Scribd Logo
Unggah

Selamat datang di Scribd!

  • Commands CCNA 4

    Diunggah oleh

    David Canonic
    520 tayangan38 halaman
    CCNA 4 Text File

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    TXT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    CCNA 4 Text File

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    520 tayangan38 halaman

    Commands CCNA 4

    Diunggah oleh

    David Canonic
    CCNA 4 Text File

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 38

    Phx-rtr hostname PHX-RTR ip dhcp excluded-address 172.25.65.128 172.25.65.131 ip dhcp excluded-address 172.25.64.0 172.25.64.3 ip dhcp excluded-address 172.25.65.0 172.25.65.

    3 ip dhcp pool PHX-LAN1 network 172.25.65.128 255.255.255.192 default-router 172.25.65.129 dns-server 172.25.70.2 ip dhcp pool PHX-LAN2 network 172.25.64.0 255.255.255.0 default-router 172.25.64.1 dns-server 172.25.70.2 ip dhcp pool PHX-LAN3 network 172.25.65.0 255.255.255.128 default-router 172.25.65.1 dns-server 172.25.70.2 username PHX-RTR-2 password 0 PPP-cisco username guest privilege 15 password 0 cisco ip domain-name CISco.com ip name-server 172.25.70.2 interface Loopback1 description Used as always-on target for Ping & Telnet ip address 172.25.66.29 255.255.255.252 interface FastEthernet0/0 no ip address duplex auto speed auto interface FastEthernet0/0.100 description PHX-Switch Management, VLAN 100, 12 Users encapsulation dot1Q 100 ip address 172.25.66.1 255.255.255.240 interface FastEthernet0/0.110 description PHX-Lan 1, VLAN 110, 50 Users encapsulation dot1Q 110 ip address 172.25.65.129 255.255.255.192 ip access-group PHX-LAN-1 in interface FastEthernet0/0.120 description PHX-Lan 2, VLAN 120, 150 Users encapsulation dot1Q 120 ip address 172.25.64.1 255.255.255.0 ip access-group PHX-LAN-2 in interface FastEthernet0/0.130 description PHX-Lan 3, VLAN 130, 75 Users encapsulation dot1Q 130 ip address 172.25.65.1 255.255.255.128 ip access-group PHX-LAN-3 in interface FastEthernet0/0.140

    description PHX-Link to Wireless Router, VLAN 140, 5 Users encapsulation dot1Q 140 ip address 172.25.66.17 255.255.255.248 ip access-group PHX-WIRELESS in interface FastEthernet0/0.199 description Trunk Link Native VLAN 199 - No users encapsulation dot1Q 199 native no ip address interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 description Frame-relay link T1, DLCI 505 to BAN, DLCI 715 to CHG no ip address encapsulation frame-relay interface Serial0/0/0.505 point-to-point description WAN link to BAN ip address 192.168.100.49 255.255.255.252 frame-relay interface-dlci 505 ip ospf network broadcast interface Serial0/0/0.715 point-to-point description WAN link to CHG ip address 192.168.100.53 255.255.255.252 frame-relay interface-dlci 715 ip ospf network broadcast interface Serial0/0/1 description PPP T1 to PHX-RTR-2 ip address 172.25.66.25 255.255.255.252 encapsulation ppp ppp authentication chap interface Vlan1 no ip address shutdown router ospf 50 log-adjacency-changes redistribute static subnets passive-interface Serial0/0/1 passive-interface FastEthernet0/0.100 passive-interface FastEthernet0/0.110 passive-interface FastEthernet0/0.120 passive-interface FastEthernet0/0.130 passive-interface FastEthernet0/0.140 network 172.25.64.0 0.0.0.255 area 0 network 172.25.65.0 0.0.0.127 area 0 network 172.25.65.128 0.0.0.63 area 0 network 172.25.66.0 0.0.0.15 area 0 network 172.25.66.16 0.0.0.7 area 0 network 172.25.66.24 0.0.0.3 area 0 network 172.25.66.28 0.0.0.3 area 0 network 192.168.100.52 0.0.0.3 area 0

    network 192.168.100.48 0.0.0.3 area 0 ip route 172.25.67.0 255.255.255.0 Serial0/0/1 ip access-list extended PHX-LAN-1 permit ip 172.25.65.128 0.0.0.63 any permit udp any any eq bootps deny ip any any ip access-list extended PHX-LAN-2 permit ip 172.25.64.0 0.0.0.255 any permit udp any any eq bootps deny ip any any ip access-list extended PHX-LAN-3 permit ip 172.25.65.0 0.0.0.127 any permit udp any any eq bootps deny ip any any ip access-list standard ALLOW-TECH permit 172.25.72.0 0.0.0.127 deny any ip access-list extended PHX-WIRELESS permit tcp host 172.25.66.18 host 172.25.72.130 eq www permit udp host 172.25.66.18 host 172.25.70.2 eq domain deny ip host 172.25.66.18 172.25.64.0 0.0.15.255 deny ip host 172.25.66.18 192.168.100.32 0.0.0.31 permit ip host 172.25.66.18 any deny ip any any no cdp run banner motd ^CAuthorized Users only - Log out if not permitted on system^^C logging trap debugging logging 172.25.70.2 line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 access-class ALLOW-TECH in login local transport input ssh ntp ntp ntp ntp end authentication-key 123 md5 0802657D0A16 7 authenticate trusted-key 123 server 173.45.238.221 key 123

    CHG-rtr hostname CHG-RTR ip dhcp excluded-address 172.25.72.0 172.25.72.3

    ip dhcp pool CHG-LAN1 network 172.25.72.0 255.255.255.128 default-router 172.25.72.1 dns-server 172.25.70.2 username BAN password 0 Yahoo username guest privilege 15 password 0 cisco ip domain-name CISco.com ip name-server 172.25.70.2 interface Loopback1 description Used as always-on target for Ping & Telnet ip address 172.25.72.161 255.255.255.252 interface FastEthernet0/0 no ip address duplex auto speed auto interface FastEthernet0/0.200 description CHG-Switch Management, VLAN 200, 12 Users encapsulation dot1Q 200 ip address 172.25.72.145 255.255.255.240 interface FastEthernet0/0.210 description CHG-Lan 1, VLAN 210, 90 Users encapsulation dot1Q 210 ip address 172.25.72.1 255.255.255.128 ip access-group CHG-LAN-1 in interface FastEthernet0/0.220 description CHG-Lan 2, VLAN 220, 10 Users encapsulation dot1Q 220 ip address 172.25.72.129 255.255.255.240 ip access-group CHG-LAN-2 in interface FastEthernet0/0.299 description Trunk Link Native VLAN 299 - No users encapsulation dot1Q 299 native no ip address interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 description DLCI 391 to PHX, DLCI 918 to BAN no ip address encapsulation frame-relay frame-relay lmi-type ansi interface Serial0/0/0.391 point-to-point description WAN link to PHX ip address 192.168.100.54 255.255.255.252 frame-relay interface-dlci 391 ip ospf network broadcast

    interface Serial0/0/0.918 point-to-point description WAN link to BAN ip address 192.168.100.61 255.255.255.252 frame-relay interface-dlci 918 ip ospf network broadcast interface Serial0/0/1 description link to Bangor bandwidth 128 ip address 192.168.100.57 255.255.255.252 encapsulation ppp ppp authentication pap ppp pap sent-username CHG password 0 Yahoo clock rate 128000 interface Vlan1 no ip address shutdown router ospf 50 log-adjacency-changes passive-interface FastEthernet0/0.200 passive-interface FastEthernet0/0.210 passive-interface FastEthernet0/0.220 network 172.25.72.0 0.0.0.127 area 0 network 172.25.72.128 0.0.0.15 area 0 network 172.25.72.144 0.0.0.15 area 0 network 172.25.72.160 0.0.0.3 area 0 network 192.168.100.52 0.0.0.3 area 0 network 192.168.100.56 0.0.0.3 area 0 network 192.168.100.60 0.0.0.3 area 0

    ip access-list standard ALLOW-TECH permit 172.25.72.0 0.0.0.127 deny any ip access-list extended CHG-LAN-1 permit ip 172.25.72.0 0.0.0.127 any permit udp any any eq bootps deny ip any any ip access-list extended CHG-LAN-2 permit ip 172.25.72.128 0.0.0.15 any permit udp any any eq bootps deny ip any any ip access-list extended BAN-WIRELESS permit tcp 172.25.70.128 0.0.0.127 host 172.25.72.130 eq www permit udp 172.25.70.128 0.0.0.127 host 172.25.70.2 eq domain permit udp 172.25.70.128 0.0.0.127 host 172.25.70.2 eq tftp permit udp any any eq bootps deny ip 172.25.70.128 0.0.0.127 172.25.64.0 0.0.15.255 deny ip 172.25.70.128 0.0.0.127 192.168.100.32 0.0.0.31 permit ip 172.25.70.128 0.0.0.127 any deny ip any any no cdp run banner motd ^CAuthorized Users only - Log out if not permitted on system^^C

    logging trap debugging logging 172.25.70.2 line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 access-class ALLOW-TECH in login local transport input ssh ntp ntp ntp ntp end authentication-key 123 md5 0802657D0A16 7 authenticate trusted-key 123 server 173.45.238.221 key 123

    BAN RTR hostname BAN-RTR username CHG password 0 Yahoo username guest privilege 15 password 0 cisco ip domain-name CISco.com ip name-server 172.25.70.2 interface Loopback1 description Ping & Telnet ip address 172.25.71.17 255.255.255.252 interface FastEthernet0/0 no ip address duplex auto speed auto interface FastEthernet0/0.300 description BAN-Switch Management, VLAN 300 encapsulation dot1Q 300 ip address 172.25.71.1 255.255.255.240 interface FastEthernet0/0.310 description BAN-Lan 1, VLAN 310 encapsulation dot1Q 310 ip address 172.25.70.1 255.255.255.128 ip access-group BAN-LAN-1 in interface FastEthernet0/0.320 description BAN-Lan 2, VLAN 320 encapsulation dot1Q 320 ip address 172.25.68.1 255.255.254.0 ip helper-address 172.25.70.2

    ip access-group BAN-LAN-2 in interface FastEthernet0/0.330 description BAN-Wireless, VLAN 330 encapsulation dot1Q 330 ip address 172.25.70.129 255.255.255.128 ip helper-address 172.25.70.2 ip access-group BAN-WIRELESS in interface FastEthernet0/0.399 description Trunk Link Native VLAN 399 encapsulation dot1Q 399 native no ip address interface FastEthernet0/0.500 description Link for Border Router encapsulation dot1Q 500 ip address 192.168.100.41 255.255.255.248 interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 description DLCI 218 to CHG, DLCI 847 to PHX no ip address encapsulation frame-relay interface Serial0/0/0.218 point-to-point description WAN link to CHG ip address 192.168.100.62 255.255.255.252 frame-relay interface-dlci 218 ip ospf network broadcast interface Serial0/0/0.847 point-to-point description WAN link to PHX ip address 192.168.100.50 255.255.255.252 frame-relay interface-dlci 847 ip ospf network broadcast interface Serial0/0/1 description PPP link to CHG bandwidth 128 ip address 192.168.100.58 255.255.255.252 encapsulation ppp ppp authentication pap ppp pap sent-username BAN password 0 Yahoo interface Vlan1 no ip address shutdown router ospf 50 log-adjacency-changes passive-interface FastEthernet0/0.300 passive-interface FastEthernet0/0.310 passive-interface FastEthernet0/0.320 passive-interface FastEthernet0/0.330

    network network network network network network network network network

    172.25.68.0 0.0.1.255 area 0 172.25.70.0 0.0.0.127 area 0 172.25.70.128 0.0.0.127 area 0 172.25.71.0 0.0.0.15 area 0 172.25.71.16 0.0.0.3 area 0 192.168.100.40 0.0.0.7 area 0 192.168.100.48 0.0.0.3 area 0 192.168.100.56 0.0.0.3 area 0 192.168.100.60 0.0.0.3 area 0

    ip classless ip access-list standard ALLOW-TECH permit 172.25.72.0 0.0.0.127 deny any ip access-list extended BAN-LAN-1 permit ip 172.25.70.0 0.0.0.127 any permit udp any any eq bootps deny ip any any ip access-list extended BAN-LAN-2 permit ip 172.25.68.0 0.0.1.255 any permit udp any any eq bootps deny ip any any ip access-list extended BAN-WIRELESS permit tcp 172.25.70.128 0.0.0.127 host 172.25.72.130 eq www permit udp 172.25.70.128 0.0.0.127 host 172.25.70.2 eq domain permit udp any any eq bootps deny ip 172.25.70.128 0.0.0.127 172.25.64.0 0.0.15.255 deny ip 172.25.70.128 0.0.0.127 192.168.100.32 0.0.0.31 permit ip 172.25.70.128 0.0.0.127 any deny ip any any no cdp run banner motd ^CAuthorized Users only - Log out if not permitted on system^^C logging trap debugging logging 172.25.70.2 line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 access-class ALLOW-TECH in login local transport input ssh ntp ntp ntp ntp end brdr-rtr enable secret class authentication-key 123 md5 0802657D0A16 7 authenticate trusted-key 123 server 173.45.238.221 key 123

    hostname BRDR-RTR no ip domain-lookup interface FastEthernet0/1 description Trunk link to PHX-RTR-2 switchport trunk native vlan 198 switchport mode trunk interface FastEthernet0/10 description PHX-LAN4, VLAN 160 switchport access vlan 160 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/11 description PHX-LAN4, VLAN 160 switchport access vlan 160 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/12 description PHX-LAN4, VLAN 160 switchport access vlan 160 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/17 description PHX-LAN5, VLAN 170 switchport access vlan 170 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/18 description PHX-LAN5, VLAN 170 switchport access vlan 170 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/19 description PHX-LAN5, VLAN 170 switchport access vlan 170 switchport mode access switchport port-security switchport port-security maximum 25 interface Vlan1 no ip address shutdown interface Vlan150 description PHX-SW4 Management

    ip address 172.25.67.162 255.255.255.240 ip default-gateway 172.25.67.161 banner motd ^CAuthorized Users only - Log out if not permitted on system^C line con 0 password cisco logging synchronous login line vty 0 4 password cisco logging synchronous login line vty 5 15 password cisco logging synchronous login username guest privilege 15 password 0 cisco ip domain-name CISco.com ip name-server 172.25.70.2 interface FastEthernet0/0 description Link to CISco LAN ip address 192.168.100.42 255.255.255.248 ip nat inside duplex auto speed auto interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 description WAN link to ISP ip address 209.165.200.170 255.255.255.248 encapsulation frame-relay frame-relay map ip 209.165.200.169 113 broadcast ip access-group FROM-OUTSIDE in ip access-group FROM-INSIDE out ip nat outside no cdp enable interface Serial0/0/1 no ip address shutdown interface Vlan1 no ip address shutdown router ospf 50 log-adjacency-changes passive-interface Serial0/0/0

    network 192.168.100.40 0.0.0.7 area 0 default-information originate ip ip ip ip ip nat pool CISco-POOL 209.165.200.170 209.165.200.173 netmask 255.255.255.248 nat inside source list ALLOW-NAT pool CISco-POOL overload nat inside source static 172.25.72.130 209.165.200.174 classless route 0.0.0.0 0.0.0.0 209.165.200.169

    ip access-list standard FROM-INSIDE permit 209.165.200.168 0.0.0.7 deny any ip access-list standard ALLOW-TECH permit 172.25.72.0 0.0.0.127 deny any ip access-list standard ALLOW-NAT permit 172.25.64.0 0.0.15.255 permit 192.168.100.32 0.0.0.31 deny any ip access-list extended FROM-OUTSIDE deny ip 172.25.64.0 0.0.15.255 any deny ip 192.168.100.32 0.0.0.31 any permit tcp any 209.165.200.168 0.0.0.7 established permit tcp any host 209.165.200.174 eq www permit tcp any host 209.165.200.174 eq 443 permit icmp any 209.165.200.168 0.0.0.7 echo-reply permit udp any eq domain 209.165.200.168 0.0.0.7 permit udp host 173.45.238.221 209.165.200.168 0.0.0.7 eq 123 deny ip any any no cdp run banner motd ^CAuthorized access only! Log out immediately if not authorized!^^C logging trap debugging logging 172.25.70.2 line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 access-class ALLOW-TECH in login local transport input ssh ntp ntp ntp ntp end authentication-key 123 md5 0802657D0A16 7 authenticate trusted-key 123 server 173.45.238.221 key 123

    PHX2 SW

    enable secret class hostname PHX-SW4 no ip domain-lookup vlan 198 name Native vlan 150 name Management interface FastEthernet0/1 description Trunk link to PHX-RTR-2 switchport trunk native vlan 198 switchport mode trunk interface FastEthernet0/10 description PHX-LAN4, VLAN 160, 100 Users switchport access vlan 160 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/11 description PHX-LAN4, VLAN 160, 100 Users switchport access vlan 160 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/12 description PHX-LAN4, VLAN 160, 100 Users switchport access vlan 160 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/17 description PHX-LAN5, VLAN 170, 25 Users switchport access vlan 170 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/18 description PHX-LAN5, VLAN 170, 25 Users switchport access vlan 170 switchport mode access switchport port-security switchport port-security maximum 25 interface FastEthernet0/19 description PHX-LAN5, VLAN 170, 25 Users switchport access vlan 170 switchport mode access switchport port-security switchport port-security maximum 25

    interface Vlan1 no ip address shutdown interface Vlan150 description PHX-SW4 Management ip address 172.25.67.162 255.255.255.240 ip default-gateway 172.25.67.161 banner motd ^CAuthorized Users only - Log out if not permitted on system^C line con 0 password cisco logging synchronous login line vty 0 4 password cisco logging synchronous login line vty 5 15 password cisco logging synchronous login end

    PHX-RTR 2 enable secret class hostname PHX-RTR-2 ip dhcp excluded-address 172.25.67.0 172.25.67.3 ip dhcp excluded-address 172.25.67.128 172.25.67.131 ip dhcp pool PHX-LAN4 network 172.25.67.0 255.255.255.128 default-router 172.25.67.1 dns-server 172.25.70.2 ip dhcp pool PHX-LAN5 network 172.25.67.128 255.255.255.224 default-router 172.25.67.129 dns-server 172.25.70.2 username PHX-RTR password 0 PPP-cisco username guest privilege 15 password 0 cisco ip domain-name CISco.com ip name-server 172.25.70.2 interface Loopback1 description Ping & Telnet ip address 172.25.67.177 255.255.255.252 interface FastEthernet0/0

    no ip address duplex auto speed auto interface FastEthernet0/0.150 description PHX2-Management for switch, VLAN 150 encapsulation dot1Q 150 ip address 172.25.67.161 255.255.255.240 interface FastEthernet0/0.160 description PHX2-LAN4, VLAN 160 encapsulation dot1Q 160 ip address 172.25.67.1 255.255.255.128 ip access-group PHX-LAN-4 in interface FastEthernet0/0.170 description PHX2-LAN5, VLAN 170 encapsulation dot1Q 170 ip address 172.25.67.129 255.255.255.224 ip access-group PHX-LAN-5 in interface FastEthernet0/0.198 description Native VLAN for PHX2 trunked switch encapsulation dot1Q 198 native no ip address interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 description PPP Link to PHX-RTR ip address 172.25.66.26 255.255.255.252 encapsulation ppp ppp authentication chap clock rate 1300000 interface Serial0/0/1 no ip address shutdown interface Vlan1 no ip address shutdown ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ip access-list extended PHX-LAN-4 permit ip 172.25.67.0 0.0.0.127 any permit udp any any eq bootps deny ip any any ip access-list extended PHX-LAN-5 permit ip 172.25.67.128 0.0.0.31 any permit udp any any eq bootps deny ip any any ip access-list standard ALLOW-TECH permit 172.25.72.0 0.0.0.127

    deny any no cdp run banner motd ^CAuthorized Users only - Log out if not permitted on system^C logging trap debugging logging 172.25.70.2 line con 0 password cisco logging synchronous login line vty 0 4 access-class ALLOW-TECH in logging synchronous login local transport input ssh ntp ntp ntp ntp end authentication-key 123 md5 0802657D0A16 7 authenticate trusted-key 123 server 173.45.238.221 key 123

    SW1 BAN enable secret class hostname BAN-SW1 no ip domain-lookup spanning-tree vlan 300,310 priority 24576 interface FastEthernet0/1 description Trunk link to Bangor router switchport trunk native vlan 399 switchport mode trunk interface FastEthernet0/23 description Trunk link to Bangor Switch 3 switchport trunk native vlan 399 switchport mode trunk interface FastEthernet0/24 description Trunk link to Bangor Switch 2 switchport trunk native vlan 399 switchport mode trunk interface GigabitEthernet1/1 description Trunk link to Bangor Switch 3 switchport trunk native vlan 399 switchport mode trunk interface GigabitEthernet1/2 description Trunk link to Bangor Switch 2

    switchport trunk native vlan 399 switchport mode trunk interface Vlan1 no ip address shutdown interface Vlan300 description Bangor Switch Management ip address 172.25.71.2 255.255.255.240 ip default-gateway 172.25.71.1 banner motd ^CAuthorized Users only - Log out if not permitted on system^^C line con 0 password cisco logging synchronous login exec-timeout 0 0 line vty 0 4 password cisco logging synchronous login transport input telnet line vty 5 15 password cisco logging synchronous login transport input telnet end

    hostname BRDR-RTR username guest privilege 15 password 0 cisco ip domain-name CISco.com ip name-server 172.25.70.2 interface FastEthernet0/0 description Link to CISco LAN ip address 192.168.100.42 255.255.255.248 ip nat inside duplex auto speed auto

    interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 description WAN link to ISP ip address 209.165.200.170 255.255.255.248 encapsulation frame-relay frame-relay map ip 209.165.200.169 113 broadcast ip access-group FROM-OUTSIDE in ip access-group FROM-INSIDE out ip nat outside no cdp enable interface Serial0/0/1 no ip address shutdown interface Vlan1 no ip address shutdown router ospf 50 log-adjacency-changes passive-interface Serial0/0/0 network 192.168.100.40 0.0.0.7 area 0 default-information originate ip nat pool CISco-POOL 209.165.200.170 209.165.200.173 netmask 255.255.255.248 ip nat inside source list ALLOW-NAT pool CISco-POOL overload ip nat inside source static 172.25.72.130 209.165.200.174 ip route 0.0.0.0 0.0.0.0 209.165.200.169 ip access-list standard FROM-INSIDE permit 209.165.200.168 0.0.0.7 deny any ip access-list standard ALLOW-TECH permit 172.25.72.0 0.0.0.127 deny any ip access-list standard ALLOW-NAT permit 172.25.64.0 0.0.15.255 permit 192.168.100.32 0.0.0.31 deny any ip access-list extended FROM-OUTSIDE deny ip 172.25.64.0 0.0.15.255 any deny ip 192.168.100.32 0.0.0.31 any permit tcp any 209.165.200.168 0.0.0.7 established permit tcp any host 209.165.200.174 eq www permit tcp any host 209.165.200.174 eq 443 permit icmp any 209.165.200.168 0.0.0.7 echo-reply permit udp any eq domain 209.165.200.168 0.0.0.7 permit udp host 173.45.238.221 209.165.200.168 0.0.0.7 eq 123 deny ip any any no cdp run

    banner motd ^CAuthorized access only! Log out immediately if not authorized!^^C logging trap debugging logging 172.25.70.2 line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 access-class ALLOW-TECH in login local transport input ssh ntp ntp ntp ntp end authentication-key 123 md5 0802657D0A16 7 authenticate trusted-key 123 server 173.45.238.221 key 123

    709

    hostname Scissor ip dhcp excluded-address 192.168.10.1 192.168.10.10 ip dhcp excluded-address 192.168.11.1 192.168.11.10 ip dhcp excluded-address 192.168.11.129 192.168.11.139 ip dhcp pool 1 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 ip dhcp pool WHOLESALE network 192.168.11.0 255.255.255.128 default-router 192.168.11.1 ip dhcp pool RETAIL network 192.168.11.128 255.255.255.192 default-router 192.168.11.129 interface FastEthernet0/0 no ip address ip nat inside duplex auto speed auto interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 192.168.10.1 255.255.255.0 ip nat inside interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.11.1 255.255.255.128 ip nat inside

    interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 192.168.11.129 255.255.255.192 ip nat inside interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 ip address 196.100.10.1 255.255.255.0 ip nat outside interface Serial0/0/1 no ip address shutdown interface Serial0/1/0 no ip address shutdown interface Serial0/1/1 no ip address shutdown interface Vlan1 no ip address shutdown router rip version 2 network 192.168.10.0 network 192.168.11.0 network 196.100.10.0 ip ip ip ip ip ip ip nat pool RETAIL 196.100.10.124 196.100.10.183 netmask 255.255.255.0 nat pool VLAN1 196.100.10.3 196.100.10.3 netmask 255.255.255.0 nat pool WHOLESALE 196.100.10.4 196.100.10.123 netmask 255.255.255.0 nat inside source list 1 pool VLAN1 nat inside source list 10 pool WHOLESALE nat inside source list 20 pool RETAIL classless

    access-list 1 permit 192.168.10.0 0.0.0.255 access-list 10 permit 192.168.11.1 0.0.0.128 access-list 20 permit 192.168.11.1 0.0.0.192 line con 0 line vty 0 4 login end

    hostname Paper ip dhcp excluded-address 192.168.20.1 192.168.20.10 ip dhcp excluded-address 192.168.21.1 192.168.21.10 ip dhcp excluded-address 192.168.21.129 192.168.21.139 ip dhcp pool 1 network 192.168.20.0 255.255.255.0 default-router 192.168.20.1 ip dhcp pool WHOLESALE network 192.168.21.0 255.255.255.128 default-router 192.168.20.1 ip dhcp pool RETAIL network 192.168.21.128 255.255.255.192 default-router 192.168.21.129 interface FastEthernet0/0 no ip address ip nat inside duplex auto speed auto interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 192.168.20.1 255.255.255.0 interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.21.1 255.255.255.128 interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 192.168.21.129 255.255.255.192 interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 ip address 196.100.10.2 255.255.255.0 ip nat inside clock rate 56000 interface Serial0/0/1 ip address 64.26.91.2 255.255.255.252 ip nat outside interface Serial0/1/0 no ip address shutdown interface Serial0/1/1 no ip address shutdown interface Vlan1 no ip address shutdown

    router rip version 2 network 64.0.0.0 network 192.168.20.0 network 192.168.21.0 network 196.100.10.0 ip ip ip ip ip nat pool PAPER 24.58.96.254 24.58.96.254 netmask 255.255.255.252 nat pool SCISSORS 24.58.96.253 24.58.96.253 netmask 255.255.255.252 nat inside source list 1 pool SCISSORS overload nat inside source list 10 pool PAPER overload classless

    access-list 1 permit 196.100.10.0 0.0.0.255 access-list 10 permit 192.168.20.0 0.0.1.255 line con 0 line vty 0 4 login end

    Lab 7.4.1 All Devices enable conf t no ip domain-lookup enable secret class banner motd $Authorized Access Only!$ line con 0 logging synchronous password cisco 350 Accessing the WAN: CCNA Exploration Labs and Study Guide login line vty 0 4 password cisco login end copy run start R1: hostname R1 enable conf t no ip domain-lookup enable secret class banner motd $Authorized Access Only!$ line con 0 logging synchronous

    password cisco 350 Accessing the WAN: CCNA Exploration Labs and Study Guide login line vty 0 4 password cisco login end copy run start int fa0/0 ip address 192.168.10.1 255.255.255.0 no shut int fa0/0 ip address 192.168.11.1 255.255.255.0 no shut int s0/0/0 ip address 10.1.1.1 255.255.255.252 clock rate 125000 router ospf 1 network 192.168.10.0 0.0.0.255 area 0 network 192.168.11.0 0.0.0.255 area 0 network 10.1.1.0 0.0.0.3 area 0 R2: enable conf t no ip domain-lookup enable secret class banner motd $Authorized Access Only!$ line con 0 logging synchronous password cisco 350 Accessing the WAN: CCNA Exploration Labs and Study Guide login line vty 0 4 password cisco login end copy run start hostname R2 int fa0/0 ip address 192.168.20.1 255.255.255.0 no shut int s0/0/0 ip address 10.1.1.2 255.255.255.252 no shut int s0/0/1 ip address 209.165.200.225 255.255.255.252 clock rate 125000 no shut optional loopback interface in place of server interface loopback 0 ip address 192.168.20.254 255.255.255.0 router ospf 1 network 10.1.1.0 0.0.0.3 area 0

    network 192.168.20.0 0.0.0.255 area 0 ISP: enable conf t no ip domain-lookup enable secret class banner motd $Authorized Access Only!$ line con 0 logging synchronous password cisco 350 Accessing the WAN: CCNA Exploration Labs and Study Guide login line vty 0 4 password cisco login end copy run start hostname ISP Chapter 7: IP Addressing Services 351 int s0/0/1 ip address 209.165.200.226 255.255.255.252 no shut

    Running configs 741 hostname R1 enable secret class no ip domain lookup interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 ip helper-address 10.1.1.2 no shutdown interface FastEthernet0/1 ip address 192.168.11.1 255.255.255.0 ip helper-address 10.1.1.2 no shutdown interface Serial0/0/0 ip address 10.1.1.1 255.255.255.252 clock rate 125000 interface Serial0/0/1 no ip address shutdown router ospf 1 network 10.1.1.0 0.0.0.3 area 0 network 192.168.10.0 0.0.0.255 area 0 network 192.168.11.0 0.0.0.255 area 0

    banner motd ^C!!!AUTHORIZED ACCESS ONLY!!!^C line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login end

    R2 hostname R2

    enable secret class no ip dhcp use vrf connected ip dhcp excluded-address 192.168.10.1 192.168.10.10 ip dhcp excluded-address 192.168.11.1 192.168.11.10 ip dhcp pool R1Fa0 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 192.168.11.5 ip dhcp pool R1Fa1 network 192.168.11.0 255.255.255.0 dns-server 192.168.11.5 default-router 192.168.11.1 no ip domain lookup interface Loopback0 ip address 192.168.20.254 255.255.255.0 ip nat inside ip virtual-reassembly interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 ip nat inside ip virtual-reassembly interface Serial0/0/1

    ip address 209.165.200.225 255.255.255.252 ip nat outside ip virtual-reassembly clock rate 125000 router ospf 1 network 10.1.1.0 0.0.0.3 area 0 network 192.168.20.0 0.0.0.255 area 0 default-information originate ip route 0.0.0.0 0.0.0.0 209.165.200.226

    no no ip ip

    ip http server ip http secure-server nat inside source list NAT interface Serial0/0/1 overload nat inside source static 192.168.20.254 209.165.200.254

    ip access-list extended NAT permit ip 192.168.10.0 0.0.0.255 any permit ip 192.168.11.0 0.0.0.255 any banner motd ^C!!!AUTHORIZED ACCESS ONLY!!!^C line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login end

    ISP hostname ISP enable secret class no ip domain lookup interface Serial0/0/1 ip address 209.165.200.226 255.255.255.252 no shutdown

    ip route 209.165.200.240 255.255.255.240 Serial0/0/1 ! banner motd ^C !!!AUTHORIZED ACCESS ONLY!!!^C line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 password cisco logging synchronous login end

    Lab 7.4.3 Corrected Script R1 hostname R1 enable secret class no ip domain lookup interface FastEthernet0/0 ip address 172.16.10.1 255.255.255.0 ip helper-address 172.16.0.2 no shutdown interface FastEthernet0/1 ip address 172.16.11.1 255.255.255.0 ip helper-address 172.16.0.2 no shutdown3 interface Serial0/0/0 ip address 172.16.0.1 255.255.255.252 clock rate 125000 no shutdown router rip version 2

    network 172.16.0.0 no auto-summary banner motd $AUTHORIZED ACCESS ONLY$ ! line con 0 password cisco logging synchronous login line vty 0 4 password cisco logging synchronous login end R2 hostname R2 enable secret class ip dhcp excluded-address 172.16.10.1 172.16.10.3 ip dhcp excluded-address 172.16.11.1 172.16.11.3 ip dhcp pool R1_LAN10 network 172.16.10.0 255.255.255.0 default-router 172.16.10.1 dns-server 172.16.20.254 ip dhcp pool R1_LAN11 network 172.16.11.0 255.255.255.0 default-router 172.16.11.1 dns-server 172.16.20.254 no ip domain lookup interface FastEthernet0/0 ip address 172.16.20.1 255.255.255.0 ip nat inside no shutdown interface Serial0/0/0 ip address 172.16.0.2 255.255.255.252 ip nat inside no shutdown interface Serial0/0/1 ip address 209.165.201.1 255.255.255.252 ip nat outside clock rate 125000 no shutdown router rip version 2 network 172.16.0.0 default-information originate no auto-summary

    ip route 0.0.0.0 0.0.0.0 209.165.201.2 ip ip ip ip nat nat nat nat pool NAT_POOL inside source inside source inside source 209.165.201.9 209.165.201.14 netmask 255.255.255.248 list NAT_ACL pool NATPOOL overload list NAT_ACL pool NAT_POOL overload static 172.16.20.254 209.165.201.30

    ip access-list standard NAT_ACL permit 172.16.10.0 0.0.0.255 permit 172.16.11.0 0.0.0.255 banner motd $AUTHORIZED ACCESS ONLY$ line con 0 password cisco logging synchronous login line vty 0 4 password cisco logging synchronous login end

    ISP hostname ISP enable secret class interface Serial0/0/1 ip address 209.165.201.2 255.255.255.252 no shutdown ip route 0.0.0.0 0.0.0.0 Serial0/0/1 banner motd $AUTHORIZED ACCESS ONLY$ line con 0 password cisco logging synchronous login line vty 0 4 password cisco logging synchronous login end

    LAB BASIC CONFIGS CHANGE AS NEEDED

    R1 Fa0/1 10.0.0.1 255.255.255.128 N/A S0/0/0 172.16.0.1 255.255.255.252 N/A S0/0/1 172.16.0.9 255.255.255.252 N/A R2 Lo0 209.165.200.161 255.255.255.224 N/A S0/0/0 172.16.0.2 255.255.255.252 N/A S0/0/1 172.16.0.5 255.255.255.252 N/A R3 Fa0/1 10.0.0.129 255.255.255.128 N/A S0/0/0 172.16.0.10 255.255.255.252 N/A S0/0/1 172.16.0.6 255.255.255.252 N/A

    PC1 ip 10.0.0.10 255.255.255.128 10.0.0.1

    PC3 ip 10.0.0.139 255.255.255.128 10.0.0.129

    HELPFUL CONFIGS to Adjust for Labs R1 enable configure terminal hostname CHG-RTR banner motd #Authorized Users Only# no ip domain-lookup enable secret class line console 0 password cisco login logging synchronous exec-timeout 0 0 exit line vty 0 4 password cisco login logging synchronous exec-timeout 5 exit interface fastEthernet0/1 ip address 10.0.0.1 255.255.255.128 no shutdown exit interface Serial0/0/0 ip address 172.16.0.1 255.255.255.252 clock rate 64000 no shutdown exit interface Serial0/0/1 ip address 172.16.0.9 255.255.255.252 no shutdown exit

    router rip version 2 network 10.0.0.0 network 172.16.0.0 passive-interface fastEthernet0/1 no auto-summary ex username R2 password cisco interface Serial0/0/0 encapsulation ppp ppp authentication chap

    exit interface Serial0/0/1 encapsulation frame-relay frame-relay map ip 172.16.0.9 101 broadcast frame-relay map ip 172.16.0.10 101 broadcast frame-relay interface-dlci 101 no keepalive exit access-list 101 permit tcp host 172.16.0.2 any eq 23 access-list 101 permit tcp host 172.16.0.5 any eq 23 access-list 101 deny tcp any any eq 23 access-list 101 permit ip any any line vty 0 4 access-class 101 in end

    R2: enable configure terminal hostname R2 banner motd #Authorized Users Only# no ip domain-lookup enable secret class line console 0 password cisco login logging synchronous exec-timeout 5 exit line vty 0 4 password cisco login logging synchronous exec-timeout 5 exit interface Serial0/0/0 ip address 172.16.0.2 255.255.255.252 no shutdown exit interface Serial0/0/1 ip address 172.16.0.5 255.255.255.252 clock rate 64000 no shutdown exit interface Loopback0 ip address 209.165.200.161 255.255.255.224 no shutdown exit ip route 0.0.0.0 0.0.0.0 Loopback0 router rip version 2

    network 172.16.0.0 no auto-summary redistribute static exit username R1 password cisco interface Serial0/0/0 encapsulation ppp ppp authentication chap exit interface Serial0/0/1 encapsulation hdlc exit username cisco password cisco aaa new-model aaa authentication login LOCAL_AUTH local line vty 0 4 login authentication LOCAL_AUTH exit no cdp run access-list 102 deny tcp any host access-list 102 deny tcp any host access-list 102 deny tcp any host access-list 102 deny tcp any host access-list 102 permit ip any any interface Loopback0 ip access-group 102 in end 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.10 eq eq eq eq 80 23 21 20

    R3: enable configure terminal hostname R3 banner motd #Authorized users only# no ip domain-lookup enable secret class line console 0 password cisco login logging synchronous exec-timeout 5 exit line vty 0 4 password cisco login logging synchronous exec-timeout 5 exit interface fastEthernet0/1

    ip address 10.0.0.129 255.255.255.128 no shutdown exit interface Serial0/0/0 ip address 172.16.0.10 255.255.255.252 clock rate 64000 no shutdown exit interface Serial0/0/1 ip address 172.16.0.6 255.255.255.252 no shutdown exit interface Serial0/0/0 encapsulation frame-relay frame-relay map ip 172.16.0.10 101 broadcast frame-relay map ip 172.16.0.9 101 broadcast frame-relay interface-dlci 101 no keepalive exit interface Serial0/0/1 encapsulation hdlc exit router rip version 2 network 10.0.0.0 network 172.16.0.0 passive-interface fastEthernet0/1 no auto-summary exit access-list 101 permit tcp host 172.16.0.2 any eq 23 access-list 101 permit tcp host 172.16.0.5 any eq 23 access-list 101 deny tcp any any eq 23 access-list 101 permit ip any any line vty 0 4 access-class 101 in exit access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10 access-list 103 permit ip any any interface Serial0/0/0 ip access-group 103 out exit interface Serial0/0/1 ip access-group 103 out exit

    access-list 104 permit ip 10.0.0.128 0.0.0.127 any ip nat inside source list 104 interface Serial0/0/0 overload interface fastEthernet0/1 ip access-group 104 in ip nat inside exit

    interface Serial0/0/0 ip nat outside exit interface Serial0/0/1 ip nat outside end

    security options line vty 0 4 login authentication LOCAL_AUTH exit no servicepad no service finger no service udp-small-server no service tcp-small-server no ip bootp server no ip http server no ip finger no ip source-route no ip gratuitous-arps no cdp run

    ip dhcp pool BAN-LAN-1 network 192.168.10.0 255.255.255.0 default-router 172.30.100.41 dns-server 140.198.8.14 ip dhcp pool BAN-Wireless network 192.168.30.0 255.255.255.128 default-router 172.30.100.41 dns-server 140.198.8.14

    network 192.168.10.0 255.255.255.0 default-router 172.30.100.41 dns-server 140.198.8.14 no ip dhcp pool BAN-Wireless network 192.168.30.0 255.255.255.0 default-router 172.30.100.41 dns-server 140.198.8.14

    no ip dhcp pool BAN-Wireless network 192.168.30.0 255.255.255.128 default-router 172.30.100.41 dns-server 140.198.8.14

    no ip access-list extended NO-TELNET no ip access-list standard NAT-THESE

    deny icmp any 172.17.50.128 0.0.0.127 echo-reply

    ip nat pool OUTSIDE 209.165.200.172 209.165.200.174 net mask 255.255.255.248

    ip nat inside source list NAT-THESE pool OUTSIDE overload

    deny tcp any host 209.165.200.168 0.0.0.7 eq 21

    ip name-server 140.198.8.14

    ip domain-name www.msn.com ip access-list extended NO-TELNET ip access-list standard NAT-THESE permit 172.17.0.0 0.0.255.255 permit 172.30.100.32 0.0.0.15 permit 192.168.0.0 0.0.127.255 deny any ip access-list extended NO-TELNET deny tcp any host 209.165.200.0 eq ftp permit ip any any

    ip access-list extended CHG-PHXWEB deny icmp 192.168.50.140 neq echo 172.17.201.100 echo permit ip any any

    ip nat pool OUTSIDE 209.165.200.172 209.165.200.174 netmask 255.255.255.248 ip nat inside source list NAT-THESE pool OUTSIDE overload ip nat inside source static 172.17.201.100 209.165.200.171 ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 ip route 209.165.200.168 255.255.255.248 FastEthernet0/1 ! ! ip access-list standard NAT-THESE permit 172.17.0.0 0.0.255.255 permit 172.30.100.32 0.0.0.15 permit 192.168.0.0 0.0.127.255 deny any

    no ip access-list standard NO-BAN-PHX1 ip access-list standard NO-BAN-PHX1 deny 192.168.0.0 0.0.224.0 permit any no ip access-list extended CHG-PHXWEB ip access-list extended CHG-PHXWEB deny icmp host 192.168.50.128 host 172.17.201.100 echo permit ip any any

    Anda mungkin juga menyukai