8.1.2.4 Lab - Configuring Basic DHCPv4 On A Router - Solution

Cisco Network Academy
CCNA 2 Routing and Switching Essentials

Packet Tracer Practice with Dans’ Sample
http://www.danscourses.com/
 In this lab, you will:
Step 1
------------
Using the address information in the topology diagram configure:
- Web Server:
ip address - 192.168.35.252
subnet mask - 255.255.255.0
gateway - 192.168.35.1
DNS server - 192.168.35.253
- DNS Server:
ip address - 192.168.35.253
subnet mask - 255.255.255.0
gateway - 192.168.35.1
DNS server - 127.0.0.1
- PC-Admin:
ip address - 192.168.88.10
subnet mask - 255.255.255.0
gateway - 192.168.88.1
DNS server - 192.168.35.253
Step 2
------------
Using the information in topology diagram configure
S1, S2, S3 with the following initial settings:
1. hostname
2. vlans and vlan names
3. trunks (allowed vlans, and native vlan)
- S1, S2, S3 VLANs allowed: 15, 25, 35, 88, 98, native: 98
4. access switchports with vlans
5. shutdown unused switchports
6. the management interface vlan 88 with an ip address
7. use the planned R1 address 192.168.88.1 as the default gateway
Step 3
------------
Using the address information in the topology diagram configure
R1, R2, R3 with the following initial settings:
1. hostname,
2. interface addresses and subnet masks R1, R2, R3
R1 s0/0/0: clock rate 2000000
R2 s0/0/1: clock rate 128000
3. R1 g0/0 & R3 g0/1
- sub-interface addressing and 802.1q encapsulation
*note: when configuring sub-interfaces you need to enable the physical interface
4. Enable IPv6 routing on R2 and R3
5. R2 s0/1/0 and s0/0/1 - IPv6 addressing (see topology diagram)
R3 g0/0 and s0/0/1 - IPv6 addressing (see topology diagram)
6. R3 loopback interfaces with ip addresses
Step 4
------------
1. Configure R1 as a DHCPv4 server:
Create a dhcp pool named POOL15 for the 192.168.15.0/24 network
exclude the first 5 addresses in both pools
the dhcp pools will need:
- network and mask
- default-router
- dns-server
2. Enable the DHCPv4 clients on PC1 and PC2 to verify the dhcp server is working
3. Configure R3 as a stateless DHCPv6 server:

create a ipv6 dhcp pool named POOLIPV6
provide dns-server information: 2001:DB8:2323:E::1
*note: DHCPv6 needs to be applied to the interface and the
nd other-config-flag will need to be set for stateless DHCPv6
4. Enable the DHCPv6 client on PC4 to verify that SLAAC and the
DHCPv6 server is working.
5. *Note: sometimes you need to toggle the DHCPv4 and v6 client settings
on and off to get them to work correctly and pick up addressing information
Step 5
-------------
Configure single area OSPFv2 on R1, R2, R3
R1
ospf process id 1
router-id 1.1.1.1
networks all (area 0)
do not send router advertisements out of all LAN interfaces
set serial 0/0/0 bandwidth to 1544 kilobits per second
R2
first create a default route on R2 out of s0/1/0
ospf process id 1
router-id 2.2.2.2
networks 192.168.5.0 and 192.168.5.4 (area 0)
do not send router advertisements out of s0/1/0 interface
advertise the default route to other OSPF routers
R3
ospf process id 1
router-id 3.3.3.3
networks all (area 0) except use a single summary route for the loopback networks
do not send router advertisements out of all loopback interfaces
Step 6
---------------------
configure OSPFv3 on R2 and R3
R3
ipv6 ospf process id 10
router-id 3.3.3.3
passive-interfaces on g0/0 and g0/1
configure s0/0/1 and g0/0 with ipv6 ospf 10 area 0
configure an ipv6 ::/0 default route out s0/0/1
R2
router-id 2.2.2.2
passive interfaces on s0/0/0 and s0/1/0
configure s0/0/1 with ipv6 ospf 10 area 0
*note: You should be able to ping the Initech Server IPv6 address from PC4.
If you are unable to ping Initech, double check your interface and OSPFv3 settings and
do a clear ipv6 ospf process command on R2 and R3
Step 7
---------------------
Configure static and dynamic NAT on R2.
1. Configure a static nat rule:
- translating global 209.165.201.65 to the local web server at 192.168.35.252
2. Configure int s0/1/0 as the outside NAT interface
3. Configure int s0/0/0 and s0/0/1 as the inside NAT interfaces
4. Configure a NAT pool named R2NATPOOL for:
209.165.201.66 through 209.165.201.69
make the netmask as close as possible to masking just those addresses
5. Configure access-list 15 to permit the 192.168.15.0/24 network
7. Create two separate dynamic NAT rules:
- "ip nat inside" that maps access-list 15 to the nat pool with overload
Step 8
---------------------
Configure access lists on R2 to limit outside access into the network
1. configure an extended access-list 100 to achieve the following goals (3 lines only):
- from the outside permit port 80 access to the web server
- from the outside permit pings that were initiated from within the network only
- permit "established" web page requests generated from within the network only
(you will need to use the established keyword at the end of the line)
- deny all other kinds of communication from outside the network
2. configure an IPv6 access-list FIREWALL-IPV6 to achieve the following goals (2 lines only):
Step 9
---------------------
Configure the following on R3:
- password min length 10 characters
- encrypt all passwords
- banner motd "No unauthorized access allowed!"
- administrative user account:
username: admin,
secret pass: danscourses
- enable secret: class12345
- named access-list ADMIN-MGT
permit only host PC-Admin remote Telnet access
- console 0 and vty 0 4:
use local database for logins,
timeout after 5 min
apply ADMIN-MGT access-list to vty
- save running-config to startup-config
 Lab Guide
Step 1
------------
Using the address information in the topology diagram configure:
- Web Server:
ip address - 192.168.35.252
subnet mask - 255.255.255.0
gateway - 192.168.35.1
DNS server - 192.168.35.253
- DNS Server:
ip address - 192.168.35.253
subnet mask - 255.255.255.0
gateway - 192.168.35.1
DNS server - 127.0.0.1
- PC-Admin:
ip address - 192.168.88.10
subnet mask - 255.255.255.0
gateway - 192.168.88.1
DNS server - 192.168.35.253
Step 2
------------
Using the information in topology diagram configure
S1, S2, S3 with the following initial settings:
1. hostname
2. vlans and vlan names
3. trunks (allowed vlans, and native vlan)
- S1, S2, S3 VLANs allowed: 15, 25, 35, 88, 98, native: 98
4. access switchports with vlans
5. shutdown unused switchports
6. the management interface vlan 88 with an ip address
7. use the planned R1 address 192.168.88.1 as the default gateway
For the switch S1:
S1>en
S1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#hostname S1
S1(config)#vlan 15
S1(config-vlan)#name Sales
S1(config-vlan)#vlan 25
S1(config-vlan)#name Research
S1(config-vlan)#name Servers
S1(config-vlan)#name Mgt
S1(config-vlan)#name Native
S1(config-vlan)#exit
S1(config-if)#int f0/5
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 15
S1(config-if)#int g0/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk allowed vlan 15,25,35,88,98
S1(config-if)#switchport trunk native vlan 98
S1(config-if)#int range f0/1-4, f0/6-24

S1(config-if-range)#shut
S1(config-if-range)#exit
S1(config)#
S1(config)#int vlan 88
S1(config-if)#ip address 192.168.88.11 255.255.255.0
S1(config-if)#exit
S1(config)#ip default-gateway 192.168.88.1

S1(config)#exit
S1#
S1#copy run start

Destination filename [startup-config]?
Building configuration...
[OK]
S1#show run
Current configuration : 1617 bytes

!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
shutdown
!
shutdown
!
shutdown
!
shutdown
!
switchport access vlan 15
switchport mode access
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface GigabitEthernet0/1
switchport trunk native vlan 98
switchport trunk allowed vlan 15,25,35,88,98
switchport mode trunk
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan88
ip address 192.168.88.11 255.255.255.0
!
ip default-gateway 192.168.88.1
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
S1#
Please complete the same configuration for the switch S2 and S3.
Note: the switch name should be S2 and S3 respectively, not S1.
For the switch S2:
Switch>en
Switch#conf t
Switch(config)#hostname S2
S2(config)#vlan 15
S2(config)#int g0/1
S2(config-if)# int g0/2

S2(config-if)#int f0/10
S2(config-if)#int range f0/1-9, f0/11-24

S2(config-if)#exit

S2(config)#exit
S2#copy run start
S2#show run

!
version 12.2
!
hostname S2
!
!
!
!
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan88
ip address 192.168.88.12 255.255.255.0
!
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
S2#
For the switch S3:
Switch>en
Switch#conf t
Switch(config)#hostname S3
S3(config)#vlan 15
S3(config)#int g0/1
S3(config-if)#exit
S3(config)#int f0/5
S3(config-if)#int range f0/1-2

S3(config-if-range)#switchport mode access
S3(config-if-range)#switchport access vlan 35
S3(config-if-range)#int range f0/3-4, f0/6-24

S3(config)#
S3(config-if)#exit

S3(config)#exit
S3#copy run start

[OK]
S3#show run

!
version 12.2
!
hostname S3
!
!
!
!
!
!
!
!
shutdown
!
shutdown
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan88
ip address 192.168.88.13 255.255.255.0
!
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
S3#
Step 3
------------
Using the address information in the topology diagram configure
R1, R2, R3 with the following initial settings:
1. hostname,
2. interface addresses and subnet masks R1, R2, R3
R1 s0/0/0: clock rate 2000000
R2 s0/0/1: clock rate 128000
3. R1 g0/0 & R3 g0/1
- sub-interface addressing and 802.1q encapsulation
*note: when configuring sub-interfaces you need to enable the physical interface
4. Enable IPv6 routing on R2 and R3
5. R2 s0/1/0 and s0/0/1 - IPv6 addressing (see topology diagram)
R3 g0/0 and s0/0/1 - IPv6 addressing (see topology diagram)
6. R3 loopback interfaces with ip addresses
For the router R1:
Router>en
Router#conf t
Router(config)# hostname R1
R1(config)#int g0/0
R1(config-if)#no shut
R1(config-if)#int g0/0.15
R1(config-subif)#encapsulation dot1q ?
<1-1005> IEEE 802.1Q VLAN ID
R1(config-subif)#encapsulation dot1q 15
R1(config-subif)#ip address 192.168.15.1 255.255.255.0
R1(config-subif)#int g0/0.25
Router(config-subif)#ip address 192.168.88.1 255.255.255.0
R1(config-subif)#encapsulation dot1q 98 ?
native Make this as native vlan
<cr>
R1(config-subif)#encapsulation dot1q 98 native
R1(config-subif)#exit
R1(config)#
R1(config)#int s0/0/0
R1(config-if)#clock rate 2000000
R1(config-if)#ip address 192.168.5.1 255.255.255.252
R1(config-if)#exit
R1(config)#exit
R1#
R1#show run

!
version 15.1
!
hostname R1
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX15245PB6
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.15
encapsulation dot1Q 15
ip address 192.168.15.1 255.255.255.0
!
ip address 192.168.25.1 255.255.255.0
!
ip address 192.168.35.1 255.255.255.0
!
ip address 192.168.88.1 255.255.255.0
!
encapsulation dot1Q 98 native
ip address 192.168.98.1 255.255.255.0
!
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.5.1 255.255.255.252
clock rate 2000000
!
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R1#copy run start

[OK]
R1#
For the router R2:
Router>en
Router#conf t
Router(config)#hostname R2
R2(config-if)#int s0/1/0
R2#show controller s0/1/0

Interface Serial0/1/0
Hardware is PowerQUICC MPC860
DTE V.35 TX and RX clocks detected
<omitted>
R2#show controller s0/0/1

Interface Serial0/0/1
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 2000000
<omitted>
R2#
R2#
R2#conf t
R2(config-if)#clock rate 128000
<CTRL + C>
R2#
R2#ping 209.165.201.1
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.165.201.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/22/60 ms
R2#
R2#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/14/37 ms
R2# conf t
R2 (config)# ipv6 unicast-routing
R2 (config)# int s0/1/0

R2 (config-if)# ipv6 address 2001:DB8:2323:E::2/64
R2 (config-if)# ipv6 address FE80::2 link-local

R2 (config-if)# ipv6 address 2001:DB8:DC:A::1/64
R2(config-if)#no ipv6 traffic-filter FIREWALL-IPV6 in
R2(config-if)#
R2#
R2#show run

!
version 15.1
!
hostname R2
!
!
!
!
!
!
ip cef
ipv6 unicast-routing
!
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX1524595X
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip address
duplex auto
speed auto
shutdown
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 192.168.5.2 255.255.255.252
!
ip address 192.168.5.5 255.255.255.252
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:DC:A::1/64
clock rate 128000
!
ip address 209.165.201.66 255.255.255.0
ipv6 address 2001:DB8:2323:E::2/64
!
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R2#copy run start

[OK]
R2#
For the router R3:
Router>en
Router#conf t
Router(config)#hostname R3
R3(config)#int g0/1
R3(config-if)#int g0/1.15
R3(config-subif)#encapsulation dot1q 98 native
R3(config-subif)#exit
R3(config)# exit
R3#show run

!
version 15.1
security passwords min-length 10
!
hostname R3
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX1524SI65
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip address
duplex auto
speed auto
shutdown
!
no ip address
duplex auto
speed auto
!
ip address 192.168.15.3 255.255.255.0
!
ip address 192.168.25.3 255.255.255.0
!
ip address 192.168.35.3 255.255.255.0
!
ip address 192.168.88.3 255.255.255.0
!
ip address 192.168.98.3 255.255.255.0
!
no ip address
clock rate 2000000
shutdown
!
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
access-class ADMIN-MGT in
login
!
!
!
end
R3(config)#
R3(config-if)#exit
R3(config)#ipv6 unicast-routing
R3(config)#int g0/0
R3(config-if)#ipv6 address 2001:DB88:DC:1::1/64
R3(config-if)#ipv6 address FE80::3 link-local
R3(config-if)#exit

R3 (config-if)# ipv6 address 2001:DB8:DC:A::2/64
R3(config-if)#exit
R3(config)#exit
R3#copy run start

[OK]
R3#show run

!
version 15.1
!
hostname R3
!
!
!
!
!
!
ip cef
!
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip address
duplex auto
speed auto
ipv6 address 2001:DB88:DC:1::1/64
!
no ip address
duplex auto
speed auto
!
ip address 192.168.15.3 255.255.255.0
!
ip address 192.168.25.3 255.255.255.0
!
ip address 192.168.35.3 255.255.255.0
!
ip address 192.168.88.3 255.255.255.0
!
ip address 192.168.98.3 255.255.255.0
!
no ip address
clock rate 2000000
shutdown
!
ip address 192.168.5.6 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R3#
R3#conf t
R3(config)#int lo0
R3(config-if)#int lo1
R3(config-if)#exit
R3(config)#exit
R3#copy run start

[OK]
R3#show run

!
version 15.1
!
hostname R3
!
!
!
!
!
!
ip cef
!
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.4.1 255.255.255.0
!
interface Loopback1
ip address 172.16.5.1 255.255.255.0
!
interface Loopback2
ip address 172.16.6.1 255.255.255.0
!
interface Loopback3
ip address 172.16.7.1 255.255.255.0
!
no ip address
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
!
ip address 192.168.15.3 255.255.255.0
!
ip address 192.168.25.3 255.255.255.0
!
ip address 192.168.35.3 255.255.255.0
!
ip address 192.168.88.3 255.255.255.0
!
ip address 192.168.98.3 255.255.255.0
!
no ip address
clock rate 2000000
shutdown
!
ip address 192.168.5.6 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R3#
Step 4
------------
1. Configure R1 as a DHCPv4 server:
exclude the first 5 addresses in both pools
the dhcp pools will need:
- network and mask
- default-router
- dns-server
2. Enable the DHCPv4 clients on PC1 and PC2 to verify the dhcp server is working
3. Configure R3 as a stateless DHCPv6 server:

create a ipv6 dhcp pool named POOLIPV6
provide dns-server information: 2001:DB8:2323:E::1
*note: DHCPv6 needs to be applied to the interface and the
nd other-config-flag will need to be set for stateless DHCPv6
4. Enable the DHCPv6 client on PC4 to verify that SLAAC and the
DHCPv6 server is working.
5. *Note: sometimes you need to toggle the DHCPv4 and v6 client settings
on and off to get them to work correctly and pick up addressing information
For the Router R1:
R1>en
R1#conf t
R1(config)#ip dhcp pool POOL15

R1(dhcp-config)#network 192.168.15.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.15.1
R1(dhcp-config)#dns-server 192.168.35.253
R1(dhcp-config)#ip dhcp pool POOL25

R1(dhcp-config)#network 192.168.25.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.25.1
R1(dhcp-config)#dns-server 192.168.35.253
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 192.168.15.1 192.168.15.5

R1(config)#ip dhcp excluded-address 192.168.25.1 192.168.25.5
R1(config)#exit
R1#copy run start
[OK]
R1#
Note: At this point, check if the DHCPv4 setup is successfully done by changing IP
configuration of both PC1 and PC2 from Static to DHCP.
We also can check if the default router has been setup successfully by pining to the
default gateway R1 from PC1 and PC2.
PC1> ping 192.168.15.1
PC2> ping 192.168.25.1
Now, we will start to setup DHCPv6
Note: To see what SLAAC does, change IPv6 configuration on PC4 from Static to
Auto Config.
For the Router R3:
SLAAC (Stateless Address Auto Configuration) + DHCPv6
R3>en
R3#conf t
R3(config)#ipv6 dhcp pool POOLIPV6

R3(config-dhcp)#dns-server 2001:DB8:2323:E::1
R3(config-dhcp)#exit
R3(config)#int g0/0
R3(config-if)#ipv6 dhcp ?
client Act as an IPv6 DHCP client
server Act as an IPv6 DHCP server
R3(config-if)#ipv6 dhcp server ?

WORD Name of IPv6 DHCP pool
R3(config-if)#ipv6 dhcp server POOLIPV6
R3(config-if)#ipv6 nd ?
managed-config-flag Hosts should use DHCP for address config
other-config-flag Other stateful configuration flag
ra Router Advertisement control
R3(config-if)#ipv6 nd other-config-flag
R3(config-if)#
Note: To check the setup, change IPv6 configuration on PC4 from Auto Config to
Static and then from Static to Auto Config. If necessary, keep checking it back and
forth until we can see all the information under IPv6 configuration.
Step 5
-------------
Configure single area OSPFv2 on R1, R2, R3
R1
ospf process id 1
router-id 1.1.1.1
networks all (area 0)
R2
first create a default route on R2 out of s0/1/0
ospf process id 1
router-id 2.2.2.2
networks 192.168.5.0 and 192.168.5.4 (area 0)
do not send router advertisements out of s0/1/0 interface
advertise the default route to other OSPF routers
R3
ospf process id 1
router-id 3.3.3.3
networks all (area 0) except use a single summary route for the loopback networks
do not send router advertisements out of all loopback interfaces
On R1:
R1> en
R1#conf t
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 192.168.15.0 ?
A.B.C.D OSPF wild card bits
R1(config-router)#network 192.168.15.0 0.0.0.255 area 0
R1(config-router)#passive-interface g0/0.15
R1(config-router)#exit
R1(config-if)#bandwidth ?
<1-10000000> Bandwidth in kilobits
R1(config-if)#bandwidth 1544
R1(config-if)#exit
R1(config)#exit
R1#copy run start

[OK]
R1#
On R2:
R2>en
R2#conf t
R2(config-if)#exit
R2(config-router)#
00:08:54: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0/0 from LOADING to
FULL, Loading Done

R2(config-router)#passive-interface s0/1/0
R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0
R2(config-if)#exit
R2(config-router)#default-information originate
R2(config)#exit
R2#show run

!
version 15.1
!
hostname R2
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip address
duplex auto
speed auto
shutdown
!
no ip address
duplex auto
speed auto
shutdown
!
bandwidth 1544
ip address 192.168.5.2 255.255.255.252
clock rate 2000000
!
bandwidth 128
ip address 192.168.5.5 255.255.255.252
clock rate 128000
!
ip address 209.165.201.66 255.255.255.0
ipv6 traffic-filter FIREWALL-IPV6 in
clock rate 2000000
!
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
passive-interface Serial0/1/0
network 192.168.5.0 0.0.0.3 area 0
network 192.168.5.4 0.0.0.3 area 0
default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R2#copy run start

[OK]
R2#
On R3:
R3>en
R3#conf t
R3(config-router)#passive-interface lo0
R3(config)#exit
R3#
R3#copy run start

[OK]
R3#
R3#
R3#show run

!
version 15.1
!
hostname R3
!
!
!
!
!
!
ip cef
!
no ipv6 cef
!
ipv6 dhcp pool POOLIPV6
dns-server 2001:DB8:2323:E::1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.4.1 255.255.255.0
!
interface Loopback1
ip address 172.16.5.1 255.255.255.0
!
interface Loopback2
ip address 172.16.6.1 255.255.255.0
!
interface Loopback3
ip address 172.16.7.1 255.255.255.0
!
no ip address
duplex auto
speed auto
ipv6 nd other-config-flag
ipv6 dhcp server POOLIPV6
!
no ip address
duplex auto
speed auto
!
ip address 192.168.15.3 255.255.255.0
!
ip address 192.168.25.3 255.255.255.0
!
ip address 192.168.35.3 255.255.255.0
!
ip address 192.168.88.3 255.255.255.0
!
ip address 192.168.98.3 255.255.255.0
!
no ip address
clock rate 2000000
shutdown
!
ip address 192.168.5.6 255.255.255.252
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 3.3.3.3
passive-interface Loopback0
passive-interface GigabitEthernet0/1.15
network 192.168.15.0 0.0.0.255 area 0
network 192.168.25.0 0.0.0.255 area 0
network 192.168.35.0 0.0.0.255 area 0
network 192.168.88.0 0.0.0.255 area 0
network 192.168.98.0 0.0.0.255 area 0
network 192.168.5.4 0.0.0.3 area 0
network 172.16.4.0 0.0.3.255 area 0
!
ip classless
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R3#
At this point, to restart the ospf process, configure the following on R1, R2, and R3
On R1:
R1>en
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
R1#
00:23:14: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.201.66 on Serial0/0/0 from
FULL to DOWN, Neighbor Down: Adjacency forced to reset

FULL to DOWN, Neighbor Down: Interface down or detached

LOADING to FULL, Loading Done
R1#copy run start

[OK]
R1#
On R2:
R2>en
R2#
00:24:52: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0/0 from FULL to
DOWN, Neighbor Down: Adjacency forced to reset

DOWN, Neighbor Down: Interface down or detached


FULL, Loading Done
R2#copy run start

[OK]
R2#
On R3:
R3>en
R3#


FULL, Loading Done
R3#copy run start

[OK]
R3#
Step 6
---------------------
configure OSPFv3 on R2 and R3
R3
router-id 3.3.3.3
passive-interfaces on g0/0 and g0/1
configure s0/0/1 and g0/0 with ipv6 ospf 10 area 0
R2
router-id 2.2.2.2
passive interfaces on s0/0/0 and s0/1/0
configure s0/0/1 with ipv6 ospf 10 area 0
*note: You should be able to ping the Initech Server IPv6 address from PC4. If
you are unable to ping Initech, double check your interface and OSPFv3
settings and do a clear ipv6 ospf process command on R2 and R3
On R3:
R3>en
R3#conf t
R3(config)#ipv6 router ospf 10

R3(config-rtr)#router-id 3.3.3.3
R3(config-rtr)#passive-interface g0/0
R3(config-rtr)#passive-interface g0/1
R3(config-rtr)#end
R3#
R3#conf t
R3(config)#int g0/0
R3(config-if)#ipv6 ospf 10 area 0
R3(config-if)#exit
R3(config)#exit
R3#show run

!
version 15.1
!
hostname R3
!
!
!
!
!
!
ip cef
!
no ipv6 cef
!
ipv6 dhcp pool POOLIPV6
dns-server 2001:DB8:2323:E::1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.4.1 255.255.255.0
!
interface Loopback1
ip address 172.16.5.1 255.255.255.0
!
interface Loopback2
ip address 172.16.6.1 255.255.255.0
!
interface Loopback3
ip address 172.16.7.1 255.255.255.0
!
no ip address
duplex auto
speed auto
ipv6 nd other-config-flag
ipv6 ospf 10 area 0
ipv6 dhcp server POOLIPV6
!
no ip address
duplex auto
speed auto
!
ip address 192.168.15.3 255.255.255.0
!
ip address 192.168.25.3 255.255.255.0
!
ip address 192.168.35.3 255.255.255.0
!
ip address 192.168.88.3 255.255.255.0
!
ip address 192.168.98.3 255.255.255.0
!
no ip address
clock rate 2000000
shutdown
!
ip address 192.168.5.6 255.255.255.252
ipv6 ospf 10 area 0
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
ipv6 router ospf 10
router-id 3.3.3.3
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
!
ip classless
!
!
ipv6 route ::/0 Serial0/0/1
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R3#
On R2:
R2>en
R2#conf t
R2(config)#ipv6 router ospf 10

R2(config-rtr)#router-id 2.2.2.2
R2(config-rtr)#passive-interface s0/0/0
R2(config-rtr)#passive-interface s0/1/0
R2(config-rtr)#exit
R2(config-if)#exit
R2(config)#ipv6 route ::/0 s0/1/0

R2(config)#exit
R2#copy run start

[OK]
R2#show run

!
version 15.1
!
hostname R2
!
!
!
!
!
!
ip cef
!
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip address
duplex auto
speed auto
shutdown
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 192.168.5.2 255.255.255.252
clock rate 2000000
!
bandwidth 128
ip address 192.168.5.5 255.255.255.252
ipv6 ospf 10 area 0
clock rate 128000
!
ip address 209.165.201.66 255.255.255.0
ipv6 address 2001:DB8:2323:E::2/64
clock rate 2000000
!
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 2.2.2.2
network 192.168.5.0 0.0.0.3 area 0
network 192.168.5.4 0.0.0.3 area 0
default-information originate
!
ipv6 router ospf 10
router-id 2.2.2.2
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
!
!
ipv6 route ::/0 Serial0/1/0
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R2#
At this point, you should be able to ping the Initech Web Server IPv6
address from PC4.
PC4> ping 2001:DB8:2323:F::F2
If you are unable to ping Initech Web Server, double check your interface
and OSPFv3 settings and do a clear ipv6 ospf process command on R2 and
R3.
If it still doesn’t work, check if all the IPv6 addresses are set in the IPv6
configuration on PC4. If not, change the setting to DHCP and then to Auto
Config multiple times until you see all the IPv6 addresses.
Step 7
---------------------
Configure static and dynamic NAT on R2.
1. Configure a static nat rule:
- translating global 209.165.201.65 to the local web server at 192.168.35.252
2. Configure int s0/1/0 as the outside NAT interface
3. Configure int s0/0/0 and s0/0/1 as the inside NAT interfaces
4. Configure a NAT pool named R2NATPOOL for:
209.165.201.66 through 209.165.201.69
make the netmask as close as possible to masking just those addresses
7. Create two separate dynamic NAT rules:
On R2:
R2>en
R2#conf t
R2(config)#ip nat ?
inside Inside address translation
outside Outside address translation
pool Define pool of addresses
R2(config)#ip nat inside ?

source Source address translation
R2(config)#ip nat inside source ?

list Specify access list describing local addresses
static Specify static local->global mapping
R2(config)#ip nat inside source static ?

A.B.C.D Inside local IP address
tcp Transmission Control Protocol
udp User Datagram Protocol
R2(config)#ip nat inside source static 192.168.35.252 ?

A.B.C.D Inside global IP address
R2(config)#ip nat inside source static 192.168.35.252 209.165.201.65

R2(config-if)#ip nat outside
R2(config-if)#ip nat inside
R2(config-if)#ip nat inside
R2(config-if)#exit
R2(config)#exit
R2#show ip nat translations

Pro Inside global Inside local Outside local Outside global
--- 209.165.201.65 192.168.35.252 --- ---
R2#
At this point, we should be able to access to our web server (209.165.201.65) from the PC
on the Internet (209.165.201.1)
Desktop tab  Web Browswer  type the url, http://209.165.201.65  Go
Then, you can do the following on R2:

--- 209.165.201.65 192.168.35.252 --- ---
tcp 209.165.201.65:80 192.168.35.252:80 209.165.201.1:1025 209.165.201.1:1025
R2#
Now, let’s continue the requested configuration.
On R2:
R2#
R2#conf t
R2(config)#ip nat pool R2NATPOOL ?

A.B.C.D Start IP address
R2(config)#ip nat pool R2NATPOOL 209.165.201.66 209.165.201.69 ?
netmask Specify the network mask
R2(config)#ip nat pool R2NATPOOL 209.165.201.66 209.165.201.69 netmask

255.255.255.248
R2(config)#access-list 15 permit 192.168.15.0 0.0.0.255

R2(config)#access-list 25 permit 192.168.25.0 0.0.0.255
R2(config)#ip nat inside ?

source Source address translation
R2(config)#ip nat inside source ?

list Specify access list describing local addresses
static Specify static local->global mapping
R2(config)#ip nat inside source list 15 ?

interface Specify interface for global address
pool Name pool of global addresses
R2(config)#ip nat inside source list 15 pool R2NATPOOL ?

overload Overload an address translation
<cr>
R2(config)#ip nat inside source list 15 pool R2NATPOOL overload

R2(config)#ip nat inside source list 25 pool R2NATPOOL overload
R2(config)#
At this point, we can check if PC1 and PC 2 can ping to the Initech Web Server
(209.165.201.250)
PC1> ping 209.165.201.250
PC2> ping 209.165.201.250
Then, on R2, do the following.

icmp 209.165.201.66:1024192.168.25.6:1 209.165.201.250:1 209.165.201.250:1024
icmp 209.165.201.66:1025192.168.25.6:2 209.165.201.250:2 209.165.201.250:1025
icmp 209.165.201.66:1026192.168.25.6:3 209.165.201.250:3 209.165.201.250:1026
icmp 209.165.201.66:1027192.168.25.6:4 209.165.201.250:4 209.165.201.250:1027
icmp 209.165.201.66:1 192.168.15.6:1 209.165.201.250:1 209.165.201.250:1
icmp 209.165.201.66:2 192.168.15.6:2 209.165.201.250:2 209.165.201.250:2
icmp 209.165.201.66:3 192.168.15.6:3 209.165.201.250:3 209.165.201.250:3
icmp 209.165.201.66:4 192.168.15.6:4 209.165.201.250:4 209.165.201.250:4
--- 209.165.201.65 192.168.35.252 --- ---
tcp 209.165.201.65:80 192.168.35.252:80 209.165.201.1:1025 209.165.201.1:1025
R2#
Step 8
---------------------
Configure access lists on R2 to limit outside access into the network
1. configure an extended access-list 100 to achieve the following goals (3 lines only):
- from the outside permit port 80 access to the web server
2. configure an IPv6 access-list FIREWALL-IPV6 to achieve the following goals (2 lines only):
On R2:
R2>en
R2#conf t
R2(config)#access-list 100 permit tcp any host 209.165.201.65 eq 80
R2(config)#access-list 100 permit icmp any any echo-reply
R2(config)#access-list 100 permit tcp any eq 80 any ?

dscp Match packets with given dscp value
eq Match only packets on a given port number
established established
gt Match only packets with a greater port number
lt Match only packets with a lower port number
neq Match only packets not on a given port number
precedence Match packets with given precedence value
range Match only packets in the range of port numbers
<cr>
R2(config)#access-list 100 permit tcp any eq 80 any established
R2(config)#ipv6 access-list ?
WORD User selected string identifying this access list
R2(config)#ipv6 access-list FIREWALL-IPV6

R2(config-ipv6-acl)#permit icmp any any echo-reply
R2(config-ipv6-acl)#permit tcp any eq 80 any established
R2(config-ipv6-acl)#exit
R2(config-if)#ip access-group 100 in
R2(config-if)#ipv6 ?
address Configure IPv6 address on interface
authentication authentication subcommands
dhcp IPv6 DHCP interface subcommands
eigrp Configure EIGRP IPv6 on interface
enable Enable IPv6 on interface
flow NetFlow Related commands
hello-interval Configures IP-EIGRP hello interval
mtu Set IPv6 Maximum Transmission Unit
nat Enable IPv6 NAT on interface
nd IPv6 interface Neighbor Discovery subcommands
ospf OSPF interface commands
rip Configure RIP routing protocol
summary-address Summary prefix
traffic-filter Access control list for packets
R2(config-if)#ipv6 traffic-filter ?
WORD Access-list name
R2(config-if)#ipv6 traffic-filter FIREWALL-IPV6 in
R2(config-if)#exit
R2(config)#exit
R2#copy run start

[OK]
R2#
At this point, test if the configurations work.
On PC1
PC> ping 209.165.201.250
Web Browser
Type the following URL
http://209.165.201.250
Then, press GO
On the PC on the Internet

Web Broswer
Type the following URL
http://209.165.201.65
Then, press GO
And the following ping should be blocked

PC> ping 209.165.201.65
Step 9
---------------------
Configure the following on R3:
- password min length 10 characters
- encrypt all passwords
- banner motd "No unauthorized access allowed!"
- administrative user account:
username: admin,
secret pass: danscourses
- enable secret: class12345
- named access-list ADMIN-MGT
permit only host PC-Admin remote Telnet access
- console 0 and vty 0 4:
use local database for logins,
timeout after 5 min
apply ADMIN-MGT access-list to vty
- save running-config to startup-config
On R3:
R3>en
R3#conf t
R3(config)#security ?
passwords Password security CLIs
R3(config)#security passwords min-length 10

R3(config)#service password-encryption
R3(config)#banner motd "No unauthorized access allowed!"
R3(config)#username admin secret danscourses
R3(config)#enable secret class12345
R3(config)#ip access-list standard ADMIN-MGT

R3(config-std-nacl)#permit host 192.168.88.10
R3(config-std-nacl)#exit
R3(config)#line console 0
R3(config-line)#login local
R3(config-line)#exec-timeout 5 0
R3(config-line)#line vty 0 4
R3(config-line)#login local
R3(config-line)#exec-timeout 5 0
R3(config-line)#ip access-class ADMIN-MGT in
R3(config-line)#exit
R3(config)#exit
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#copy run start

[OK]
R3#

8.1.2.4 Lab - Configuring Basic DHCPv4 On A Router - Solution

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

8.1.2.4 Lab - Configuring Basic DHCPv4 On A Router - Solution

Загружено:

Авторское право:

Доступные форматы

Cisco Network Academy

CCNA 2 Routing and Switching Essentials

 In this lab, you will:

3. Configure R3 as a stateless DHCPv6 server:

For the switch S1:

S1(config-if)#int range f0/1-4, f0/6-24

S1(config)#ip default-gateway 192.168.88.1

S1#copy run start

Current configuration : 1617 bytes

S2(config-if)# int g0/2

S2(config-if)#int range f0/1-9, f0/11-24

S2(config)#ip default-gateway 192.168.88.1

Current configuration : 1617 bytes

For the switch S3:

S3(config-if)#int range f0/1-2

S3(config-if-range)#int range f0/3-4, f0/6-24

S3(config)#ip default-gateway 192.168.88.1

S3#copy run start

Current configuration : 1699 bytes

For the router R1:

Current configuration : 1238 bytes

R1#copy run start

For the router R2:

R2#show controller s0/1/0

R2#show controller s0/0/1

Type escape sequence to abort.

R2 (config)# ipv6 unicast-routing

R2 (config)# int s0/1/0

R2 (config)# int s0/0/1

Current configuration : 1039 bytes

R2#copy run start

Current configuration : 1279 bytes

R3 (config)# int s0/0/1

R3#copy run start

Current configuration : 1355 bytes

R3#copy run start

Current configuration : 1591 bytes

3. Configure R3 as a stateless DHCPv6 server:

For the Router R1:

R1(config)#ip dhcp pool POOL15

R1(dhcp-config)#ip dhcp pool POOL25

R1(config)#ip dhcp excluded-address 192.168.15.1 192.168.15.5

PC1> ping 192.168.15.1

PC2> ping 192.168.25.1

Now, we will start to setup DHCPv6

For the Router R3:

SLAAC (Stateless Address Auto Configuration) + DHCPv6

R3(config)#ipv6 dhcp pool POOLIPV6

R3(config-if)#ipv6 dhcp server ?

R1#copy run start

R2(config-router)#network 192.168.5.4 0.0.0.3 area 0

Current configuration : 1203 bytes

R2#copy run start

R3#copy run start

Current configuration : 2434 bytes

00:23:14: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.201.66 on Serial0/0/0 from

00:23:16: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.201.66 on Serial0/0/0 from

R1#copy run start

00:24:52: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0/0 from FULL to

00:24:52: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0/1 from FULL to

00:24:52: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0/1 from FULL to

R2#copy run start