

How did it happen?

Solution:

The virtual Link of Router_C does not use the correct Router ID TheRouter ID of Router_A is 172.16.4.17

Why was the virtual link UP before lunch?

The router ID, by default, will be the highest IP address configured

Before lunch Router_A had an ID that was NOT the highest IPaddress, in this case it must be that the Ethernet interface of Router_Awas configured at a later time OSPF will not change the Router ID

Trang 5

once an ID has been established

While you were at lunch you router was rebooted which changed theRouter ID

Trang 6

The following scenario refers to the diagram below

Scenario:

All routers are configured in a single OSPF area

Router_C, based on the cost metric for OSPF will send all packets with

a destination network address of 10.4.0.0 out the E0 interface

Problem:

Have all packets destined for network 10.4.0.0 exit the Serial 0Router_C

Router_C#sh ip route Codes: C - connected, S - static,

I - IGRP,

R - RIP, M - mobile, B - BGP,

D - EIGRP,

EX - EIGRP external, O - OSPF,

IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP,

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,

* - candidate default,

U - per-user static route,

o - ODR Gateway of last resort is not set 10.0.0.0/16 is subnetted, 3 subnets

C 10.2.0.0 is directly connected, Serial0

C 10.3.0.0 is directly connected, Ethernet0

O 10.4.0.0 [110/74] via 10.3.0.1, 00:00:13, Ethernet0

Solution:

Policy routing will allow you to configure a route map The route map

Trang 7

will be used by the router in lieu of destination routing.

In this scenario the best route to the destination network 10.4.0.0 is

to go ethernet We want to force the route to take the serialconnection

Sequence to insert to/delete from existing route-map entry

! hostname Router_C

!

ip address 10.3.0.3 255.255.0.0

ip address 10.1.0.3 255.255.0.0

ip policy route-map takeserial*Step 1

! interface Serial0

! interface Serial1

! router ospf 100 network 10.0.0.0 0.255.255.255 area 0

!

no ip classless access-list 1 permit 10.1.0.5

route-map takeserial permit 10 *Step 2 match ip address 1 *Step 3 set interface Serial0 *Step 4

! line con 0 line aux 0 line vty 0 4 login

! end

Now we will ping 10.4.0.2 from Workstaton A:

Router_C#debug ip policy Policy routing debugging is on Router_C#

IP: s=10.1.0.5 (Ethernet1), d=10.4.0.2, len 74, policy match

IP: route map takeserial, item 10, permit

IP: s=10.1.0.5 (Ethernet1), d=10.4.0.2 (Serial0),

Trang 8

len 74, policy routed IP: Ethernet1 to Serial0 10.4.0.2 IP: s=10.1.0.5 (Ethernet1), d=10.4.0.2, len 74, policy match

IP: s=10.1.0.5 (Ethernet1), d=10.4.0.2 (Serial0), len 74, policy routed IP: Ethernet1 to Serial0 10.4.0.2 IP: s=10.1.0.5 (Ethernet1), d=10.4.0.2, len 74, policy match

IP: s=10.1.0.5 (Ethernet1), d=10.4.0.2 (Serial0), len 74, policy routed IP: Ethernet1 to Serial0 10.4.0.2

Trang 9

$1$eZ3D$vnTjKaCLtbSCcMF1mGzZm0 enable password ccnaprep

!

frame-relay switching

isdn switch-type ntt

! interface Serial0

no ip address

no ip mroute-cache shutdown

! interface Serial1

encapsulation frame-relay

no ip mroute-cache keepalive 15 clockrate 2000000

frame-relay lmi-type cisco frame-relay intf-type dce frame-relay route 100 interface Serial2

200

! interface Serial2

encapsulation frame-relay frame-relay lmi-type ansi

frame-relay intf-type dce

Trang 10

frame-relay route 200 interface Serial1

100

! interface Serial3

no ip address

no cdp enable

! interface TokenRing0

no ip address

no cdp enable

! interface BRI0

no ip address

no cdp enable

!

ip classless

! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 password ccieprep login

end

Router_C

! version 11.2

! hostname Router_C

! enable secret 5

$1$jCQH$nzkHW6lQ9ywoAX87xsp9p1 enable password ccnaprep

! ipx routing 0060.09c3.df60

interface Tunnel0

no ip address ipx network CAD tunnel source Serial0 tunnel destination 172.16.10.1

!

interface Ethernet0 ipx network DAD

! interface Serial0

ip address 172.16.10.2 255.255.255.0 encapsulation frame-relay

no fair-queue

! interface Serial1

!

no ip classless

line con 0 line aux 0 line vty 0 4 password sailing login

! end

Router_A

! version 11.3

! hostname Router_A

! enable secret 5

$1$.s1R$iaEqZxLnYJo2QlZi8UNaO0

Trang 11

no ip mroute-cache

ipx network BAD

no cdp enable

! interface Serial0/0

ip address 172.16.10.1 255.255.255.0 encapsulation frame-relay

no ip mroute-cache

frame-relay lmi-type ansi

! interface TokenRing0/0

no ip address

ring-speed 16

no cdp enable

! interface FastEthernet1/0

no ip address

! end

Full connectivity:

Router_A#sh ipx route Codes: C - Connected primary network, c -

Connected secondary network

S - Static, F - Floating static, L -

Local (internal), W - IPXWAN

R - RIP, E - EIGRP, N - NLSP, X -

External, A - Aggregate

s - seconds, u - uses, U - Per-user

static

3 Total IPX routes Up to 1 parallel paths

and 16 hops allowed.

No default route known.

C BAD (NOVELL-ETHER), Et0/0

C CAD (TUNNEL), Tu0

R DAD [151/01] via .

CAD.0060.09c3.df60, 32s, Tu0

Trang 12

Using the diagram below configure Network Time Protocol

Send_ntp will provide time to Receive_ntp

Use your current time and location for your clock settings

Solution:

Set the appropriate time and time zone for the router that will act asyour time server

Also set the time server using the "ntp master" command

At the appropriate interface broadcast the NTP protocol

Send_ntp#clock set 07:30:00 20 jan

1999

Send_ntp#config t Enter configuration commands, one per line

End with CNTL/Z.

Send_ntp(config)#clock ? summer-time Configure summer (daylight

savings) time timezone Configure time zone

Send_ntp(config)#clock timezone est 5 Send_ntp(config)#clock summer-time ? WORD name of time zone in summer

Send_ntp(config)#clock summer-time est ? date Configure absolute summer time recurring Configure recurring summer time

Send_ntp(config)#clock summer-time est

recurring

Send_ntp(config)#int s0

Send_ntp(config-if)#ntp broadcast Send_ntp(config)#ntp master

Send_ntp#sh run Building configuration

%SYS-5-CONFIG_I: Configured from console by

console Current configuration:

!

! Last configuration change at 07:40:38 est

Wed Jan 20 1999

! version 11.3

! hostname Send_ntp

!

! clock timezone est 5

Trang 13

ip address 172.16.2.32 255.255.255.0

! interface Serial0

ip address 172.16.4.5 255.255.255.252

no ip mroute-cache ntp broadcast

no fair-queue

! interface Serial1

! router rip network 172.16.0.0

!

ip classless line con 0 line 1 8 line aux 0 line vty 0 4

! ntp master end

To configure the receiving router, just point it to the time server

Before router is configured to receive time from NTP server:

receive_ntp#sh clock

*00:05:04.359 UTC Mon Mar 1 1993

receive_ntp#config t Enter configuration commands, one per line

receive_ntp#sh run Building configuration

! version 11.3

! hostname receive_ntp interface Serial0

ip address 172.16.4.6 255.255.255.252

no ip mroute-cache clockrate 56000

! interface Serial1

! interface Serial2

! interface Serial3

! interface BRI0

!

ip classless line con 0 line aux 0 line vty 0 4 login

! ntp server 172.16.4.5 end

Trang 14

Trang 15

-Frame Relay and Appletalk Tunneling (Cayman)

Given: The following diagram Configure Router_B as a frame relay switch Configure Appletalk withCayman Tunneling

Solution:

Router_C

! version 11.2

! hostname Router_C

! enable secret 5

$1$jCQH$nzkHW6lQ9ywoAX87xsp9p1 enable password ccnaprep

! appletalk routing ipx routing 0060.09c3.df60

! interface Loopback0

no ip address appletalk cable-range 140-149 148.178 appletalk zone left

no ip address

Trang 16

shutdown

! interface Serial0

!

no ip classless

! line con 0 line aux 0 line vty 0 4 password sailing login

! end Router_C#sh app route Codes: R - RTMP derived, E - EIGRP derived,

C - connected, A - AURP

S - static P - proxy

2 routes in internet The first zone listed for each entry is its

default (primary) zone.

C Net 140-149 directly connected, Ethernet0,

! enable secret 5

$1$eZ3D$vnTjKaCLtbSCcMF1mGzZm0 enable password cnaprep

no ip address

! interface Serial1

ip address 65.62.245.3 255.255.255.0

frame-relay lmi-type cisco frame-relay intf-type dce frame-relay route 100 interface Serial2

200

! interface Serial2

ip address 65.62.245.4 255.255.255.0

frame-relay lmi-type cisco

frame-relay intf-type dce

frame-relay route 200 interface Serial1

100

! interface Serial3

no ip address

no cdp enable

no ip address

no cdp enable

! interface BRI0

no ip address

Trang 17

! end

Router_A

Router_A#sh run Building configuration

! version 11.3

! hostname Router_A

! enable secret 5

$1$.s1R$iaEqZxLnYJo2QlZi8UNaO0 enable password ccnaprep appletalk routing ipx routing 0010.7b15.bd41

! interface Loopback0

ip address 172.17.10.2 255.255.255.0

! interface Tunnel0

no ip address

tunnel source Serial0/0 tunnel destination 172.16.10.2 tunnel mode cayman

! interface Ethernet0/0

ip address 172.18.10.2 255.255.255.0

no ip mroute-cache

appletalk cable-range 150-159

152.202 appletalk zone right

no cdp enable

ip address 172.16.10.1 255.255.255.0

no ip mroute-cache cdp enable

frame-relay lmi-type cisco

no ip address

ring-speed 16

no cdp enable

no ip address

no cdp enable

!

ip classless

! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 password ccieprep login

! end Router_A#sh app route Codes: R - RTMP derived, E - EIGRP derived,

C - connected, A - AURP

S - static P - proxy

2 routes in internet The first zone listed for each entry is its

default (primary) zone.

R Net 140-149 [1/G] via 0.0, 7 sec, Tunnel0,

zone left

C Net 150-159 directly connected,

Ethernet0/0, zone right

Notice that, when using Cayman tunneling, you must not configurethe tunnel with an AppleTalk network address

Trang 18

When configuring GRE-IP, an Appletalk address must be used

Trang 19

Password Recovery Trouble Shooting

Let us assume that you have a router and you don’t know the enablesecret password

First and foremost you must have physical access to the router toperform password recovery Bit 6 defines if the configuration file will

be loaded from NVRAM Since there is a password in the configurationfile that we do not know, we will want to set bit 6 to 1

If bit 6 is 0 then the router will load the configuration file fromNVRAM If bit 6 is 1 then the router will not load the configuration filefrom NVRAM

Configuration Register represented in Decimal

The Configuration Register represented in Hexadecimal

The following are the steps to recover from a lost password

1 Turn the router off, turn the router on, and within 60 secondsissue the break sequence of your terminal emulation package Ifyou are using hyperterminal that would be <ctrl><pause>

2 You will now be in ROM monitor mode indicated by the >

prompt Our goal here is to turn bit 6 on, so if the configurationregister is set to 0x2102, we want to change the register to0x2142 To determine the current configuration register settinguse the following command:

4 Get into the configuration mode and key in your new password

5 Change the configuration register back to original setting

6 Perform a no-shut on all interfaces

7 Copy the running configuration to NVRAM

All of the steps are in bold

Trang 20

System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

2500 processor with 16384 Kbytes

of main memory

Abort at 0x10EA87C (PC) break sequence issued here

>e/s2000002 2000002: 2102 use q to quit the examine mode

>o/r0x2142

>i

of main memory F3: 7564496+94188+304272 at 0x3000060 <output eliminated>

- System Configuration Dialog ->

At any point you may enter a question mark "?"

for help.

Use ctrl-c to abort configuration dialog at any prompt.

Default settings are in square brackets "[ ]."

Would you like to enter the initial configuration dialog? [yes]: n Press RETURN to get started!

%LINK-3-UPDOWN: Interface Ethernet0, changed state to up

%LINK-3-UPDOWN: Interface Serial0, changed state to down

%LANCE-5-COLL: Unit 0, excessive collisions TDR=6

%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0,

changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1,

changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,

changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1,

%SYS-5-RESTART: System restarted Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-J-L), Version 11.2(3),

Compiled Mon 30-Dec-96 21:28 by ajchopra

%LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down

%LINK-5-CHANGED: Interface Serial0, changed state to administratively down

Router>en Router#copy start run

Trang 21

First and foremost you must have physical access to the router toperform password recovery Bit 6 defines if the configuration file will

be loaded from NVRAM Since there is a password in the configurationfile that we do not know, we will want to set bit 6 to 1

If bit 6 is 0 then the router will load the configuration file fromNVRAM If bit 6 is 1 then the router will not load the configuration filefrom NVRAM

Configuration Register represented in Decimal

The Configuration Register represented in Hexadecimal

The following are the steps to recover from a lost password

1 Turn the router off, turn the router on, and within 60 secondsissue the break sequence of your terminal emulation package Ifyou are using hyperterminal that would be <ctrl><pause>

2 You will now be in ROM monitor mode indicated by the >

prompt Our goal here is to turn bit 6 on, so if the configurationregister is set to 0x2102, we want to change the register to0x2142 To determine the current configuration register settinguse the following command:

4 Get into the configuration mode and key in your new password

5 Change the configuration register back to original setting

6 Perform a no-shut on all interfaces

7 Copy the running configuration to NVRAM

All of the steps are in bold

of main memory

Abort at 0x10EA87C (PC) break sequence issued here

>e/s2000002 2000002: 2102 use q to quit the examine mode

>o/r0x2142

>i

Trang 22

-At any point you may enter a question mark "?"

for help.

Use ctrl-c to abort configuration dialog at any prompt.

Default settings are in square brackets "[ ]."

Would you like to enter the initial configuration dialog? [yes]: n Press RETURN to get started!

%LANCE-5-COLL: Unit 0, excessive collisions TDR=6

%SYS-5-RESTART: System restarted Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-J-L), Version 11.2(3),

Compiled Mon 30-Dec-96 21:28 by ajchopra

atlanta(config)#int e1 atlanta(config-if)#no shut

atlanta(config-if)#int s0 atlanta(config-if)#no shut

atlanta(config)#int s1 atlanta(config-if)#no shut atlanta(config-if)#

Trang 23

! version 12.0

no service pad service timestamps debug uptime service timestamps log uptime

! hostname 800

no ip address

no ip directed-broadcast shutdown

! interface BRI0

ip address 10.0.0.1 255.255.255.0

no ip directed-broadcast encapsulation ppp

dialer map ip 10.0.0.2 name Router_B 8358661 dialer-group 1

isdn spid1 0835866201 isdn spid2 0835866401 ppp authentication chap

hold-queue 75 in

! router rip network 10.0.0.0

!

ip classless

! dialer-list 1 protocol ip permit

! line con 0 transport input none stopbits 1 line vty 0 4

! end

Trang 24

Verification of Configuration:

800#ping 10.0.0.2 Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:

21:34:25: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 32/40/56 ms 800#

21:34:25: BR0:1 PPP: Treating connection as a callout 21:34:26: BR0:1 PPP: Phase is AUTHENTICATING, by both 21:34:26: BR0:1 CHAP: O CHALLENGE id 31 len 24 from "800"

21:34:26: BR0:1 CHAP: I CHALLENGE id 31 len 29 from "Router_B"

21:34:26: BR0:1 CHAP: O RESPONSE id 31 len 24 from "800"

21:34:26: BR0:1 CHAP: I SUCCESS id 31 len 4 21:34:26: BR0:1 CHAP: I RESPONSE id 31 len 29 from "Router_B"

21:34:26: BR0:1 CHAP: O SUCCESS id 31 len 4 21:34:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state

to up 800#ping 10.0.0.2 Type escape sequence to abort.

TEI = 85, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 86, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Spid Status:

TEI 85, ces = 1, state = 8(established) spid1 configured, no LDN, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 2, tid = 1 TEI 86, ces = 2, state = 8(established) spid2 configured, no LDN, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 4, tid = 1 Layer 3 Status:

1 Active Layer 3 Call(s) Activated dsl 0 CCBs = 1 CCB:callid=0x801C, sapi=0x0, ces=0x1, B-chan=1 calltype = DATA Total Allocated ISDN CCBs = 1

Router_B

Router_B#sh run Building configuration

! version 11.3

! hostname Router_B

! username Router_B password 0 ccieprep username 800 password 0 ccieprep

ip subnet-zero

isdn switch-type basic-ni1

! interface Serial0

ip address 10.16.0.6 255.255.255.252

! interface Serial1

! interface Serial2

! interface Serial3

Trang 25

! interface BRI0

ip address 10.0.0.2 255.255.255.0 encapsulation ppp

dialer map ip 10.0.0.1 name 800 8358662

dialer-group 1

isdn spid1 0835866101 isdn spid2 0835866301 ppp authentication chap

! router ospf 100 network 10.16.0.0 0.0.0.255 area 0

!

ip classless dialer-list 1 protocol ip permit

! end

Trang 26

All configurations will refer to the diagram below

The scenario is as follows:

Your organization is using the private address of 10.0.0.0 /24 YourISP has assigned the public address of 200.200.200.0 /24 to yourorganization

Our goal is to configure Router A to provide us with addresstranslation to go from the private address to the public address Wealso want to advertise this public address out to the world

The configuration commands that accomplish these goals are

presented in bold.

! version 11.3

! hostname router_a

! enable secret 5 $1$.s1R$iaEqZxLnYJo2QlZi8UNaO0 enable password guess

ip address 200.200.200.1 255.255.255.0 secondary

ip address 10.10.10.1 255.255.255.0

Trang 27

ip address 150.100.10.72 255.255.255.0

ip nat outside

encapsulation frame-relay

no ip address shutdown ring-speed 16

!

router rip network 200.200.200.0

! end

Explanation of the bold commands:

Ip nat Defines the pool name of "nat-example" the first public address is200.200.200.1 and the last address 200.200.200.255 The mask is255.255.255.0 or /24

pool-Ip nat inside Applies the access-list 1 to the pool "nat-example"

source-Ip address 200.200.200.1 255.255.255.0 Applies the public address to the e0/0 interface as a secondaryaddress Since we want to advertise the public address we mustconfigure the address

secondary-Ip nat Defines the e0/0 interface as the inside address

inside-Ip nat Define serial 0 as the outside addressesRouter rip-

outside-Network 200.200.200.0Because we configures the 200.200.200.0 address as a secondaryaddress we can advertise it with RIP

Access-list 1 permit 10.10.10.0 0.0.0.0.255Permits the private addresses on the 10.10.10.o subnet to betranslated to the public address

The following is the actual translation taken after the seri10.10.10.1interface of the router and the workstation 10.10.10.2 performed aping of the Serial interface of the ISP’s router

router_a#sh ip nat transPro Inside global Inside local Outside local Outside global - 200.200.200.1 10.10.10.1 - -

200.200.200.2 10.10.10.2

Trang 28

Trang 29

09-Frame Relay Lab

Given: Figure 1; configure all routers with IP and Frame Relay Verify

your configuration with the ping command

Solution:

Router_A

! version 11.3

! hostname Router_A

!

ip host router_C 65.62.245.2

no ip address

no cdp enable

ip address

65.62.245.1 255.255.255.0 encapsulation frame-relay

no ip mroute-cache

no fair-queue frame-relay lmi-type cisco

! interface BRI0/0

no ip address

no ip mroute-cache shutdown ring-speed 16

no cdp enable

Trang 30

no ip address

! end

Router_B

! version 11.3

! hostname Router_B

! frame-relay switching isdn switch-type ntt

! interface Serial0

no ip address encapsulation frame-relay

no ip mroute-cache

no fair-queue clockrate 56000 frame-relay intf-type dce frame-relay route 100

interface Serial1 200

! interface Serial1

no ip address encapsulation frame-relay

no ip mroute-cache clockrate 2000000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 200

interface Serial0 100

no ip address

no cdp enable

! interface BRI0

no ip address

! end

Router_C

Trang 31

%SYS-5-CONFIG_I: Configured from console by console Building configuration

! version 11.2

! hostname Router_C

!

ip host router_b 65.62.245.1 210.7.93.2

! interface Serial0

ip address 65.62.245.2 255.255.255.0 encapsulation frame-relay

no fair-queue frame-relay lmi-type ansi

! interface Serial1

!

no ip classless

! end

Verification:

Router_A#ping 65.62.245.2 Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to

65.62.245.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5),

round-trip min/avg/max = 36/36/36 ms Router_A#sh frame map

Serial0/0 (up): ip 65.62.245.2 dlci

100(0xC9,0x3090), dynamic, broadcast,, status defined, active Router_A#sh frame lmi LMI Statistics for interface Serial0/0

(Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0

Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq Sent 300 Num Status msgs Rcvd 228 Num Update Status Rcvd 0 Num Status Timeouts 72 Router_A#sh frame pvc PVC Statistics for interface

Serial0/0 (Frame Relay DTE) DLCI = 100, DLCI USAGE = LOCAL,

PVC STATUS = ACTIVE,

INTERFACE = Serial0/0 input pkts 11 output pkts 13 in bytes 1070 out bytes 1130 dropped pkts 0 in FECN pkts 0

Trang 32

in BECN pkts 0 out FECN pkts 0 out BECN pkts 0

in DE pkts 0 out DE pkts 0 out bcast pkts 3 out bcast bytes 90 pvc create time 00:28:47,

last time pvc status changed 00:27:08

Trang 33

Network Next Hop Metric LocPrf Weight Path

*>i172.16.0.0 200.16.1.1 0 100 0 i

* i198.0.2.0 172.16.2.5 0 100 0 100 i

*>i200.16.1.0 200.16.1.1 0 100 0 I RouterC#ping 198.0.2.1

Type escape sequence to abort.

Success rate is 0 percent (0/5)

Refer to the following configuration of RouterA and RouterB Assuming

Trang 34

that a single command was removed from RouterB, what commandwould be entered to once again provide full connectivity

RouterA

RouterA#sh run Building configuration

! version 11.2

! hostname RouterA

ip address 198.0.2.1 255.255.255.0

! interface Serial0

ip address 172.16.2.5 255.255.255.252

! interface Serial1

! router rip passive-interface Serial0 network 198.0.2.0 network 172.16.0.0

! router bgp 100 network 172.16.0.0 network 198.0.2.0 neighbor 172.16.2.6 remote-as 200

!

no ip classless

!

! end

RouterB

RouterB#sh run Building configuration

! version 11.3

! hostname RouterB

ip address 200.16.1.1 255.255.255.0

! interface Serial0

ip address 172.16.2.6 255.255.255.252

no ip mroute-cache

! interface Serial1

! router bgp 200 network 200.16.1.0 network 172.16.0.0

Trang 35

neighbor 172.16.2.5 remote-as 100 neighbor 172.16.2.10 remote-as 200 neighbor 172.16.2.10 route-reflector-client neighbor 200.16.1.2 remote-as 200 neighbor 200.16.1.2 route-reflector-client

!

ip classless

! line con 0 line 1 8 line aux 0 line vty 0 4 login

! end

Solution:

BGP requires a route to be present in the IGP routing table before itcan be communicated to the neighbors This is called synchronizationand it is activated by default

Since there is no IGP running on RouterB we would be required toturn synchronization off with the following commands:

RouterB(config)#router bgp 200 RouterB(config-router)#no synchronization

At this point RouterC will again learn of the 198.0.2.0 network

* Synchronization must also be turned off at RouterC

Trang 36

- Workstation C is not allowed to ping Router_A

- Workstation C is not allowed to use SNMP to Router_A

- Workstation C is denied accessing Router_B with any protocol otherthan Telnet & TFTP

- Any other traffic not explicitly defined will be denied

Router_A

! version 11.3

! hostname Router_A

ip address 172.19.10.2 255.255.255.0

ip address 172.18.1.1 255.255.255.0

! router eigrp 16 network 172.18.0.0 network 172.19.0.0

! router rip redistribute eigrp 16 metric 1 network 172.19.0.0

Trang 37

ip classless

! end

Router_B

! version 11.3

no service password-encryption service udp-small-servers service tcp-small-servers

! hostname Router_B

! interface Serial0

ip address 172.18.1.2 255.255.255.0

no ip route-cache

!

router eigrp 16 redistribute rip metric 1544 10 255 1 1500 network 172.17.0.0

network 172.18.0.0

! router rip redistribute eigrp 16 metric 1 network 172.17.0.0

!

ip classless

! line con 0 line aux 0 transport input all line vty 0

access-class 12 in login

line vty 1 4 login

! end

Router_C

! version 11.2

no service password-encryption service udp-small-servers service tcp-small-servers

! hostname Router_C

! appletalk routing

ip address 172.19.10.1 255.255.255.0

no ip route-cache

no ip mroute-cache

! interface Serial0

ip address 172.17.1.1 255.255.255.0

no ip route-cache

! interface Serial1

no ip address

Trang 38

no ip route-cache

! router rip network 172.16.0.0 network 172.17.0.0 network 172.19.0.0

no ip classless

! line con 0 line aux 0 transport input all line vty 0 4 login

! end

Solution

access-list 101 deny icmp host 172.16.10.5

host 172.18.1.1 echo access-list 101 deny icmp host 172.16.10.5

host 172.19.10.2 echo access-list 101 deny udp host 172.16.10.5

host 172.19.10.2 eq snmp access-list 101 deny udp host 172.16.10.5

host 172.18.1.1 eq snmp access-list 101 permit ip host 172.16.10.5

host 172.19.10.2 access-list 101 permit tcp any any eq telnet access-list 101 permit udp any any eq tftp

There is no need to deny all protocols from Workstation C to Router_Bbecause the implicit deny will take care of that

The last step is the placement of the list

Place the list on the e0 incoming interface of Router_C as follows:

Router_C(config) #int e0 Router_C(config-if) #ip access-group 101 in

Trang 39

Connected secondary network

S - Static, F - Floating static, L -

Local (internal), W - IPXWAN

R - RIP, E - EIGRP, N - NLSP, X -

External, A - Aggregate

s - seconds, u - uses, U - Per-user

static

5 Total IPX routes Up to 2 parallel paths

and 16 hops allowed.

No default route known.

L B1 is the internal network

Given the diagram and the routing table we can deduce the following:

- Network CAD is the ethernet link on the bottom

- CAD is the only network in the diagram that can be reached by twodifferent paths of the same metric of 7 TICKS and 1 HOP

- Router_B must have maximum paths configured

- Since we have two ways to get to Network CAD and IPX RIP does notload share by default maximum paths must have been configured

- Network FAD is the ethernet on the left It's the only other networkout Serial 0 that is 1 HOP away

Trang 40

- IPXWAN is configured on all serial links

- the fact there is no IPX networks numbers on the serial links wouldmean that IPXWAN is configured

- NLSP is configured on the serial interfaces

- If IPXWAN is configured we must be using NLSP as the routingprotocol on the serial interfaces

Router_A

hostname Router_A

!

ipx routing 0010.7b15.bd41 ipx internal-network A1

no ip address

ipx network CAD

!

ip classless

! end

Router_B

! version 11.3

! hostname Router_B

!

! ipx routing 0007.7816.fe54

ipx maximum-paths 2

ipx internal-network B1

! interface Serial0

! interface Serial3

! interface BRI0

Tiêu đề	Trouble-Shooting
Trường học	Unknown
Chuyên ngành	Networking
Thể loại	Lab
Năm xuất bản	2000
Thành phố	Unknown

Định dạng
Số trang	261
Dung lượng	3,94 MB