Cita 370 Project Guilds

Team Project Guide
Created By:
Mathew
1/29/2009
Contents
Section 1: SNMP TRAP..................................................................................................................4
Overview......................................................................................................................................4
Procedures....................................................................................................................................4
1.1 Visio Diagram...................................................................................................................4
1.2 Setup Switch.....................................................................................................................5
1.3 Setup Router......................................................................................................................5
1.4 Setup SNMP......................................................................................................................6
1.5 Testing Connections & traps.............................................................................................6
Errors, Difficulties, and Observations.........................................................................................7
Best Practices...............................................................................................................................8
Reference:....................................................................................................................................8
Section 2: HSRP setup.....................................................................................................................8
Overview......................................................................................................................................8
Procedures....................................................................................................................................9
2.1 Visio Flow Diagram..........................................................................................................9
2.2 Configuration Router 1.....................................................................................................9
2.3 Configuration Router 2...................................................................................................10
2.4 Configuration Backuprouter............................................................................................11
2.5 Configuration Switch 1...................................................................................................12
2.6 Configuration Switch 2...................................................................................................13
2.7 Setup RIP........................................................................................................................14
2.8 Setup HSRP.....................................................................................................................15
Errors, Difficulties, and Observations.......................................................................................15
Best Practices.............................................................................................................................15
Reference:..................................................................................................................................15
Section 3: Extended ACL setup.....................................................................................................16
Overview....................................................................................................................................16
Procedures..................................................................................................................................16
3.1 Visio Flow Diagram........................................................................................................16
3.4 Setup ACL.......................................................................................................................18
3.5.1 Router 1.......................................................................................................................19
3.5.2 Router 2......................................................................................................................19
3.6 WAMP setup...................................................................................................................19
3.7 Testing ACLs.......................................................................................................................19
Best Practices.............................................................................................................................21
Reference:..................................................................................................................................21
Section 1: SNMP TRAP................................................................................................................21
Overview....................................................................................................................................21
Procedures..................................................................................................................................22
4.1 Visio Diagram.................................................................................................................22
4.2 Setup Switch / NYC........................................................................................................22
4.3 Setup Router / RIP v2.....................................................................................................26
4.3.1 NYC Router..................................................................................................................26
4.3.2 Router HAM.................................................................................................................27
4.4 Setup Server DNS...........................................................................................................29
4.5 Setup Server DHCP........................................................................................................29
Best Practices.............................................................................................................................29
Reference:..................................................................................................................................29
Section 1: SNMP TRAP
Overview
In this lab we will be setting up SNMP traps specifically tty, linkup, and linkdown traps on a
router which will then be connected to a switch. This switch will use one VLAN in which we
will connect our client to. Our client will be using free MIB software that will receive any trap
logs that are set off. By the end of this lab we should be able to ping from the client to the vlan
from the client to the router and vice versa. Also by the end of this lab we should be able to
receive syslogs of when an interface is brought to the upstate or to the down state.
Procedures
1.1Visio Diagram
This is the basic setup of our lab
3550 switch1
2600 router1
3550 switch2
2600 router2
3550 switch3
2600 router3
3550 switch4
cat5
Console
2600 router4
3550 switch5
F0/0
2600 switch5
1.2Setup Switch
• We can make a vlan and add a interface to it and then assign an IP address
but for lab we will just set an IP address to the default vlan which we can see
below
1.3Setup Router
• In the Router we will need to setup the fast Ethernet interface first as you can
see below
1.4Setup SNMP
• We will setup the following SNMP traps. tty or (telnet) which will alert the host
computer when a person telnets into the router and config or (configure
terminal) this will send an alert when someone attempts to enter the
configuration terminal. Both of these traps will be enabled to be sent to the
host computer that kiwi is configured on.
1.5Testing Connections & traps

• To test the connections we will need to be able to ping from the host
computer which is 192.168.1.1 to the switches vlan which is 192.168.1.2 and
the F0/0 on the router which was 192.168.1.3. as we can see all pings were
successful.
• There are some setting that needed to be checked before you were able to
receive any logs
• As you can see once we telneted into the router and logged out an alert was
sent. Also there was an alert sent when we ran the configuration terminal
command in the router
Errors, Difficulties, and Observations

• The first difficulty that we ran in to was that we did not plan well enough
• We forgot commands like “no shutdown” and didn’t think to check the
simplest things first as to why we didn’t have connectivity.
• Always check for unplugged cables
Best Practices
• Make a diagram before beginning any project
• Attempt to outline the procedure before implementing
• Organize the projects in to steps to avoid repeating or not completing
commands.
Reference:
Section 2: HSRP setup
Overview
In this lab we will be setting up HSRP or hot standby routing protocol with RIP V2 enabled as
the routing protocol. This will allow us to make a redundant backup link from router 1 and router
2. If router 1 were to be disconnected the backup router would come online and provide us with a
redundant link to our destination. We will look at the visio setup of our network, rip setups and
the hsrp configs.
Procedures
2.1 Visio Flow Diagram
1.0 2.0 3.0
192.168.2.2
Serial 0
192.168.1.2
192.168.2.1
192.168.1.1
Serial 0
Clock rate 500000 192.168.3.1
DCE
DTE
ping
RIP V2 X
Client 1 ping X ping ping
router1 DTE router2
HSRP Client 2
192.168.1.3 Ping
Redirect 192.168.3.3
192.168.3.2
192.168.4.2
Serial 1
DCE
Ping
Redirect
192.168.4.1
Serial 0
Clock rate 500000
4.0
192.168.1.4
Router backup
2.2 Configuration Router 1
• These are our configurations not including RIP or HSRP
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router1
!
ip subnet-zero
!
interface Ethernet0
no ip address
no ip redirects
no ip directed-broadcast
!
interface Ethernet1
ip address 192.168.1.1 255.255.255.0
no ip redirects
!
interface Serial0
ip address 192.168.2.1 255.255.255.0
no ip mroute-cache
no fair-queue
clockrate 500000
!
interface Serial1
no ip address
shutdown
!
ip classless
!
line con 0
password cisco
login
transport input none
stopbits 1
line vty 0 4
password cisco
login
line vty 5 15
!
version 12.0
!
hostname router2
!
ip subnet-zero
!
interface Ethernet0
ip address 192.168.3.1 255.255.255.0
!
interface Serial0
ip address 192.168.2.2 255.255.255.0
no ip mroute-cache
no fair-queue
!
ip classless
line con 0
password cisco
login
stopbits 1
line vty 0 4
password cisco
login
line vty 5 15
login
end
2.4 Configuration Backuprouter
!
version 12.0
!
hostname backuprouter
!
ip subnet-zero
!
isdn voice-call-failure 0
!
interface Ethernet0
ip address 192.168.1.4 255.255.255.0
no ip redirects
standby 1 timers 1 3
standby 1 priority 110 preempt delay 1800
standby 1 ip 192.168.1.10
!
interface Serial0
ip address 192.168.4.1 255.255.255.0
no ip mroute-cache
no fair-queue
clockrate 500000
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
isdn guard-timer 0 on-expiry accept
!
router rip
version 2
network 192.168.1.0
network 192.168.4.0
!
ip classless
no ip http server
!
line con 0
password cisco
login
stopbits 1
line vty 0 4
password cisco
login
line vty 5 15
login
2.5 Configuration Switch 1
• This shows the vlan setup on switch 1
!
version 12.0
no service pad
!
hostname switch1
!
enable secret 5 $1$VTH3$QtPMIkcc.LsBtEig4/csG/
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
!
!
!
!
interface VLAN1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
!
!
line con 0
password cisco
login
stopbits 1
line vty 0 4
password cisco
login
line vty 5 15
login
!
end
2.6 Configuration Switch 2

• This shows the vlan setup on switch 2
!
version 12.0
no service pad
!
hostname switch2
!
enable secret 5 $1$VTH3$QtPMIkcc.LsBtEig4/csG/
!
ip subnet-zero
!
!
!
!
!
!
!
interface VLAN1
ip address 192.168.3.2 255.255.255.0
no ip route-cache
!
!
line con 0
password cisco
login
stopbits 1
line vty 0 4
password cisco
login
line vty 5 15
login
!
end
2.7 Setup RIP

• These are our configurations for RIP but not HSRP (router 2 and backuprouter)
Router backup setup (router 1 has the same setup up instead of 4.0 it has 2.0)
Router 2 RIP setup

2.8 Setup HSRP
• These are our configurations for HSRP (the same configuration is used for
router backup as u see in the last command.)

• We needed to check our configurations after the setup of every router or
switch
• We needed to test connectivity after every configuration
• We needed to check the cables to see if they match up with our network
diagram
• We should have noticed that there is 2 AUI ports on one of the 2500 series
routers
• If nothing can ping your computer turn off wireless, firewall, IP v6, check IP
and gateway settings, and restart computer if all else fails.
Best Practices
• Check configs after every interface configuration (for our level)
• See above!!!!
Reference:
Section 3: Extended ACL setup
Overview
In this lab we will be setting up Extended Access-Control Lists or ACL we will be
running EIGRP as our routing protocol. This will allow us to restrict specific protocols like
ICMP or HTTP or UDP. In this lab we will be setting up routers and two clients connected to the
routers we will have a WAMP server on the router 2 side and we will have a client on the other.
We will be testing HTTP connectivity from client to server then we will be blocking ICMP traffic
from the server to the client
Procedures
3.1 Visio Flow Diagram
Legend
Legend Subtitle
Symbol Count Description
2 Core / Distribution Layer
1 Access Layer
2 EIGRP 101 RIP v2
S0/0
S0/0
IP:10.0.1.2
IP:10.0.1.1
Permit: TCP
DCE CR 500000
Deny:
Deny
ICMP REQUEST X
HTTP REQUEST
Permit
10.0.0.0
F0/0 F0/0
IP:192.168.1.1 IP:192.168.2.1
ICMP
192.168.1.0 192.168.2.0
HTTP
HTTP
Client Permit
IP:192.168.1.2 WAMP server
IP:192.168.2.2

• Here is the configuration that we used on router one not including the ACL
!
version 12.0
!
hostname Router1
!
ip subnet-zero
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
!
interface Serial0
ip address 10.0.0.1 255.0.0.0
no ip mroute-cache
fair-queue 64 256 0
clockrate 500000
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
no isdn guard-timer 0 on-expiry accept
!
router rip
version 2
network 192.168.1.0
network 10.0.0.0
!
ip classless
!
!
line con 0
password cisco
login
stopbits 1
line vty 0 4
password cisco
login
!
end

• Here is the configuration that we used on router two not including the ACL
!
version 12.0
!
hostname Router2
!
ip subnet-zero
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
no shutdown
!
interface Serial0
bandwidth 50000
ip address 10.0.0.2 255.0.0.0
no ip mroute-cache
no fair-queue
no shutdown
!
interface Serial1
no ip address
shutdown
!
router rip
version 2
network 192.168.2.0
network 10.0.0.0
!
ip classless
!
!
line con 0
password cisco
login
stopbits 1
line vty 0 4
password cisco
login
!
end
3.4 Setup ACL

• We will be applying two sets of ACLs in this lab first we will applying a TCP
permit statement to router ones ethernet 0 interface this interface will drop
all connection other then TCP traffic. We will also have a second ACL
configured on switch two this ACL will Deny or drop that any incoming ICMP
packets. This will be placed on Ethernet 0 in
3.5.1 Router 1
• We used the following ACL shown in the example and screen shots below
• Rotuer1(config)#$ access-lists 110 permit tcp 192.168.2.0 0.0.0.255
192.168.1.0 0.0.0.255 eq 80
• Rotuer1(config)#$ access-lists 110 deny ICMP any 192.168.1.0 0.0.0.255
3.5.2 Router 2
• We used the following ACL shown in the example and screen shots below
• Rotuer2(config)#$ access-lists 110 deny tcp any 192.168.2.0 0.0.0.255
3.6 WAMP setup

• WAMP can be downloaded in the following:
○ http://www.wampserver.com/en/download.php
• Once downloaded we can install it in its default directory and the webpage
files can be placed in C:\wamp\www or in your predetermined location
• After that you can start the service by l-clicking on the icon on the system
tray and click put online and the service should start
3.7 Testing ACLs

• Right below is a PING test that we ran for the ICMP ACL
• Below is the testing of our TCP traffic ACL

• Wamp shoots an error out if you don’t delete the original c://wamp folder
when reinstalling the program and attempting to restart the service still
unresolved at this time
• Issues with the source and destination fields in the ACLs
Best Practices
• Test configuration before applying ACLs and throughout the initial
configuration.
• Document all
Reference:
Section 1: Core Network

Overview
In this lab I will be configuring a core network this network will be running RIP v2 over the
emulated WAN link. It will have switches on both networks the switch on the NYC side will
have
Procedures
4.1 Visio Diagram
Created By Mathew Lastra
CORE Network
Vlan Information
Servers 172.16.2.0
RIP Routing v2
Sales 172.16.4.0
Administration 172.16.6.0 NYC-RT Ham-RT
Engineering 172.16.8.0 s0 172.16.18.2 s0 172.16.18.3
e0 172.16.2.1 e0 172.16.16.1 Ham-SW
172 .16.16.2
CORE
Distribution
Sales
NYC-SW
Engineering 172.16.2.2
Admin
Servers
Distribution
Access
NYCServ1
Vbox -DHCP/DNS
172 .16.10.5
4.2 Setup Switch / NYC

Current configuration : 2558 bytes
version 12.1
no service pad
hostname NYC-SW
ip subnet-zero
spanning-tree mode pvst
spanning-tree extend system-id
description uplink to NYC router
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-5
switchport mode trunk
switchport mode dynamic desirable
switchport access vlan 2

!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
interface Vlan1
ip address 172.16.2.2 255.255.254.0
interface Vlan2
ip address 172.16.4.2 255.255.254.0
interface Vlan3
ip address 172.16.8.2 255.255.254.0
interface Vlan4
ip address 172.16.6.2 255.255.254.0
interface Vlan5
ip address 172.16.10.2 255.255.254.0
ip classless
ip http server
line con 0
line vty 0 4
login
line vty 5 15
login
end
4.3 Setup Router / RIP v2

• One router will be NYC and the other will be
4.3.1 NYC Router
Current configuration : 1349 bytes
version 12.2
hostname NYC-RT
memory-size iomem 15
ip subnet-zero
!
call rsvp-sync
no ip address
duplex auto
speed auto
interface FastEthernet0/0.1
description defualt vlan
encapsulation dot1Q 1
ip address 172.16.2.1 255.255.254.0
ip helper-address 172.16.10.5
description sales vlan
ip address 172.16.4.1 255.255.254.0
description engineer
ip address 172.16.8.1 255.255.254.0
description administration
ip address 172.16.6.1 255.255.254.0
description Server
encapsulation dot1Q 5 native
ip address 172.16.10.1 255.255.254.0
interface Serial0/0
description link to HAM-RT
ip address 172.16.18.2 255.255.254.0
clockrate 1000000
no ip address
shutdown
duplex auto
speed auto
router rip
version 2
network 172.16.0.0
ip classless
no ip http server
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
End
4.3.2 Router HAM

version 12.2
hostname HAM-RT
!
!
memory-size iomem 15
ip subnet-zero
!
!
!
call rsvp-sync
!
!
ip address 172.16.16.1 255.255.254.0
no shutdown
duplex auto
speed auto
!
interface Serial0/0
description Link NYC
ip address 172.16.18.3 255.255.254.0
no fair-queue
!
no ip address
shutdown
duplex auto
speed auto
!
router rip
version 2
network 172.16.0.0
!
ip classless
no ip http server
!
!
dial-peer cor custom
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
4.4 Setup Server DNS
• The first thing that we will need to do is install DNS for the NYC
• We will be installing active directory for the DNS just because AD enables this
by default when it is installed
4.5 Setup Server DHCP

• First we will need to install the DHCP service you can do this by opening the
manage server and click add roles then add DHCP server.
• Once installed the wizard will appear that will walk you through configuring
your first screen will ask you to enter a description of the IP pool scope this is
the name that you will see when u are done configuring the vlan.
• Then u will get a screen that will ask you to configure a address range for
your DHCP pool it is key that we don’t include the IP addresses that are
configured for static servers. You can us the exclusion menu on the next
screen. Be sure to check to make sure the subnet mask is correct like on this
one it’s not thank god I’m writing this it should be 255.255.254.0 not .248
• Next the wizard will bring us to the default gateway screen this will be the IP
address of the sub interface that was configured on your router for that
specific vlan. As you can see my screen shots are not matching up it I was to
use a screen shot that matched the picture above the default gateway would
be 172.16.2.1.
• Next we will be presented with a screen that will ask use to configure DNS
server settings you will add your domain which on this server we have AD
installed and the domain is mattsdomain.com you will need to add the name
of the computer and also the IP of the server.
• Lastly it will ask you if you a few more option like lease duration that can be
set and that will be the end of the DHCP configuration.
• We will then need to authorize the DHCP server to lease IP addresses on the
network we can do this by clicking the action menu in the DHCP MMC and
click authorize this will activate the DHCP pools that we have configured as
seen below
• My configuration consists of the following
○ Default VLAN = 172.16.2.3 - 172.16.2.10 255.255.254.0
○ Sales VLAN = 172.16.4.3 - 172.16.4.10 255.255.254.0
○ Engineer VLAN = 172.16.8.3 - 172.16.8.10 255.255.254.0
○ Administrative VLAN = 172.16.6.3 - 172.16.6.10 255.255.254.0
○ Engineer VLAN = 172.16.8.3 - 172.16.8.10 255.255.254.0
○ Server VLAN = 172.16.10.6 – 172.16.10.12 255.255.254.0
4.6 Successful Test

•

Best Practices
Reference:

Cita 370 Project Guilds

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cita 370 Project Guilds

Uploaded by

Copyright:

Available Formats

Team Project Guide

1.5Testing Connections & traps

Errors, Difficulties, and Observations

1.0 2.0 3.0

2.6 Configuration Switch 2

2.7 Setup RIP

Router 2 RIP setup

Errors, Difficulties, and Observations

2 EIGRP 101 RIP v2

3.2 Configuration Router 1

3.3 Configuration Router 2

3.4 Setup ACL

3.6 WAMP setup

3.7 Testing ACLs

Errors, Difficulties, and Observations

Section 1: Core Network

4.2 Setup Switch / NYC

Current configuration : 2558 bytes

service timestamps log uptime

spanning-tree mode pvst

spanning-tree extend system-id

description uplink to NYC router

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-5

switchport mode trunk

switchport mode dynamic desirable

switchport access vlan 2

switchport mode dynamic desirable

switchport access vlan 2

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport access vlan 3

switchport mode dynamic desirable

switchport access vlan 4

switchport mode dynamic desirable

switchport access vlan 4

switchport mode dynamic desirable

switchport access vlan 5

switchport mode dynamic desirable

switchport access vlan 5

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

switchport mode dynamic desirable

ip address 172.16.2.2 255.255.254.0

ip address 172.16.4.2 255.255.254.0

ip address 172.16.8.2 255.255.254.0

ip address 172.16.6.2 255.255.254.0

ip address 172.16.10.2 255.255.254.0

4.3 Setup Router / RIP v2

Current configuration : 1349 bytes