Sunteți pe pagina 1din 6

CASE STUDY 5 CONTROLLING TRAFFIC FLOW

In this case study, the firewall router allows incoming new connections to one or more communication servers or hosts. Having a designated router act as a firewall is desirable because it clearly identifies the routers purpose as the external gateway and avoids encumbering other routers with this task. In the event that the internal network needs to isolate itself, the firewall router provides the point of isolation so that the rest of the internal network structure is not affected. Connections to the hosts are restricted to incoming file transfer protocol (FTP) requests and email services. The incoming Telnet, or modem connections to the communication server are screened by the communication server running TACACS username authentication. REQUIREMENTS: One CISCO 1841 model Router. One 8 port switch Two PCs for Remote telnet login One Server (TACASC+) for telnet Login Authentication One Email and FTP server Class C, Class B IP Address Basic Telnet and firewall Configuration Commands Communication channels Cisco Packet Tracer 6.0.1.exe PROCEDURES: Lab Objective: Any one try to telnet the router must be authenticated through AAA server First and in case AAA server is down, router will use his local user accounts database. 1. Draw one CISCO router using router icon list. 2. Draw two end hosts using end device icon list. 3. Draw two switches using switch icon list. 4. Draw E-MAIL, FTP, TACACS servers using end device icon list. 5. Make the cable LAN connectivity using connections cables list. 6. Make the basic configuration on your router R1. 7. Assign the IP address to each pc and servers. 8. Verify your PCs and Server IP address using ipconfig command. 9. Check the network connectivity using ping command utility. 10. Configure E-MAIL and FTP servers. 11. Verify E-MAIL and FTP servers operations. 12. Configure TACACS server for controlling Router network traffic flow. 13. Verify your TACACS server using telnet login.

http://menetworkengineering.blogspot.in/

NETWORK TOPOLOGY: TELNET ACCESS WITH OUT TACACS SERVER:

TELNET ACCESS WITH TACACS SERVER:

http://menetworkengineering.blogspot.in/

R1 ROUTER INTIAL CONFIGURATION: Router>enable Router#sh ip interface brief Router#conf terminal Router(config)#hostname R1 R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 192.168.1.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface fastEthernet 0/1 R1(config-if)#ip address 172.16.13.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit ENABLE TELNET CONNECTION: R1(config)#line vty 0 4 R1(config-line)#password telnet R1(config-line)#login R1(config-line)#exit ENABLE ROUTER PRIVILEGE MODE PASSWORD: R1(config)#enable password telnet R1(config)#exit CREATE R1 LOCAL USERNAME AND PASSWORD: R1(config)#username telnet password telnet CREATE TACACS SERVER AUTHENTICATION: R1(config)#aaa new-model R1(config)#aaa authentication login default group tacacs+ local R1(config)#tacacs-server host 192.168.1.3 key 1234 R1(config)# DENY FTP CONNECTION: R1(config)#access-list 100 deny tcp any host 172.16.13.2 eq ftp R1(config)#interface fastEthernet 0/1 R1(config-if)#ip access-group 100 in R1(config-if)#exit DENY SMTP CONNECTION: R1(config)#access-list 100 deny tcp any host 172.16.13.2 eq smtp R1(config)#interface fastEthernet 0/1 R1(config-if)#ip access-group 100 in R1(config-if)#exit R1(config)#exit

http://menetworkengineering.blogspot.in/

VIEW ACCESS LISTS: R1#sh ip access-lists VIEW R1 ROUTER RUNNING CONFIGURATION: R1#sh running-config CREATE R1 ROUTER STARTUP CONFIGURATION: R1#copy running-config startup-config R1#exit TACACS SERVER IP ADDRESS:

PC-1 IP ADDRESS:

PC-2 IP ADDRESS:

http://menetworkengineering.blogspot.in/

TACACS SERVER AUTHENTICATION:

TELNET LOGIN METHODS: METHOD 1: TELNET ACCESS WITH TACACS SERVER: Using AAA server through Tacacs+ protocol

tacacs server telnet login: tacacs tacacs server telnet password: tacacs
5 http://menetworkengineering.blogspot.in/

METHOD 2: TELNET ACCESS WITH OUT TACACS SERVER: Using local router user account, Remove Tacacs cable connection

telnet local username: telnet telnet local password: telnet

RESULT: Thus the experiment was configured successfully .

http://menetworkengineering.blogspot.in/