Tài liệu The Shrike – 6CoLabs pdf

8 points 2.4.1 Mutually redistribute RIP and OSPF on R5 Redistribute only the odd numbered loopback networks learned from R1.. 3.3 You can't use dialer-watch, dial-on-demand or ospf de

The Shrike – 6CoLabs

Part 0: Pre Lab Setup

0.1 Load the initial configs

0.2 The major Network is 150.4.0.0

0.3 Create a loopback interface (Lo0) on each router

This loopback interface’s address must be 150.4.x.x where x is the router number The subnet mask is /24

0.4 Default routes, static routes and routes to null0 are not permitted unless otherwise specified

0.5 At the end of your work, verify the IP connectivity Unless it is otherwise specified, every interface must be “pingable” from any router

Part 1: Bridging and Switching (16 points)

1.1 Catalyst s 3550 configuration (7 points)

1.1.1 On Cat35-1, the vtp domain name must be 6Colabs and the vtp mode server

Cat35-2 must synchronize its VLAN configuration with Cat35-1 You can’t change Cat35-2’s VLAN configuration 1.1.2 Vlans Configuration:

Assign the Catalyst Cat35-1’s ports as shown below:

10 VLAN-A FA0/6, FA0/8

20 VLAN-B FA0/18, FA0/24

1.1.3 Configure a Trunk on an EtherChannel bundle between Cat35-1 and Cat35-2 Use dot1Q for the trunk

encapsulation Disable Trunk negotiation You must manually configure EtherChannel and the trunk

1.1.4 Only VLAN 1, 10, 20, 30, 40 and 50 are allowed on the trunk

1.1.5 Reduce the startup delay of the Cat35-2’s FastEthernet ports 0/1 to 0/12 without turning Spanning-Tree off

1.2 Frame-Relay Configuration (3 points)

1.2.1 Configure R6 and R5 over Frame-Relay Use only subinterfaces

1.2.2 Configure R6 and R14 over Frame-Relay Don't use a subinterface on R14

1.2.3 Configure R1 and R5 over Frame-Relay

The frame-relay switch R7 has been configured with fully meshed PVCs Use only the PVCs shown in the diagram

1.3 PPP configuration (2 points)

1.3.1 The encapsulation for the serial connection between R6 and R8 must be PPP

Use a clock rate of 256000 on R6 S0/1

1.3.2 Configure R6 to shutdown the link if the quality drops below 80%

1.4 ATM configuration (4 points)

1.4.1 Configure Classical IP between R13 and R14 You must specify the Esi-address on both sides R14 is the ARP server Don't use any subinterface

Part 2: IP IGP Protocols (26 points) 2.1 OSPF Configuration (10 points)

2.1.1 Configure the OSPF areas as shown in the diagram

Enable OSPF by specifying the entire mask in your network statement

On R5, R6, R8 and R14, assign the loopback interface Lo0 to the OSPF area of your choice

2.1.2 Configure area 0 to use the highest level of authentication possible Use the password cisco

2.1.3 Do not advertise the loopback interfaces as host routes (/32 mask)

2.2 RIP Configuration (4 points)

2.2.1 Configure RIP between R5 and R1 Add the loopbacks and the ethernet networks on R1 to the RIP process 2.2.2 Make sure that R1 can only send and receive RIP v1 updates on its Ethernet interface

2.2.3 Don't summarize the routes on R1 and R5

2.2.4 Configure RIP authentication between R1 and R5 Use the highest level of authentication possible

2.3 EIGRP configuration (4 points)

2.3.1 Configure EIGRP as shown in the diagram Include R13 loopback interface into the EIGRP process

2.4 Redistribution configuration (8 points)

2.4.1 Mutually redistribute RIP and OSPF on R5

Redistribute only the odd numbered loopback networks learned from R1 To do so, you are allowed only one

statement in your access-list

2.4.2 Mutually redistribute EIGRP 100 and OSPF on R6 and R14

2.4.3 R8 must prefer the routes learned via Eigrp over Ospf

Part 3: Dial (10 points)

3.1 The ISDN link must come up only when the Frame-Relay link is down

Use the Frame-Relay feature that checks if the remote end of the VC is up or down via keepalive requests

3.2 Only R5 must initiate the call When the frame-relay goes down, the ISDN link must be brought up in less than 5 seconds

3.3 You can't use dialer-watch, dial-on-demand or ospf demand-circuit

3.4 Shutdown S0/0.1 on R6 and make sure that R1 can still reach every network when using the ISDN link

Part 4: BGP (23 points)

4.1 IBGP Configuration (3 points)

4.1.1 Configure R6, R8 and R14 in AS65005 R6 and R14 should have only one neighbor within AS 65005

4.1.2 Don't turn off synchronization in AS65005

4.1.3 Every BGP router must use its loopback address when peering

4.2 EBGP Configuration (8 points)

4.2.1 Configure router R1 in AS65001 to peer with router R5 in AS2

4.2.2 Configure router R6 in AS3 to peer with router R5 in AS2

4.2.3 Configure router R14 in AS3 to peer with router R13 in AS4 and with Cat35-2 in AS5

4.2.4 Every BGP router must use its loopback address when peering except between AS5 and AS3

4.3 Redistribution/Filtering (12 points)

4.3.1 Create a loopback interface Lo10 on R1 with IP subnet 172.16.1.0/24 and inject it into BGP

Make sure that every router within AS3 know about this subnet

4.3.2 Don't advertise the network 172.16.1.0/24 to AS4 or AS5 You can only make the change on R6

4.3.3 Configure R1 to advertise all the networks 192.168.x.0/24 and summarize them as a single network Use the shortest prefix possible You must redistribute the networks into BGP without using the network command

4.3.4 AS3 must see the networks learned from R1 without AS path containing AS65001

The change must be done on R5 Don’t use a route-map

4.3.5 Create a loopback interface on R6 with IP subnet 210.210.210.0/24 and inject it into BGP

Make sure that this subnet shows up in every router within AS3, AS4 and AS5 only

Don’t advertise this subnet via BGP nor IGP to R1 and R5

4.3.6 Advertise a default route via BGP to Cat35-2

5.1.2 Configure R5 to peer with R6 in case the DLSW connection between R5 and R8 fails Use DLSW Lite

encapsulation between R5 and R6

Make sure that the link between R5 and R6 doesn't stay up when the link between R5 and R8 is restored

5.1.3 Only R5 must establish the DLSW connections Don’t use the option promiscuous on R6 and R8

5.1.4 Eliminate unnecessary traffic by disabling spanning-tree negotiation protocol

5.1.5 Configure a filter on R5 that will allow only Netbios traffic to R6 and R8

Part 6: Voice (8 points)

6.1.1 Configure Phone A on R13 with the number 1301

6.1.2 Configure Phone B on R13 with the number 1302

6.1.3 Configure Phone C on R14 with the number 1401

6.1.4 You must be able to dial any number from Phone C and ring Phone B You must still connect to the right

extension Num-exp is not allowed

6.1.5 Configure Phone A to be able to call Phone C

6.1.6 Picking up Phone B must ring automatically Phone A

6.1.7 The voice quality is of the highest importance and you have plenty of network bandwidth:

- choose a codec with the highest quality

- enable the transmission of silence packets

6.1.8 Reserve the equivalent of 10% of an OC3 link for the voice traffic with a maximun of 80kbps per single-flow Only R13 will request the reservation of bandwidth

Part 7: Other IOS Features (9 points)

7.1.1 You want to prevent DOS (Denial of Service) attacks coming from the network attached to e0/0 on R1

a) - Enable the feature that will discard IP packets that lack a verifiable IP source address

b) - Protect the TCP servers on the network 150.4.0.0/16 from TCP SYN-flooding attacks

7.1.2 Configure an access-list on R1 with the following requirement:

- permit smtp traffic to the mail server 150.4.50.3

- permit http traffic to the web server 150.4.50.3

- permit ftp traffic to the ftp server 150.4.50.2

- permit http traffic if the connection was established from any host belonging to the network 150.4.114.0

- permit RIPv1

- log the denied packets

The access-list must be applied to R1’s e0/0

7.1.3 Telnet access to the Catalyst Cat35-2 must be only permitted from R5 R5 must use the address of its loopback address as the source address for Telnet

7.1.4 Configure R5 to serve as a DHCP Server for the clients attached to R5’s E0/0 You must exclude the following addresses from the pool: 150.4.50.101 – 150.4.50.254

Configure the following configuration:

You need to configure manual bindings for two hosts:

- The host serving as a Mail and web server has the following mac-address 00-50-BA-DD-BA-00

You must allocate the IP address 150.4.50.3

- The host serving as a FTP server has the following mac-address 00-50-BA -DD-BA -01

You must allocate the IP address 150.4.50.2

The Shrike – 6CoLabs

ANSWERS

(the answers are written in italics)

Part 0: Pre Lab Setup

0.1 Load the initial configs

0.2 The major Network is 150.4.0.0

0.3 Create a loopback interface (Lo0) on each router

This loopback interface’s address must be 150.4.x.x where x is the router number The subnet mask is /24 0.4 Default routes, static routes and routes to null0 are not permitted unless otherwise specified

0.5 At the end of your work, verify the IP connectivity Unless otherwise specified, every interface must be be

“pingable” from any router

Part 1: Bridging and Switching (16 points)

1.1 Catalyst s 3550 configuration (7 points)

1.1.1 On Cat35-1, the vtp domain name must be 6Colabs and the vtp mode server

Cat35-2 must synchronize its VLAN configuration with Cat35-1 You can’t change Cat35-2’s VLAN configuration

Answer: In vtp client mode, Cat35-2 can’t create, change or delete VLANs

Assign the Catalyst Cat35-1’s ports as shown below:

10 VLAN-A FA0/6, FA0/8

20 VLAN-B FA0/18, FA0/24

1.1.3 Configure a Trunk on an EtherChannel bundle between Cat35-1 and Cat35-2 Use dot1Q for the trunk

encapsulation Disable Trunk negotiation You must manually configure EtherChannel and the trunk

A: Create the Etherchannel first with the following commands on Cat35-1 and Cat35-2

Int fa0/19

Channel-group 1 mode on

Int fa0/20

show etherchannel 1 detail

To configure the trunk on the Etherchannel, you must add the following commands:

Int port-channel 1

switchport trunk encapsulation dot1q

To disable the trunk negotiation, you need to turn off DTP (Dynamic Trunk Protocol):

Int port-channel 1

switchport mode trunk (converts the link to trunk)

switchport nonegotiate (turn off DTP)

Check your entries with:

show interface port-channel 1 switchport

1.1.4 Only VLAN 1, 10, 20, 30, 40 and 50 are allowed on the trunk

A: Add the following command:

Int port-channel 1

switchport trunk allowed vlan 1,10,20,30,40,50,1002-1005

Check your entries with:

show interface port-channel 1 trunk

Don’t forget to enter the commands on both switches

1.2 Frame-Relay Configuration (3 points)

1.2.1 Configure R6 and R5 over Frame-Relay Use only subinterfaces

1.2.2 Configure R6 and R14 over Frame-Relay Don't use a subinterface on R14

1.2.3 Configure R1 and R5 over Frame-Relay

The frame-relay switch R7 has been configured with fully meshed PVCs Use only the PVCs shown in the diagram

A: Disable inverse-arp

Interface serial 0/0

No frame-relay inverse-arp

1.3 PPP configuration (2 points)

1.3.1 The encapsulation for the serial connection between R6 and R8 must be PPP

Use a clock rate of 256000 on R6 S0/1

1.3.2 Configure R6 to shutdown the link if the quality drops below 80%

A: Link Quality Monitor (LQM) will monitor the link and shutdown the router interface if the quality drops

On R6:

Interface s0/1

Encapsulation ppp

Ppp quality 80

1.4 ATM configuration (4 points)

1.4.1 Configure Classical IP between R13 and R14 You must specify the Esi-address on both sides R14 is the ARP server Don't use any subinterface

A: Use ILMI to discover the ATM prefix

Interface atm 2/0

Pvc 0/16 ilmi

Show atm ilmi-status

Interface : ATM2/0 Interface Type : Private UNI (User-side)

ILMI VCC : (0, 16) ILMI Keepalive : Disabled

ILMI State: UpAndNormal

Peer IP Addr: 172.41.102.25 Peer IF Name: ATM1/0/0

Peer MaxVPIbits: 8 Peer MaxVCIbits: 14

Verify your entries on R14:

Show atm arp-server

IP Address TTL ATM Address

ATM2/0:

* 150.4.100.13 17:37 4700918100000012345678901213131313131300

* 150.4.100.14 17:21 4700918100000012345678901214141414141400

Part 2: IP IGP Protocols (26 points) 2.1 OSPF Configuration (10 points)

2.1.1 Configure the OSPF areas as shown in the diagram

Enable OSPF by specifying the entire mask in your network statement

On R5, R6, R8 and R14, assign the loopback interface Lo0 to the OSPF area of your choice

A: Don’t forget the virtual-links Area 50 is not adjacent to area 0

2.1.2 Configure area 0 to use the highest level of authentication possible Use the password cisco

A: To enable md5 authentication, you must enter the following configs on R6 and R8:

Interface s0/1

ip ospf message-digest-key 1 md5 cisco

router ospf 1

area 0 authentication message-digest

Since area 0 is using authentication, you must add the following command on R5:

Router ospf 1

area 0 authentication message-digest

2.1.3 Do not advertise the loopback interfaces as host routes (/32 mask)

A: You need to add the following command:

Interface loopback 0

Ip ospf network point-to-point

2.2 RIP Configuration (4 points)

2.2.1 Configure RIP between R5 and R1 Add the loopbacks and the ethernet networks on R1 to the RIP process

A: On R5, RIP must run only on S0/0 Use passive interface

2.2.2 Make sure that R1 can only send and receive RIP v1 updates on its Ethernet interface

A: Add:

interface Ethernet0/0

ip rip send version 1

ip rip receive version 1

2.2.3 Don't summarize the routes on R1 and R5

A: You must use RIPv2 between R1 and R5

2.2.4 Configure RIP authentication between R1 and R5 Use the highest level of authentication possible

A To enable MD5 authentication for RIP v2, you must add the following config to R1 and to R5 :

key chain rip

key 1

key-string cisco

int s0/0 (int s0/1on R5)

ip rip authentication mode md5

ip rip authentication key-chain rip

2.3 EIGRP configuration (4 points)

2.3.1 Configure EIGRP as shown in the diagram Include R13 loopback interface into the EIGRP process

2.4 Redistribution configuration (8 points)

2.4.1 Mutually redistribute RIP and OSPF on R5

Redistribute only the odd numbered loopback networks learned from R1 To do so, you are allowed only one

statement in your access-list

A: To filter the odd numbered loopback networks, the following configuration will work:

route-map r2o permit 20

2.4.2 Mutually redistribute EIGRP 100 and OSPF on R6 and R14

A: Beware: you may easily create routing loops When redistributing from Eigrp to Ospf, make sure you filter the networks learned from RIP or you will create routing loops

2.4.3 R8 must prefer the routes learned via Eigrp over Ospf

A: Beware: again, you may easily create routing loops The solution is to increase the AD (Administrative distance) of OSPF on R8 to a value higher than the AD for EIGRP external-routes (170)

We encourage you to check the routing tables before changing the AD A show ip eigrp topology on R8 might be instructive as well If you keep the AD by default, you will see a lot of inaccessible routes (FD is inaccessible) since the OSPF administrative distance is lower than the EIGRP administrative distance for external routes As an exercise, you might want to try lowering the EIGRP administrative distance (distance eigrp 90 100) instead of increasing OSPF

AD and see what happens

On R8:

Router ospf 1

Distance 175

Part 3: Dial (10 points)

3.1 The ISDN link must come up only when the Frame-Relay link is down

Use the Frame-Relay feature that checks if the remote end of the VC is up or down via keepalive requests

A: You are asked to use the frame-relay end-to-end keepalive feature This feature is a great addition to the backup interface command

The relevant configuration for R6 is:

interface Serial0/0.1 point-to-point

frame-relay class freek

map-class frame-relay freek

frame-relay end-to-end keepalive mode reply

On R5:

interface Serial0/0.1 point-to-point

frame-relay class freek

map-class frame-relay freek

frame-relay end-to-end keepalive mode request

3.2 Only R5 must initiate the call When the frame-relay goes down, the ISDN link must be brought up in less than 5 seconds

A: To avoid R6 to initiate the call, R6’s dialer map can be entered without configuring R5’s number:

dialer map ip 150.4.56.5 name R5 broadcast

Since R6 can’t initiate the call, the backup interface command must reside on R5

On R5:

interface Serial0/0.1 point-to-point

backup delay 1 30

backup interface BRI1/0

3.3 You can't use dialer-watch, dial-on-demand or ospf demand-circuit

A: We just want to make sure that you will be configuring dial backup via the backup interface command

3.4 Shutdown S0/0.1 on R6 and make sure that R1 can still reach every network when using the ISDN link

Part 4: BGP (23 points)

4.1 IBGP Configuration (3 points)

4.1.1 Configure R6, R8 and R14 in AS65005 R6 and R14 should have only one neighbor within AS 65005

A: configure R8 as a route reflector

4.1.2 Don't turn off synchronization in AS65005

4.1.3 Every BGP router must use its loopback address when peering

4.2 EBGP Configuration (8 points)

4.2.1 Configure router R1 in AS65001 to peer with router R5 in AS2

4.2.2 Configure router R6 in AS3 to peer with router R5 in AS2

A: R6 in AS3 implies you must configure BGP confederation

4.2.3 Configure router R14 in AS3 to peer with router R13 in AS4 and with Cat35-2 in AS5

4.2.4 Every BGP router must use its loopback address when peering except between AS5 and AS3

4.3 Redistribution/Filtering (12 points)

4.3.1 Create a loopback interface Lo10 on R1 with IP subnet 172.16.1.0/24 and inject it into BGP

Make sure that every router within AS3 know about this subnet

A: Turn off auto-summarization on R1

Router bgp 1

Network 172.16.1.0 mask 255.255.255.0

No auto

You need to redistribute the network into an IGP on R6 Don’t redistribute it into OSPF or the network won’t show up

on R14 This is due to the route reflection

Router eigrp 100

Redistribute bgp 65005

4.3.2 Don't advertise the network 172.16.1.0/24 to AS4 or AS5 You can only make the change on R6

A: If you set the community local-AS to the network, it won’t be advertised outside AS3

set community local-AS

route-map setcomm permit 20

On R8:

Router bgp 65005

neighbor 150.4.14.14 send-community

Check your entries with:

R14#sh ip bgp 172.16.1.0

BGP routing table entry for 172.16.1.0/24, version 2

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised outside local AS)

Not advertised to any peer

2 1

150.4.5.5 (metric 1611) from 150.4.8.8 (150.4.6.6)

Origin IGP, localpref 100, valid, internal, synchronized, best

Community: local-AS

Originator: 150.4.6.6, Cluster list: 150.4.8.8

4.3.3 Configure R1 to advertise all the networks 192.168.x.0/24 and summarize them as a single network Use the shortest prefix possible You must redistribute the networks into BGP without using the network command

A: The relevant configuration for R1 is:

4.3.4 AS3 must see the networks learned from R1 without AS path containing AS65001

The change must be done on R5 Don’t use a route-map

A: AS65001 is a private AS and you can easily remove it from the AS path via the following command on R5:

Neighbor 150.4.6.6 remove-private-as

4.3.5 Create a loopback interface on R6 with IP subnet 210.210.210.0/24 and inject it into BGP

Make sure that this subnet shows up in every router within AS3, AS4 and AS5 only

Don’t advertise this subnet via BGP nor IGP to R1 and R5

A: You need to make some change on R5 to reflect the change of R6’s router-ID

route-map filterout permit 20

To deny 210.210.210.0/24 from being advertised via EIGRP, you need also to update the access-list 2 on R6 and R14 with:

access-list 2 permit 210.210.210.0 0.0.0.255

4.3.6 Advertise a default route via BGP to Cat35-2

A: Add the following configuration on R14:

Router bgp 65005

neighbor 150.4.114.51 default-originate

5.1.2 Configure R5 to peer with R6 in case the DLSW connection between R5 and R8 fails Use DLSW Lite

encapsulation between R5 and R6

Make sure that the link between R5 and R6 doesn't stay up when the link between R5 and R8 is restored

A: You need to configure a backup peer Add the option linger 0 to make sure that the backup link doesn’t stay up when the primary link comes back Actually this option is essential or you may end up having frames from the same MAC address coming from two different paths

On R5:

dlsw remote-peer 0 frame-relay interface Serial0/0.1 506 backup-peer 150.4.8.8 linger 0

5.1.3 Only R5 must establish the DLSW connections Don’t use the option promiscuous on R6 and R8

A: The option passive will prevent the router from actively establish the DLSW connections to the remote peers

On R6:

dlsw local-peer peer-id 150.4.6.6 passive

On R8:

dlsw local-peer peer-id 150.4.8.8 passive

5.1.4 Eliminate unnecessary traffic by disabling spanning-tree negotiation protocol

Part 6: Voice (8 points)

6.1.1 Configure Phone A on R13 with the number 1301

6.1.4 You must be able to dial any number from Phone C and ring Phone B You must still connect to the right

extension Num-exp is not allowed

session target ipv4:150.4.13.13

On R13, you need to modify the pots dial-peer configuration if you want Phone B to ring when dialing any number from Phone C:

dial-peer voice 2 pots

6.1.6 Picking up Phone B must ring automatically Phone A

A: R13

voice-port 3/0/1

connection plar 1301

6.1.7 The voice quality is of the highest importance and you have plenty of network bandwidth:

- choose a codec with the highest quality

- enable the transmission of silence packets

A: You should use g711ulaw or codec g711alaw

Use the command No vad to transmit silence packets

dial-peer voice x voip

Part 7: Other IOS Features (9 points)

7.1.1 You want to prevent DOS (Denial of Service) attacks coming from the network attached to e0/0 on R1

a) - Enable the feature that will discard IP packets that lack a verifiable IP source address

b) - Protect the TCP servers on the network 150.4.0.0/16 from TCP SYN-flooding attacks

A: a) Enable Unicast Reverse Path Forwarding on R1:

access-list 101 permit tcp any 150.4.0.0 0.0.255.255

7.1.2 Configure an access-list on R1 with the following requirement:

- permit smtp traffic to the mail server 150.4.50.3

- permit http traffic to the web server 150.4.50.3

- permit ftp traffic to the ftp server 150.4.50.2

- permit http traffic if the connection was established from any host belonging to the network 150.4.114.0

- permit RIPv1

- log the denied packets

The access-list must be applied to R1’s e0/0

A: On R1:

Interface e0/0

Ip access-group 102 in

Access-list 102 permit tcp any host 150.4.50.3 eq smtp

Access-list 102 permit tcp any host 150.4.50.3 eq www

Access-list 102 permit tcp any host 150.4.50.2 eq ftp

Access-list 102 permit tcp any host 150.4.50.2 eq ftp-data

Access-list 102 permit tcp any eq www 150.4.114.0 0.0.0.255 established

Access-list 102 permit udp any host 255.255.255.255

Access-list 102 deny ip any any log

7.1.3 Telnet access to the Catalyst Cat35-2 must be only permitted from R5 R5 must use the address of its loopback address as the source address for Telnet

A: On Cat35-2, use access-class:

Access-list 1 permit 150.4.5.5

Line vty 0 4

Access-class 1 in

On R5, use the global command ip telnet source-interface

ip telnet source-interface lo0

To successfully Telnet, you need a password as well:

Line vty 0 4

Access-class 1 in

Login

Password cisco

7.1.4 Configure R5 to serve as a DHCP Server for the clients attached to R5’s E0/0 You must exclude the following addresses from the pool: 150.4.50.101 – 150.4.50.254

Configure the following configuration:

You need to configure manual bindings for two hosts:

- The host serving as a Mail and web server has the following mac-address 00-50-BA-DD-BA-00

You must allocate the IP address 150.4.50.3

- The host serving as a FTP server has the following mac-address 00-50-BA -DD-BA -01

You must allocate the IP address 150.4.50.2

The two hosts run Microsoft Windows

TIP: you must concatenate the hardware type (01 for Ethernet) with the Mac-address of the client

A: The relevant configuration is:

Check your work You should be able to reach every network from every router

Answer: Did you add a default route on Cat35-1?

You don’t need a default route or a default gateway on the Cat35-1

to make its management interface reachable fom any router

Why? On R14, proxy-arp is enabled by default

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

ip verify unicast reverse-path

ip rip send version 1

ip rip receive version 1

half-duplex

!

interface Serial0/0

ip address 150.4.15.1 255.255.255.0

ip rip authentication mode md5

ip rip authentication key-chain rip

neighbor 150.4.5.5 remote-as 2

access-list 101 permit tcp any 150.4.0.0 0.0.255.255

access-list 102 permit tcp any host 150.4.50.3 eq smtp

access-list 102 permit tcp any host 150.4.50.3 eq www

access-list 102 permit tcp any host 150.4.50.2 eq ftp

access-list 102 permit tcp any host 150.4.50.2 eq ftp-data

access-list 102 permit tcp any eq www 150.4.114.0 0.0.0.255 established

access-list 102 permit udp any host 255.255.255.255

access-list 102 deny ip any any log

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

C 172.16.1.0 is directly connected, Loopback1

C 192.168.4.0/24 is directly connected, Loopback4

C 192.168.5.0/24 is directly connected, Loopback5

C 192.168.6.0/24 is directly connected, Loopback6

C 192.168.7.0/24 is directly connected, Loopback7

C 192.168.1.0/24 is directly connected, Ethernet0/0

C 192.168.2.0/24 is directly connected, Loopback2

150.4.0.0/16 is variably subnetted, 16 subnets, 3 masks

BGP table version is 18, local router ID is 192.168.7.1

Status codes: s suppressed, d damped, h history, * valid, > best, i

-

internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

dlsw remote-peer 0 tcp 150.4.8.8 lsap-output-list 200dlsw remote-peer 0 frame-relay interface Serial0/0.1 506 lsap-output-list 200 backup-peer 150.4.8.8 linger 0

ip rip authentication mode md5

ip rip authentication key-chain rip

map-class frame-relay freek

frame-relay end-to-end keepalive mode request

no frame-relay adaptive-shaping

access-list 1 permit 192.168.0.0 0.0.254.255access-list 2 permit 192.168.0.0 0.0.7.255access-list 200 permit 0xF0F0 0x0101

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets

B 172.16.1.0 [20/0] via 150.4.1.1, 03:12:44

R 192.168.4.0/24 [120/1] via 150.4.15.1, 00:00:10, Serial0/1

R 192.168.5.0/24 [120/1] via 150.4.15.1, 00:00:10, Serial0/1