CCNA Hands on final Task breakdown and planning Task 1 Cable the network Clear router config Do the bartman Task 2 Configure on all routers: Hostname config: hostname [hostname] Disable DNS lookup config: no ip domain-lookup Configure Exec mode password config: en secret cisco MOTD config: banner motd # banner # Config a password for vtys/console config: line vty 0 4 conflin: password cisco Configure synchronous logging config: line con 0 linecon: logging synchronous Task 3 Configure IP's Configure interfaces on routers Verify IP addresses Configure PC IP's Test with pings Task 4 Configure serial stuph config: int serial whatever lincon: encap ppp Configure PPP w/ CHAP between r1 r2 ppp authentication chap set CHAP password to cisco hostname = username for login username R3 password cisco The above is the username to compare to. Configure HDLC between r2 and 3 config: interblah lincoln: encapsulation hdlc Configure frame relay between r1, r3 buttcon: encapsulation hdlc lincoln: frame-relay interface-dlci # Task 5 Configure rip Enable RIP on all routers (Prevent RIP updates outside serial links) config:ip classless (Just in case) config:router rip ripcon:network [network_address] ripcon:passive-interface [IF] config:ip classless (Just in case) Test with Pings Verify the routing table show ip route Task 6 Configure security on R2 Enable secure telnet with a DB on r2 config: ip domain-name blah.com config: crypto key generate RSA config: username student secret cisco conf t line vty 0 4 no transport input transport input ssh exit Disable unused services and interfaces r2 conf t line aux 0 no password login exit no service tcp-small-servers no service udp-small-servers no ip bootp server no http server no service finger no snmp-server no cdp run no ip source-route various interfaces: SHUTDOWN //maybe try autosecure when all is done "Confirm that R2 is secured" Task 7 Configure ACLs Allow telnet to R1 and 3 from r2 only access-list 101 permit tcp [ip] [WC] eq telnet access-list 101 permit tcp [ip] [WC] eq telnet block from internet to pc1: 80,23,21,20 access-list 102 permit tcp eq 80 destination 10.0.0.10 access-list 102 deny tcp any eq 80 destination 10.0.0.10 access-list 102 deny tcp any eq 23 destination 10.0.0.10 access-list 102 deny tcp any eq 21 destination 10.0.0.10 access-list 102 deny tcp any eq 20 destination 10.0.0.10 Block from 10.0.0.128/25 to pc1 access-list 102 deny tcp 10.0.0.1 0.0.0.127 destination 10.0.0.10 Verify that pc3 cannot ping pc1, but can ping 10.0.0.1 Task 8 Configure NAT to allow pc3 to ping pc1 config: ip nat inside source static PC1 [GlobalIP] config:internal interface lincoln: ip nat inside lincoln:exit config: interface [outside if] lincoln: ip nat outside Verify that it works Task 9 copy down all router configs show run | write terminal Task 10 Clean up.
kzm013