Cisco 4: Connecting

Networks
Case Study

1
 Table of Contents
Devices.3

Topology..4

Router Configurations..............................................................................5 12
-Galway........5 5
-Cork....6 7
-Belfast.8 9
-Limerick..10
-ISP...11
-Derry.......12

Tracerts...13

Pings...14 16

Addressing Scheme17

DHCP Scheme18

ACL List.18

NAT List.18

2
 Devices

Routers:
-All routers in the topology are Cisco 2901 routers.

Switches:
-All switches in the topology are Cisco 2960 switches.

End Devices:
-All PCs in the topology are Cisco virtual tower computers.
-The server in the topology is a Cisco virtual server.

3
Topology

4
 Router Configurations

Galway interface GigabitEthernet0/0

Current configuration : 2303 bytes ip address 172.16.4.1 255.255.254.0
! ip access-group GalwayACL in
version 15.1 duplex auto
no service timestamps log datetime msec speed auto
no service timestamps debug datetime msec !
no service password-encryption interface GigabitEthernet0/1
! no ip address
hostname Galway duplex auto
! speed auto
enable secret 5 shutdown
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1 !
! interface Serial0/0/0
ip dhcp excluded-address 172.16.4.1 ip address 172.16.7.245 255.255.255.252
172.16.4.10 encapsulation frame-relay
ip dhcp excluded-address 172.16.3.1 frame-relay map ip 172.16.7.246 201
172.16.3.10 broadcast
ip dhcp excluded-address 172.16.2.1 frame-relay map ip 172.16.7.11 301
172.16.2.10 broadcast
ip dhcp excluded-address 172.16.0.1 frame-relay map ip 172.16.6.11 301
172.16.0.10 broadcast
! frame-relay map ip 172.16.6.1 301 broadcast
ip dhcp pool GalwayLAN frame-relay map ip 172.16.7.254 301
network 172.16.4.0 255.255.254.0 broadcast
default-router 172.16.4.1 frame-relay map ip 172.16.7.1 301 broadcast
ip dhcp pool VLAN2 frame-relay map ip 172.16.7.250 301
network 172.16.3.0 255.255.255.128 broadcast
default-router 172.16.3.1 frame-relay map ip 172.16.7.253 301
ip dhcp pool VLAN3 broadcast
network 172.16.2.0 255.255.255.0 frame-relay map ip 209.165.200.1 301
default-router 172.16.2.1 broadcast
ip dhcp pool VLAN4 frame-relay map ip 172.16.7.249 301
network 172.16.0.0 255.255.254.0 broadcast
default-router 172.16.0.1 frame-relay map ip 172.16.7.34 301
! broadcast
no ip cef frame-relay lmi-type ansi
no ipv6 cef no frame-relay inverse-arp
! !
license udi pid CISCO2901/K9 sn interface Serial0/0/1
FTX1524243V no ip address
! clock rate 2000000
spanning-tree mode pvst shutdown
! !

5
interface Vlan1 Cork
no ip address Current configuration : 2087 bytes
shutdown !
! version 15.1
router rip no service timestamps log datetime msec
version 2 no service timestamps debug datetime msec
redistribute ospf 10 no service password-encryption
network 172.16.0.0 !
no auto-summary hostname Cork
! !
ip classless enable secret 5
ip route 0.0.0.0 0.0.0.0 Serial0/0/0 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
! !
ip flow-export version 9 no ip cef
! no ipv6 cef
permit tcp 172.16.4.0 0.0.1.255 172.16.7.0 !
0.0.0.31 eq www username Belfast password 0 cisco
permit icmp 172.16.4.0 0.0.1.255 172.16.7.0 !
0.0.0.31 echo-reply license udi pid CISCO2901/K9 sn
deny ip any 172.16.7.0 0.0.0.31 FTX15245AR2
permit ip any any !
! spanning-tree mode pvst
no cdp run !
! interface GigabitEthernet0/0
line con 0 no ip address
password cisco duplex auto
login speed auto
! !
line aux 0 interface GigabitEthernet0/0.2
! encapsulation dot1Q 2
line vty 0 4 ip address 172.16.3.1 255.255.255.128
password cisco ip helper-address 172.16.7.245
login !
line vty 5 15 interface GigabitEthernet0/0.3
password cisco encapsulation dot1Q 3
login ip address 172.16.2.1 255.255.255.0
! ip helper-address 172.16.7.245
end !
interface GigabitEthernet0/0.4
encapsulation dot1Q 4
ip address 172.16.0.1 255.255.254.0
ip helper-address 172.16.7.245
!
interface GigabitEthernet0/0.99
encapsulation dot1Q 99 native
no ip address

6
ip address 172.16.3.229 255.255.255.252 !
! ip classless
interface GigabitEthernet0/1 !
no ip address ip flow-export version 9
duplex auto !
speed auto no cdp run
shutdown !
! line con 0
interface Serial0/0/0 password cisco
ip address 172.16.7.246 255.255.255.252 login
encapsulation frame-relay !
frame-relay map ip 172.16.7.245 101 line aux 0
broadcast !
frame-relay map ip 172.16.7.11 103 line vty 0 4
broadcast password cisco
frame-relay map ip 172.16.6.11 103 login
broadcast line vty 5 15
frame-relay lmi-type ansi password cisco
no frame-relay inverse-arp login
! !
interface Serial0/0/1 end
ip address 172.16.7.249 255.255.255.252
encapsulation ppp
ppp authentication chap
!
interface Vlan1
no ip address
shutdown
!
router ospf 10
router-id 1.1.1.1
log-adjacency-changes
redistribute rip subnets
passive-interface Serial0/0/0
network 172.16.7.248 0.0.0.3 area 0
network 172.16.3.0 0.0.0.127 area 0
network 172.16.2.0 0.0.0.255 area 0
network 172.16.0.0 0.0.1.255 area 0
network 172.16.3.128 0.0.0.63 area 0
!
router rip
version 2
redistribute static
passive-interface Serial0/0/1
network 172.16.0.0
default-information originate

7
Belfast ip address 172.16.7.250 255.255.255.252
Current configuration : 2904 bytes encapsulation ppp
! ppp authentication chap
version 15.1 ip access-group ReflexiveACL out
no service timestamps log datetime msec ip nat inside
no service timestamps debug datetime msec clock rate 2000000
no service password-encryption !
! interface Serial0/0/1
hostname Belfast ip address 172.16.7.253 255.255.255.252
! encapsulation ppp
enable secret 5 ppp authentication pap
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ppp pap sent-username Belfast password 0
! cisco
no ip cef ip access-group ReflexiveACL out
no ipv6 cef ip nat inside
! !
username Cork password 0 cisco interface Serial0/1/0
username Limerick password 0 cisco ip address 209.165.200.1 255.255.255.252
! ip nat outside
license udi pid CISCO2901/K9 sn !
FTX1524WI1P interface Serial0/1/1
! no ip address
spanning-tree mode pvst clock rate 2000000
! shutdown
interface Loopback0 !
no ip address interface Vlan1
! no ip address
interface Tunnel0 shutdown
ip address 172.16.7.241 255.255.255.252 !
mtu 1476 router ospf 10
tunnel source Serial0/1/0 router-id 2.2.2.2
tunnel destination 209.165.200.6 log-adjacency-changes
! redistribute static
interface GigabitEthernet0/0 network 172.16.7.0 0.0.0.31 area 0
ip address 172.16.7.1 255.255.255.224 network 172.16.7.252 0.0.0.3 area 0
ip access-group ReflexiveACL out network 172.16.7.248 0.0.0.3 area 0
duplex auto network 172.16.7.32 0.0.0.31 area 0
speed auto network 172.16.7.240 0.0.0.3 area 0
! !
interface GigabitEthernet0/1 ip nat pool GlobalPool 200.10.10.76
no ip address 200.10.10.127 netmask 255.255.255.192
duplex auto ip nat inside source list InternalNATPool
speed auto pool GlobalPool
shutdown ip nat inside source static 172.16.7.11
! 200.10.10.65
interface Serial0/0/0 ip classless

8
ip route 0.0.0.0 0.0.0.0 Serial0/1/0 !
ip route 0.0.0.0 0.0.0.0 172.16.7.242 line vty 0 4
! password cisco
ip flow-export version 9 login
! line vty 5 15
ip access-list standard InternalNATPool password cisco
permit 172.16.0.0 0.0.7.255 login
ip access-list standard NATPool !
permit 200.10.10.64 0.0.0.63 end
deny host 200.10.10.66
deny host 200.10.10.67
deny host 200.10.10.68
deny host 200.10.10.69
deny host 200.10.10.70
deny host 200.10.10.71
deny host 200.10.10.72
deny host 200.10.10.73
deny host 200.10.10.74
deny host 200.10.10.75
ip access-list extended ReflexiveACL
permit icmp 172.16.0.0 0.0.7.255 172.16.0.0
0.0.7.255 echo
permit tcp 172.16.0.0 0.0.7.255 172.16.0.0
0.0.7.255 eq www
permit tcp 172.16.0.0 0.0.7.255 172.16.0.0
0.0.7.255 eq 25
permit tcp 172.16.0.0 0.0.7.255 172.16.0.0
0.0.7.255 eq 110
permit icmp any 172.16.0.0 0.0.7.255 echo-
reply
permit tcp any 172.16.0.0 0.0.7.255
established
permit tcp any any eq ftp
permit tcp 172.16.3.128 0.0.0.63
172.16.7.252 0.0.0.3 eq 23
deny tcp any 172.16.0.0 0.0.7.255
deny icmp any 172.16.0.0 0.0.7.255
permit ip any any
permit ospf any any
permit gre any any
!
line con 0
password cisco
login
!
line aux 0

9
Limerick clock rate 2000000
Current configuration : 1506 bytes shutdown
! !
version 15.1 interface Vlan1
no service timestamps log datetime msec no ip address
no service timestamps debug datetime msec shutdown
no service password-encryption !
! router ospf 10
hostname Limerick router-id 3.3.3.3
! log-adjacency-changes
enable secret 5 network 172.16.6.0 0.0.0.255 area 0
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1 network 172.16.7.252 0.0.0.3 area 0
! !
no ip cef router rip
no ipv6 cef !
! ip classless
username Belfast password 0 cisco !
! ip flow-export version 9
license udi pid CISCO2901/K9 sn !
FTX1524FQN1 ip access-list extended LimerickACL
! deny tcp 172.16.6.0 0.0.0.255 172.16.3.0
spanning-tree mode pvst 0.0.0.127 eq ftp
! permit ip any any
interface GigabitEthernet0/0 ip access-list extended VTYACL
ip address 172.16.6.1 255.255.255.0 permit tcp 172.16.3.128 0.0.0.63
ip access-group LimerickACL in 172.16.7.252 0.0.0.3 eq telnet
duplex auto deny tcp any any eq telnet
speed auto permit ip any any
! !
interface GigabitEthernet0/1 no cdp run
no ip address !
duplex auto line con 0
speed auto password cisco
shutdown login
! !
interface Serial0/0/0 line aux 0
ip address 172.16.7.254 255.255.255.252 !
encapsulation ppp line vty 0 4
ppp authentication pap password cisco
ppp pap sent-username Limerick password 0 login
cisco line vty 5 15
ip access-group VTYACL in password cisco
clock rate 2000000 login
! !
interface Serial0/0/1 end
no ip address

10
ISP ip classless
Building configuration... ip route 0.0.0.0 0.0.0.0 Serial0/0/1
ip route 172.16.7.33 255.255.255.255
Current configuration : 1035 bytes Serial0/0/0
! ip route 172.16.7.34 255.255.255.255
version 15.1 Serial0/0/0
no service timestamps log datetime msec !
no service timestamps debug datetime msec ip flow-export version 9
no service password-encryption !
! no cdp run
hostname ISP !
! line con 0
enable secret 5 password cisco
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1 login
! !
no ip cef line aux 0
no ipv6 cef !
! line vty 0 4
license udi pid CISCO2901/K9 sn password cisco
FTX1524R515 login
! line vty 5 15
spanning-tree mode pvst password cisco
! login
interface GigabitEthernet0/0 !
no ip address end
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 209.165.200.5 255.255.255.252
!
interface Serial0/0/1
ip address 209.165.200.2 255.255.255.252
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!

11
Derry clock rate 2000000
Building configuration... shutdown
!
Current configuration : 1115 bytes interface Vlan1
! no ip address
version 15.1 shutdown
no service timestamps log datetime msec !
no service timestamps debug datetime msec ip classless
no service password-encryption ip route 0.0.0.0 0.0.0.0 Serial0/0/0
! ip route 0.0.0.0 0.0.0.0 172.16.7.241
hostname Derry !
! ip flow-export version 9
enable secret 5 !
$1$mERr$9cTjUIEqNGurQiFU.ZeCi1 line con 0
! password cisco
no ip cef login
no ipv6 cef !
! line aux 0
license udi pid CISCO2901/K9 sn !
FTX1524JJ00 line vty 0 4
! password cisco
spanning-tree mode pvst login
! line vty 5 15
interface Tunnel0 password cisco
ip address 172.16.7.242 255.255.255.252 login
mtu 1476 !
tunnel source Serial0/0/0 End
tunnel destination 209.165.200.1
!
interface GigabitEthernet0/0
ip address 172.16.7.33 255.255.255.224
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 209.165.200.6 255.255.255.252
clock rate 2000000
!
interface Serial0/0/1
no ip address

12
 Tracerts
Tracert from Derry Host to Belfast Server

-Based on this, we can assume that the traffic goes over the GRE Tunnel (because
of the 172.16.7.241), and that traffic can also go the other way and Belfast can ping
and tracert over the tunnel to the Derry host.

Tracert from Galway Host to Belfast Server

-Based on this, we can assume that the traffic goes over the Frame Relay, through
the RIP, and across the Cork and Belfast router to the server. Also, we can assume
the traffic goes the other way and Belfast can ping/tracert the Galway host.
 Pings

Ping from Galway Host to VLAN 2, 3, 4, and 99 (Cork) Host

Ping from Belfast Server to VLAN 2 (Cork) Host
-Based on this, we can
assume that the
Belfast Server can
also ping to VLAN 3,
4, and 99, as 3 and 4
are also using DCHP,
and 99 is also
connected to the same
router (Cork).

Ping from Limerick Host to Galway Host

-Based on this, we
can assume that any
network between the
end network of
Galway and
Limerick can connect
to each other.
Ping from Belfast Server to Limerick Host

Ping from Galway Host to Belfast Server

-The Galway host cannot ping the Belfast Server because of the GalwayACL on
Belfast which permits HTTP to Belfast but denies all other traffic.

FTP ACL
-The FTP ACL works so that the VLAN 2 server
cannot be accessed by FTP, but the VLAN 3 server
can be.
Addressing Scheme

DHCP Scheme

ACL List
NAT List