- Equipment List
- General Guidelines
- Setting Up the Lab
- Practice Lab 1 Exercises Section 1.0: Basic Configuration (10 points)
- Section 2.0: Routing Configuration (25 points)
- Section 3.0: ISDN Configuration (8 points)
- Section 4.0: PIX Configuration (5 points)
- Section 5.0: IPSec/GRE Configuration (10 points)
- Section 6.0: IOS Firewall + IOS IDS Configuration(10 points)
- Section 7.0: AAA (7 points)
- Section 8.0: Advanced Security (10 points)
- Section 9.0: IP Services and Protocol-Independent Features (10 points)
- Section 10.0: Security Violations (5 points)
- Verification, Hints, and Troubleshooting Tips
- Section 1.0: Basic Configuration
- Section 2.0: Routing Configuration
- Section 3.0: ISDN Configuration
- Section 4.0: PIX Configuration
- Section 5.0: IPSec/GRE Configuration
- Section 6.0: IOS Firewall Configuration
- Section 7.0: AAA
- Section 8.0: Advanced Security
- Section 9.0: IP Services and Protocol-Independent Features
- Section 10.0: Security Violations
Section 1.0: Basic Configuration
1.1: IP Addressing
Configure IP addresses as per the topology diagram shown in Figure 1-1.
Configure all the loopbacks and advertise them as per the instructions in different sections of the exercise.
Configure a default route on R2 to Ethernet 0/0. This will show "Gateway of last resort is 0.0.0.0" in your routing table. Propagate the default route to all other routers.
Configure default-information originate always on R2. Do not configure any static routes unless otherwise specified.
1.2: Frame Relay Configuration
Map only DLCIs specified in the diagram. Do show frame-relay map and check to see if there are any additional DLCIs dynamically populated that are not required. If so, turn off inverse-arp on that interface using the no frame-relay inverse-arp command.
1.3: LAN Switch Configuration
Configure IP address 10.10.45.45 on VLAN 45.
Configure a port description on the interface for identification.
Configure VLAN names as per the topology diagram.
Configure port security on all ports except port 10 (span destination port).
Configure a default route to 10.10.45.4 and a floating static route to 10.10.45.5 with higher admin distance for redundancy.
Configure an access list to permit R4, R5, and R1 and apply to vty lines. Note that you have to put two host entries for R1 for redundancy, one through R4 and another through R5; see switch configuration in the Solutions section. Test by sourcing the Telnet with Serial 2/1 and Serial 2/2 from R1 as follows:
Configured SPAN session and specify ports to monitor: source port 8 (PIX outside interface) and destination port 10 (sniffing interface).
Static route for 10.10.45.0/24 network on R1 should not be seen on any other routers.
r1#telnet 10.10.45.45 /source-interface Serial 2/1 r1#telnet 10.10.45.45 /source-interface Serial 2/2