Pontificia Universidad Catlica del Per

Facultad de Ciencias e Ingeniera Caso de Estudio CCNA 4-2008

Elaborado por: Nel Ricardo Ramrez Bulln

Lima, Octubre de 2008

Caso de Estudio y Examen Final CCNA4 Instructor: Flavio Csar Ramrez Horna
Topologia

Caso de CCNA4 Se pide configurar los routers: ISP, Swtich frame relay, R1, R2 y R3 asi como tambin los Switches: SW1, Sw2 y SW3 segn los siguientes Datos: Frame Relay= IETF LMI= ANSI Switch Fr y Router ISP= DCE (clock rate 56000) Routers R1, R2, R3= DTE Usar RIPv2 para la red WAN privada: o Los Routers R1, R2, R3 debern publicar todas las subredes El enlace WAN entre el Router ISP y R1 ser un enlace dedicado PPP Internet= En el router R1 se deber crear una ruta esttica o ruta por default y se debe distribuir por RIPv2 a toda la red WAN privada

 Configurar enlaces point-to-point para cada PVC por lo que deber configurar sub-interfaces en las interfaces seriales y adems deber configurar subinterfaces ethermet en cada uno de los routers conectados a los switches. En el router R1 se debe configurar NAT y PAT o Pool IPs pblicos: 210.45.82.8/29 o NAT esttico 172.16.96.2 -> 210.45.82.9 172.16.96.3 -> 210.45.82.10 o PAT 172.16.0.0 -> 210.45.82.11 172.17.0.0 -> 210.45.82.12 172.18.0.0 -> 210.45.82.13 Solo en el router R1 se deber configurar DHCP con un pool para cada subred de cada uno de los routers R1, R2 y R3 Lista de Acceso: o Los nicos host que podrn navegar (http->internet) son de la Subred 10 y 30 o Solo deben comunicarse host entre Subredes de la misma area/dpto o Solo podrn acceder al host 172.16.96.2 los host de las Subred 30 y Subred 10 Solo podrn acceder al host 172.16.96.3 los host de las Subred 20 y Subred 30 Los nicos que podrn hacer telnet a todos los routers y switchs sern R1 y host de la Subred 30 Nota: Respuesta Correcta 100 Puntos.

Router 1 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 20 ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 172.16.32.1 ip dhcp excluded-address 172.16.64.1 ip dhcp excluded-address 172.16.96.1 ip dhcp excluded-address 172.16.96.2 172.16.96.3 ip dhcp excluded-address 172.17.32.1 ip dhcp excluded-address 172.17.64.1 ip dhcp excluded-address 172.18.32.1 ip dhcp excluded-address 172.18.64.1 ! ip dhcp pool sub10-dp1 network 172.16.32.0 255.255.255.0 default-router 172.16.32.1 dns-server 172.16.32.2 ! ip dhcp pool sub20-dp1 network 172.16.64.0 255.255.255.0 default-router 172.16.64.1 dns-server 172.16.64.2 ! ip dhcp pool sub30-dp1 network 172.16.96.0 255.255.255.0 default-router 172.16.96.1 dns-server 172.16.96.2 ! ip dhcp pool sub10-dp2 network 172.17.32.0 255.255.255.0 default-router 172.17.32.1 dns-server 172.17.32.2

! ip dhcp pool sub20-dp2 network 172.17.64.0 255.255.255.0 default-router 172.17.64.1 dns-server 172.17.64.2 ! ip dhcp pool sub10-dp3 network 172.18.32.0 255.255.255.0 default-router 172.18.32.1 dns-server 172.18.32.2 ! ip dhcp pool sub20-dp3 network 172.18.64.0 255.255.255.0 default-router 172.18.64.1 dns-server 172.18.64.2 ! ! ! ! voice-card 0 no dspfarm ! ! ! ! ! ! interface FastEthernet0/0 no ip address ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 172.16.32.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/0.2 encapsulation dot1Q 2 ip address 172.16.64.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/0.3 encapsulation dot1Q 3 ip address 172.16.96.1 255.255.255.0 !

interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address ip nat inside ip virtual-reassembly encapsulation frame-relay frame-relay lmi-type cisco ! interface Serial0/0/0.18 point-to-point description R1 to R2 ip address 192.168.1.5 255.255.255.252 ip nat inside ip virtual-reassembly frame-relay interface-dlci 18 ! interface Serial0/0/0.19 point-to-point description R1 to R3 ip address 192.168.1.9 255.255.255.252 ip nat inside ip virtual-reassembly frame-relay interface-dlci 19 ! interface Serial0/0/1 bandwidth 64 ip address 209.45.82.10 255.255.255.252 ip nat outside ip virtual-reassembly clock rate 125000 encapsulation ppp ! router rip version 2 redistribute static network 172.16.0.0 network 172.17.0.0 network 172.18.0.0 network 192.168.1.0 network 209.45.82.0 no auto-summary ! ip route 0.0.0.0 0.0.0.0 209.45.82.9 ! ! ip http server no ip http secure-server

ip nat pool pat-16 210.45.82.11 210.45.82.11 netmask 255.255.255.248 ip nat pool pat-17 210.45.82.12 210.45.82.12 netmask 255.255.255.248 ip nat pool pat-18 210.45.82.13 210.45.82.13 netmask 255.255.255.248 ip nat inside source list 16 pool pat-16 overload ip nat inside source list 17 pool pat-17 overload ip nat inside source list 18 pool pat-18 overload ip nat inside source static 172.16.96.2 210.45.82.9 ip nat inside source static 172.16.96.3 210.45.82.10 ! access-list 16 permit 172.16.0.0 0.0.255.255 access-list 17 permit 172.17.0.0 0.0.255.255 access-list 18 permit 172.18.0.0 0.0.255.255 access-list 101 permit tcp 172.16.32.0 0.0.0.255 any eq www access-list 101 permit ip any 172.17.32.0 0.0.0.255 access-list 101 permit ip any 172.18.32.0 0.0.0.255 access-list 101 permit udp any any eq bootps access-list 101 permit ip any host 172.16.96.2 access-list 102 permit udp any any eq bootps access-list 102 permit ip any 172.17.64.0 0.0.0.255 access-list 102 permit ip any 172.18.64.0 0.0.0.255 access-list 102 permit ip any host 172.16.96.3 access-list 103 permit udp any any eq bootps access-list 103 permit tcp 172.16.96.0 0.0.0.255 any eq www access-list 103 permit ip any host 172.16.96.2 access-list 103 permit ip any host 172.16.96.3 access-list 103 permit tcp 172.16.96.0 0.0.0.255 any eq telnet ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 ! end

Router 2 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 20 ! ! ip cef ! ! voice-card 0 no dspfarm ! ! interface FastEthernet0/0 no ip address duplex auto speed auto no shut ! interface FastEthernet0/0.1 encapsulation dot1Q 10 ip address 172.17.32.1 255.255.255.0 ip helper-address 192.168.1.5 ip access-group 100 in ! interface FastEthernet0/0.2 encapsulation dot1Q 20 ip address 172.17.64.1 255.255.255.0 ip helper-address 192.168.1.5 ip access-group 102 in ! interface FastEthernet0/1 no ip address shutdown

duplex auto speed auto ! interface Serial0/0/0 no ip address encapsulation frame-relay frame-relay lmi-type cisco no shut ! interface Serial0/0/0.20 point-to-point ip address 192.168.1.6 255.255.255.252 frame-relay interface-dlci 20 ! interface Serial0/0/1 no ip address shutdown clock rate 125000 ! router rip version 2 network 172.17.0.0 network 192.168.1.0 no auto-summary ! ! ! ip http server no ip http secure-server ! access-list 100 permit tcp 172.17.32.0 0.0.0.255 any eq www access-list 100 permit ip 172.17.32.0 0.0.0.255 172.16.32.0 0.0.0.255 access-list 100 permit ip 172.17.32.0 0.0.0.255 172.18.32.0 0.0.0.255 access-list 100 permit udp 172.17.32.0 0.0.0.255 eq bootps host 192.168.1.5 access-list 100 permit ip 172.17.32.0 0.0.0.255 host 172.16.96.2 access-list 102 deny tcp 172.17.64.0 0.0.0.255 any eq www access-list 102 permit ip 172.17.64.0 0.0.0.255 172.16.64.0 0.0.0.255 access-list 102 permit ip 172.17.64.0 0.0.0.255 172.18.64.0 0.0.0.255 access-list 102 permit udp 172.17.64.0 0.0.0.255 eq bootps host 192.168.1.5 access-list 102 permit ip 172.17.64.0 0.0.0.255 host 172.16.96.3 access-list 103 permit tcp host 192.168.1.5 any eq telnet access-list 103 permit tcp 172.16.96.0 0.0.0.255 any eq telnet ! ! control-plane ! ! ! ! line con 0 line aux 0

line vty 0 4 access-class 103 in password cisco login ! scheduler allocate 20000 1000 ! end Router 3 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! enable secret class ! no aaa new-model ! resource policy ! memory-size iomem 20 ! ! ip cef ! ! ! ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! !

! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 172.18.32.1 255.255.255.0 ip helper-address 192.168.1.5 ip access-group 100 in ! interface FastEthernet0/0.2 encapsulation dot1Q 2 ip address 172.18.64.1 255.255.255.0 ip helper-address 192.168.1.5 ip access-group 102 in ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 description Circuit Masch4 no ip address encapsulation frame-relay frame-relay lmi-type cisco ! interface Serial0/0/0.21 point-to-point description PVC to R2, DLCI 20, contac Corpac ip address 192.168.1.10 255.255.255.0 frame-relay interface-dlci 21 ! interface Serial0/0/1 no ip address shutdown clock rate 125000 ! router rip version 2 network 172.18.0.0

network 192.168.1.0 no auto-summary ! ! ! ip http server no ip http secure-server ! ! access-list 100 permit tcp 172.18.32.0 0.0.0.255 any eq www access-list 100 permit ip 172.18.32.0 0.0.0.255 172.16.32.0 0.0.0.255 access-list 100 permit ip 172.18.32.0 0.0.0.255 172.17.32.0 0.0.0.255 access-list 100 permit udp 172.18.32.0 0.0.0.255 eq bootps host 192.168.1.5 access-list 100 permit ip 172.18.32.0 0.0.0.255 host 172.16.96.2 access-list 102 deny tcp 172.18.64.0 0.0.0.255 any eq www access-list 102 permit ip 172.18.64.0 0.0.0.255 172.16.64.0 0.0.0.255 access-list 102 permit ip 172.18.64.0 0.0.0.255 172.17.64.0 0.0.0.255 access-list 102 permit udp 172.18.64.0 0.0.0.255 eq bootps host 192.168.1.5 access-list 102 permit ip 172.18.64.0 0.0.0.255 host 172.16.96.3 access-list 103 permit tcp host 192.168.1.5 any eq telnet access-list 103 permit tcp 172.16.96.0 0.0.0.255 any eq telnet ! control-plane ! line con 0 password cisco login line aux 0 line vty 0 4 access-class 103 in password cisco login ! scheduler allocate 20000 1000 ! end ISP ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker !

! no aaa new-model ! resource policy ! ! ! ip cef ! ! ! ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback1 ip address 10.10.10.10 255.255.255.255 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/2/0

ip address 209.45.82.9 255.255.255.252 encapsulation ppp ! interface Serial0/2/1 no ip address shutdown clock rate 125000 ! ip route 210.45.82.0 255.255.255.0 209.45.82.10 ! ! ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! ! voice-port 0/1/0 ! voice-port 0/1/1 ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 ! end SW1 ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime

no service password-encryption ! hostname SW1 ! enable secret class ! no aaa new-model ip subnet-zero ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk no shut ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 switchport access vlan 2 no shut ! interface FastEthernet0/6 switchport access vlan 3 no shut ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 !

interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache shutdown ! ip http server ! control-plane ! ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! end SW2

! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SW2 ! ! no aaa new-model ip subnet-zero ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk no shut ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access no shut ! interface FastEthernet0/12

switchport access vlan 20 switchport mode access no shut ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache ! ip http server ! control-plane ! ! line con 0 line vty 5 15 ! ! end SW3