Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • CCNP2 (ISCW) - Case Study 1

    Încărcat de

    arbabnazar786
    610 vizualizări4 pagini

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    610 vizualizări4 pagini

    CCNP2 (ISCW) - Case Study 1

    Încărcat de

    arbabnazar786

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 4

    Case Study 1: CLI IPsec and Frame-Mode MPLS

    • Configure all interfaces using the addressing scheme


    shown in the topology diagram.

    R1(config)#int s0/0/0
    R1(config-if)# ip add 172.16.12.1 255.255.255.0
    R1(config-if)# clock rate 64000
    R1(config-if)#no sh

    R1(config)#int Lo 0
    R1(config-if)# ip add 172.16.1.1 255.255.255.0

    R2(config)#int s0/1/0
    R2(config-if)#ip add 172.16.12.2 255.255.255.0
    R2(config-if)#no sh

    R2(config)#int s0/1/1
    R2(config-if)#ip add 172.16.23.2 255.255.255.0
    R2(config-if)#clock rate 64000
    R2(config-if)#no sh

    R2(config)#int Lo 0
    R2(config-if)# ip add172.16.2.1 255.255.255.0

    R3(config)#int s0/1/0
    R3(config-if)# ip add172.16.23.3 255.255.255.0
    R3(config-if)#no sh

    R3(config)#int s0/1/1
    R3(config-if)#ip add172.16.34.3 255.255.255.0
    R3(config-if)#clock rate 64000
    R3(config-if)#no sh

    R3(config)#int Lo 0
    R3(config-if)# ip add172.16.3.1 255.255.255.0

    Arbab Nazar
    Network Engineer
    B.Sc. CE, M.Sc. Computer Networks
    R4(config)#int s0/1/0
    R4(config-if)#ip add172.16.34.4 255.255.255.0
    R4(config)#no sh

    R4(config)#int Lo 0
    R4(config-if)#ip add172.16.4.1 255.255.255.0

    • Run Enhanced Interior Gateway Routing Protocol (EIGRP) AS 1


    in the entire International Travel Agency core network. All
    subnets should be included.

    R1(config)#router eigrp 1
    R1(config-router)#network 172.16.0.0
    R1(config-router)#no auto-summary

    R2(config)#router eigrp 1
    R2(config-router)#network 172.16.0.0
    R2(config-router)#no auto-summary

    R3(config)#router eigrp 1
    R3(config-router)#network 172.16.0.0
    R3(config-router)#no auto-summary

    R4(config)#router eigrp 1
    R4(config-router)#network 172.16.0.0
    R4(config-router)#no auto-summary

    • Create an IPsec tunnel between R1 and R3 with an appropriate


    transform set and Internet Security Association and Key
    Management Protocol (ISAKMP) policy.

    R1(config)#crypto isakmp policy 10


    R1(config-isakmp)# encr aes 192
    R1(config-isakmp)# authentication pre-share
    R1(config-isakmp)#hash sha
    R1(config-isakmp)# group 5

    R1(config)#crypto ipsec transform-set CASESTUDY1 esp-aes 192 esp-sha-hmac

    R3(config)#crypto isakmp policy 10


    R3(config-isakmp)# encr aes 192
    R3(config-isakmp)# authentication pre-share
    R3(config-isakmp)#hash sha
    R3(config-isakmp)# group 5

    R3(config)#crypto ipsec transform-set CASESTUDY1 esp-aes 192 esp-sha-hmac

    Arbab Nazar
    Network Engineer
    B.Sc. CE, M.Sc. Computer Networks
    • This IPsec tunnel should only encrypt traffic between R1’s
    loopback network and R4’s loopback network.

    R1(config)#ip access-list extended INTRESTING_Traffic


    R1(config-ext-nacl)# permit ip 172.16.1.0 0.0.0.255 172.16.4.0 0.0.0.255
    R1(config-ext-nacl)#exit

    R3(config)#ip access-list extended INTRESTING_Traffic


    R3(config-ext-nacl)# permit ip 172.16.4.0 0.0.0.255 172.16.1.0 0.0.0.255
    R3(config-ext-nacl)#exit

    • Use pre-shared keys for authentication in the ISAKMP policy.

    R1(config)#crypto isakmp key 0 casestudy1 address172.16.23.3

    R3(config)#crypto isakmp key 0 casestudy1 address172.16.12.1

    • Do not create any new interfaces to achieve this task.


    • Use any encryption algorithms desired for the tasks listed
    above that use the crypto suite of protocols.

    R1(config)#crypto map TUNNEL_MAP 10 ipsec-isakmp


    R1(config-crypto-map)# set peer 172.16.23.3
    R1(config-crypto-map)# set transform-set CASESTUDY1
    R1(config-crypto-map)# match address INTRESTING_Traffic
    R1(config-crypto-map)#exit

    R1(config)#int s0/0/0
    R1(config)#crypto map TUNNEL_MAP

    R3(config)#crypto map TUNNEL_MAP 10 ipsec-isakmp


    R3(config-crypto-map)# set peer 172.16.12.1
    R3(config-crypto-map)# set transform-set CASESTUDY1
    R3(config-crypto-map)# match address INTRESTING_Traffic
    R3(config-crypto-map)#exit

    R3(config)#int s0/0/1
    R3(config-if)#crypto map TUNNEL_MAP

    • Configure MPLS on both ends of the link between R3 and R4.

    R3(config)#int s0/1/1
    R3(config-if)#mpls ip

    R4(config)#int s0/1/0
    R4(config-if)#mpls ip

    Arbab Nazar
    Network Engineer
    B.Sc. CE, M.Sc. Computer Networks
    • Configure R1 to send system logging messages at the error
    severity level to an imaginary host located at 172.16.2.200.

    R1(config)#logging on
    R1(config)#logging 172.16.2.200
    R1(config)#logging trap errors

    • Set up the correct time on R4 using the clock set command.


    Use the inline IOS help system if you do not know the syntax of
    this command.

    R4#clock set 03:15:00 SEPT 26 2009

    • Configure R4 as a Network Time Protocol (NTP) master with


    stratum 5.

    R4(config)#ntp master 5

    • Configure R3 as an NTP client of R4.

    R3(config)#ntp server 172.16.34.4

    Arbab Nazar
    Network Engineer
    B.Sc. CE, M.Sc. Computer Networks

    S-ar putea să vă placă și