assignment 1 itc308 draft final final
TRANSCRIPT
Network ImplementationIn network implementation we organized all devices, ip table, configuring VLAN, Subnet Mask, VPN, Access-list and NAT. In the WAN configuration we maintain secure communication among the branches. OSPF has been used as a routing protocol.
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway Location
R0 S1/0 200.18.5.1/29 255.255.255.248 Head Office
S1/1 172.16.1.0 255.255.255.252 Head Office
F0/0 172.16.1.65 255.255.255.224 Head Office
R1 S1/0 172.16.1.2 255.255.255.252 Head Office
S1/1 172.16.1.5 255.255.255.252 Head Office
F0/0 192.168.1.1 255.255.255.0 Head Office
F0/1 172.16.1.33 255.255.255.224 Head Office
R2 S1/0 172.16.1.6 255.255.255.252 Head Office
F0/0 172.16.1.129 255.255.255.224 Head Office
R3 S1/0 200.18.5.2/29 255.255.255.248 Melbourne
F0/0 10.1.2.0/24 255.255.255.0 Melbourne
F0/1 10.1.1.0/29 255.255.255.248 Melbourne
R4 S1/0 200.18.5.3/29 255.255.255.248 Perth
F0/0 20.1.1.0/29 255.255.255.248 Perth
F0/1 20.1.2.0/24 255.255.255.0 Perth
Multi Layer Switch 1
F0/1 192.168.2.1 255.255.255.0 Head Office
F0/2 192.168.3.1 255.255.255.0 Head Office
F0/3 192.168.4.1 255.255.255.0 Head Office
F0/4 192.168.5.1 255.255.255.0 Head Office
F0/5 192.168.6.1 255.255.255.0 Head Office
F0/6 NA NA Head Office
F0/7 192.168.7.1 255.255.255.0 Head Office
Multi Layer Switch 2
F0/1 NA Melbourne
F0/2 NA Melbourne
F0/3 NA Melbourne
F0/4 NA Melbourne
Multi Layer Switch 3
F0/1 NA Perth
F0/2 NA Perth
F0/3 NA Perth
F0/4 NA Perth
Wireless Router 1
Ethernet 1 192.168.7.2 255.255.255.0 Head office
Wireless Router 2
Ethernet 1 10.1.5.1 255.255.255.0 Melbourne
Wireless Router 3
Ethernet 1 20.1.5.1 255.255.255.0 Perth
Switch 0 F0/1 NA Head office
F0/2 NA Head office
F0/3 NA Head office
F0/4 NA Head office
F0/5 NA Head office
F0/6 NA Head office
F0/7 NA Head office
Switch 1 F0/1 NA Head office
F0/2 NA Head office
Switch 2 F0/1 NA Head office
F0/2 NA Head office
Switch 3 F0/1 NA Head office
F0/2 NA Head office
Switch 4 F0/1 NA Head office
F0/2 NA Head office
Switch 5 F0/1 NA Head office
F0/2 NA Head office
Switch 6 F0/1 NA Head office
F0/2 NA Head office
F0/3 NA Head office
Switch 7 F0/1 NA
F0/2 NA
F0/3 NA
F0/4 NA
Switch 8 F0/1 NA
F0/2 NA
Switch 9 F0/1 NA
F0/2 NA
Switch 10 F0/1 NA
F0/2 NA
Switch 11 F0/1 NA
F0/2 NA
Switch 12 F0/1
F0/2
DNS Server Fast Ethernet 172.16.1.35 255.255.255.224 Head office
DHCP Server Fast Ethernet 172.16.1.34 255.255.255.224 Head office
Active Directory
Fast Ethernet 172.16.1.36 255.255.255.224 Head office
Mail Server Fast Ethernet 172.16.1.37 255.255.255.224 Head office
Database Server
Fast Ethernet 172.16.1.38 255.255.255.224 Head office
Database Backup Server
Fast Ethernet 172.16.1.130 255.255.255.224 Head office
RAID Fast Ethernet 172.16.1.131 255.255.255.224 Head office
Authentication Server
Fast Ethernet 172.16.1.66 255.255.255.224 Head office
IIS Server Fast Ethernet 172.16.1.67 255.255.255.224 Head office
BO1 S1 Fast Ethernet Melbourne
BO1 S2 Fast Ethernet Melbourne
BO2 S1 Fast Ethernet Perth
BO2 S2 Fast Ethernet Perth
VLAN Structure
VLAN Structure of Sydney (Head Office)
VLAN 10 LAB One 192.168.2.0 /24 192.168.2.1 - 192.168.2.255
VLAN 20 LAB Two 192.168.3.0 /24 192.168.3.1 - 192.168.3.255
VLAN 30 Administration 192.168.4.0 /24 192.168.4.1 - 192.168.4.255
VLAN 40 Accounting 192.168.5.0 /24 192.168.5.1 - 192.168.5.255
VLAN 50 Teachers 192.168.6.0 /24 192.168.6.1 - 192.168.6.255
VLAN 60 Wireless Router
192.168.7.0 /24 192.168.7.1 - 192.168.7.255
VLAN Structure of Melbourne (Branch Office 1)
VLAN 10 Administration 192.168.8.0 /24 192.168.8.1 - 192.168.8.255
VLAN 20 Teachers 192.168.9.0 /24 192.168.9.1 - 192.168.9.255
VLAN Structure of Perth (Branch Office 2)
VLAN 10 Administration 192.168.10.0 /24 192.168.10.1 - 192.168.10.255
VLAN 20 Teachers 192.168.11.0 /24 192.168.11.1 - 192.168.11.255
IP Plan & IP RangesHead Office
Network 172.16.1.0/20
IP Range 172.16.1.0 - 172.16.15.255
Default Gateway 172.16.1.1
Domain Name Sydney.domain.com
Server 172.16.1.32/27Server IP Range172.16.1.32 - 172.16.1.63
Router 172.16.1.0/30172.16.1.0 - 172.16.1.3
172.16.1.4/30172.16.1.4 - 172.16.1.7
IP Range of Melbourne (Branch Office 1)
Network 10.1.1.0/24
Server IP Range 10.1.1.0/29
IP Range of Perth (Branch Office 2)
Network 20.1.2.0/24
Server IP Range 20.1.1.0/29
WAN Link or VPN IP Addressing
VPN Cloud 1 200.18.5.1/29200.18.5.0- 200.18.5.7
VPN Cloud 2 200.18.5.2/29200.18.5.0- 200.18.5.7
VPN Cloud 3 200.18.5.3/29200.18.5.0- 200.18.5.7
Configuration of Networking Devices
Multilayer Switch 1
Switch#sh runn
Building configuration...
Current configuration : 1749 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname Switch
!
ip routing
!
interface FastEthernet0/1
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport trunk encapsulation dot1q
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 30
switchport trunk encapsulation dot1q
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 40
switchport trunk encapsulation dot1q
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 50
switchport trunk encapsulation dot1q
switchport mode access
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/7
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
no ip address
!
interface Vlan20
no ip address
!
interface Vlan30
no ip address
!
interface Vlan40
no ip address
!
ip classless
!
line con 0
line vty 0 4
login
!
End
VLAN configuration of Layer 3 switch
VTP Configuration of Layer 3 switch
R1 Configuration
Current configuration : 1197 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
ip name-server 0.0.0.0
interface FastEthernet0/0
ip address 172.16.1.65 255.255.255.224
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 200.18.5.1 255.255.255.252
encapsulation frame-relay
ip nat outside
clock rate 64000
!
interface Serial1/1
ip address 172.16.1.1 255.255.255.252
ip nat inside
clock rate 64000
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Serial1/4
no ip address
shutdown
!
interface Serial1/5
no ip address
shutdown
!
interface Serial1/6
no ip address
shutdown
!
interface Serial1/7
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 172.16.1.0 0.0.0.3 area 0
network 172.16.1.64 0.0.0.31 area 0
network 200.18.5.0 0.0.0.3 area 0
!
ip nat inside source static 192.168.0.0 200.18.5.0
ip classless
no cdp run
line con 0
line vty 0 4
login
end
R0 Configuration
Current configuration : 1197 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
ip name-server 0.0.0.0
interface FastEthernet0/0
ip address 172.16.1.65 255.255.255.224
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 200.18.5.1 255.255.255.252
encapsulation frame-relay
ip nat outside
clock rate 64000
!
interface Serial1/1
ip address 172.16.1.1 255.255.255.252
ip nat inside
clock rate 64000
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Serial1/4
no ip address
shutdown
!
interface Serial1/5
no ip address
shutdown
!
interface Serial1/6
no ip address
shutdown
!
interface Serial1/7
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 172.16.1.0 0.0.0.3 area 0
network 172.16.1.64 0.0.0.31 area 0
network 200.18.5.0 0.0.0.3 area 0
!
ip nat inside source static 192.168.0.0 200.18.5.0
ip classless
no cdp run
line con 0
line vty 0 4
login
End
Router 2 Configuration and Routing Protocol implementation
Current configuration : 1030 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
ip name-server 0.0.0.0
!
interface FastEthernet0/0
ip address 172.16.1.129 255.255.255.224
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.1.130 255.255.255.224
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 172.16.1.6 255.255.255.252
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Serial1/4
no ip address
shutdown
!
interface Serial1/5
no ip address
shutdown
!
interface Serial1/6
no ip address
shutdown
!
interface Serial1/7
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 172.16.1.128 0.0.0.31 area 0
network 172.16.1.4 0.0.0.3 area 0
!
ip classless
no cdp run
line con 0
line vty 0 4
login
End
Network Diagram
Sydney Branch Diagram
Melbourne Branch
Perth Branch
Computer configuration
Routing Protocol (OSPF) Configuration
Router 0 Sydney Branch
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 200.18.1.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.16.1.0 0.0.0.3 area 0
172.16.1.64 0.0.0.31 area 0
200.18.5.0 0.0.0.3 area 0
200.18.5.0 0.0.0.7 area 0
200.18.0.0 0.0.255.255 area 0
Routing Information Sources:
Gateway Distance Last Update
172.16.1.2 110 00:05:16
Distance: (default is 110)
Routing table
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
C 172.16.1.0/30 is directly connected, Serial1/1
O 172.16.1.4/30 [110/1562] via 172.16.1.2, 00:02:08, Serial1/1
O 172.16.1.32/27 [110/782] via 172.16.1.2, 00:02:08, Serial1/1
C 172.16.1.64/27 is directly connected, FastEthernet0/0
O 172.16.1.128/27 [110/1563] via 172.16.1.2, 00:02:08, Serial1/1
O 192.168.1.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1
O 192.168.2.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1
O 192.168.3.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1
O 192.168.4.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1
O 192.168.5.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1
O 192.168.6.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1
O 192.168.7.0/24 [110/782] via 172.16.1.2, 00:02:08, Serial1/1
C 200.18.1.0/24 is directly connected, Serial1/0
Router 1
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 192.168.7.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
192.168.0.0 0.0.255.255 area 0
172.16.1.0 0.0.0.3 area 0
172.16.1.32 0.0.0.31 area 0
172.16.1.4 0.0.0.3 area 0
Routing Information Sources:
Gateway Distance Last Update
172.16.1.6 110 00:07:15
172.16.1.1 110 00:07:15
Distance: (default is 110)
Routing Table
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 6 subnets, 3 masks
S 172.16.0.0/16 [1/0] via 172.16.1.0
C 172.16.1.0/30 is directly connected, Serial1/0
C 172.16.1.4/30 is directly connected, Serial1/1
C 172.16.1.32/27 is directly connected, FastEthernet0/1
O 172.16.1.64/27 [110/782] via 172.16.1.1, 00:01:25, Serial1/0
O 172.16.1.128/27 [110/782] via 172.16.1.6, 00:01:25, Serial1/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0.1
C 192.168.3.0/24 is directly connected, FastEthernet0/0.2
C 192.168.4.0/24 is directly connected, FastEthernet0/0.3
C 192.168.5.0/24 is directly connected, FastEthernet0/0.4
C 192.168.6.0/24 is directly connected, FastEthernet0/0.5
C 192.168.7.0/24 is directly connected, FastEthernet0/0.6
O 200.18.1.0/24 [110/1562] via 172.16.1.1, 00:01:25, Serial1/0
Router 2
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 172.16.1.129
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.16.1.128 0.0.0.31 area 0
172.16.1.4 0.0.0.3 area 0
Routing Information Sources:
Gateway Distance Last Update
172.16.1.5 110 00:08:05
Distance: (default is 110)
Routing Table
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O 172.16.1.0/30 [110/1562] via 172.16.1.5, 00:03:21, Serial1/0
C 172.16.1.4/30 is directly connected, Serial1/0
O 172.16.1.32/27 [110/782] via 172.16.1.5, 00:03:21, Serial1/0
O 172.16.1.64/27 [110/1563] via 172.16.1.5, 00:03:10, Serial1/0
C 172.16.1.128/27 is directly connected, FastEthernet0/0
O 192.168.1.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0
O 192.168.2.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0
O 192.168.3.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0
O 192.168.4.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0
O 192.168.5.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0
O 192.168.6.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0
O 192.168.7.0/24 [110/782] via 172.16.1.5, 00:03:21, Serial1/0
O 200.18.1.0/24 [110/2343] via 172.16.1.5, 00:03:10, Serial1/0
VLAN Configuration & IP Plan
Sydney office has six VLan, here is the diagram for vlans
VLAN Structure of Sydney (Head Office)
VLAN 10 LAB One 192.168.2.0 /24 192.168.2.1 - 192.168.2.255
VLAN 20 LAB Two 192.168.3.0 /24 192.168.3.1 - 192.168.3.255
VLAN 30 Administration 192.168.4.0 /24 192.168.4.1 - 192.168.4.255
VLAN 40 Accounting 192.168.5.0 /24 192.168.5.1 - 192.168.5.255
VLAN 50 Teachers 192.168.6.0 /24 192.168.6.1 - 192.168.6.255
VLAN 60 Wireless Router
192.168.7.0 /24 192.168.7.1 - 192.168.7.255
Frame-relay Configuration among branches
Secure VPN connection has been used for communication among branches.
WAN Link or Frame-relay IP Addressing
Frame-realy Cloud 1 200.18.5.0/29200.18.5.0- 200.18.5.3
Frame-realy Cloud 2 200.18.5.4/29200.18.5.4- 200.18.5.7
Frame-realy Cloud 3 200.18.5.8/29200.18.5.8- 200.18.5.11
Implementation of Access Control List
Head Office (Sydney)
Policies:
Lab1 Restriction & Configuration
Lab1 can only access to Lab2, Internet and all other http server, other all request from the lab will be denied.
Extended IP access list Lab1
permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
permit tcp 192.168.2.0 0.0.0.255 any eq domain
permit tcp 192.168.2.0 0.0.0.255 any eq www
permit ip 192.168.2.0 0.0.0.255 host 172.16.1.35
permit udp any any
Lab2 Restriction & Configuration
Lab2 can only access to Lab1, Internet and all other http server, other all request from the lab will be denied.
Extended IP access list Lab2
permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
permit tcp 192.168.3.0 0.0.0.255 any eq domain
permit tcp 192.168.3.0 0.0.0.255 any eq www
permit udp any any
Teachers Department Permissions
Teachers depart has access to anywhere except Accounts and Administration Department
Extended IP access list Teachers
deny ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255
deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip any any
Account Department Permissions
Only Host PC7 has access in Accounting department, all other access denied for security purpose
Extended IP access list 140
permit ip host 192.168.4.2 192.168.5.0 0.0.0.255 (8 match(es))
Access Control List configuration of Router 1
Frame Relay Configuration
Only Administration Department, Accounts Department and Teachers Department
Frame Relay Mapping for Router1
Configurations
Serial1/0 (up): ip 200.18.5.2 dlci 102, dynamic, broadcast, CISCO, status defined, active
Serial1/0 (up): ip 200.18.5.3 dlci 103, dynamic, broadcast, CISCO, status defined, active
Frame Relay Mapping for Router 3
Frame Relay Mapping for Router 4
Router Redistribution (OSPF & RIPv2)
Figure: In the screen shot Router0 is running RIPv2 and Router 2 is running OSPF. Router1 is running RIPv2 and OSPF both. As we applied router redistribution on Router1, it is translating OSPF as RIP to Router0 and RIP as OSPF to Router2.
Router 1 is the translator for RIP and OSPF of both sides. Here are the ip routes of router 1, router 0 and router 2.
Routing Protocols Configuration of Router1:
router ospf 1
log-adjacency-changes
redistribute rip subnets
redistribute connected subnets
network 192.168.0.0 0.0.255.255 area 0
network 172.16.1.32 0.0.0.31 area 0
network 172.16.1.4 0.0.0.3 area 0
network 192.168.7.0 0.0.0.255 area 0
!
router rip
version 2
redistribute ospf 1
redistribute connected
network 172.16.0.0
!
Router 1 Configuration
Router1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
R 10.0.0.0/8 [120/2] via 172.16.1.1, 00:00:12, Serial1/0
R 20.0.0.0/8 [120/2] via 172.16.1.1, 00:00:12, Serial1/0
172.16.0.0/16 is variably subnetted, 6 subnets, 3 masks
S 172.16.0.0/16 [1/0] via 172.16.1.0
C 172.16.1.0/30 is directly connected, Serial1/0
C 172.16.1.4/30 is directly connected, Serial1/1
C 172.16.1.32/27 is directly connected, FastEthernet0/1
R 172.16.1.64/27 [120/1] via 172.16.1.1, 00:00:12, Serial1/0
O 172.16.1.128/27 [110/782] via 172.16.1.6, 03:34:27, Serial1/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0.1
C 192.168.3.0/24 is directly connected, FastEthernet0/0.2
C 192.168.4.0/24 is directly connected, FastEthernet0/0.3
C 192.168.5.0/24 is directly connected, FastEthernet0/0.4
C 192.168.6.0/24 is directly connected, FastEthernet0/0.5
C 192.168.7.0/24 is directly connected, Ethernet0/3/0
R 200.18.5.0/24 [120/1] via 172.16.1.1, 00:00:12, Serial1/0
Router0 Configuration
Router0#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
R 10.0.0.0/8 [120/1] via 200.18.5.2, 00:00:01, Serial1/0
R 20.0.0.0/8 [120/1] via 200.18.5.3, 00:00:17, Serial1/0
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.1.0/30 is directly connected, Serial1/1
R 172.16.1.4/30 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 172.16.1.32/27 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
C 172.16.1.64/27 is directly connected, FastEthernet0/0
R 192.168.1.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.2.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.3.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.4.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.5.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
R 192.168.6.0/24 [120/1] via 172.16.1.2, 00:00:06, Serial1/1
200.18.5.0/29 is subnetted, 1 subnets
C 200.18.5.0 is directly connected, Serial1/0
Router 2 Configuration
Router2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
O E2 10.0.0.0/8 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
O E2 20.0.0.0/8 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O E2 172.16.1.0/30 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
C 172.16.1.4/30 is directly connected, Serial1/0
O 172.16.1.32/27 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O E2 172.16.1.64/27 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
C 172.16.1.128/27 is directly connected, FastEthernet0/0
O 192.168.1.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.2.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.3.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.4.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.5.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.6.0/24 [110/65] via 172.16.1.5, 03:37:47, Serial1/0
O 192.168.7.0/24 [110/74] via 172.16.1.5, 03:37:47, Serial1/0
O E2 200.18.5.0/24 [110/20] via 172.16.1.5, 03:37:47, Serial1/0
Apply Router on a Stick
Figure: Router on a stick applied on the LAN network. Fast Ethernet 0/0 has created 5 more sub interface to give support VLAN10 – VLAN 50
Configuration of Router on a Stick
Router1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/0.1 192.168.2.1 YES manual up up
FastEthernet0/0.2 192.168.3.1 YES manual up up
FastEthernet0/0.3 192.168.4.1 YES manual up up
FastEthernet0/0.4 192.168.5.1 YES manual up up
FastEthernet0/0.5 192.168.6.1 YES manual up up
FastEthernet0/0.6 unassigned YES unset administratively down down
FastEthernet0/1 172.16.1.33 YES manual up up
Ethernet0/3/0 192.168.7.1 YES manual up up
Serial1/0 172.16.1.2 YES manual up up
Serial1/1 172.16.1.5 YES manual up up
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Serial1/4 unassigned YES unset administratively down down
Serial1/5 unassigned YES unset administratively down down
Serial1/6 unassigned YES unset administratively down down
Serial1/7 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
Virtual Private Network (VPN) Configuration
A virtual private network (VPN) is a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization.
It encapsulates data transfers between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks. There are many different classifications, implementations, and uses for VPNs.
Here we have connected 2 branch office with Sydney head office.
VPN Details
Ping AAA Server(30.0.0.2) to update ARP table first.
Group Name: ciscogroup
Group Key: ciscogroup
Server IP: 200.18.5.0
User: sunny
Pass: cisco
VPN Connected
After connecting with vpn server it accusers new ip address.
VPN Server configuration
hostname Router0
aaa new-model
aaa authentication login vpnauth group radius local
aaa authorization network vpnauth local
username sunny password 0 cisco
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp client configuration group ciscogroup
key ciscogroup
pool vpnclients
netmask 255.255.255.0
crypto ipsec transform-set mytrans esp-3des esp-sha-hmac
crypto dynamic-map mymap 10
set transform-set mytrans
reverse-route
crypto map mymap client authentication list vpnauth
crypto map mymap isakmp authorization list vpnauth
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic mymap
ip ssh version 1
ip domain-name cisco.com
ip name-server 0.0.0.0
interface FastEthernet0/0
ip address 172.16.1.65 255.255.255.224
duplex auto
speed auto
interface FastEthernet0/1
ip address 30.0.0.1 255.255.255.0
duplex auto
speed auto
interface Serial1/0
ip address 200.18.5.1 255.255.255.248
encapsulation frame-relay
clock rate 64000
crypto map mymap
interface Serial1/1
ip address 172.16.1.1 255.255.255.252
clock rate 64000
router rip
version 2
network 30.0.0.0
network 172.16.0.0
network 200.18.5.0
ip local pool vpnclients 30.0.0.100 30.0.0.200
ip nat inside source static 192.168.0.0 200.18.5.0
ip classless
Ping vpn client after getting VPN Connection
DNS Server
Web Server
DHCP Server
Wireless Network Configuration
Wireless network has been configured in every site on the network.
Wireless Router
Wireless Client
Wireless network