Showing posts with label ICND1 lab. Show all posts
Showing posts with label ICND1 lab. Show all posts

CCNA access list Exam Lab with GNS3 Downloadable Configuration files

CCNA ACL Exam Lab with GNS3:

If you are preparing to attempt the CCNA (200-120) Exam, then you must prepare for access-list, because in every exam there is a lab related to assess-list where you have to complete the configuration in order to make the access-list working. I have created the similar lab in GNS3 so that you can practice it before going into the real Exam.


Lab Question:
A network-Engineer is making the security configuration of the Corp1 router. You have to perform the following task for completing these configurations:

  1. The user on host C must be able to use a web browser to access financial information from the Finance Web Server.
  2. No other hosts from the LAN nor the Core should be able to use a web browser to access this server.
  3. YOU ARE required to apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web from Finance Web Server.
  4. All other traffic is permitted.



Other Information:
The Core user have the IP-address of 198.18.196.65.
LAN PCs have been assigned with IP addresses range from 192.168.33.1 - 192.168.33.254.
The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30.
The Finance Web-Server has been assigned with IP address of 172.22.242.23.
Image Courtesy: actualtests.com 


Solution / Required Configurations
You can achieve these required task by following /configuration / commands on router Crop1:
Corp1>enable
Corp1#configure terminal
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
This command will allow the web traffic to finance web server, Where 192.168.33.3 is the IP address of host C.
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
This command will block the web access of any other host to finance web server
Corp1(config)#access-list 100 permit ip any host 172.22.242.23
Above command will allow the any other traffic.
.
Apply the ACL to interface near to destination:
Corp1(config)#interface fa 0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#copy running-config startup-config

Verification of Configuration:
You can access the web only from 192.168.33.3 to Finance Web Server.

CCNA Access-list Exam lab In GNS3:


If you have some extra time you can configure this lab in GNS3… J You can also configure it with packet-tracer which is easy as compare to GNs3 But I have configured the same lab in Gns3, you can download these configuration files from here and can complete it with above configurations. Simply download the files (link are given at the end of post), create the topology same like shown in the figure and then upload these files on every router one by one. This will provide the initial practice before going into the real exam.

IN GNS3 For making the communications between Corp1, Lan Hosts (A,B,C,D) and finance servers I have configured the EIGRP AS 100, while in the real lab you have the by default communication between these devices.
For host-C and finance web server and other servers I have used the VMs of VirtualBox. I have used internet NIC with them With following IP configurations:
Host-C
192.168.33.3\24
Gateway=192.168.33.254
Host-B
192.168.33.2\24
Gateway=192.168.33.254
Finance-web-server
172.22.242.23\24
Gateway=172.22.242.30

For creating the web service on finance server I simply install the IIS and hosted a web-page named index.html. You can install the IIS on windows XP from control panel\add & remove feautures\add&remove windows components and the select the IIS and click on next and complete the wizard.
I have created a web-page (index.html) for test and place it on c:\inetpub\wwwroot of finance web-server. After completing the above configuration you can test the configuration with the followiway.
  1. open the internet explorer and access the shared web page with URL “172.22.242.23\index.html”, it will be successful from host-c as shown in figure.

  • Now try the same from Host-b page will be inaccessible.


No comments:

CCNA EIGRP Exam Lab | Addition of new Router in EIGRP Process

Practice EIGRP LAB for CCNA:

Burtaqtech has a small network running with EIGRP as IGP protocol. EIGRP  has the AS number of 12 on all routers. Router MGT is also running static routing to the ISP. Burtaqtech has recently added the ENG router, currently which do ‘not have connectivity to the ISP-router. You have to perform the following tasks for completing the configurations:

Find the faults and correct the router configurations to provide full connectivity between the routers.
Following are the IP-address schemes of all the routers in the following network.

MGT
Fa0/0 – 192.168.77.33
S1/0 – 198.0.18.6
S0/0 – 192.168.27.9
S0/1 – 192.168.50.21

Parts2
Fa0/0 – 192.168.12.65
Fa0/1 – 192.168.12.81
S0/1 – 192.168.50.22

Parts1
Fa0/0 – 192.168.12.33
Fa0/1 – 192.168.12.49
S0/0 – 192.168.27.10

ENG
Fa0/0 – 192.168.77.34
Fa1/0 – 192.168.12.17
Fa0/1 – 192.168.12.1
Image Courtesy: actualtests.com 



Solution:
This the very simple Lab to configure in the CCNA Exam, all you have to do to advertise the EIGRP network of new added router “ENG” on MGT router. As MGT is the main router which is connecting all the routers to ISP. In our scenario on ENG the interface which is connected to MGT have the IP address of 192.168.77.x, so we will advertise this network on MGT router in EIGRP 12.

So you are required the following configuration for compleing the above EIGRP lab.
On the MGT Router:
Config t
Router eigrp 12

Network 192.168.77.0
No comments:

New OSPF sim for ICND1 on GNS3 | 100-101 Practice Lab

OSPF Lab on GNS3 for ICND1: 


In network diagram you can find the three router R1, R2 and R3. R1 and R2 are already configured with IP addresses and OSPF area 0. You need to perform the following tasks and configurations:

  1. Configure last available IP address of f0/0 of R3 with first usable subnet 192.168.224.0/28
  2. Configure first available IP address for S1/0 with second usable subnet from the network 192.168.224.0/28.
  3. Configure OSPF with area 0 on R3 so that R3 can properly communicate with R1 and R2 


Solution:
You can practice this LAB on GNS3 by downloading R1 and R2 configuration other necessary detail for GNS3 configuration are as under:

Router IOS= 7200 series (you can download it from here)
GNS3 version= GNS3 1.0 beta2
Router module/slot used: slot1=c7200-IO-2FE, slot2=PA-8T
(Note: for quick configuration you can download these text files and can copy paste these configuration into your GNS3 router)

Download R1 Configuration
Download R2 Configuration

Configure f0/0 with first useable subnet from 192.168.224.0/28:


For finding the first useable subnet you can consider the following table:
Subnetting for 192.168.224.0/28
Bit# in 4th octet
25
26
27
28
29
30
31
32

IP ranges/ increment
128
64
32
16
8
4
2
1


From above table you can find following subnets with the increment of 16 for 192.168.224.0/28.

Subnet1= 192.168.224.0 to 192.168.224.15               (Subnet ID=192.168.224.0)
Subnet2= 192.168.224.16 to 192.168.224.31             (Subnet ID=192.168.224.16)
Subnet3= 192.168.224.32 to 192.168.224.47             (Subnet ID=192.168.224.32)
.
.
.

Since we need to assign last available IP address from subnet1, therefore we have the last IP address= 192.168.224.14

R3> enable
R3# config t
R3(config)# int f0/0
R3(config-if)# ip address 192.168.224.14 255.255.255.240
R3(config-if)# no shut

2. Configure first available IP address to S1/0 with second usable subnet from the network 192.168.224.0/28:

For above table we have already find that second subnet is 192.168.224.16 to 192.168.224.31 with first IP address=192.168.224.17


R3(config)# int S1/0
R3(config-if)# ip address 192.168.224.17 255.255.255.240
R3(config-if)# no shut

3. Advertise both interface of R3 in OSPF:

You can advertise these two subnet on R3 using Subnet-IDs by following commads:

R3(config)#Router OSPF 1
R3(config-router)#network 192.168.224.0 0.0.0.15 area 0
R3(config-router)#network 192.168.224.16 0.0.0.15 area 0

Results and testing:

After the correct configuration you should have the following output for “show IP route” command:



After the configuration you should have successful ping to 192.168.200.1


If you have any trouble/issue with R3 configuration you can also download R3 configuration from here and can compare it to your configuration.

Test you ICND1 skills by taking ICND1 Quiz Questions and Answers 
No comments:

CCNA RIPv2 Exam SIM and basic password configuration on Cisco Router in GNS3

CCNA RIPv2 Exam SIM and basic password configuration on Cisco Router in GNS3:

This is most basic and simple lab for preparing ICND1 exam, which will test your skills related to different password configurations and RIPv2 on Cisco router.
You need to complete the configuration on newly installed router “Florida” in below network-diagram, RIPv2 is running on other router so you need to complete following configuration for making communication possible among Florida and newyork router:
  1. Set the name of router to Florida
  2. Set the enable-secret password of Florida to icnd1
  3. Set the global configuration password to icndpass
  4. Configure vty password (telnet) to ICND1VTY
  5. Assign the first useable IP address to Ethernet interface Fa0/0 from subnet 192.168.1.0/27 
  6. Assign the last IP address to serial interface S1/0 from subnet 200.1.1.128/28 
  7. Advertise above two subnets via RIPv2 routing protocol on Florida.

Solution:
If you want to practice this lab in GNS3 then you can download router (newyork) configurations  from here and can complete the remaining lab according to following configurations.
1. Change Host name of Router to Florida:
R1#enable
R1#config t
R1(config)#hostname Florida

2. Set the enable-secret password of Florida to icnd1:
Florida(config)#enable secret icnd1

3. Set the global configuration password of router:
Florida(config)#line console 0
Florida(config-line)#password icndpass
Florida(config-line)#login
Florida(config-line)#exit
4. Configure vty password (telnet) of router:
Florida(config)#line vty 0 4
Florida(config-line)#password ICND1VTY
Florida(config-line)#login
Florida(config-line)#exit

5. Configure Ethernet interface f0/0 of Router:
For assigning the first useable IP address to Ethernet interface from subnet 192.168.1.0/27 you need to find subnet-mask and IP ranges (increment):
Subnetting for Class C address
Bit# in 4th octet
25
26
27
28
29
30
31
32

IP ranges/ increment
128
64
32
16
8
4
2
1


Since the first three bits are ‘1’ or "on" in 4th octet for given 192.168.1.0/27 and we know that the default subnet-mask for class-C is 255.255.255.0 you can find the subnet-mask for this subnet by adding first three bits i.e. 128+62+32=224 so
Subnetmask=255.255.255.224 
From above table you can find that IP range for /27 is 32 so we have following subnetwork for this subnet with a difference of 32:

Subnetwork1= 192.168.1.0 to 192.168.1.31
Subnetwork2= 192.168.1.32 to 192.168.1.63
.
.
.
.


Our give subnet belong to Subnetwork1= 192.168.1.0 to 192.168.1.31 so we have
Subnet ID = 192.168.1.0
Broadcast address=192.168.1.31
Useable IP range= 192.168.1.1 to 192.168.1.30

From above calculation we have the first useable IP address 192.168.1.1 and subnet-mask 255.255.255.224 so let assign this IP address to router interface:

Florida(config)#interface f0/0
Florida(config-if)#ip address 192.168.1.1 255.255.255.224
Florida(config-if)#no shu


6. Configure serial interface s0/0 of Router:
For finding the last IP address for 200.1.1.128/28 you can use the following table:
Subnetting for Class C address
Bit# in 4th octet
25
26
27
28
29
30
31
32

IP ranges/ increment
128
64
32
16
8
4
2
1


128+62+32+16=240
By adding the first 28 bit you can get the subnet-mask= 255.255.255.240
For find IP last IP address you need to have the all useable IP address for subnet200.1.1.128/28, with /28 you have the following sub-network with increment of 16.
Subnetwork1=200.1.1.0
Subnetwork2=200.1.1.16
Subnetwork3=200.1.1.32
Subnetwork4=200.1.1.48
Subnetwork5=200.1.1.64
Subnetwork6=200.1.1.80
Subnetwork7=200.1.1.96
Subnetwork8=200.1.1.112
Subnetwork9=200.1.1.128 to 200.1.1.143
Subnetwork10=200.1.1.144

From above calculation we find that our network belong to Subnetwork9=200.1.1.128 to 200.1.1.143 with following details:
Subnet ID= 200.1.1.128
Broadcasar Address= 200.1.1.143
Useable IP addresses= 200.1.1.129 to 200.1.1.142

So last IP address is 200.1.1.142 and subnet-mask is 255.255.255.240

So configuration for serial interface is as following:

Florida(config)#interface s1/0
Florida(config-if)#ip address 200.1.1.142 255.255.255.240
Florida(config-if)#no shut

7. Configure RIPv2 on router:

Florida(config)#router rip
Florida(config-router)#version 2
Florida(config-router)#network 192.168.1.0
Florida(config-router)#network 200.1.1.128

You can test your configuration by ping from florida-router to 10.1.1.10 which should be successful.


Test you ICND1 Skill by Taking ICND1 Quiz Questions and Answers 
No comments:
Subscribe to: Posts (Atom)
UA-23728446-1