Documente Academic
Documente Profesional
Documente Cultură
Name 5 TCP/IP application protocols with their predefined port numbers. Name 3 TCP/IP transport protocols. Describe the differences and their applications. Discuss TCP and UDP differences. (minimum 3) Explain 3-way TCP connection establishment steps. Which flags are used in this process? Explain 4-way TCP connection termination steps. Which flags are used in this process? What is a window size? In which protocol do we have it? How error recovery is done in TCP? How source port numbers are chosen? Name and explain 4 most important fields in the IP header. How long is IP address (bits)? How network bits and host bits are defined? What is an IP network? How could you tell if 2 IP addresses are in the same or different IP networks? Name a few data-link layer protocols. What type of address do they use? What is MAC address? What parts does it have? What is a broadcast domain? How can we divide broadcast domains? What are unicast multicast and broadcast frame? what's Ethernet broadcast address? Discuss error detection with Ethernet protocol. Does it recover the error? What is ARP? When would we use it? How does it work? Which IP address do you ARP when: a. The destination IP is part of your IP network b. The destination IP is in another IP network
Ethernet PHY
Designed by:Nima Javidi
Ethernet PHY
Designed by:Nima Javidi
http://www.highteck.net/EN/Physical/OSI_Physical_Layer.html
IP Address
Designed by:Nima Javidi
Subnetting
Designed by:Nima Javidi
Subnetting
Designed by:Nima Javidi
Subnetting
Designed by:Nima Javidi
Broadcast domain
Designed by:Nima Javidi
Client IP configuration
Designed by:Nima Javidi
ICMP PDU
IP
TCP
HTTP
Ethernet tailer
IP
ICMP
Ethernet tailer
S-Port: ? D-Port: ?
ICMP type: ?
S-IP: ? D-IP: ?
Ethernet Header ARP Request or reply Ethernet tailer
Message: ?
Ethernet Header
IP
TCP/UDP
DNS
Ethernet tailer
ARP PDU
1.
2.
3. 4. 5. 6. 7.
For each IP network write: i. A network address ii. A broadcast address For each client write: i. An IP address ii. Subnet mask iii. Default gateway(if needed) Write R1 routing table Write S1 MAC-Address table How many IP networks should we have? How many broadcast domains do we have? Write down the encapsulation process when we ping C2 from C1 (Topology A, Topology B)
Topology A
R1 F0/0 F0/1 F0/1
Topology B
S1
F0/2
C1
C2
C1
C2
R1 - Routing table Type C (connected directly connected to the router) Network Address Subnet mask Interface
S1 - MAC-Address table MAC-Address Port (interface number) C1 - ARP Cache ("arp -a" from command prompt) IP MAC
F0/3 C3: IP: 172.17.45.202 MAC: C3-MAC S1 F0/1 F0/0: 172.17.45.200 /25 MAC: R1-MAC R1
F0/2
Network
A
B C D
40
60 21 7
To answer the questions consider all of the topology. To configure just configure the part in the box. How many broadcast domains do we have? How many IP networks do we require? Subnetting: S2 F0/3 Subnet 172.17.1.0 /24 and create subnets based on the given table and for Each IP network write: Network address F0/1 Broadcast address Subnet mask in (binary and decimal) R2 Number of usable addresses S0/1 (Serial interface is Fist usable address (The router address in usually used for Wide Area this example) Network connections) Last usable address S0/0 (serial interface)
F0/4
C4
Broadcast domain: A
(All the devices in this area are in the same broadcast domain and should be part of the same IP network)
F0/0
R1 F0/1
IP network: A
C1
C2
Network
A
B C D
30
60 21 7
How many broadcast domains do we have? How many IP networks do we require? Subnetting: Subnet 172.17.1.0 /24 and create subnets based on the given table and for Each IP network write: Network address Broadcast address Subnet mask in (decimal) Number of usable addresses Fist usable address (The router address in this example) Last usable address
F0/0
R1 F0/1
Broadcast domain: A
(All the devices in this area are in the same broadcast domain and should be part of the same IP network)
Network: A
C2 C1
Network
A
B C D
30
60 21 7
How many broadcast domains do we have? How many IP networks do we require? Subnetting: Subnet 172.17.1.0 /24 and create subnets based on the given table and for Each IP network write: Network address Broadcast address Subnet mask in (decimal) Number of usable addresses Fist usable address (The router address in this example) Last usable address
R1 F0/0
F0/1
Broadcast domain: A
(All the devices in this area are in the same broadcast domain and should be part of the same IP network)
F0/2 S1 F0/1
Network: A
C1
C2
Flash memory: to store the router/switch operating system DRAM: is memory being used for run the operating system and running-config Running config: the the current configuration of the router (Will be removed when switched off) Stratup-config: Is the saved config which will be used when the router is booting up
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: No Write no and press enter. To get router prompt You are now connected to Router and are in user mode prompt. The prompt is broken down into two parts, the hostname and the mode. Router is the Router0's hostname and > means you are in user mode. Press RETURN to get started Router> User mode is indicated with the '>' next to the router name. in this mode you can look at settings but can not make changes. In Privilege mode(indicated by the '#', you can do anything). To get into privilege mode the keyword is enable. Next type the command enable to get to the privileged mode prompt. Router > enable Router# To get back to the user mode, simply type disable. From the user mode type logout or exit to leave the router. Router#disable Router> Router>exit Router con0 is now available Press RETURN to get started press enter to get back router prompt Router> You are now in User mode. Type ?to view all the available commands at this prompt. Router>? From privilege mode you can enter in configuration mode by typing configure terminal you can exit configuration mode type exit or <CTL>+z Router>enable Router#config terminal Router(config)#exit Router#
R1#configure terminal R1(config)# interface f0/0 R1(config-if)# ip address 10.1.1.1 255.255.255.0 R1(config-if)# no shutdown
Banner (A message that users get when they login to the device(set it in global configuration mode)):
Switch configuration is similar to router configuration but the IP address configuration follows:
The switch is a layer 2 device and has an IP address just for management reasons. It also needs to have a default gateway. So that it could send the traffic to users (in other networks) which are communicating the switch itself. LAYER 2 ETHERNET SWITCH DOES NOT HAVE A ROUTING TABLE AND REQUIRES A DEFAULT GATEWAY
Verify (in privileged mode) Routing table: Running config (current): Startup config (saved) Interface name/number
S1#configure terminal S1(config)# interface VLAN 1 S1(config-if)# ip address 10.1.1.2 255.255.255.0 S1(config-if)# IP route no shutdown S1(config-if)# exit S1(config)# IP default-gateway 10.1.1.1
Connect cables Router configuration o Hostname o Set password o Enable telnet + password o Banner o Interface IP Address configuration Enable the interface Leave a description o Save config Switch configuration o Set password o Enable telnet + password o Banner o IP config (int vlan 1) o Set a default gateway o Save config
Clients o IP Address o Subnet mask o Default gateway
Verification & testing o Ping your gateway o Verify routing table route o Verify IP addresses o Verify running config o Ping other computers within the same subnet and capture using wireshark)(write answers in page 2) o Ping computers in different subnets and capture using wireshark)(write answers in page 2) o Telnet to the router o Telnet to the switch
ping show ip
What information do we have in a routing table? What steps does routing a packet include (at layer 2 and 3)? What is the connection between the necessity of ARP and the layer 2 protocol type being P2P (PPP, HDLC) or Multi access (Ethernet, Frame-relay)? What is ARP protocol and how it is used? What information do we have in ARP request and reply? Show information in the encapsulated PDU (headers and payload) (ARP req and reply) o Would we use ARP when the layer 2 protocol is PPP? Why? What is different in the encapsulation process of the following: o Two clients being in the same IP network o Two clients being in different IP networks Explain the connection between broadcast domain at layer 2 and IP network at layer 3
Routing table
Designed by:Nima Javidi
Draw a diagram including: Router name, interface name and number and interface IP addresses Come up with 5 separate IP networks according to the given subnet mask: A, B , C, D and E Choose usable IP addresses for router interfaces and add them to the diagram Write static routes needed on R1, R2 and R3 separately Write R1, R2 and R3 routing table separately
Static route concept, configuration and verification guide Concept o Configured to tell a router how to reach an IP network o It is configured in global configuration mode o If an IP network is directly connected we would not need to configure a static route for it o Next_hop address is the address of a directly connected router (facing us) o Next_hop address must be reachable using one of the connected routes Configuration: o R1(config)# IP route destination_IP_network Subnet_mask Next_hop_address
Must be a network address not an IP address In decimal format The IP Address of the next router towards the final destination
Network C /28
Use Loopback interfaces if Fastethernet is not available
Draw a diagram including: Router name, interface name and number and interface IP addresses Come up with 5 separate IP networks according to the given subnet mask: A, B , C, D and E Choose usable IP addresses for router interfaces and add them to the diagram Write static routes needed on R1, R2 and R3 separately Write R1, R2 and R3 routing table separately
Static route concept, configuration and verification guide Concept o Configured to tell a router how to reach an IP network o It is configured in global configuration mode o If an IP network is directly connected we would not need to configure a static route for it o Next_hop address is the address of a directly connected router (facing us) o Next_hop address must be reachable using one of the connected routes Configuration: o R1(config)# IP route destination_IP_network Subnet_mask Next_hop_address
Must be a network address not an IP address In decimal format The IP Address of the next router towards the final destination
Network C /28
Use Loopback interfaces if Fastethernet is not available
R1
F1/0
F0/0 10.1.1.10
IO BOX
1. 2. 3. 4. 5. 6.
What is a connected route? When would you have a connected route? What is a static route and for which networks you must configure it? *G What is dynamic routing?What protocols can enable dynamic routing? *G What is administrative distance and what is it used for? *G What is the difference between routing update path and actual traffic flow path? *G Routing protocols and subnet mask: a. When do categorize a routing protocol as classful? b. Which routing protocols are always classful? c. Which routing protocols are classful by default but could be (configured to become) classless? d. When would we call a network discontiguous? *G e. What the result would be if using classful routing protocols when we have discontiguous networks? *G f. When using a classful routing protocol for classless networks and having a subnet from the same major network on the receiving interface, what subnet mask will be used for the advertised network? *G 7. Auto Summarization: a. What is auto summarization? b. Which routing protocols do automatic route summarization? c. On which routing protocols auto-summary can be turned/switched off? 1. What is manual route summarization? *G a. How is it done with static route? *G b. How is it done with routing protocols? *G
*G = Give an example (scenario with diagram) with at least two routers and explain the way it functions/works or configured
1. What is an autonomous system (AS)? 2. Which category of routing protocols could be used to manage routing within an AS? Name a few 3. Which category of routing protocols could be used to manage routing between autonomous systems? Name one 4. When would we say routing is converged? 5. What is convergence time? 6. How interior routing protocols (Interior Gateway Protocols (IGPs)) are categorized? 7. What the differences between Distance vector and Link state routing protocols are? List 8. List and explain RIP timers? a. For each and every timer: i. When does each timer start counting? ii. What happens while the timer is counting? iii. What happens is the timer is expired? 9. How does BellmanFord algorithm works? a. What issues could BellmanFord algorithm cause? b. Which additional features added to rectify the BellmanFord algorithm issues? c. Explain the counting to infinity process *G d. What does split horizon mean? e. What is a poison route? When would it be generated? *G 10. What is metric? what information could be used in metric calculation? Give example 11. When metric will be compared? When administrative distance will be compared?*G 12. What is equal cost load balancing? When would it happen? 13. What is unequal cost load balancing is? When would it happen? 14. What is a default route? How is it configured? In which scenarios is it common to have one?*G 15. Should the default route be advertised? How do we advertise it (config)? On which route do we usually advertise it? *G *G = Give an example (scenario with diagram) with at least two routers and explain the way it functions/works or configured
What does EIGRP stand for? What are the main characteristics of EIGRP? What tables does EIGRP create? what are they used for? What packet types does EIGRP have? In EIGRP which packet types are acknowledged? What is the DUAL algorithm? In EIGRP what a successor is? *G In EIGRP what a feasible successor is? In which table can you see it? Would it be in routing table? What Reported distance(RD)/Advertised distance(AD) is? What is feasible distance(FD)? Explain the feasible condition. give two examples when we do have the feasible condition and we don't *G What is unequal cost load balancing? How is it done and configured in EIGRP? *G What is variance in EIGRP? What are K values? What is the default value of different K values? How metric is calculated in EIGRP? What information can be added to the metric calculation process? What are EIGRP timers? What are they for?
*G = Give an example (scenario with diagram) with at least two routers and explain the way it functions/works or configured
For Given IP networks calculate and answer the following questions: 1. A /R: 195.143.8.0 /24 B /S: 195.143.11.0 /24 1. A /R: 51.1.192.0 /23 B /S: 51.1.194.0 /23 C /T: 51.1.198.0 /23 1. A /R: 210.1.128.0 /18 B /S: 210.1.194.0 /23 C /T: 210.1.200.0 /23
Discuss differences between: o Manual route summarization using static routes o Manual route summarization using classless routing protocols What is the summary route and subet mask of given IP networks? What is the range of the calculated summary route? What IP addresses will be routed according to the given subnet mask? Does the summary route include all given subnets? Does the summary route include any additional IP networks that we do not use/have? On which router should we configure the static summary route? Write the summarized static route On which router should we configure the summary route using routing protocols? Write the command to make the routing protocol advertise the manually summarized route
Subnet_mask
of the manually summarized route
outgoing interface
The subnet mask of the
Where we configure the if EIGRP manually summarized route manually summarized route using routing protocols. In this case we make the router advertise the manually summarized route that we calculated
Where summarized static route should be configured "we have no routing updates when using static routes"
F0/0 R1 F0/0 R2
We manually tell the router how to reach a range We manually calculate and configure the summary route with a range including all subnets For IP networks which are not directly connected No routing update is sent using static routes
RIP v1 o Advertise connected networks o Stop updated on interfaces not having a router on o Advertise a default route o Capture updates RIP v2 o Make RIP version 2 o Disable the auto summary o Change timers o Capture updates EIGRP o Configure an AS o Advertise connected networks o Stop updated on interfaces not having a router on o Advertise a default route o Change timers o Capture hello, query, reply and update OSPF o Advertise connected networks o Stop updated on interfaces not having a router on o Advertise a default route o Change timers o Capture hello and LSA o Make a router DR (priority)
#Enable OSPF (Global Configuration mode) router ospf 1 #Advertise directly connected networks (OSPF Configuration mode) network net_add wild_card_mask area 0 #Passive-interface (don't send update - because there is no router there) (OSPF Configuration mode) passive-interface loop 0 #default route (on ASBR - connecting us to ISP) (Global Configuration mode) ip route 0.0.0.0 0.0.0.0 s0/0/0 #Advertise the default route (OSPF Configuration mode) default-information originate #Interface priority (Change the DR - increase the priority to make it DR) (Interface Configuration mode) ip ospf priority 2 #Make the router advertise the accurate subnet mask of a loopback interface (Interface Configuration mode) ip ospf network point-to-point #Hello and dead interval (Interface Configuration mode) ip ospf hello-interval 5 ip ospf dead-interval 15 #Manual route summarization on ABR - (OSPF Configuration mode) area 1 range manually_summarized_route Subnet_mask
Must be configured on ABR
the network address of the manually summarized route (Calculated by you) In decimal format The subnet mask of the manually summarized route
What information do we have in Ethernet header? What information do we have in Ethernet trailer? What type of address does Ethernet use? How long is the address? What parts does it have? What is the difference between a hub and a switch? What is MAC-Address table? What information is included in it? How MAC-Address table is formed? What is port-security on Cisco Catalyst switches? At what level of the campus network should it be enabled? What information should be configured for port-security? What violation modes can be selected for port-security? Name differences between different violation modes? What is sticky MAC address feature? How does it work? Why and when does config must be saved when using sticky MAC address? Switch configuration LAB: write commands to:
Set hostname: Set password: S1- IP address: 10.1.1.1 Enable telnet: S1 Enable SSH(2.4.3.2): F0/1 Assign IP-address: Set default gateway: Disable a port: Enable port security: Set violation mode for port security: Set maximum number of MAC addresses for port security: Copy the config file to TFTP(2.3.8.2): Copy the IOS to TFTP:
Erase configuration Restart the switch Set Hostname Set Password Set IP address Set Default gateway Disable unused ports Enable Port security MAX MAC=1 Violation = shutdown Save config Backup config file & IOS via TFTP
What is a VLAN? Why would we need VLANs in Local Area Networks? How do you relate broadcast domains and IP networks? How do you relate VLANs and IP networks? What is a trunk link? o Name trunk encapsulations and compare o What is a native VLAN? On which devices should it match? o What is DTP?
Create VLANs o Switch(config)#vlan 2 #Name VLAN 2 "sales" o VLAN verification: Switch#show vlan
Assign a port to a VLAN o Switch(config)#interface fastEthernet 0/4 Switch(config)#interface range fastEthernet 0/1 - 10 #Config port 1 upto 10 at the same time Switch(config-if)#switchport mode access #Stop trunk negotiation using DTP on a link Switch(config-if)#switchport access vlan 2 #Put the interface(s) in VLAN 2 o VLAN verification: Switch#show vlan #Verify VLAN numbers + Names + ports in that VLAN Trunk Configuration: o Switch(config-if)#switchport trunk encapsulation dot1q #Set the trunk encapsulation to 802.1Q It also could be ISL on some Cisco Switches o Switch(config-if)#switchport trunk allowed vlan 1,2 #Only frames part of VLAN 1 & 2 will be allowed on this linkSwitch(config-if)#switchport trunk native vlan 2 #Frames from/for VLAN 2 will be sent untagged (Native VLAN must be the same on both ends) o Trunk verification: Switch#show interfaces gigabitEthernet 0/1 switchport #Verifies: Trunk encapsulation + native VLAN + allowed VLAN Assign IP address to a switch in vlan 10: #You can not have more than 1 functional interface VLAN on layer 2 switches o Switch(config)#int vlan 10 #Interface VLAN on the switch: Just one and only for management (example:telnet) #On Multi-layer switches you can have multiple interface VLANs for inter-VLAN routing Switch(config-if)#IP address 10.1.1.5 255.255.255.0 Switch(config-if)#exit Switch(config)#IP default-gateway 10.1.1.1 #Set default gateway IP address o Remove interface VLAN:
Clear startup config Clear VLAN database Trunk o Allowed VLAN = 10, 20, 100 o Native VLAN = 10 o Trunk encapsulation = 802.1Q VTP o o o o
R1
F0/0 Trunk Link F0/1
VTP mode VTP password: cisco VTP pruning VTP domain: CCNA3.com
Create VLANs -IP in VLAN 100: 10.1.100.2 /24 o VLAN 10 = Sales 10.1.10.0/24 Client 1 o VLAN 20 = IT 10.1.20.0/24 Client 2 o VLAN 100 = Access_Switches 10.1.100.0/24 Inter VLAN routing o Set encapsulation and IP address on Router sub-interfaces Assign IP & default gateway to the switch and clients: o Use the first usable address for default gateway
F0/1 S2 F0/2
Access ports o Make the port access Access port would not negotiate a trunk using DTP o VLAN membership: Put users in their own VLAN o STP portfast o Port security Maximum number of MAC addresses: 1 Sticky MAC feature Sticky feature Violation: shutdown STP: o Set priority S2 is the root for VLAN 10 S1 is the root for all other VLAN
C1: VLAN 10 IP: 10.1.10.10 /24 C2: VLAN 20 IP: 10.1.20.5 /24
VTP Concept
Designed by:Nima Javidi
VTP configutation
Designed by:Nima Javidi
SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#vtp mode transparent #also server or client could be used SW2(config)#vtp version 2 #VTP Version is 2 SW2(config)#vtp domain cisco.com #Domain name = cisco.com SW2(config)#vtp password cisco #VTP password is cisco Setting device to VTP TRANSPARENT mode. SW2(config)#end SW2#show vtp status SW2#show vtp status VTP Version : running VTP2 Configuration Revision :0 Maximum VLANs supported locally : 1005 Number of existing VLANs :8 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x06 0x97 0x82 0xDA 0x39 0x52 0x1E 0xF2 Configuration last modified by 192.168.255.252 at 0-0-00 00:00:00
On each router a username must be created. The username on each router must be hostname of the other router.
All-in-one LAB (PPP, Frame-relay, 802.1Q, VLAN, VTP, STP, RIP v2)
Designed by:Nima Javidi
R2: R2 => R1 sub-interface DLCI 201 IP Address: 192.168.12.2 /24
R2
Frame-relay
R3
R4
DLS1: Root bridge for VLAN 10, 30 IP Address: VLAN 30: 10.1.30.3 /24
F0/0
R1
R3: R3 => R1 sub-interface DLCI 301 IP Address: 192.168.13.2 /24 R3 s0/1/0 (172.16.1.3/24) <==> R4 s0/1/0 (172.16.1.4 /24) PPP Authentication CHAP Compression: predictor R1: R1 => R2 sub-interface DLCI 102 IP Address: 192.168.12.1 /24 R1 => R3 sub-interface DLCI 103 IP Address: 192.168.13.1 /24 Inter VLAN routing VLAN 10: 10.1.10.1 /24 VLAN 20: 10.1.20.1 /24 VLAN 30: 10.1.30.1 /24 DLS2: Root bridge for VLAN 20 IP Address: VLAN 30: 10.1.30.4 /24 ALS: VTP client Uplinks are trunk Unused ports must be disabled F0/1 in VLAN 10 F0/2 in VLAN 20 IP Address VLAN 30 10.1.30.2 /24 F0/1 - 2: Enable STP portfast Enable port-security Maximum number of MACaddresses: 1 Port-security sticky feature Port-security violation: shutdown Client 2: VLAN 20 IP Add: 10.1.20.5
RIP V2 must be enabled on R1, R2, R3, R4 Auto- summary must be turned off
Trunk Links
Native VLAN: 40 Allowed VLAN: 10, 20, 30 Encapsulation: 802.1Q
Enable the following on the LAB on previous page: NAT on R1: o Traffic that must be translated Inside Local: 10.1.10.0 + 10.1.20.0 Protocols allowed: HTTP, ICMP, FTP, SMTP, POP3, TELNET, DNS ACL on R1 s0/0/0 out : o Packets coming from and/or going to private IP addresses must be dropped. DHCP o R1 must be DHCP server for: First 10 IP Addresses must be excluded from all pools First Pool: 10.1.10.0 /24 Gateway: 10.1.10.1 DNS: 61.1.1.2 First Pool: 10.1.20.0 /24 Gateway: 10.1.20.1 DNS: 61.1.1.2 o C1 and C2 must obtain IP address from DHCP Server (R1) DNS Server o Add all router/switch names with their corresponding IP addresses on DNS server
Layer 2 connectivity: o Interfaces must be: up, up (SHOW IP INT BRI) o CDP must be exchanged: if it's exchanged routers are connected at layer2 (SHOW CDP NEIGHBOUR) o PPP L2 protocol must be PPP on both routers Authentication method must be the same on both routers Compression method must be the same on both routers Each router must have a local user with the username being the same as hostname of the other router o Frame-relay: Sub-interfaces must be configured Point-to-point sub interface must be configured with (Frame-relay interface-dlci DLCI) Multipoint sub interface must be configured with (Frame-relay map IP IP DLCI broadcast) IP addresses o Directly connected routers must be in the same network: (SHOW IP INT BRI) o Directly connected routers must ping each other (PING IP) Routing: o Same routing protocol must be configured on routers o Auto-summary must be switched off if classless networks are used o On ALL routers, ALL connected networks should be advertised using NETWORK command o After configuring routing protocol ALL networks (routes) must appear in ALL routing tables. (SHOW IP ROUTE) VTP: o VTP domain name and password must be same on ALL switches o VTP configuration revision must be the same on ALL switches ( SHOW VTP STATUS) Trunk (SHOW INT f0/0 switchport) (SHOW TRUNK) (SHOW RUN INT f0/0) o Trunk encapsulation must be the same on both ends of a trunk link o Native VLAN must be the same on both ends of a trunk link
Inter VLAN routing on routers o Trunk link must be configured on the router with appropriate Native VLAN o Trunk link must be configured on the router using multiple sub-interfaces (One sub-interface per VLAN) o Router must have one IP Address assigned to appropriate sub-interface per VLAN o (SHOW RUN INT F0/0) o ALL VLAN Network addresses must be present in routing table (SHOW IP ROUTE) STP o The desired switch must be the root bridge (SHOW SPANNING-TREE) o Portfast Must be enabled on user ports (SHOW RUN INTERFACE f0/1) NAT o Are NAT inside and outside interfaces configured? (SHOW RUN INT f0/0) o Is INSIDE LOCAL addresses permitted in an access-list? (SHOW ACCESS-LIST) o Is a NAT POOL created for INSIDE GLOBAL addresses? o Is the NAT-ACL binded to the Interface? OR o Is the NAT-ACL binded to the NAT-POOL? ACL: o Generate the traffic which should be blocked Is the traffic blocked? Is the access-list matches increased? (SHOW ACCESS-LIST) o Generate the traffic which should be forwarded Is the traffic forwarded (permitted)?
R1(config)#access-list 101 permit tcp any R1(config)#access-list 101 permit tcp any eq 80 R1(config)#access-list 101 permit tcp any eq 80
Any Host Single_IP_Address: Address Wildcard_mask: 0.0.0.255 Host 10.1.1.5 10.1.1.0
You do not have to specify the port number but you can if you must. Instead of eq you can use any of the following: eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers
If you do not know the router password you can recover the password: 1. Restart the router ==> power off and on 2. Break (Ctrl+C) before IOS loads ==> It would take you to ROM MON 3. Change config register to 0x2142 ==> stops the router from loading the startup-config therefore passwords 4. restart the router by typing "i" in ROM MON 5. This time the startup-config won't be loaded 6. enable and go to privileged mode 7. load the startup-config: copy start run 8. Set the new password 9. change the config-register to 0x2102
Condition (address)
Wildcard mask
Range Calculations
Range
10.1.1.129
0.0.0.255
When a bit is "1" in wildcard mask it means we don't compare that bit and it could be anything
10.1.1.1
0.0.0.2
10.1.1.00000001 0.0.0.00000010
10.1.1.000000x1
10.1.1.1
0.0.0.254
10.1.1.00000001 0.0.0.11111110
10.1.1.xxxxxxx1
DHCP+NAT LAB
Designed by:Nima Javidi
Configure NAT & DHCP for the following network: R1: DHCP Client R2: DHCP Server NAT (PAT) is done on out border router connecting us to Internet through ISP Internal network (192.168.1.0 /24) must be translated to the outside interface IP address (54.1.1.1) Inside int: R1(config-if)#ip nat inside Inside network: Create an ACL Out int: R1(config-if)#ip nat outside Out ip address: ip nat pool NAME START_IP END_IP IP NAT inside source list 1 pool NAME overload
R1: DHCP Client Internal router: considered as a client in this scenario
Border router: connecting you to the ISP DHCP Server: Pool 192.168.1.0/24 Excluded addresses: 192.168.1.1 - 4 Default gateway: 192.168.1.1
R2
ISP