The document discusses the configuration of network devices for a network topology. It includes:
1) A list of equipment used including Cisco switches and routers.
2) Diagrams of the Layer 2 and Layer 3 topologies, showing VLANs, routing protocols, and IP addressing.
3) Requirements and configuration sections detailing configurations for routing protocols like BGP, OSPF, EIGRP, services like NTP, and security features like NAT and CBAC.
The configurations provided implement an IBGP setup between routers, NTP synchronization, NAT for internal to external addressing, and CBAC to control external access to internal resources. Packet flows and debugging outputs validate the working of these configurations.
The document discusses troubleshooting EIGRP routing protocol issues. It covers troubleshooting neighbor relationships, routing tables, and authentication. For neighbor issues, the show ip eigrp neighbors command can help identify problems like incorrect network commands or hello packet mismatches. Missing routes may be due to route filtering or automatic summarization. The debug eigrp packets command aids in debugging authentication problems seen when MD5 keys are misconfigured.
This document discusses configuring and troubleshooting access control lists (ACLs) on Cisco routers. It covers the basics of numbered standard and extended IPv4 ACLs, including configuration examples that permit or deny traffic based on source IP addresses, protocols, and port numbers. Named ACLs and commands for verifying, monitoring, and troubleshooting ACLs are also examined. The document provides guidance on implementing ACLs to control network access and troubleshooting common ACL errors.
The document discusses Point-to-Point Protocol (PPP) which is commonly used for establishing connections across wide area networks (WANs). PPP uses Link Control Protocol (LCP) to negotiate the connection and establish link parameters. It can also use Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) for authentication. The document provides instructions and examples for configuring PPP on routers, and describes commands like show interface and debug ppp negotiation that can be used to verify PPP operation and authentication.
This document discusses access control lists (ACLs) and their use and configuration. ACLs can filter IP packets and identify traffic, performing top-down processing for incoming or outgoing traffic. Standard ACLs filter based on source address while extended ACLs allow filtering of source, destination, protocol and port. IP access list entry numbering and show commands help troubleshoot ACL configuration errors.
The document discusses establishing Frame Relay WAN connections. Frame Relay uses virtual circuits (PVCs) identified by DLCIs, and the Link Management Interface (LMI) protocol is used to report PVC status. Frame Relay subinterfaces can be configured in either point-to-point or multipoint mode, with different addressing requirements for each. The show commands frame-relay lmi, frame-relay pvc, and frame-relay map can be used to verify Frame Relay connectivity and map entries.
The document describes the basic BGP configuration of routers R1, R2, and ISPs Airtel, Reliance, and Vodafone. It defines the interfaces of each router and ISP with IP addresses. It also outlines the BGP configuration of each entity with AS numbers, neighbor definitions, and network advertisements. Troubleshooting commands like show ip route, show ip bgp summary, and show ip bgp neighbor are listed.
OSPF is a link-state routing protocol that establishes neighbor relationships using hello packets. It floods link state advertisements (LSAs) throughout an area to build a link-state database and calculates the shortest path to each destination using the SPF algorithm. Routers can be configured for a single OSPF area using the network address and router ospf commands. Neighbor adjacencies are verified using show commands and debugging can help troubleshoot OSPF issues.
This document discusses troubleshooting Open Shortest Path First (OSPF) routing protocol issues. It covers components of OSPF troubleshooting like neighbor adjacencies, routing tables, and authentication problems. Specific commands are provided to troubleshoot OSPF interfaces, MTU mismatches, authentication mismatches, and different authentication passwords configured on routers. The summary emphasizes using show commands and debug commands to isolate OSPF issues.
The document discusses troubleshooting EIGRP routing protocol issues. It covers troubleshooting neighbor relationships, routing tables, and authentication. For neighbor issues, the show ip eigrp neighbors command can help identify problems like incorrect network commands or hello packet mismatches. Missing routes may be due to route filtering or automatic summarization. The debug eigrp packets command aids in debugging authentication problems seen when MD5 keys are misconfigured.
This document discusses configuring and troubleshooting access control lists (ACLs) on Cisco routers. It covers the basics of numbered standard and extended IPv4 ACLs, including configuration examples that permit or deny traffic based on source IP addresses, protocols, and port numbers. Named ACLs and commands for verifying, monitoring, and troubleshooting ACLs are also examined. The document provides guidance on implementing ACLs to control network access and troubleshooting common ACL errors.
The document discusses Point-to-Point Protocol (PPP) which is commonly used for establishing connections across wide area networks (WANs). PPP uses Link Control Protocol (LCP) to negotiate the connection and establish link parameters. It can also use Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) for authentication. The document provides instructions and examples for configuring PPP on routers, and describes commands like show interface and debug ppp negotiation that can be used to verify PPP operation and authentication.
This document discusses access control lists (ACLs) and their use and configuration. ACLs can filter IP packets and identify traffic, performing top-down processing for incoming or outgoing traffic. Standard ACLs filter based on source address while extended ACLs allow filtering of source, destination, protocol and port. IP access list entry numbering and show commands help troubleshoot ACL configuration errors.
The document discusses establishing Frame Relay WAN connections. Frame Relay uses virtual circuits (PVCs) identified by DLCIs, and the Link Management Interface (LMI) protocol is used to report PVC status. Frame Relay subinterfaces can be configured in either point-to-point or multipoint mode, with different addressing requirements for each. The show commands frame-relay lmi, frame-relay pvc, and frame-relay map can be used to verify Frame Relay connectivity and map entries.
The document describes the basic BGP configuration of routers R1, R2, and ISPs Airtel, Reliance, and Vodafone. It defines the interfaces of each router and ISP with IP addresses. It also outlines the BGP configuration of each entity with AS numbers, neighbor definitions, and network advertisements. Troubleshooting commands like show ip route, show ip bgp summary, and show ip bgp neighbor are listed.
OSPF is a link-state routing protocol that establishes neighbor relationships using hello packets. It floods link state advertisements (LSAs) throughout an area to build a link-state database and calculates the shortest path to each destination using the SPF algorithm. Routers can be configured for a single OSPF area using the network address and router ospf commands. Neighbor adjacencies are verified using show commands and debugging can help troubleshoot OSPF issues.
This document discusses troubleshooting Open Shortest Path First (OSPF) routing protocol issues. It covers components of OSPF troubleshooting like neighbor adjacencies, routing tables, and authentication problems. Specific commands are provided to troubleshoot OSPF interfaces, MTU mismatches, authentication mismatches, and different authentication passwords configured on routers. The summary emphasizes using show commands and debug commands to isolate OSPF issues.
This document discusses network address translation (NAT) and port address translation (PAT). It provides configuration examples for static NAT, dynamic NAT, and NAT overloading. It also describes commands for verifying NAT configuration and troubleshooting NAT issues, such as using show commands to check the NAT translation table and statistics. The examples illustrate how to configure NAT on a router to translate internal IP addresses to external global IP addresses when routing traffic between inside and outside networks.
Organizations implement VPNs to extend their networks securely and cost-effectively over public networks. VPNs use encryption to provide security for site-to-site connections between intranets and extranets, as well as remote access for telecommuters. Cisco offers various VPN solutions including routers, adaptive security appliances, and VPN client software that utilize the IPsec framework, which combines protocols to encrypt data and provide confidentiality, integrity, and authentication for VPN traffic.
Access control lists (ACLs) can filter or classify network traffic passing through a router. Standard ACLs check only the source IP address while extended ACLs check both source and destination addresses and specific protocols. ACLs can permit or deny traffic passing through the router, control virtual terminal access, and provide special handling of classified traffic. They are configured globally and applied to interfaces to filter inbound or outbound traffic.
The document discusses IPv6 addressing and transitioning from IPv4 to IPv6. It describes the need for a larger address space than IPv4 due to the growing number of internet-connected devices. It then covers various IPv6 features and address types including global unicast addresses, link-local addresses, and address assignment methods like stateless autoconfiguration and DHCPv6. The document also discusses IPv6 routing protocols and transition technologies like dual stack and tunneling to help networks migrate from IPv4 to IPv6.
The document discusses subnetting, variable length subnet masking (VLSM), and route summarization. It defines how subnetting allows a network to be divided into smaller broadcast domains. VLSM adds multiple layers of addressing hierarchy to more efficiently allocate IP addresses. Route summarization provides benefits like smaller routing tables and isolating topology changes by summarizing routes between networks.
The document discusses troubleshooting techniques for Frame Relay WANs. It covers troubleshooting Frame Relay links that are down, connectivity between remote routers, and end-to-end connectivity across the Frame Relay network. The summary emphasizes that there are three aspects of troubleshooting Frame Relay: the link, the mapping between routers, and routing across the network. It recommends using show interface serial, show frame-relay lmi, show frame-relay map, and show frame-relay pvc commands to test layers 1, 2, and connectivity between routers.
The document discusses implementing and configuring the EIGRP routing protocol. It describes EIGRP features such as flexible network design, multicast routing, support for VLSM and discontiguous subnets. It also covers EIGRP configuration, metrics, load balancing, authentication and commands for verifying EIGRP operation.
The document discusses recommended practices for securing a switched network, including: securing switch access through passwords and physical security, securing switch protocols like Cisco Discovery Protocol and spanning tree, and mitigating compromises through switches by securing trunk links and ports. It also covers using port security to restrict access by MAC address and 802.1X authentication to require network access through switches be authenticated.
This document discusses spanning tree protocol (STP) and how it is used to prevent loops and improve performance in a medium-sized switched network. STP establishes a loop-free topology by placing ports into different states like blocking. Per VLAN STP (PVST+) provides separate STP instances for each VLAN to enhance load sharing. EtherChannel can also be used to provide high-speed redundant links between switches.
This document contains a table listing networking devices, their interfaces, IP addresses, subnet masks, and default gateways. It includes routers R1 and R2, PCs 1A and 1B, a server, and a device called Eagle, showing their configurations for IP addressing.
The document contains multiple choice questions about network configuration and protocols. Based on the options provided, the correct answers are:
- The missing information for Blank 1 is the command show ip route.
- Addition of hosts to a physical segment and increasing use of bandwidth intensive network applications contribute to congestion on an Ethernet LAN.
- The SwA port has IEEE 802.1Q trunking enabled and the SwB port has ISL trunking enabled.
Algosec how to avoid business outages from misconfigured devices finalMaytal Levi
The document discusses how network devices can be misconfigured, leading to security issues and business outages. It provides examples of misconfigured firewall rules that incorrectly allow access between servers. Proper change management processes are needed to prevent misconfigurations during network changes. The document emphasizes that even small errors in configurations, like using the wrong subnet mask, can expose many devices. Close review of access control lists is required to find misconfigurations when issues occur, as even long lists may contain small errors allowing unintended access.
This document contains a lab workbook for configuring a Cisco ASA firewall. It includes instructions and configuration examples for setting up security policies, interfaces, routing, object groups, access control lists and verifying connectivity using ping and telnet tests between interfaces representing the inside, outside and DMZ zones. The goal is to allow only certain necessary traffic flows while blocking all others based on source, destination, application and interface.
The document outlines the topology and objectives for the ICND2 certification course. It includes diagrams of network topologies for different labs covering topics such as switched networks, routing protocols, ACLs, NAT, IPv6, Frame Relay WANs, and objectives for implementing and troubleshooting the various technologies. Lab addresses and subnets are defined for the different network devices in each topology.
This document describes configuring a basic single-area OSPFv2 network. It includes the topology diagram and addressing tables, and steps to build the network, configure OSPF routing on each router with area 0, and verify OSPF neighbor relationships and routing tables. It also provides sample outputs of show commands to check OSPF settings and interfaces.
The document discusses the boot process and components of a Cisco router. When a router boots, it performs self-tests, loads bootstrap code, finds and loads the Cisco IOS software and configuration. Major internal components include RAM, ROM, flash memory and NVRAM. The router searches specific locations to find the IOS image, in this order: configuration register, flash memory, TFTP server, ROM. The configuration register specifies boot settings and can be checked with the show version command.
Deploy Failover/High Availability in ASA FirewallKHNOG
This document provides an overview of high availability network design using failover. It discusses failover concepts and terminology, deployment, configuration, and behaviors. The key aspects covered include active/standby configuration and operation, failover requirements, and trigger conditions for failover.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
The document contains questions and answers about configuring and applying access control lists (ACLs) on routers. Some key points:
- ACL entries are assigned sequence numbers, with new entries added at the end by default.
- Inbound ACLs are more efficient than outbound ACLs as they can deny packets before routing lookups.
- ACLs can be used to filter traffic, specify NAT source addresses, and identify traffic for QoS among other uses.
- Standard ACLs filter based on source address only while extended ACLs can filter on additional fields and factors.
Managed Media Converter Chassis series, MC-1610MR and MC-1610MR48, provides 16 media converter slots and one management system in a 19-inch rack chassis. The MC-1610MR series is designed for FTTx applications for ISPs, telecoms, campuses and enterprises.
The MC-1610MR series can easily build an FTTx infrastructure that perfectly meets your demands. The 16 slots are suitable for PLANET Fast/Gigabit Ethernet Smart Media Converters, such as the existing FST-80x, newly-designed GST-80x and brand-new XST-705A.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://bbcpl.in
This document discusses managed device deployment at branch offices using Aruba branch controllers. It provides an overview of how branch controllers connect to a master controller via an internet modem and establish communication. It also covers branch controller and VPN concentrator configuration in Aruba OS versions 6.x and 8.x, including initial setup, zero touch provisioning, and debugging tools. Additional topics include address pool management for VLANs, tunnels, NAT, and DHCP to allow for dynamic IP assignment at branch office deployments.
The document describes steps to configure a network including: designing an IP addressing scheme; configuring DHCP, WAN technologies, EIGRP routing, and NAT; and implementing ACLs for security. Key steps include subnetting the 172.16.1.128/25 network and assigning addresses, configuring R3 as a DHCP server, enabling routing with EIGRP, using NAT on R2 for Internet access, and applying ACLs to restrict access between networks.
This document discusses network address translation (NAT) and port address translation (PAT). It provides configuration examples for static NAT, dynamic NAT, and NAT overloading. It also describes commands for verifying NAT configuration and troubleshooting NAT issues, such as using show commands to check the NAT translation table and statistics. The examples illustrate how to configure NAT on a router to translate internal IP addresses to external global IP addresses when routing traffic between inside and outside networks.
Organizations implement VPNs to extend their networks securely and cost-effectively over public networks. VPNs use encryption to provide security for site-to-site connections between intranets and extranets, as well as remote access for telecommuters. Cisco offers various VPN solutions including routers, adaptive security appliances, and VPN client software that utilize the IPsec framework, which combines protocols to encrypt data and provide confidentiality, integrity, and authentication for VPN traffic.
Access control lists (ACLs) can filter or classify network traffic passing through a router. Standard ACLs check only the source IP address while extended ACLs check both source and destination addresses and specific protocols. ACLs can permit or deny traffic passing through the router, control virtual terminal access, and provide special handling of classified traffic. They are configured globally and applied to interfaces to filter inbound or outbound traffic.
The document discusses IPv6 addressing and transitioning from IPv4 to IPv6. It describes the need for a larger address space than IPv4 due to the growing number of internet-connected devices. It then covers various IPv6 features and address types including global unicast addresses, link-local addresses, and address assignment methods like stateless autoconfiguration and DHCPv6. The document also discusses IPv6 routing protocols and transition technologies like dual stack and tunneling to help networks migrate from IPv4 to IPv6.
The document discusses subnetting, variable length subnet masking (VLSM), and route summarization. It defines how subnetting allows a network to be divided into smaller broadcast domains. VLSM adds multiple layers of addressing hierarchy to more efficiently allocate IP addresses. Route summarization provides benefits like smaller routing tables and isolating topology changes by summarizing routes between networks.
The document discusses troubleshooting techniques for Frame Relay WANs. It covers troubleshooting Frame Relay links that are down, connectivity between remote routers, and end-to-end connectivity across the Frame Relay network. The summary emphasizes that there are three aspects of troubleshooting Frame Relay: the link, the mapping between routers, and routing across the network. It recommends using show interface serial, show frame-relay lmi, show frame-relay map, and show frame-relay pvc commands to test layers 1, 2, and connectivity between routers.
The document discusses implementing and configuring the EIGRP routing protocol. It describes EIGRP features such as flexible network design, multicast routing, support for VLSM and discontiguous subnets. It also covers EIGRP configuration, metrics, load balancing, authentication and commands for verifying EIGRP operation.
The document discusses recommended practices for securing a switched network, including: securing switch access through passwords and physical security, securing switch protocols like Cisco Discovery Protocol and spanning tree, and mitigating compromises through switches by securing trunk links and ports. It also covers using port security to restrict access by MAC address and 802.1X authentication to require network access through switches be authenticated.
This document discusses spanning tree protocol (STP) and how it is used to prevent loops and improve performance in a medium-sized switched network. STP establishes a loop-free topology by placing ports into different states like blocking. Per VLAN STP (PVST+) provides separate STP instances for each VLAN to enhance load sharing. EtherChannel can also be used to provide high-speed redundant links between switches.
This document contains a table listing networking devices, their interfaces, IP addresses, subnet masks, and default gateways. It includes routers R1 and R2, PCs 1A and 1B, a server, and a device called Eagle, showing their configurations for IP addressing.
The document contains multiple choice questions about network configuration and protocols. Based on the options provided, the correct answers are:
- The missing information for Blank 1 is the command show ip route.
- Addition of hosts to a physical segment and increasing use of bandwidth intensive network applications contribute to congestion on an Ethernet LAN.
- The SwA port has IEEE 802.1Q trunking enabled and the SwB port has ISL trunking enabled.
Algosec how to avoid business outages from misconfigured devices finalMaytal Levi
The document discusses how network devices can be misconfigured, leading to security issues and business outages. It provides examples of misconfigured firewall rules that incorrectly allow access between servers. Proper change management processes are needed to prevent misconfigurations during network changes. The document emphasizes that even small errors in configurations, like using the wrong subnet mask, can expose many devices. Close review of access control lists is required to find misconfigurations when issues occur, as even long lists may contain small errors allowing unintended access.
This document contains a lab workbook for configuring a Cisco ASA firewall. It includes instructions and configuration examples for setting up security policies, interfaces, routing, object groups, access control lists and verifying connectivity using ping and telnet tests between interfaces representing the inside, outside and DMZ zones. The goal is to allow only certain necessary traffic flows while blocking all others based on source, destination, application and interface.
The document outlines the topology and objectives for the ICND2 certification course. It includes diagrams of network topologies for different labs covering topics such as switched networks, routing protocols, ACLs, NAT, IPv6, Frame Relay WANs, and objectives for implementing and troubleshooting the various technologies. Lab addresses and subnets are defined for the different network devices in each topology.
This document describes configuring a basic single-area OSPFv2 network. It includes the topology diagram and addressing tables, and steps to build the network, configure OSPF routing on each router with area 0, and verify OSPF neighbor relationships and routing tables. It also provides sample outputs of show commands to check OSPF settings and interfaces.
The document discusses the boot process and components of a Cisco router. When a router boots, it performs self-tests, loads bootstrap code, finds and loads the Cisco IOS software and configuration. Major internal components include RAM, ROM, flash memory and NVRAM. The router searches specific locations to find the IOS image, in this order: configuration register, flash memory, TFTP server, ROM. The configuration register specifies boot settings and can be checked with the show version command.
Deploy Failover/High Availability in ASA FirewallKHNOG
This document provides an overview of high availability network design using failover. It discusses failover concepts and terminology, deployment, configuration, and behaviors. The key aspects covered include active/standby configuration and operation, failover requirements, and trigger conditions for failover.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
The document contains questions and answers about configuring and applying access control lists (ACLs) on routers. Some key points:
- ACL entries are assigned sequence numbers, with new entries added at the end by default.
- Inbound ACLs are more efficient than outbound ACLs as they can deny packets before routing lookups.
- ACLs can be used to filter traffic, specify NAT source addresses, and identify traffic for QoS among other uses.
- Standard ACLs filter based on source address only while extended ACLs can filter on additional fields and factors.
Managed Media Converter Chassis series, MC-1610MR and MC-1610MR48, provides 16 media converter slots and one management system in a 19-inch rack chassis. The MC-1610MR series is designed for FTTx applications for ISPs, telecoms, campuses and enterprises.
The MC-1610MR series can easily build an FTTx infrastructure that perfectly meets your demands. The 16 slots are suitable for PLANET Fast/Gigabit Ethernet Smart Media Converters, such as the existing FST-80x, newly-designed GST-80x and brand-new XST-705A.
Contact us
Tel: +91-7875432180 Email: sales@bbcpl.in
Website: https://bbcpl.in
This document discusses managed device deployment at branch offices using Aruba branch controllers. It provides an overview of how branch controllers connect to a master controller via an internet modem and establish communication. It also covers branch controller and VPN concentrator configuration in Aruba OS versions 6.x and 8.x, including initial setup, zero touch provisioning, and debugging tools. Additional topics include address pool management for VLANs, tunnels, NAT, and DHCP to allow for dynamic IP assignment at branch office deployments.
The document describes steps to configure a network including: designing an IP addressing scheme; configuring DHCP, WAN technologies, EIGRP routing, and NAT; and implementing ACLs for security. Key steps include subnetting the 172.16.1.128/25 network and assigning addresses, configuring R3 as a DHCP server, enabling routing with EIGRP, using NAT on R2 for Internet access, and applying ACLs to restrict access between networks.
CCNA: Connecting Networks SA Exam
Lab 13 CCNA: Connecting Networks
CSIS 430 – Weeks 1 - 4
Hands-On Skills Assessment
Topology
Complete the assessment in Packet Tracer and document and fill in the blanks. Submit this file and the pka file in Week 8 Lab 13, Points will not be given for incomplete Steps.
Assessment Objectives
Part 1: Initialize Devices (2 points, 5 minutes)
Part 2: Configure Device Basic Settings (8 points, 20 minutes)
Part 3: Configure PPP Connections (7 points, 20 minutes)
Part 4: Configure NAT (4 points, 15 minutes)
Part 5: Monitor the Network (6 points, 15 minutes)
Part 6: Configure Frame Relay (7 points, 20 minutes)
Part 7: Configure a GRE VPN Tunnel (6 points, 20 minutes)
Scenario
In this Skills Assessment (SA) you will create a small network. You must connect the network devices and configure those devices to support various WAN protocols. This will require that you reload the routers before starting your configuration of the next WAN protocol. The assessment has you save your basic device configurations to flash prior to implementing a WAN protocol to allow you to restore these basic configurations after each reload.
The first WAN protocol you will configure is Point-to-Point Protocol (PPP) with CHAP authentication. You will also configure Network Address Translation (NAT), and network monitoring protocols during this phase of the assessment. After your instructor has signed off on this phase, you will reload the routers and configure Frame Relay. After the Frame Relay part is complete, and has been signed off by your instructor, you will reload the routers and configure a GRE VPN tunnel. Network configurations and connectivity will be verified throughout the assessment by using common CLI commands.
Required Resources
3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
3 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term.
Console cable to configure the Cisco IOS devices via the console ports
Ethernet and Serial cables as shown in the topology
Initialize Devices
Total points: 2
Time: 5 minutes
Initialize and reload routers.
Erase the startup configurations and reload the devices.
Task
IOS Command
Points
Erase the startup-config file on all routers.
erase startup-config
(1 point)
Reload all routers.
reload
(1 point)
Points: __________ of 2
Configure Device Basic Settings
Total points: 8
Time: 20 minutes
Configure PCs.
Assign static IPv4 address information (IP address, subnet mask, default gateway) to the three PCs in the topology. Refer to the Topology diagram to obtain the IP address information.
Configuration Item or Task
Specification
Points
Configure static IPv4 address information on PC-A.
IP Address: 192.168.11.3
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.11.1
1
Configure static IPv4 address information on PC-B.
IP Address: 192.168.22.3
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.22.1
Configure static IPv4 address information on PC ...
This document contains questions and answers related to CCNA 1 Chapter 11 exam. It provides the questions asked in the exam and lists possible multiple choice answers for each question. The document also includes router configuration examples and partial router outputs related to some of the troubleshooting questions.
PFRv3 – новое поколение технологии Performance Routing для интеллектуального ...Cisco Russia
PFRv3 – новое поколение технологии Performance Routing для интеллектуального управления трафиком.
Запись вебинара: https://cisco.webex.com/ciscosales/lsr.php?RCID=996604735650402b828d47ff1f7b7578
Клуб Cisco - ciscoclub.ru
1. A Frame Relay switch may perform three actions when detecting excessive frame buildup: put a hold on accepting frames in excess of the CIR, drop frames from the queue that have the DE bit set, and set the BECN bit on all frames it places on the congested link.
2. The benefit of Frame Relay over leased lines or ISDN is that customers only pay for the bandwidth they purchase from the network provider.
3. For routers R1, R2, and R3 to ping each other successfully over Frame Relay, R2 and R3 would need the frame-relay map commands configuring the correct DLCIs to establish connectivity between all routers.
The document provides instructions to configure IP addressing, DHCP, WAN technologies including PPP and Frame Relay, EIGRP routing, NAT, and ACLs on routers R1, R2, and R3. Key steps include designing an IP addressing scheme, configuring R3 as a DHCP server, verifying connectivity over PPP and HDLC WAN links, configuring EIGRP routing, configuring NAT and PAT on R2, and applying ACLs to implement security policies.
Detailed explanation of Basic router configurationsamreenghauri786
This document provides instructions on configuring basic settings on a Cisco router, including:
1) Configuring initial settings such as the device name, passwords, and banner.
2) Configuring two router interfaces including IP addresses, descriptions, and activating the interfaces.
3) Verifying the interface configurations using commands like show ip interface brief and show interfaces.
The document provides information about network configuration and security best practices:
1. HTTPS should be used to transfer credit card information on a company website to encrypt the transmission.
2. A branch office router connecting to headquarters should be configured with encapsulation PPP and IP address 192.168.5.21 to establish the serial connection.
3. The service password-encryption and enable secret commands ensure passwords are encrypted in the router configuration.
The document discusses various techniques that internet service providers can use to prevent IP reflection attacks, including:
- Implementing BCP38 and BCP140, which involve validating the source IP address of incoming packets to prevent spoofing. This is recommended to be deployed as close to the edge of the network as possible.
- Enforcing validation using access control lists (ACLs) to filter packets and unicast reverse path forwarding (uRPF) to check the return path of source IP addresses. Strict uRPF is recommended for customers.
- Example ACL and uRPF configurations are provided for Cisco and Juniper routers to filter traffic from customer networks connected to the ISP edge router.
This chapter discusses wide area network (WAN) technologies including HDLC, PPP, Frame Relay, and virtual private networks (VPNs). It defines WAN terminology and components. PPP is described as a protocol used to transport network layer packets over point-to-point links. Frame Relay is introduced as a high-performance WAN protocol that uses virtual circuits to transmit data between network devices. Finally, VPNs are summarized as secured connections used for remote access, site-to-site networking, and business partnerships over public networks like the Internet.
This chapter discusses wide area network (WAN) technologies including HDLC, PPP, Frame Relay, and virtual private networks (VPNs). It defines WAN terminology and components. PPP is described as a protocol used to transport layer 3 packets across point-to-point links. Frame Relay is introduced as a high-performance WAN encapsulation method that provides a connection-oriented data link layer. VPNs allow remote access, site-to-site, and extranet connectivity over public networks like the internet.
This document provides instructions for renting access to a rack of Cisco routers and switches to gain hands-on experience configuring Cisco devices. It describes the rack rental service which provides remote access to a pod containing 5 Cisco routers, 2 Cisco switches, and an ISDN simulator for $10/day. The document lists the various Cisco technologies that can be configured including switching, routing protocols, and WAN protocols. It then provides step-by-step instructions for an OSPF lab to configure OSPF routing.
Configuring Ip Sec Between A Router And A Pixangelitoh11
IPSec is being configured between a router and a PIX firewall to encrypt traffic between the internal networks while allowing public internet access without encryption. Access lists and NAT are used to exempt the internal traffic from NAT and encrypt it, while applying NAT to other traffic. Debug commands show the IKE and IPSec security associations being successfully negotiated.
This document provides an overview of wide area networks (WANs) and common WAN technologies. It defines WAN terminology like customer premises equipment and demarcation. It describes different WAN connection types and protocols like HDLC, PPP, Frame Relay and VPNs. PPP is examined in detail, including its components, establishment process and authentication methods. Frame Relay is also covered in depth, discussing its encapsulation, DLCI addressing, subinterfaces, mapping and monitoring. Troubleshooting tips are provided for common Frame Relay issues. Finally, an introduction to VPN technologies is given for remote access, site-to-site and extranet deployments.
The document is a lab manual for the Cisco CCNA certification. It provides instructions and configuration steps for completing labs on router and switch security, routing protocols, VLANs, VTP, STP, WAN protocols and IPv6. The manual was prepared by Furqan Yaseen for the CTTC networking academy and contains the student's name, ID, instructor details and course information.
The document is a lab manual for the Cisco CCNA certification. It provides instructions and configuration steps for completing labs on router and switch security, routing protocols, VLANs, VTP, STP, WAN protocols and IPv6 networking. The manual was prepared by Furqan Yaseen for students at CTTC to help them obtain hands-on experience for the CCNA exam.
The document is a lab manual for the Cisco CCNA certification. It provides instructions and configuration steps for completing labs on router and switch security, routing protocols, VLANs, VTP, STP, WAN protocols and IPv6 networking. The manual was prepared by Furqan Yaseen for the CTTC networking academy and covers topics tested in the CCNA exam curriculum.
A corporate network is designed to connect the main office in New York with branches in New Delhi, Bangalore, and Jamshedpur. Various protocols are used within and between the offices for effective communication. In New York, two multilayer switches use inter-VLAN routing and PAT to connect local PCs and the main branch. The New Delhi branch uses VLANs and PAT to separate departments between two floors. Bangalore uses VTP between a server and two client switches to define VLANs for departments. Jamshedpur employs HSRP between two switches for high availability and a PAT router to connect to the frame relay.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
6. L3 계층 구성도
03 Topology
Area 1
EIGRP 168
OSPF 159
NAT
R1-KCC-3R1-KCC-5
Area 0
R1-KCC-2
Web
Client
HANKOOK
TIRE
Web
CBAC
SK
KCC
BGP AS 120BGP AS 100BGP AS 130
WebWeb
R1-KCC-1
R1-KCC-4
ISP
7. BGP
SK와 HANKOOKTIRE와 경로 정보를 원활히 교환 할수있도록 IBGP 환경을
구축하시오.
(단, IBGP 연결을 BGP Peer-Group 을 사용하여 BGP 설정 내용을 간결하게
하시오)
04 Requirement & Result
• BGP Peer-Gruop 사용 후
R1-KCC-5(config)#router bgp 130
R1-KCC-5(config-router)#bgp router-id 5.5.5.5
R1-KCC-5(config-router)#no synchronization
R1-KCC-5(config-router)#no auto-summary
R1-KCC-5(config-router)#neighbor RR peer-group
R1-KCC-5(config-router)#neighbor RR remote-as 130
R1-KCC-5(config-router)#neighbor RR update-source Loopback0
R1-KCC-5(config-router)#neighbor RR route-reflector-client
R1-KCC-5(config-router)#neighbor 172.16.2.2 peer-group RR
R1-KCC-5(config-router)#neighbor 172.16.3.3 peer-group RR
R1-KCC-5(config-router)#neighbor 172.16.4.4 peer-group RR
• BGP Peer-Gruop 사용 전
R1-KCC-5(config)#router bgp 130
R1-KCC-5(config-router)#bgp router-id 5.5.5.5
R1-KCC-5(config-router)#no synchronization
R1-KCC-5(config-router)#no auto-summary
R1-KCC-5(config-router)#neighbor 172.16.2.2 remote-as 130
R1-KCC-5(config-router)#neighbor 172.16.2.2 update-source Loopback0
R1-KCC-5(config-router)#neighbor 172.16.2.2 route-reflector-client
R1-KCC-5(config-router)#neighbor 172.16.3.3 remote-as 130
R1-KCC-5(config-router)#neighbor 172.16.3.3 update-source Loopback0
R1-KCC-5(config-router)#neighbor 172.16.3.3 route-reflector-client
R1-KCC-5(config-router)#neighbor 172.16.4.4 remote-as 130
R1-KCC-5(config-router)#neighbor 172.16.4.4 update-source Loopback0
R1-KCC-5(config-router)#neighbor 172.16.4.4 route-reflector-clifent
8. BGP
04 Requirement & Result
BGP 연결 Fail
BGP 연결 Success
Neighbor 로부터 5초안
에 Open Message를 수
신하지 못하면 Active로
전환된다.
해당 Neighbor로 부터 전
달받는 경로 정보 갯수를
나타낸다.
9. NTP
모든 장비 간 시간 동기화를 하시오.
ISP 업체와 R1-KCC-3 Router간 시간을 동기화한 후
IBGP 내의 모든 장비는 KCC-3 Router 로부터
동기화 받으시오.
04 Requirement & Result
11.1.5.1로부터 Clock synchronized가
완료 된것을 알수있다.
NTP Master 에서 stratum 값을 3으
로 설정한것을 확인할수 있다.
10. NTP
04 Requirement & Result
IBGP 내부의 NTP Master인 KCC-3으로부터 내부의 각 장비들 간 시간을 동기화받으시오.
내부 NTP Master 에서 stratum 값을
4으로 설정한것을 확인할수 있다.
11. 04 Requirement & Result
NAT
내부 IP를 공인IP로 전환하고
내부 사설망이 외부와 원활한 통신이 가능하도록 설정하시오
Debug를 통해 내부의 172.16.10.10
대역이 11.13.20.161 공인ip로 전환되
여 나가는것을 확인할수 있다.
사설 IP공인 IP
12. 라우터 보안
04 Requirement & Result
Router에 HTTP protocol이 있을 경우 외부에서 웹을 통해 Router의 설정을 조회하거
나 변경할수 있게 되어 보안이 취약해진다.
따라서, 이를 보완할수 있도록 Router의 HTTP server 서비스를 중지하도록 설정하시오.
웹사이트를 통해 172.16.1.1접속
시 Router의 정보가 나타난다.
Router에서 “no ip http server”
command를 이용하여 HTTP
server 중지
웹사이트를 통해 172.16.1.1접속
하여도 Router의 정보가 나타나
지 않는다.
13. CBAC
04 Requirement & Result
외부의 ISP업체가 내부 네트워크로 default 경로를 줬을 경우
내부망에 접속 할 수 있어 보안에 큰 위협이 될 수 있다. 이때 CBAC을 구성하여 이를 해결하시오.
CBAC이란 특정 인터페이스를 통해 정의된 트래픽이 네트워크 외부로 나가며 허용된 트래픽에 한하여,
그 트래픽에 대한 응답 트래픽이 내부 네트워크로 들어갈 수 있도록 임시 항목을 생성하는 것이다.
“ip inspect audit-trail” command 입력시 CBAC이 정상 작동할
경우 다음과 같은 정보가 나타난다.
14. CBAC
04 Requirement & Result
[CBAC]
R1-KCC-5(config)#ip inspect audit-trail
R1-KCC-5(config)#ip inspect name KCC http
R1-KCC-5(config)#ip inspect name KCC telnet
R1-KCC-5(config)#interface Ethernet0/0.55
R1-KCC-5(config-if)#ip access-group OUTBOUND in
R1-KCC-5(config)#interface Ethernet0/0.77
R1-KCC-5(config-if)#ip access-group INBOUND in
R1-KCC-5(config-if)#ip inspect KCC out
R1-KCC-5(config)#interface Ethernet0/0.128
R1-KCC-5(config-if)#ip access-group OUTBOUND in
R1-KCC-5(config)#ip access-list extended INBOUND
R1-KCC-5(config-)# permit eigrp any any
permit icmp any 172.16.20.0 0.0.0.255 echo-reply
permit icmp any 172.16.20.0 0.0.0.255 traceroute
permit icmp any 172.16.20.0 0.0.0.255 unreachable
permit icmp any 172.16.10.0 0.0.0.255 echo-reply
permit icmp any 172.16.10.0 0.0.0.255 traceroute
permit icmp any 172.16.10.0 0.0.0.255 unreachable
R1-KCC-5(config)#ip access-list extended OUTBOUND
permit ip 172.16.20.0 0.0.0.255 any
permit ip 172.16.10.0 0.0.0.255 any
Matches 된것을 확인할 수 있다.
외부의 ISP업체가 내부 네트워크로 default 경로를 줬을 경우
내부망에 접속 할 수 있어 보안에 큰 위협이 될 수 있다. 이때 CBAC을 구성하여 이를 해결하시오.
*CBAC이란 어떠한 트래픽을 정의하여 특정 인터페이스를 통해 네트워크 외부로 나가는 경우,
그 트래픽에 대한 응답 트래픽이 내부 네트워크로 들어갈 수 있도록 임시 항목을 생성하는 것이다.
15. CBAC
설정 방법
R1-KCC-5(config)#ip inspect audit-trail
R1-KCC-5(config)#ip inspect name KCC http
R1-KCC-5(config)#ip inspect name KCC telnet
04 Requirement & Result
CBAC
내부
Inbound Outbound
Deny
Internal Traffic(Outbound Traffic)
External Traffic(Inbound Traffic)
Permit
http와 telnet에 대해서 audit-trail 기
능이 설정되어있음을 확인할수있다.
access-list 가 Serial0/0에 INBOUND
로 설정되이었임을 확인할수있다.
16. 04 Requirement & Result
외부의 한국 타이어, SK Web Server및 L4의 Web Server에 원활히
접속하도록 하시오.
L4 Swtich 의 Web Server 접속 SK Web Server 접속 한국 타이어
Web Server 접속
17. Packet 의 IO Graphs 를 통한 시각화 결과
추출된 이미지의 결과
04 Requirement & Result
Wireshark 를 통한 Packet 검출
18. CISCO Switch
Catalyst 2950
담당자 : 차민건
[SW1]
hostname SW1-KCC-1
!
ip subnet-zero
!
no ip domain-lookup
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface Port-channel1
switchport mode trunk
flowcontrol send off
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/7
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/8
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/12
switchport mode trunk
!
ip http server
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
monitor session 1 source interface Fa0/1 - 3
monitor session 1 destination interface Fa0/4
end
[SW2]
hostname SW2-KCC-2
!
ip subnet-zero
!
no ip domain-lookup
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface Port-channel1
switchport mode trunk
flowcontrol send off
05 Router & Switch Configuration
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/7
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/8
switchport mode trunk
channel-group 1 mode on
!
ip http server
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end
19. CISCO Switch
Catalyst 3550
담당자 : 김현승
!
hostname R1-KCC-4
!
!
username MNY privilege 15 password 0 MNY
ip subnet-zero
ip routing
!
no ip domain-lookup
!
interface Loopback0
ip address 172.16.4.4 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
!
interface Vlan42
ip address 172.16.20.14 255.255.255.252
!
interface Vlan55
ip address 172.16.20.9 255.255.255.252
!
router ospf 159
router-id 172.16.4.4
log-adjacency-changes
passive-interface Loopback0
network 172.16.4.4 0.0.0.0 area 0
network 172.16.20.9 0.0.0.0 area 1
network 172.16.20.14 0.0.0.0 area 0
!
router bgp 130
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
neighbor 172.16.1.1 remote-as 130
neighbor 172.16.1.1 update-source Loopback0
neighbor 172.16.5.5 remote-as 130
no auto-summary
!
ip classless
no ip http server
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login local
line vty 5 15
login
!
ntp clock-period 17179865
ntp server 172.16.3.3
!
end
05 Router & Switch Configuration
20. CISCO Router 2600
담당자 : 안용석
hostname R1-KCC-2
!
no ip domain lookup
!
ip cef
!
username MNY privilege 15 password 0 MNY
!
interface Loopback0
ip address 172.16.2.2 255.255.255.0
ip ospf network point-to-point
!
interface Loopback1
ip address 11.13.20.194 255.255.255.224 secondary
ip address 11.13.20.195 255.255.255.224 secondary
ip address 11.13.20.196 255.255.255.224 secondary
ip address 11.13.20.197 255.255.255.224 secondary
ip address 11.13.20.198 255.255.255.224 secondary
ip address 11.13.20.199 255.255.255.224 secondary
ip address 11.13.20.193 255.255.255.224
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 172.16.10.33 255.255.255.224
no snmp trap link-status
!
interface Ethernet0/0.20
encapsulation dot1Q 20
no snmp trap link-status
!
interface Ethernet0/0.128
encapsulation dot1Q 128
ip address 172.16.20.5 255.255.255.252
no snmp trap link-status
!
interface Ethernet0/0.300
encapsulation dot1Q 300
ip address 172.16.20.18 255.255.255.252
no snmp trap link-status
!
router ospf 159
router-id 172.16.2.2
log-adjacency-changes
passive-interface Loopback0
network 172.16.2.2 0.0.0.0 area 0
network 172.16.10.33 0.0.0.0 area 1
network 172.16.20.5 0.0.0.0 area 1
network 172.16.20.18 0.0.0.0 area 0
!
router bgp 130
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 172.16.1.1 remote-as 130
neighbor 172.16.1.1 update-source Loopback0
neighbor 172.16.5.5 remote-as 130
neighbor 172.16.5.5 update-source Loopback0
no auto-summary
!
ip http server
ip classless
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
!
end
05 Router & Switch Configuration
21. CISCO Router
3600
담당자 : 반현수
!
hostname R1-KCC-5
!
ip inspect audit-trail
ip inspect name KCC http
ip inspect name KCC telnet
!
username MNY privilege 15 password 0 MNY
!
interface Loopback0
ip address 172.16.5.5 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.55
encapsulation dot1Q 55
ip address 172.16.20.10 255.255.255.252
ip access-group OUTBOUND in
!
interface Ethernet0/0.128
encapsulation dot1Q 128
ip address 172.16.20.6 255.255.255.252
ip access-group OUTBOUND in
!
interface Serial0/0
ip address 172.16.20.1 255.255.255.252
ip access-group INBOUND in
ip inspect KCC out
clock rate 64000
no fair-queue
!
05 Router & Switch Configuration
router eigrp 168
redistribute ospf 159 metric 10000 100 255 1 1500
passive-interface Loopback0
network 172.16.20.1 0.0.0.0
no auto-summary
!
router ospf 159
router-id 172.16.5.5
log-adjacency-changes
redistribute eigrp 168 subnets
passive-interface Loopback0
network 172.16.5.5 0.0.0.0 area 1
network 172.16.20.6 0.0.0.0 area 1
network 172.16.20.10 0.0.0.0 area 1
default-information originate
!
router bgp 130
no synchronization
bgp router-id 5.5.5.5
bgp log-neighbor-changes
neighbor RR peer-group
neighbor RR remote-as 130
neighbor RR update-source Loopback0
neighbor RR route-reflector-client
neighbor 172.16.2.2 peer-group RR
neighbor 172.16.3.3 peer-group RR
neighbor 172.16.4.4 peer-group RR
no auto-summary
ip access-list extended INBOUND
permit eigrp any any
permit icmp any 172.16.20.0 0.0.0.255 echo-reply
permit icmp any 172.16.20.0 0.0.0.255 traceroute
permit icmp any 172.16.20.0 0.0.0.255 unreachable
permit icmp any 172.16.10.0 0.0.0.255 echo-reply
permit icmp any 172.16.10.0 0.0.0.255 traceroute
!
permit icmp any 172.16.10.0 0.0.0.255 unreachable
permit tcp any any eq bgp
permit tcp any host 172.16.10.10 eq www
permit udp any any eq ntp
ip access-list extended OUTBOUND
permit ip 172.16.20.0 0.0.0.255 any
permit ip 172.16.10.0 0.0.0.255 any
permit tcp any any eq bgp
permit ip host 172.16.1.1 any
permit ip host 172.16.2.2 any
permit ip host 172.16.3.3 any
permit ip host 172.16.4.4 any
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login local
!
ntp clock-period 17179864
ntp server 172.16.3.3
!
end
22. CISCO Router 2600
담당자 : 윤영욱
hostname R1-KCC-1
!
no ip domain lookup
!
ip cef
!
username MNY privilege 15 password 0 MNY
!
interface Loopback0
ip address 172.16.1.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback1
ip address 11.13.20.226 255.255.255.224 secondary
ip address 11.13.20.227 255.255.255.224 secondary
ip address 11.13.20.228 255.255.255.224 secondary
ip address 11.13.20.229 255.255.255.224 secondary
ip address 11.13.20.230 255.255.255.224 secondary
ip address 11.13.20.231 255.255.255.224 secondary
ip address 11.13.20.225 255.255.255.224
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.42
encapsulation dot1Q 42
ip address 172.16.20.13 255.255.255.252
no snmp trap link-status
!
interface Ethernet0/0.100
encapsulation dot1Q 100
ip address 172.16.10.1 255.255.255.224
no snmp trap link-status
!
interface Ethernet0/0.300
encapsulation dot1Q 300
ip address 172.16.20.17 255.255.255.252
no snmp trap link-status
!
router ospf 159
router-id 172.16.1.1
log-adjacency-changes
passive-interface Loopback0
network 172.16.1.1 0.0.0.0 area 0
network 172.16.10.1 0.0.0.0 area 0
network 172.16.20.13 0.0.0.0 area 0
network 172.16.20.17 0.0.0.0 area 0
!
router bgp 130
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 11.13.20.224 mask 255.255.255.224
neighbor 172.16.2.2 remote-as 130
neighbor 172.16.2.2 update-source Loopback0
neighbor 172.16.4.4 remote-as 130
neighbor 172.16.4.4 update-source Loopback0
no auto-summary
!
no ip http server
ip classless
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
!
end
05 Router & Switch Configuration
23. CISCO Router 2600
담당자 : 맹나연
hostname R1-KCC-3
!
no aaa new-model
ip subnet-zero
!
no ip domain lookup
!
ip cef
!
username MNY privilege 15 password 0 MNY
!
interface Loopback0
ip address 172.16.3.3 255.255.255.0
!
interface Ethernet0/0
ip address 11.13.7.2 255.255.255.252
ip nat outside
half-duplex
!
interface Serial0/0
ip address 172.16.20.2 255.255.255.252
ip nat inside
ip summary-address eigrp 168 0.0.0.0 0.0.0.0 5
no fair-queue
!
router eigrp 168
passive-interface Loopback0
network 172.16.3.3 0.0.0.0
network 172.16.20.2 0.0.0.0
no auto-summary
!
05 Router & Switch Configuration
router bgp 130
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 11.13.7.1 remote-as 100
neighbor 172.16.5.5 remote-as 130
neighbor 172.16.5.5 update-source Loopback0
neighbor 172.16.5.5 next-hop-self
no auto-summary
!
ip nat pool PUBLICIP 11.13.20.1 11.13.20.127
netmask 255.255.255.128
ip nat inside source list NAT pool PUBLICIP
ip nat inside source static 172.16.10.10 11.13.20.161
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 11.13.7.1
!
ip access-list standard NAT
permit 172.16.3.3
permit 172.16.20.0 0.0.0.255
permit 172.16.10.0 0.0.0.255
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
!
ntp clock-period 17208079
ntp source Loopback0
ntp master 4
ntp server 11.1.5.1
!
end