Network

Only available on StudyMode
  • Topic: IP address, RADIUS, Network address translation
  • Pages : 5 (895 words )
  • Download(s) : 80
  • Published : January 17, 2013
Open Document
Text Preview
Question 1 – Standard ACL
1. In router NMN:
a. Block 192.168.1.0 from entering 192.168.0.0:
(config)#access-list 1 deny 192.168.1.0 0.0.0.255
(config)#access-list 1 permit any
(config)#int fa0/0
(config-if)#ip access-group 1 out

b. Block 192.168.0.0 from entering 192.168.1.0:
(config)#access-list 2 deny 192.168.0.0 0.0.0.255
(config)#access-list 2 permit any
(config)#int fa0/1
(config-if)#ip access-group 2 out
Question 2 – Extended ACL
1. In router JKL:
(config)#access-list 101 permit ip host 192.168.1.2 host 172.16.0.2 (config)#access-list 101 permit ip host 192.168.1.3 host 172.16.0.3 (config)#access-list 101 permit ip host 192.168.1.4 host 172.16.0.4 (config)#int fa0/0

(config-if)#ip access-group 101 out
Question 3 – AAA
1. Configure Radius server AAA:
a. Network Configuration
i. Client Name: NMN
ii. Client IP: 192.168.0.1
iii. Secret: cisco
iv. ServerType: Radius
v. Add

b. User Setup
vi. UserName: fns
vii. Password: fns
viii. Add

2. In router NMN:
(config)#username abc password abc
(config)#aaa new-model
(config)#aaa authentication login default group radius local (config)#radius-server host 192.168.0.2
(config)#radius-server key cisco

(config)#line con 0
(config-line)#login authentication default
(config-line)#exit
(config)#line vty 0 4
(config-line)#login authentication default
(config-line)#exit

3. Configure Tacacs+ server AAA:
c. Network Configuration
ix. Client Name: TYT
x. Client IP: 171.16.1.1
xi. Secret: cisco
xii. ServerType: Tacacs
xiii. Add

d. User Setup
xiv. UserName: fns
xv. Password: fns
xvi. Add

4. In router TYT:
(config)#username abc password abc
(config)#aaa new-model
(config)#aaa authentication login default group tacacs+ local (config)#tacacs-server host 171.16.1.2
(config)#tacacs-server key cisco

(config)#line con 0
(config-line)#login authentication default
(config-line)#exit
(config)#line vty 0 4
(config-line)#login authentication default
(config-line)#exit
Question 4 – PAT
1. In router NMN:
a. Create NAT
(config)#int fa0/1
(config-if)#ip nat inside
(config-if)#exit
(config)#int s0/0/0
(config-if)#ip nat outside
(config-if)#exit

b. Create ACL to apply on NAT:
(config)#access-list 1 permit 192.168.1.0 0.0.0.255
(config)#ip nat inside source list 1 int s0/0/0 overload
Question 5 – Dynamic NAT
1. In router TYT:
a. Create NAT:
(config)#int fa0/0
(config-if)#ip nat inside
(Config-if)#exit
(config)#int s0/0/0
(config-if)#ip nat outside
(config-if)#exit

b. Create ACL and pool to apply on NAT:
(config)#access-list 10 permit 171.16.1.0 0.0.0.255
(config)#ip nat inside source list 10 pool FNS
(config)#ip nat pool FNS 155.55.5.0 155.55.5.15 netmask 255.255.255.240 Question 6 – VPN
1. Create isakmp:
a. In router NMN:
(config)#crypto isakmp enable
(config)#crypto isakmp key vpn1 address 155.55.5.1
(config)#crypto isakmp policy 10
(config-isakmp)#authentication pre-share
(config-isakmp)#encrypt 3des
(config-isakmp)#group 1
(config-isakmp)#hash md5
(config-isakmp)#lifetime 3600

b. In router TYT:
(config)#crypto isakmp enable
(config)#crypto isakmp key vpn1 address 10.10.5.2
(config)#crypto isakmp policy 10
(config-isakmp)#authentication pre-share
(config-isakmp)#encrypt 3des
(config-isakmp)#group 1
(config-isakmp)#hash md5
(config-isakmp)#lifetime 3600

2. Create ipsec in router NMN and TYT:
(config)#crypto ipsec security-association lifetime seconds 1800 (config)#crypto ipsec transform-set vpn2 ah-md5-hmac esp-3des esp-md5-hmac

3. Mapping:
c. In router NMN:
(config)#access-list 150 permit ip 10.10.5.0 0.0.0.255 155.55.5.0 0.0.0.16 (config)#crypto map cmap 1 ipsec-isakmp
(config-crypto-map)#match address 150...
tracking img