Академический Документы
Профессиональный Документы
Культура Документы
Prerequisite:
- IERG4090:Lab00 Basics of GNS3 and Cisco IOS
- GNS3 Documentation: https://docs.gns3.com/
- Getting started with GNS3: https://streaming.ine.com/c/ine-getting-started-with-gns3
- Cisco IOS and CLI: http://www.danscourses.com/CCNA-1/cisco-ios-and-cli.html
- DD-WRT Wiki: http://www.dd-wrt.com/wiki/index.php/Main_Page
Network Topology:
Innovation Engineering Company Ltd. is a small startup company. The office has ten PCs and one web server. The ten
PCs can access the Internet via a broadband router. The web server (mrtg-1) can be accessed by the Intranet hosts
and the Internet but it cannot access hosts in Intranet. You are provided with ten PCs (labvpc-1 to 9, Chrome-1), a
web server (mrtg-1) and a broadband router (BBR) for connecting the Internet.
Procedures:
Verify the Internet connections by the Auxiliary console of ISP-H1: ping intranet.ie.cuhk.edu.hk
If it is failed, check the Internet connection of your host computer (must be in IE network or connected to IE VPN).
IERG4831 Lab01 P.2
Task 1: Link up the devices as shown in the network topology diagram. [5 marks]
Note: Save project once the devices are linked.
Configure SW via console. All ports should be configured as layer 2 static access port. Save the configurations.
Configure the network of chrome-1 by using GNS3s device configuration tool. The web browser in chrome-1 will be
used to access the administration page of BBR. Make your own decision on the network configuration of chrome-1
so that it can access the Internet in the future.
Start chrome-1. Use GNS3s console tool to access its web browser. Go to the administration page of BBR via the
web browser. The default URL of DD-WRTs management web interface is:
http://192.168.1.1/
Configure the login name and password on BBR to be root and admin respectively.
Configure Static IP address and DNS address for BBR WAN interface (eth0) according to the information provided in
the topology diagram.
Configure BBR so that it can masquerade DNS request for hosts in Intranet and DMZ.
After configuration, chrome-1 should be able to access the Internet. Verify it by access http://www.google.com
Configure the MAC address for labvpc1-labvpc9 via GNS3s Device Configure tool. Edit the network configuration and
insert a new line under the line iface eth0.:
where 34:56:78:90 is the last eight digits of your SID (e.g. 1234567890 )
For the last octet, use 01 - 09 for labvpc01 - labvpc09 respectively.
Configure labvpc-1 to labvpc-9 to get their IP address via DHCP with the following restrictions:
- labvpc-1 to labvpc-5 should receive IP address .101 to .105 respectively.
- labvpc-6 to labvpc-9 should receive dynamic IP address in the range of .110 - .119 randomly.
Create and configure br1 (DMZ) with IP address provided in the topology diagram. Setup DHCP service on br1. Join
eth2 to br1.
Setup Networking Bridging, Assign to Bridge, Port Setup [br1], DHCPD
Configure the network of mrtg-1 using DHCP. BBR should lease a fixed IP to mrtg-1 and be able to resolve DNS
request. Verify your configuration by PING test to intranet.ie.cuhk.edu.hk.
Configure BBR such that hosts in DMZ (br1) cannot access hosts in Intranet (br0). Use PING test to test your result in
both direction. In other words, a rule has to be built so as to block packet forwarding of any new connections from
br1 to br0.
https://help.ubuntu.com/community/IptablesHowTo ( conntrack, ctstate )
Administration Commands . add a firewall rule and Save Firewall
After configuration, hosts in br0 can PING to hosts in br1 (mrtg-1) but not in reverse direction.
Configure BBR such that Internet host (ISP-H1) can access the web service in mrtg-1. Rules involve:
- Allow tcp port 80 input from eth0
- Allow tcp port 80 to be forwarded from eth0 to br1
- Perform port forwarding such that mrtg-1s web service can be exposed
http://linuxforall.blogspot.hk/2008/01/setting-dmz-with-iptables.html
http://www.systutorials.com/816/port-forwarding-using-iptables/
Administration Commands . add firewall rules and Save Firewall
Configure mrtg-1 such that MRTG chart will be built for BBR. Study the script /root/mycfgmaker.sh in mrtg-1.
Use this script to build the MRTG config. Start the mrtg process by running the commands below:
cd /var/www/mrtg/cfg
mrtg /var/www/mrtg/cfg/XXX.cfg
Verify your result by browsing the URL: http://mrtg-1/XXX/ from chome-1 and the corresponding URL from ISP-H1.