The document describes tasks to configure NAT on routers R1 and R2. This includes dynamically NATing internal networks and loopbacks to external IP ranges, PAT for some internal networks, and static NAT for R7's loopbacks. EIGRP is configured internally with redistribution. Access-lists are used to define the NAT source addresses and pools are used to map them to external IP ranges. Connectivity to external sites is tested with ping.
A network consists of a collection of computers, printers and other compatible equipment/ hardware
that is connected together so that they can communicate with each other.
A network consists of a collection of computers, printers and other compatible equipment/ hardware
that is connected together so that they can communicate with each other.
Ether Channel High Speed Data TransmissionNetwax Lab
EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco
switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the
purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An
EtherChannel can be created from between two and eight active Fast, Gigabit or 10-Gigabit Ethernet
ports, with an additional one to eight inactive (failover) ports which become active as the other active
ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end
user machines.
Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel
across the Internet. The ubiquity of the Internet, combined with today's VPN technologies, allows
organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace,
anytime.
Switches direct and control much of the data flowing across computer networks.
Conventional network security often focuses more on routers and blocking traffic from the outside.
Switches are internal to the organization and designed to allow ease of connectivity, therefore only
limited or no security measures are applied.
In computing, a firewall is a network security system that controls the incoming and outgoing network
traffic based on an applied rule set. A firewall establishes a barrier between a trusted, secure internal
network and another network (e.g., the Internet) that is assumed not to be secure and trusted. Firewalls
exist both as a software solution and as a hardware appliance. Many hardware-based firewalls also offer
other functionality to the internal network they protect, such as acting as a DHCP server for that
network.
A WAN (Wide Area Network) is a network that covers a broad area (i.e., any telecommunications
network that links across metropolitan, regional, national or international boundaries) using leased
telecommunication lines. Business and government entities utilize WANs to relay data among
employees, clients, buyers, and suppliers from various geographical locations. In essence, this mode of
telecommunication allows a business to effectively carry out its daily function regardless of location. The
Internet can be considered a WAN as well, and is used by businesses, governments, organizations, and
individuals for almost any purpose imaginable.
Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of
the OSI reference model. Frame Relay originally was designed for use across Integrated Services Digital
Network (ISDN) interfaces. Today, it is used over a variety of other network interfaces as well.
Frame relay is a type of WAN connection use to connect one site to many remote sites through a single
physical circuit; this operation makes it easy to construct reliable and inexpensive networks.
RADIUS is a protocol for carrying information related to authentication, authorization, and configuration
between a Network Access Server that desires to authenticate its links and a shared Authentication
Server.
RADIUS stands for Remote Authentication Dial In User Service.
RADIUS is an AAA protocol for applications such as Network Access or IP Mobility
It works in both situations, Local and Mobile.
It uses Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol
(CHAP), or Extensible Authentication Protocol (EAP) protocols to authenticate users.
It look in text file, LDAP Servers, Database for authentication.
BGP (Border Gateway Routing Protocol) is a standardized exterior gateway protocol designed to
exchange routing and reachability information between autonomous systems (AS) on the Internet. The
Border Gateway Protocol makes routing decisions based on paths, network policies or rule-sets
configured by a network administrator, and are involved in making core routing decisions.
BGP is a very robust and scalable routing protocol, as evidenced by the fact that BGP is the routing
protocol employed on the Internet.
I was selected as the Red Hat Certified Engineer of the year 2007, Asia Pacific. These slides are from my presentation from 2007 Red Hat RHCE day in Singapore.
Network Security consists of the provisions and policies adopted by a network
administrator to prevent and monitor unauthorized access, misuse, modification,
or denial of a computer network and network-accessible resources. Network
security involves the authorization of access to data in a network, which is
controlled by the network administrator. Users choose or are assigned an ID and
password or other authenticating information that allows them access to
information and programs within their authority.
It prevents a network from frame looping by putting some interfaces in forwarding state & some
interfaces in blocking state.
Whenever two or more switches are connected with each other for redundancy purpose loop can occur.
STP Protocol is used to prevent the loop. STP is layer 2 Protocol & by default it is enabled on switches.
A VPN (Virtual Private Network) extends a private network across a public network, such as the
Internet.
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization's network. A VPN ensures
privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol
(L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
Network topology is the topological structure of a system and might be portrayed physically or sensibly. It is an utilization of chart hypothesis wherein conveying gadgets are demonstrated as hubs and the associations between the gadgets are displayed as connections or lines between the hubs.
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
"Implementing an IPv6 Enabled Environment for a Public Cloud Tenant" case study I delivered in OpenStack Vancouver Summit (May, 2015) jointly with Anik and Sharmin from Cisco System.
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
1. Lab 20: NATing
Task
1. Configure IP Addresses as per given in topology.
2. Make sure EIGRP as 100 running over internal network.
3. On R2, Make sure R3 loopback will be Nating dynamically and the range is 114.52.8.3-114.52.8.6.
4. Network 10.0.23.0, 10.0.24.0, 10.0.47.0, 10.0.37.0 will be PAT.
5. R7 loopback will be statically NAT with IP's 114.52.8.10, 114.52.8.11, 114.52.8.12, 114.52.8.13.
6. R4 loopback's will be Nat. Use single ip 114.52.8.100 to accomplish this task.
7. On R1, Network 10.0.45.0, 10.0.15.0, 10.0.56.0 will be PAT.
8. R5 loopbacks will be dynamically Nating, The Range for Nating are 113.24.55.101 -
113.24.55.104.
9. R6 loopback will be Nat. Use single ip 113.24.55.254 to accomplish this task.
10. Make sure all networks and loopbacks ping netwaxlab.com and blog.eincop.com.
Figure 1 Topology
3. Lab 20: NATing
R5
router eigrp 100
network 5.5.1.0 0.0.0.255
network 5.5.2.0 0.0.0.255
network 5.5.3.0 0.0.0.255
network 5.5.4.0 0.0.0.255
network 10.0.15.0 0.0.0.255
network 10.0.45.0 0.0.0.255
no auto-summary
R6
router eigrp 100
network 6.6.1.0 0.0.0.255
network 6.6.2.0 0.0.0.255
network 6.6.3.0 0.0.0.255
network 6.6.4.0 0.0.0.255
network 10.0.56.0 0.0.0.255
no auto-summary
R7
router eigrp 100
network 7.7.1.0 0.0.0.255
network 7.7.2.0 0.0.0.255
network 7.7.3.0 0.0.0.255
network 7.7.4.0 0.0.0.255
network 10.0.37.0 0.0.0.255
network 10.0.47.0 0.0.0.255
no auto-summary
During NAT, You need to use commands on R1 and R2
R1 & R2
interface f0/0
ip nat outside
exit
int se0/0
ip nat inside
exit
4. Lab 20: NATing
int se0/1
ip nat inside
exit
Task 3: On R2, Make sure R3 loopback will be Nating dynamically and the range is 114.52.8.3 -
114.52.8.6.
R2
ip access-list extended NAT
permit ip 3.3.1.0 0.0.0.255 any
permit ip 3.3.2.0 0.0.0.255 any
permit ip 3.3.3.0 0.0.0.255 any
permit ip 3.3.4.0 0.0.0.255 any
exit
ip nat pool R3 114.52.8.3 114.52.8.6 netmask 255.255.255.0
ip nat inside source list NAT pool R3
Task 4: Network 10.0.23.0, 10.0.24.0, 10.0.47.0, 10.0.37.0 will be PAT.
R2
ip access-list extended PAT
permit ip 10.0.23.0 0.0.0.255 any
permit ip 10.0.37.0 0.0.0.255 any
permit ip 10.0.47.0 0.0.0.255 any
permit ip 10.0.24.0 0.0.0.255 any
exit
ip nat inside source list PAT interface FastEthernet0/0 overload
Task 5: R7 loopback will be statically NAT with IP's 114.52.8.10, 114.52.8.11, 114.52.8.12,
114.52.8.13.
R2
ip nat inside source static 7.7.1.1 114.52.8.10
ip nat inside source static 7.7.2.1 114.52.8.11
ip nat inside source static 7.7.3.1 114.52.8.12
ip nat inside source static 7.7.4.1 114.52.8.13
5. Lab 20: NATing
Task 6: R4 loopback's will be Nat. Use single ip 114.52.8.100 to accomplish this task.
R2
ip access-list extended R4loopback
permit ip 4.4.1.0 0.0.0.255 any
permit ip 4.4.2.0 0.0.0.255 any
permit ip 4.4.3.0 0.0.0.255 any
permit ip 4.4.4.0 0.0.0.255 any
exit
ip nat pool R4loop 114.52.8.100 114.52.8.100 netmask 255.255.255.0
ip nat inside source list R4loopback pool R4loop overload
Task 7: On R1, Network 10.0.45.0, 10.0.15.0, 10.0.56.0 will be PAT.
R1
ip access-list extended PAT
permit ip 10.0.45.0 0.0.0.255 any
permit ip 10.0.15.0 0.0.0.255 any
permit ip 10.0.56.0 0.0.0.255 any
exit
ip nat inside source list PAT interface FastEthernet0/0 overload
Task 8: R5 loopbacks will be dynamically Nating, The Range for Nating are 113.24.55.101 -
113.24.55.104.
R1
ip access-list extended R5
permit ip 5.5.1.0 0.0.0.255 any
permit ip 5.5.2.0 0.0.0.255 any
permit ip 5.5.3.0 0.0.0.255 any
permit ip 5.5.4.0 0.0.0.255 any
exit
ip nat pool R5 113.24.55.101 113.24.55.104 netmask 255.255.255.0
ip nat inside source list R5 pool R5
6. Lab 20: NATing
Task 9: R6 loopback will be Nat. Use single ip 113.24.55.254 to accomplish this task.
R1
ip access-list extended R6
permit ip 6.6.1.0 0.0.0.255 any
permit ip 6.6.2.0 0.0.0.255 any
permit ip 6.6.3.0 0.0.0.255 any
permit ip 6.6.4.0 0.0.0.255 any
exit
ip nat pool R6 113.24.55.254 113.24.55.254 netmask 255.255.255.0
ip nat inside source list R6 pool R6 overload
Task 10: Make sure all networks and loopbacks ping netwaxlab.com and blog.eincop.com.
On All Routers
ip domain-lookup
ip name-server 66.1.38.2