Step 1

------------
Using the address information in the topology diagram configure:
- Web Server:
ip address - 192.168.35.252
subnet mask - 255.255.255.0
gateway - 192.168.35.1
DNS server - 192.168.35.253
- DNS Server:
ip address - 192.168.35.253
subnet mask - 255.255.255.0
gateway - 192.168.35.1
DNS server - 127.0.0.1
- PC-Admin:
ip address - 192.168.88.10
subnet mask - 255.255.255.0
gateway - 192.168.88.1
DNS server - 192.168.35.253
Step 2
------------
Using the information in topology diagram configure
S1, S2, S3 with the following initial settings:
1. hostname
2. vlans and vlan names
3. trunks (allowed vlans, and native vlan)
- S1, S2, S3 VLANs allowed: 15, 25, 35, 88, 98, native: 98
4. access switchports with vlans
5. shutdown unused switchports
6. the management interface vlan 88 with an ip address
7. use the planned R1 address 192.168.88.1 as the default gateway
Step 3
------------
Using the address information in the topology diagram configure
R1, R2, R3 with the following initial settings:
1. hostname,
2. interface addresses and subnet masks R1, R2, R3
R1 s0/0/0: clock rate 2000000
R2 s0/0/1: clock rate 128000
3. R1 g0/0 & R3 g0/1
- sub-interface addressing and 802.1q encapsulation
*note: when configuring sub-interfaces you need to enable the physical inter
face
4. Enable IPv6 routing on R2 and R3
5. R2 s0/1/0 and s0/0/1 - IPv6 addressing (see topology diagram)
R3 g0/0 and s0/0/1 - IPv6 addressing (see topology diagram)
6. R3 loopback interfaces with ip addresses
Step 4
------------
1. Configure R1 as a DHCPv4 server:
Create a dhcp pool named POOL15 for the 192.168.15.0/24 network
Create a dhcp pool named POOL25 for the 192.168.25.0/24 network
exclude the first 5 addresses in both pools
the dhcp pools will need:
- network and mask
- default-router
- dns-server
2. Enable the DHCPv4 clients on PC1 and PC2 to verify the dhcp server is working
3. Configure R3 as a stateless DHCPv6 server:
create a ipv6 dhcp pool named POOLIPV6
provide dns-server information: 2001:DB8:2323:E::1
*note: DHCPv6 needs to be applied to the interface and the
nd other-config-flag will need to be set for stateless DHCPv6
4. Enable the DHCPv6 client on PC4 to verify that SLAAC and the
DHCPv6 server is working.
5. *Note: sometimes you need to toggle the DHCPv4 and v6 client settings
on and off to get them to work correctly and pick up addressing informatio
n
Step 5
-------------
Configure single area OSPFv2 on R1, R2, R3
R1
ospf process id 1
router-id 1.1.1.1
networks all (area 0)
do not send router advertisements out of all LAN interfaces
set serial 0/0/0 bandwidth to 1544 kilobits per second
R2
first create a default route on R2 out of s0/1/0
ospf process id 1
router-id 2.2.2.2
networks 192.168.5.0 and 192.168.5.4 (area 0)
do not send router advertisements out of s0/1/0 interface
advertise the default route to other OSPF routers
set serial 0/0/0 bandwidth to 1544 kilobits per second
set serial 0/0/1 bandwidth to 128 kilobits per second
R3
ospf process id 1
router-id 3.3.3.3
networks all (area 0) except use a single summary route for the loopback network
s
do not send router advertisements out of all LAN interfaces
do not send router advertisements out of all loopback interfaces
set serial 0/0/1 bandwidth to 128 kilobits per second
Step 6
---------------------
configure OSPFv3 on R2 and R3
R3
ipv6 ospf process id 10
router-id 3.3.3.3
passive-interfaces on g0/0 and g0/1
configure s0/0/1 and g0/0 with ipv6 ospf 10 area 0
configure an ipv6 ::/0 default route out s0/0/1
R2
ipv6 ospf process id 10
router-id 2.2.2.2
passive interfaces on s0/0/0 and s0/1/0
configure s0/0/1 with ipv6 ospf 10 area 0
configure an ipv6 ::/0 default route out s0/1/0
*note: You should be able to ping the Initech Server IPv6 address from PC4.
If you are unable to ping Initech, double check your interface and OSPFv3 s
ettings and
do a clear ipv6 ospf process command on R2 and R3
Step 7
---------------------
Configure static and dynamic NAT on R2.
1. Configure a static nat rule:
- translating global 209.165.201.65 to the local web server at 192.168.35.25
2
2. Configure int s0/1/0 as the outside NAT interface
3. Configure int s0/0/0 and s0/0/1 as the inside NAT interfaces
4. Configure a NAT pool named R2NATPOOL for:
209.165.201.66 through 209.165.201.69
make the netmask as close as possible to masking just those addresses
5. Configure access-list 15 to permit the 192.168.15.0/24 network
6. Configure access-list 25 to permit the 192.168.25.0/24 network
7. Create two separate dynamic NAT rules:
- "ip nat inside" that maps access-list 15 to the nat pool with overload
- "ip nat inside" that maps access-list 25 to the nat pool with overload
Step 8
---------------------
Configure access lists on R2 to limit outside access into the network
1. configure an extended access-list 100 to achieve the following goals (3 lines
only):
- from the outside permit port 80 access to the web server
- from the outside permit pings that were initiated from within the network
only
- permit "established" web page requests generated from within the network o
nly
(you will need to use the established keyword at the end of the line)
- deny all other kinds of communication from outside the network
2. configure an IPv6 access-list FIREWALL-IPV6 to achieve the following goals (2
lines only):
- from the outside permit pings that were initiated from within the network
only
- permit "established" web page requests generated from within the network o
nly
(you will need to use the established keyword at the end of the line)
- deny all other kinds of communication from outside the network
Step 9
---------------------
Configure the following on R3:
- password min length 10 characters
- encrypt all passwords
- banner motd "No unauthorized access allowed!"
- administrative user account:
username: admin,
secret pass: danscourses
- enable secret: class12345
- named access-list ADMIN-MGT
permit only host PC-Admin remote Telnet access
- console 0 and vty 0 4:
use local database for logins,
timeout after 5 min
apply ADMIN-MGT access-list to vty
- save running-config to startup-config