duminică, 13 decembrie 2015

GNS3 to www !


Hello!
Acest laborator se adreseaza cursantilor CCNA2, care doresc sa-si exerseze abilitatile de configurare intr-un mediu care le poate oferi o experienta cat mai apropiata de viata reala.
Fiind prima mea incercare de acest fel, topologia nu este foarte complexa.
Obiectivele laboratorului sunt configurarea celor doua routere, a switchului si in final conectarea clientilor (masinilor virtuale) la internet.
Enjoy! :)
Laborator conceput de Adrian Roata
Nivel de dificultate : CCNA2, scazut
Elemente necesare:
GNS3
Cisco IOS Software, 3600 Software (C3640-JK9S-M), minim versiunea 12.4(16)
2 Routere cu cate 4 sloturi NM-1FE-TX
1 Router cu 1 slot NM-16ESW (pt. a simula un switch)
Oracle VM VirtualBox (ruland Windows Server 2012, Windows 7)
Topologie:
Obiective laborator:
ESW1
  • setati numele echipamentului “SW_Birouri”
  • protejati cu o parola criptata modul “privileged exec” (folositi parola “accesb”)
  • configurati utilizatorul “adminb” cu privilegii maxime si parola “accesb”
  • configurati routerul pentru a putea fi accesat prin telnet
  • la conectarea remote se va afisa mesajul de avertizare “Accesul neautorizat este interzis!”
  • autentificati-va pe linia de consola folosind baza locala de utilizatori
  • asigurati-va ca sesiunea pe linia de consola ramane deschisa permanent
  • asigurati-va ca mesajele trimise catre consola nu va intrerup cand introduceti comenzi
  • configurati interfata f1/0 ca port de tip trunk
  • configurati interfetele f1/5 si f1/10 ca porturi de tip acces
  • creati VLAN5 si denumiti-l Conta
  • creati VLAN10 si denumiti-l Vanzari
  • includeti interfata f1/5 in VLAN5, respectiv interfata f1/10 in VLAN10
  • configurati ca default-gateway ultima adresa de host din clasa 192.168.10.0/24
  • configurati interfata virtuala vlan10 cu ip-ul 192.168.10.10
R1
  • setati numele echipamentului “R_Corp1”
  • protejati cu o parola criptata modul “privileged exec” (folositi parola “acces1”)
  • configurati utilizatorul “admin1” cu privilegii maxime si parola “acces1”
  • configurati routerul pentru a putea fi accesat prin telnet
  • la conectarea remote se va afisa mesajul de avertizare “Accesul neautorizat este interzis!”
  • autentificati-va pe linia de consola folosind baza locala de utilizatori
  • asigurati-va ca sesiunea pe linia de consola ramane deschisa permanent
  • asigurati-va ca mesajele trimise catre consola nu va intrerup cand introduceti comenzi
  • configurati interfetele si subinterfetele routerului
  • pentru subinterfata ce va folosi drept gateway pentru clientii din VLAN5 se va folosi ultima adresa de host utilizabila din clasa 192.168.5.0/24
  • pentru subinterfata ce va folosi drept gateway pentru clientii din VLAN10 se va folosi ultima adresa de host utilizabila din clasa 192.168.10.0/24
  • configurati single area OSPF folosind process-id 10
  • Configurati router-id-ul 1.1.1.1
  • blocati mesajele OSPF catre utilizatorii din VLAN5 si VLAN10
  • folositi comanda ip helper-address pe interfetele corespunzatoare
R2
  • setati numele echipamentului “R_Corp2”
  • protejati cu o parola criptata modul “privileged exec” (folositi parola “acces2”)
  • configurati utilizatorul “admin2” cu privilegii maxime si parola “acces2”
  • configurati routerul pentru a putea fi accesat prin telnet
  • la conectarea remote se va afisa mesajul de avertizare “Accesul neautorizat este interzis!”
  • autentificati-va pe linia de consola folosind baza locala de utilizatori
  • asigurati-va ca sesiunea pe linia de consola ramane deschisa permanent
  • asigurati-va ca mesajele trimise catre consola nu va intrerup cand introduceti comenzi
  • configurati interfetele si subinterfetele routerului
  • configurati single area OSPF folosind process-id 10
  • Configurati router-id-ul 2.2.2.2
  • blocati mesajele OSPF catre Server
  • configurati o ruta default catre Hwauei HG658
  • propagati ruta default catre “Corp1”
Windows Server 2012
  • porniti serviciul DHCP
  • creati doua POOL-uri denumite VLAN5 pentru utilizatorii din biroul de contabilitate, respectiv VLAN10 pentru utilizatorii din biroul de vanzari
  • pentru VLAN5 folositi clasa 192.168.5.0/24, excluzand adresele de la 192.168.5.1 la 192.168.5.100 si 192.168.5.254
  • pentru VLAN10 folositi clasa 192.168.10.0/24, excluzand adresele de la 192.168.10.1 la 192.168.10.100 si 192.168.10.254
  • pentru serverul DNS folositi adresa echipamentului Hwauei HG658.
NAT
  • configurati un ACL standard 1 care sa permita accesul tuturor utilizatorilor din VLAN5 si VLAN10
  • configurati PAT pe R_Corp2 folosind lista 1
  • configurati interfata interioara si interfata exterioara a routerului
ACL-uri
  • pe “R_Corp2” configurati un ACL extins care sa blocheze accesul utilizatorilor din internet prin telnet catre echipamentele din retea
  • pe “R_Corp2” configurati un ACL extins care sa blocheze mesajele de tip echo-request venite de la utilizatorii din internet
  • permiteti utilizatorilor din retea sa acceseze internetul
  • plasati ACL-ul pe interfata si directia corespunzatoare
Verificare
  • salvati configuratiile si testati conectivitatea
  • daca toate configuratiile au fost facute corect, clientii din VLAN5 si VLAN10 ar trebui sa se poata vedea intre ei si ar trebui sa poata accesa pagini web





Rezolvare:
Configuratie ESW1
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname SW_Birouri
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$lEUn$fsHfjT.IqoQgr86owcfyH1
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
!
!
no ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat
username adminb privilege 15 secret 5 $1$IAlc$f7E5ZnJT0KUXp1914fYkc0
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet1/0
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet1/1
duplex full
speed 100
!
interface FastEthernet1/2
duplex full
speed 100
!
interface FastEthernet1/3
duplex full
speed 100
!
interface FastEthernet1/4
duplex full
speed 100
!
interface FastEthernet1/5
switchport access vlan 5
duplex full
speed 100
!
interface FastEthernet1/6
duplex full
speed 100
!
interface FastEthernet1/7
duplex full
speed 100
!
interface FastEthernet1/8
duplex full
speed 100
!
interface FastEthernet1/9
duplex full
speed 100
!
interface FastEthernet1/10
switchport access vlan 10
duplex full
speed 100
!
interface FastEthernet1/11
duplex full
speed 100
!
interface FastEthernet1/12
duplex full
speed 100
!
interface FastEthernet1/13
duplex full
speed 100
!
interface FastEthernet1/14
duplex full
speed 100
!
interface FastEthernet1/15
duplex full
speed 100
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 192.168.10.10 255.255.255.0
!
ip default-gateway 192.168.10.254
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner exec

***************************************************************
This is a normal Router with a SW module inside (NM-16ESW)
It has been preconfigured with hard coded speed and duplex
To create vlans use the command "vlan database" from exec mode
After creating all desired vlans use "exit" to apply the config
To view existing vlans use the command "show vlan-switch brief"
Warning: You are using an old IOS image for this router.
Please update the IOS to enable the "macro" command!
***************************************************************
banner motd
Accesul neautorizat este interzis!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login local
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login local
transport input all
!
!
end





Configuratie R1
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R_Corp1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Q3Rb$fmGBY2qUx.DL5T7YqjAiG.
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
ip dhcp excluded-address 192.168.5.1 192.168.5.100
ip dhcp excluded-address 192.168.5.254
ip dhcp excluded-address 192.168.10.1 192.168.10.100
ip dhcp excluded-address 192.168.10.254
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin1 privilege 15 secret 5 $1$13Wa$l1GqK6yxQhB2Hs/cGc2gf1
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet1/0.5
 encapsulation dot1Q 5
 ip address 192.168.5.254 255.255.255.0
 ip helper-address 192.168.99.253
!
interface FastEthernet1/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.254 255.255.255.0
 ip helper-address 192.168.99.253
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Ethernet3/0
 no ip address
 shutdown
 half-duplex
!
interface Ethernet3/1
 no ip address
 shutdown
 half-duplex
!
interface Ethernet3/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet3/3
 no ip address
 shutdown
 half-duplex
!
router ospf 10
 router-id 1.1.1.1
 log-adjacency-changes
 passive-interface FastEthernet1/0
 passive-interface FastEthernet1/0.5
 passive-interface FastEthernet1/0.10
 network 10.10.10.0 0.0.0.3 area 0
 network 192.168.5.0 0.0.0.255 area 0
 network 192.168.10.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd  
Accesul neautorizat este interzis !
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 login local
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login local
!
!
end





Configuratie R2
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R_Corp2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$D/1U$VZRIMdiAgjRxQvHITi2s11
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin2 privilege 15 secret 5 $1$Pn3I$.3tesOF/mGi0/07gPtcCE0
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.255.221 255.255.255.240
ip access-group 100 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet3/0
no ip address
shutdown
half-duplex
!
interface Ethernet3/1
no ip address
shutdown
half-duplex
!
interface Ethernet3/2
no ip address
shutdown
half-duplex
!
interface Ethernet3/3
ip address 192.168.99.254 255.255.255.0
half-duplex
!
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
passive-interface FastEthernet1/0
passive-interface Ethernet3/3
network 10.10.10.0 0.0.0.3 area 0
network 192.168.99.0 0.0.0.255 area 0
default-information originate
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.255.209
!
!
ip nat inside source list 1 interface FastEthernet1/0 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 100 deny   tcp any host 192.168.255.221 eq telnet
access-list 100 deny   icmp any host 192.168.255.221 echo
access-list 100 permit ip any any
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd
Accesul neautorizat este interzis !
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login local
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login local
!
!
end

Niciun comentariu :

Trimiteți un comentariu

Abonați-vă la: Postare comentarii ( Atom )