CCNA Lab Ready To Start Studying!

Discussion in 'Routing & Switching' started by craigie, Aug 22, 2009.

  1. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Running Config NLR03

    !
    version 12.4
    service password-encryption
    !
    hostname NLR03
    !
    !
    enable secret 5 $1$mERr$IQQ/l9a/2Q9O1hJKk/cKB0
    !
    !
    !
    !
    username craig password 7 082B494208115342
    !
    ip ssh version 1
    no ip domain-lookup
    ip domain-name netlab.com
    !
    !
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 192.168.2.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface Serial0/0/0
    ip address 192.168.1.2 255.255.255.0
    !
    interface Serial0/1/0
    no ip address
    !
    interface FastEthernet1/0
    no ip address
    !
    interface Vlan1
    no ip address
    shutdown
    !
    router ospf 1
    router-id 3.3.3.3
    log-adjacency-changes
    network 192.168.0.0 0.0.31.255 area 1
    !
    ip classless
    !
    !
    !
    !
    !
    banner motd ^C##### No Unauthorised Access #####^C
    line con 0
    password 7 082B494208115342
    login
    line vty 0 4
    password 7 082B494208115342
    login
    transport input ssh
    line vty 5 15
    password 7 082B494208115342
    login
    transport input ssh
    !
    !
    end

    IP Route NLR03

    Gateway of last resort is not set

    10.0.0.0/24 is subnetted, 5 subnets
    O IA 10.1.1.0 [110/783] via 192.168.1.1, 00:02:21, Serial0/0/0
    O IA 10.1.2.0 [110/782] via 192.168.1.1, 00:02:21, Serial0/0/0
    O IA 10.1.10.0 [110/783] via 192.168.1.1, 00:02:21, Serial0/0/0
    O IA 10.1.20.0 [110/783] via 192.168.1.1, 00:02:21, Serial0/0/0
    O IA 10.1.30.0 [110/783] via 192.168.1.1, 00:02:21, Serial0/0/0
    C 192.168.1.0/24 is directly connected, Serial0/0/0
    C 192.168.2.0/24 is directly connected, FastEthernet0/1
    O 192.168.3.0/24 [110/2] via 192.168.2.2, 00:02:31, FastEthernet0/1
    O 192.168.10.0/24 [110/2] via 192.168.2.2, 00:02:31, FastEthernet0/1
    O 192.168.20.0/24 [110/2] via 192.168.2.2, 00:02:31, FastEthernet0/1
    O 192.168.30.0/24 [110/2] via 192.168.2.2, 00:02:31, FastEthernet0/1

    IP Protocols NLR03

    Routing Protocol is "ospf 1"
    Outgoing update filter list for all interfaces is not set
    Incoming update filter list for all interfaces is not set
    Router ID 3.3.3.3
    Number of areas in this router is 1. 1 normal 0 stub 0 nssa
    Maximum path: 4
    Routing for Networks:
    192.168.0.0 0.0.31.255 area 1
    Routing Information Sources:
    Gateway Distance Last Update
    192.168.2.2 110 00:02:49
    192.168.1.1 110 00:02:49
    Distance: (default is 110)
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  2. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Well I didn't do that much studying yesterday in regards to new material, as I was playing footie last night.

    I did manage to get threw the following:

    - Created the implmentation of OSPF from scratch.
    - Added another router off NLR02 called Internet and configured this with a loopback address 100.0.0.1 and created a default route to this address.
    - Used the command default-information orginate on Internet Router to pass the default route across to OSPF neighbours.

    Oh I did do some work on my first live environment Cisco PIX yesterday, I added an ACL to allow outbound 8080 traffic using the IOS.

    Needless to say, I was bricking it, as I haven't covered ACL's yet, but it worked and the config has been saved :biggrin
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  3. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Good for you m8 ! :biggrin

    You're putting some of us to shame :oops:
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  4. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Not done, much today, apart from listen to some CBT Nuggets on EIGRP on the way to working some overtime.

    Had to try and get an old server to work, whilst the client awaits a new one (should be installed on Tuesday), needless to say it work, but we kept getting constant BSOD.

    Changed em into a workgroup for now, so at least they can do some work tomorrow.

    Will get back on track tomorrow :D
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  5. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Things have been crazy at work, had some major issues that required some Craigie love.

    Anyways, just configured OSPF to use MD5 on all interfaces for that little extra protection.

    Should be moving onto EIGRP soon, so no doubt some more configs for that :D
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  6. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Just implemented EIGRP and have stuck in a DSL Modem to replicate NAT, which I will getting deep inside after ACL's.

    Using EIGRP I configured the following:

    - No Auto-Summary (meaning I turned off classful routing as this replicate RIP)
    - Added in a static route to the Internet and distributed this.
    - On NLR01 and NLR05 as they are connected to various networks, I used wildcard bits in the network statement such as 10.1.0.0 0.0.31.255 to encompass all networks with one statement

    The updated network diagram for EIGRP is now

    [​IMG]
     
    Last edited: Sep 20, 2009
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  7. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    NLR02 Running Configuration

    version 12.4
    service password-encryption
    !
    hostname NLR02
    !
    !
    enable secret 5 $1$mERr$IQQ/l9a/2Q9O1hJKk/cKB0
    !
    !
    !
    !
    username craig password 7 082B494208115342
    !
    ip ssh version 1
    no ip domain-lookup
    ip domain-name netlab.com
    !
    !
    interface FastEthernet0/0
    ip address 10.1.2.2 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    no ip address
    duplex auto
    speed auto
    !
    interface Serial0/0/0
    ip address 192.168.1.1 255.255.255.0
    clock rate 250000
    !
    interface Serial0/1/0
    no ip address
    !
    interface FastEthernet1/0
    ip address 10.1.3.1 255.255.255.0
    !
    interface Vlan1
    no ip address
    shutdown
    !
    router eigrp 1
    network 10.1.2.0 0.0.0.255
    network 10.1.3.0 0.0.0.255
    network 192.168.1.0
    no auto-summary
    !
    ip classless
    !
    !
    !
    !
    !
    line con 0
    password 7 082B494208115342
    login
    line vty 0 4
    password 7 082B494208115342
    login
    transport input ssh
    line vty 5 15
    password 7 082B494208115342
    login
    transport input ssh
    !
    !
    end

    NLR02 Show IP Route

    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
    i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
    * - candidate default, U - per-user static route, o - ODR
    P - periodic downloaded static route

    Gateway of last resort is 10.1.3.2 to network 0.0.0.0

    10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
    D 10.1.0.0/19 [90/30720] via 10.1.2.1, 00:06:57, FastEthernet0/0
    C 10.1.2.0/24 is directly connected, FastEthernet0/0
    C 10.1.3.0/24 is directly connected, FastEthernet1/0
    D 192.168.0.0/19 [90/20517120] via 192.168.1.2, 00:06:57, Serial0/0/0
    C 192.168.1.0/24 is directly connected, Serial0/0/0
    D 192.168.2.0/24 [90/20514560] via 192.168.1.2, 00:06:58, Serial0/0/0
    D*EX 0.0.0.0/0 [170/30720] via 10.1.3.2, 00:06:57, FastEthernet1/0
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  8. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    OK, just done a bit of tinkering to add in a Backup Internet Route.

    I have configured the primary Internet Route as Metric 1 and the Backup Internet Route as Metric 2.

    [​IMG]
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  9. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Had a slight revelation on my Lab, so I have now implemented 5 x HDLC links, which willl come in handy when I get to the more indepth WAN links.

    Also, I have changed the IP addressing to use /30 for the HDLC links to better represent the real world environment.

    [​IMG]
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  10. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Below are a couple of tracert.

    NLPC13 To NLP12

    PC>tracert 192.168.30.12

    Tracing route to 192.168.30.12 over a maximum of 30 hops:

    1 94 ms 78 ms 125 ms 10.1.10.1
    2 156 ms 111 ms 109 ms 10.1.2.2
    3 140 ms 156 ms 140 ms 192.168.1.6
    4 112 ms 62 ms 219 ms 192.168.30.12

    Trace complete.

    NLPC06 To NLR05

    PC>tracert 192.168.1.17

    Tracing route to 192.168.1.17 over a maximum of 30 hops:

    1 19 ms 20 ms 94 ms 10.1.30.1
    2 109 ms 94 ms 109 ms 10.1.2.2
    3 156 ms 127 ms 140 ms 192.168.1.17

    Trace complete.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  11. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Have just implemented so Standard Access Lists, allowing the following:

    - Any Host on 10.1.10.0 can SSH onto a Router in the internetwork 10.1.0.0
    - Any Host on the 192.168.10.0 can SSH onto a Router in the internetwork 192.168.0.0

    All other hosts cannot SSH onto any routers.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  12. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    I's been a chaotic week so far, I haven't managed to get much studying done at all.

    However, I have been changes to several PIX Firewalls in such exotic locations as Australia, Austria & Watford.

    So far this week, I have:

    Changed the Outbound Interface to have a new public IP address and changed the default route on this.

    Blocked all SMTP traffic from internal network outbound except for BES & Mail Server using ACL's

    Starting to feel alot more confident on PIX's now :D
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  13. danielno8

    danielno8 Gigabyte Poster

    1,306
    49
    92
    good stuff. If you can do it on a router you can do it on the PIX (and the ASA for that matter)
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  14. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Hello Craigie.
    Doing all of this on PT is really great. I have used it quite extensively but more then not it would crash on me and damage my whole PT project. Has this ever happened to you? What is the secret if it hasn't?
    Cheers,
    Albert, C
     
    Certifications: CCNA
    WIP: 220-701 - A+
  15. danielno8

    danielno8 Gigabyte Poster

    1,306
    49
    92
    ^ do you use windows 7? it's quite flakey on there for me.
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  16. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    XP PRO SP3 mate.
     
    Certifications: CCNA
    WIP: 220-701 - A+
  17. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    i just save regularly :D
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  18. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    So did I mate until I realised I had no choice but to have my project saved in two different locations as when the error happened the file is just closed and when I tried to open it, it's just empty. So really whenever I clicked save I would save it yet again on the other location as well.
     
    Certifications: CCNA
    WIP: 220-701 - A+
  19. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Just applied same Extended Named Access Lists onto Router NLR06.

    I have named it INTERNET_INBOUND, this has been designed to Port Forward traffic to the Servers NLSR01 & NLSR02 for:

    - SSH onto the router from the Internet
    - SMTP for Email
    - HTTPS for OWA
    - PPTP for VPN

    For outbound traffic I have allowed TCP established which means that if it is a request from an internal host then allow it back into the network.

    At the end of every Access List, there is a specific deny, which means that any traffic that does not meet the criteria specified in the ACL then it is denied.

    Running Configuration NLR06

    Current configuration : 1781 bytes
    !
    version 12.4
    service password-encryption
    !
    hostname NLR06
    !
    !
    enable secret 5 $1$mERr$IQQ/l9a/2Q9O1hJKk/cKB0
    !
    !
    !
    !
    username craig password 7 082B494208115342
    !
    ip ssh version 2
    no ip domain-lookup
    ip domain-name netlab.com
    !
    !
    interface FastEthernet0/0
    description Internet
    ip address 68.11.29.34 255.255.255.248
    ip access-group INTERNET_INBOUND in
    ip access-group INTERNET_OUTBOUND out
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 68.11.29.41 255.255.255.248
    ip access-group INTERNET_INBOUND in
    ip access-group INTERNET_OUTBOUND out
    duplex auto
    speed auto
    !
    interface Serial0/0/0
    no ip address
    shutdown
    !
    interface Serial0/1/0
    no ip address
    shutdown
    !
    interface FastEthernet1/0
    ip address 10.1.3.2 255.255.255.0
    !
    interface Vlan1
    no ip address
    shutdown
    !
    router ospf 1
    router-id 6.6.6.6
    log-adjacency-changes
    area 0 authentication message-digest
    network 10.1.3.0 0.0.0.255 area 0
    default-information originate
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 2
    !
    !
    access-list 1 permit 10.1.10.0 0.0.0.255
    ip access-list extended INTERNET_INBOUND
    permit tcp any host 10.1.10.20 eq smtp
    permit tcp any host 192.168.10.20 eq smtp
    permit tcp any host 10.1.10.20 eq 443
    permit tcp any host 192.168.10.20 eq 443
    permit tcp any host 10.1.10.20 eq 1723
    permit tcp any host 192.168.10.20 eq 1723
    permit tcp any host 68.11.29.34 eq 22
    permit tcp any host 68.11.29.41 eq 22
    ip access-list extended INTERNET_OUTBOUND
    permit tcp any any established
    !
    !
    !
    line con 0
    password 7 082B494208115342
    login
    line vty 0 4
    access-class 1 in
    password 7 082B494208115342
    login
    transport input ssh
    line vty 5 15
    access-class 1 in
    password 7 082B494208115342
    login
    transport input ssh
    !
    !
    end router-id 6.6.6.6
    log-adjacency-changes
    area 0 authentication message-digest
    network 10.1.3.0 0.0.0.255 area 0
    default-information originate
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 2
    !
    !
    access-list 1 permit 10.1.10.0 0.0.0.255
    ip access-list extended INTERNET_INBOUND
    permit tcp any host 10.1.10.20 eq smtp
    permit tcp any host 192.168.10.20 eq smtp
    permit tcp any host 10.1.10.20 eq 443
    permit tcp any host 192.168.10.20 eq 443
    permit tcp any host 10.1.10.20 eq 1723
    permit tcp any host 192.168.10.20 eq 1723
    permit tcp any host 68.11.29.34 eq 22
    permit tcp any host 68.11.29.41 eq 22
    ip access-list extended INTERNET_OUTBOUND
    permit tcp any any established
    !
    !
    !
    line con 0
    password 7 082B494208115342
    login
    line vty 0 4
    access-class 1 in
    password 7 082B494208115342
    login
    transport input ssh
    line vty 5 15
    access-class 1 in
    password 7 082B494208115342
    login
    transport input ssh
    !
    !
    end
     
    Last edited: Oct 1, 2009
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  20. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Just added some more ACL's to allow ICMP as follows:

    ip access-list extended INTERNET_INBOUND
    permit tcp any host 10.1.10.20 eq smtp
    permit tcp any host 192.168.10.20 eq smtp
    permit tcp any host 10.1.10.20 eq 443
    permit tcp any host 192.168.10.20 eq 443
    permit tcp any host 10.1.10.20 eq 1723
    permit tcp any host 192.168.10.20 eq 1723
    permit tcp any host 68.11.29.34 eq 22
    permit tcp any host 68.11.29.41 eq 22
    permit icmp any host 68.11.29.34 echo
    permit icmp any host 68.11.29.34 echo-reply
    permit icmp any host 68.11.29.34 ttl-exceeded
    permit icmp any host 68.11.29.34 unreachable
    permit icmp any host 68.11.29.41 echo
    permit icmp any host 68.11.29.41 echo-reply
    permit icmp any host 68.11.29.41 ttl-exceeded
    permit icmp any host 68.11.29.41 unreachable
    ip access-list extended INTERNET_OUTBOUND
    permit tcp any any established
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.