Вы находитесь на странице: 1из 2

Step 1: Finish the IP Addressing Scheme.

, .

Step 2: Configure BR2 with IP Addressing and Inter-VLAN Routing.


For each Fast Ethernet subinterface, the VLAN number matches the subinterface number.
, fa0/0 trunk - .. -,
() VLAN-.
-: (configure terminal)
:
interface fa0/0.1 - - -, VLAN-,
1
encapsulation dot1Q 1 - dot1Q - VLAN-
ip address 10.10.10.117 255.255.255.248 - ip, ,
exit - , , -
VLAN- .
, :
interface fa0/0
no shutdown
, inter-VLAN routing .

Step 3: Configure S1 with IP Address, VLANs and as the STP Root Bridge.
Configure the S1 VLAN interface with the correct IP addressing -
interface vlan 1 - ..
Configure the default gateway.
ip default-gateway 10.10.10.177 - - VLAN 1 (fa0/0.1)
Establish an 802.1q trunk with BR2 and with S2. After STP converges, S1 should be able to ping both BR2
and S2.
, S1 BR2 S2, fa0/1 fa0/2:
interface fa 0/1
switchport mode trunk
S1 should be configured as a VTP server for the discovery domain. Set the VTP password to cisco. S2 is
already configured as a client for this domain.
vtp domain discovery -
vtp password cisco -
vtp mode server -
Create and name two VLANs on the VTP server. Names are case-sensitive
VLAN-:
vlan 10 - VLAN-
name Staff
exit
Assign VLAN 10 to the Fa0/10 interface for H1 access.
, , VLAN- :
interface fa0/10 -
switchport mode access -
switchport access vlan 10 - VLAN-
Use a priority of 4096 to set S1 as the STP root for all VLANs
, VLAN-:
spanning-tree vlan 1 priority 4096 - VLAN- priority

Step 4: Configure and Verify Host Addressing. --------Step 5: Configure and Verify Frame Relay.

Configure BR2 to use a point-to-point Frame Relay link through the SP-FR cloud to Edge3.
:
interface serial 0/0/0
encapsulation frame-relay
no shutdown
Assume inverse ARP is disabled and configure DLCI 101.
101 :
interface serial 0/0/0.101 point-to-point
ip address 10.255.1.1 255.255.255.252 - IP
frame-relay interface-dlci 101

Step 6: Configure EIGRP Routing on BR2.


Configure BR2 for EIGRP routing using the following requirements:
Use AS 100.
AS - , eigrp:
router eigrp 100 -
Configure the classful network addresses without wildcards.
- OSPF, - , :
network 10.255.1.0 -
Do not advertise the network shared with the ISP. -

Step 7: Configure and Verify a Backup Link to Edge3.


The link to ISP is used as a backup link in case the Frame Relay network goes down.
Configure a floating static route on BR2 to the Edge3 LAN subnet.
Use the outbound interface argument in your configuration.
Use an administrative distance of 100.
:
ip route 172.17.1.0 255.255.255.248 FastEthernet0/1 150 - Edge3,
,

Step 8: Configure Access Control Lists.


Configure and apply an access control list with the case-sensitive name NO_WEB based on the following
security policy:
VLAN 20 is only allowed web access beyond BR2.
All other VLAN 20 access beyond BR2 is denied.
All other traffic is allowed.
The access list should still be in effect when the backup link is active.
, , :
VLAN 25 should not be able to access VLAN 15
VLAN 25 should not be able to access the HQ LAN using HTTP (port 80) or HTTPS (port 443)
All other traffic is allowed
ip access-list extended VLAN25 - access list (ACL), VLAN25 - ,
,
:
deny ip 10.10.10.161 0.0.0.15 10.10.10.129 0.0.0.31 -
VLAN- wildcard-,
deny tcp 10.10.10.161 0.0.0.15 10.10.20.0 0.0.0.7 eq 80 - HTTP
deny tcp 10.10.10.161 0.0.0.15 10.10.20.0 0.0.0.7 eq 443 - HTTPS , VLAN-
,
permit ip any any -
ACL (-
VLAN-)
interface fa0/0.25 -
ip access-group VLAN25 in - ACL