Вы находитесь на странице: 1из 11

ISP 1

enable
configure terminal

interface fa0/1
no shut
description -LINK-TO-SW-
ip address 80.80.80.1 255.255.255.248
exit

interface fa0/0
no shut
description -LINK-TO-HQ-ROUTER-
ip address 209.165.201.1 255.255.255.224
exit

ISP 2

interface fa0/1
no shut
description -LINK-TO-SW-
ip address 80.80.80.2 255.255.255.248
exit

interface fa0/0
no shut
description -LINK-TO-HQ-ROUTER-
ip address 209.165.202.2 255.255.255.224
exit

ISP SW
enable
configure terminal
interface range int fa0/1,fa0/23-24
no shut
switchport access
switchport nonegotiate

Routing: Since you didn't mention that the ISP is running a routing protocol let's assume they are running BGP.
ISP 1
enable
configure terminal
router bgp 111
neighbor 80.80.80.2 remote-as 111
neighbor 80.80.80.2 soft-reconfiguration inbound
neighbor 80.80.80.2 description -ISP2-
neighbor 209.165.201.3 remote-as 64512
neighbor 209.165.201.3 soft-reconfiguration inbound
neighbor 209.165.201.3 description -ISP2-

ISP 2
enable
configure terminal
router bgp 111
neighbor 80.80.80.1 remote-as 111
neighbor 80.80.80.1 soft-reconfiguration inbound
neighbor 80.80.80.1 description -ISP1-
neighbor 209.165.202.3 remote-as 64512
neighbor 209.165.202.3 soft-reconfiguration inbound
neighbor 209.165.202.3 description -ISP2-

HQ Router
enable
configure terminal

interface fa0/0
no shut
description -LINK-TO-ISP1-ROUTER-
ip address 209.165.201.3 255.255.255.224
exit

interface fa0/1
no shut
description -LINK-TO-ISP2-ROUTER-
ip address 209.165.202.3 255.255.255.224
exit

# We need to VLSM the /28 to allocate have a 3 network address for the serial link

interface serial0/1/0
description -LINK-TO-BR1-ROUTER-
ip address 10.123.123.1 255.255.255.252
no shut
exit

interface serial0/1/1
description -LINK-TO-BR1-ROUTER-
ip address 10.123.123.5 255.255.255.252
no shut
exit

interface serial0/1/2
description -LINK-TO-BR1-ROUTER-
ip address 10.123.123.9 255.255.255.252
no shut
exit

# ROUTING

router bgp 64512


neighbor 209.165.201.1 remote-as 111
neighbor 209.165.201.1 soft-reconfiguration inbound
neighbor 209.165.201.1 description -ISP1-
neighbor 209.165.202.1 remote-as 111
neighbor 209.165.202.1 soft-reconfiguration inbound
neighbor 209.165.202.1 description -ISP2-
exit

router rip
version 2
no auto-summary
network 10.123.123.0 0.0.0.7
redistribute bgp 64512
exit

# NAT
ip access-list standard NAT
permit 10.10.10.0 0.0.0.255
permit 10.20.20.0 0.0.0.255
permit 10.99.99.0 0.0.0.255

ip nat inside source list NAT interface fa0/0 overload


ip nat inside source list NAT interface fa0/1 overload

interface range serial 0/0/0-2


ip nat inside

interface range fa0/0-1


ip nat outside

# Restring management network


ip access-list extended remote-management
permit tcp 10.99.99.0 0.0.0.255 any eq telnet 22 log

line vty 0 4
access-class remote-management in

# Restrict Access to Servers


ip access-list extended PERMISSIONS
permit tcp any any eq 80
permit icmp any any
permit tcp 10.10.10.0 0.0.0.255 host 80.80.80.3 eq ftp-data ftp
permit tcp 10.20.20.0 0.0.0.255 host 80.80.80.3 eq ftp-data ftp
permit udp 10.99.99.0 0.0.0.255 host 80.80.80.3 eq 69

BR1
enable
configure terminal
interface serial0/1/0
description -LINK-TO-HQ-ROUTER-
ip address 10.123.123.2 255.255.255.252
no shut
exit

interface fa0/0
no shut

interface fa0/0.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.192
no shut

interface fa0/0.20
encapsulation dot1Q 20
ip address 10.20.20.1 255.255.255.192
no shut

interface fa0/0.99
encapsulation dot1Q 20
ip address 10.99.99.1 255.255.255.192
no shut

router rip
version 2
no auto-summary
network 10.10.10.0 0.0.0.63
network 10.20.20.0 0.0.0.63
network 10.99.99.0 0.0.0.63

# Configure DHCP
ip dhcp pool VLAN_10
network 10.10.10.0 255.255.255.192
default-router 10.10.10.1
dns-server 10.10.10.1
lease 8

ip dhcp pool VLAN_20


network 10.20.20.0 255.255.255.192
default-router 10.20.20.1
dns-server 10.20.20.1
lease 8

BR1 SW1
enable
configure terminal
switchport range fa0/22-23
no shut
switchport trunk encapsulation dot1Q
switchport mode trunk
switchport trunk allowed vlan 10,20,99
switchport nonegotiate

vlan 10
exit
vlan 20
exit
vlan 99
name MANAGEMENT
exit

interface vlan 99
ip address 10.99.99.2 255.255.255.192
no shut
exit

ip default-gateway 10.99.99.1
spanning-tree mode rapid-pvst
vtp mode transparent
spanning-tree vlan 10,20,99 root primary

BR1 SW2
enable
configure terminal

spanning-tree mode rapid-pvst


vtp mode transparent

switchport range fa0/22-23


no shut
switchport trunk encapsulation dot1Q
switchport mode trunk
switchport trunk allowed vlan 10,20,99
switchport nonegotiate

vlan 10
exit
vlan 20
exit
vlan 99
name MANAGEMENT
exit

interface vlan 99
ip address 10.99.99.3 255.255.255.192
no shut
exit

ip default-gateway 10.99.99.1
interface fa0/1
switchport mode access
switchport access vlan 10
no shut
spanning-tree portfast
switchport nonegotiate
spanning-tree bpduguard enable

BR1 SW3
enable
configure terminal

spanning-tree mode rapid-pvst


vtp mode transparent

switchport range fa0/22-23


no shut
switchport trunk encapsulation dot1Q
switchport mode trunk
switchport trunk allowed vlan 10,20,99
switchport nonegotiate

vlan 10
exit
vlan 20
exit
vlan 99
name MANAGEMENT
exit

interface vlan 99
ip address 10.99.99.4 255.255.255.192
no shut
exit

ip default-gateway 10.99.99.1

interface fa0/1
switchport mode access
switchport access vlan 20
no shut
spanning-tree portfast
switchport nonegotiate
spanning-tree bpduguard enable

FOR BR2 Router and Switches


Same config as BR1 just change the ip addresses

interface serial0/1/0
ip address 10.123.123.6 255.255.255.252

interface fa0/0.10
ip address 10.10.10.65 255.255.255.192

interface fa0/0.20
encapsulation dot1Q 20
ip address 10.20.20.65 255.255.255.192
no shut

interface fa0/0.99
encapsulation dot1Q 20
ip address 10.99.99.65 255.255.255.192
no shut

router rip
version 2
no auto-summary
network 10.10.10.64 0.0.0.63
network 10.20.20.64 0.0.0.63
network 10.99.99.64 0.0.0.63

# Configure DHCP
ip dhcp pool VLAN_10
network 10.10.10.64 255.255.255.192
default-router 10.10.10.65
dns-server 10.10.10.65
lease 8

ip dhcp pool VLAN_20


network 10.20.20.64 255.255.255.192
default-router 10.20.20.65
dns-server 10.20.20.65
lease 8

BR2 SW1
Int vlan 99
Ip address 10.99.99.66 255.255.255.192
BR2 SW2
Int vlan 99
Ip address 10.99.99.67 255.255.255.192
BR2 SW3
Int vlan 99
Ip address 10.99.99.68 255.255.255.192

Ip default-gateway 10.99.99.65
FOR BR3 Router and Switches
Same config as BR1 just change the ip addresses

interface serial0/1/0
ip address 10.123.123.10 255.255.255.252

interface fa0/0.10
ip address 10.10.10.129 255.255.255.192

interface fa0/0.20
encapsulation dot1Q 20
ip address 10.20.20.129 255.255.255.192
no shut

interface fa0/0.99
encapsulation dot1Q 20
ip address 10.99.99.129 255.255.255.192
no shut

router rip
version 2
no auto-summary
network 10.10.10.129 0.0.0.63
network 10.20.20.129 0.0.0.63
network 10.99.99.129 0.0.0.63

# Configure DHCP
ip dhcp pool VLAN_10
network 10.10.10.128 255.255.255.192
default-router 10.10.10.129
dns-server 10.10.10.129
lease 8

ip dhcp pool VLAN_20


network 10.20.20.64 255.255.255.192
default-router 10.20.20.64
dns-server 10.20.20.64
lease 8
BR3 SW1
Int vlan 99
Ip address 10.99.99.130 255.255.255.192
BR3 SW2
Int vlan 99
Ip address 10.99.99.131 255.255.255.192
BR3 SW3
Int vlan 99
Ip address 10.99.99.132 255.255.255.192

Ip default-gateway 10.99.99.129