+++++++++++++++++++++++++++++++++++++++++++++ L2 Switching - Ethernet +++++++++++++++++++++++++++++++++++++++++++++ **************************************** Lab 1 - Configuring a VLAN ACL (VACL) **************************************** Requirement: The following protocols should not be allowed in VLAN 10 - ICMP - FTP - TFTP ! 1. Classify the traffic that needs action access-list 101 permit icmp any any access-list 101 permit tcp any any eq 20 access-list 101 permit tcp any any eq 21 access-list 101 permit udp any any eq 69 ! 2. Configure a VLAN ACL and take the required action vlan access-map ABC 5 match ip address 101 action drop ! vlan access-map ABC 100 action forward ! 3. Apply the VLAN ACL (VLAN Access Map) to the appropriate VLAN(s) vlan filter ABC vlan-list 10 +++++++++++++++++++++++++++++++++++++++++++++ EIGRP +++++++++++++++++++++++++++++++++++++++++++++ alias exec sir sh ip route alias exec sirc sh ip route | inc C alias exec sr sh run alias exec srr sh run | s router alias exec sen sh ip eigrp neighbor alias exec siib sh ip int brief **************************************** Lab 1 - Configuring the base topology **************************************** ======================================================== 1. Configure OSPF in Area 0 between R1 & R8 ======================================================== ----- R1 ----- router ospf 1 network 201.1.4.0 0.0.0.255 area 0 network 201.1.5.0 0.0.0.255 area 0 network 201.1.6.0 0.0.0.255 area 0 network 201.1.7.0 0.0.0.255 area 0 network 192.1.18.0 0.0.0.255 area 0 ----- R8 ----- router ospf 1 network 10.1.0.0 0.0.255.255 area 0 network 192.1.18.0 0.0.0.255 area 0 network 8.0.0.0 0.255.255.255 area 0 ======================================================== 2. Configure EIGRP in AS 100 - Classic Mode ======================================================== ----- R1 ----- router eigrp 100 network 1.0.0.0 network 11.1.1.0 0.0.0.255 network 192.1.12.0 ----- R2 ----- router eigrp 100 network 0.0.0.0 ----- R3 ----- router eigrp 100 network 3.0.0.0 network 10.1.32.0 0.0.3.255 network 192.1.23.0 ======================================================== 3. Configure Static Routing between R4 & R9 ======================================================== ----- R4 ----- ip route 9.0.0.0 255.0.0.0 192.1.49.9 ip route 10.1.96.0 255.255.255.0 192.1.49.9 ip route 10.1.97.0 255.255.255.0 192.1.49.9 ip route 10.1.98.0 255.255.255.0 192.1.49.9 ip route 10.1.99.0 255.255.255.0 192.1.49.9 or ip route 10.1.0.0 255.255.0.0 192.1.49.9 ----- R9 ----- ip route 0.0.0.0 0.0.0.0 192.1.49.4 ======================================================== 4. Configure OSPF in Area 0 between R5 & R10 ======================================================== ----- R5 ----- router ospf 1 network 205.1.4.0 0.0.0.255 area 0 network 205.1.5.0 0.0.0.255 area 0 network 205.1.6.0 0.0.0.255 area 0 network 205.1.7.0 0.0.0.255 area 0 network 192.1.50.0 0.0.0.255 area 0 ----- R10 ----- router ospf 1 network 101.1.100.0 0.0.0.255 area 0 network 101.1.101.0 0.0.0.255 area 0 network 101.1.102.0 0.0.0.255 area 0 network 101.1.103.0 0.0.0.255 area 0 network 192.1.50.0 0.0.0.255 area 0 ======================================================== 5. Configure OSPF in Area 0 on the South Side Network ======================================================== ----- R6 ----- router ospf 1 network 206.1.4.0 0.0.0.255 area 0 network 206.1.5.0 0.0.0.255 area 0 network 206.1.6.0 0.0.0.255 area 0 network 206.1.7.0 0.0.0.255 area 0 network 192.1.61.0 0.0.0.255 area 0 ----- R7 ----- router ospf 1 network 207.1.4.0 0.0.0.255 area 0 network 207.1.5.0 0.0.0.255 area 0 network 207.1.6.0 0.0.0.255 area 0 network 207.1.7.0 0.0.0.255 area 0 network 192.1.71.0 0.0.0.255 area 0 ----- R11 ----- router ospf 1 network 0.0.0.0 255.255.255.255 area 0 ----- R12 ----- router ospf 1 network 0.0.0.0 255.255.255.255 area 0 ----- R13 ----- router ospf 1 network 0.0.0.0 255.255.255.255 area 0 ************************************************************ Lab 2 - Configuring EIGRP in AS 200 - Named Mode ************************************************************ Requirement: Configure EIGRP using a Name of KBITS in AS 200 for router in AS 200. ---- R3 ---- router eigrp KBITS address-family ipv4 autonomous-system 200 network 192.1.34.0 network 192.1.35.0 network 203.1.4.0 0.0.3.255 ---- R4 ---- router eigrp KBITS address-family ipv4 autonomous-system 200 network 192.1.34.0 network 192.1.45.0 network 192.1.46.0 network 204.1.4.0 network 204.1.5.0 network 204.1.6.0 network 204.1.7.0 ---- R5 ---- router eigrp KBITS address-family ipv4 autonomous-system 200 network 5.0.0.0 network 10.1.0.0 0.0.255.255 network 192.1.35.0 network 192.1.45.0 network 192.1.57.0 ---- R6 ---- router eigrp KBITS address-family ipv4 autonomous-system 200 network 6.0.0.0 network 10.1.0.0 0.0.255.255 network 192.1.46.0 ---- R7 ---- router eigrp KBITS address-family ipv4 autonomous-system 200 network 7.0.0.0 network 10.1.0.0 0.0.255.255 network 192.1.57.0 ************************************************************ Lab 3 - Configuring EIGRP - Passive Interfaces ************************************************************ Requirement # 1: Configure R1 such that it does not send any unncessary updates router eigrp 100 passive-interface loopback0 passive-interface loopback5 Requirement # 2: Configure R2 such that it does not send any unncessary updates. Use the minimum number of configuration lines for this task router eigrp 100 passive-interface default no passive-interface E0/0 no passive-interface E0/1 Requirement # 3: Configure R5 such that it does not send any unncessary updates. Use the minimum number of configuration lines for this task router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface default passive-interface ! af-interface E0/0 no passive-interface ! af-interface E0/1 no passive-interface ! af-interface E0/3 no passive-interface ************************************************************ Lab 4 - Configuring EIGRP - Unicast Neighbors ************************************************************ Requirement # 1: Configure R1 & R2 to communicate to each other using Unicast addresses ----- R1 ----- router eigrp 100 neighbor 192.1.12.2 E0/0 ----- R2 ----- router eigrp 100 neighbor 192.1.12.1 E0/0 Requirement # 2: Configure R4 & R5 to communicate to each other using Unicast addresses ----- R4 ----- router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! neighbor 192.1.45.5 E0/1 ----- R5 ----- router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! neighbor 192.1.45.4 E0/0 ************************************************************ Lab 5 - Configuring EIGRP - Route Summarization ************************************************************ Requirement # 1: Configure route summarization on R5 to summarize the 10.0.0.0/8 networks towards all the neighbors. Use the longest summary mask. ------ R5 ------ router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface E0/0 summary-address 10.1.56.0 255.255.252.0 ! af-interface E0/1 summary-address 10.1.56.0 255.255.252.0 ! af-interface E0/3 summary-address 10.1.56.0 255.255.252.0 Requirement # 2: Configure route summarization on R6 to summarize the 10.0.0.0/8 networks towards all the neighbors. Use the longest summary mask. ------ R6 ------ router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface E0/0 summary-address 10.1.60.0 255.255.252.0 Requirement # 3: Configure route summarization on R6 to summarize the 10.0.0.0/8 networks towards all the neighbors. Use the longest summary mask. ------ R7 ------ router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface E0/0 summary-address 10.1.72.0 255.255.252.0 Requirement # 4: Configure route summarization on R2 to summarize the 202.1.X.0/24 networks towards all the neighbors. Use the longest summary mask. ------ R2 ------ Interface E0/0 ip summary-address eigrp 100 202.1.4.0 255.255.252.0 ! Interface E0/1 ip summary-address eigrp 100 202.1.4.0 255.255.252.0 ************************************************************ Lab 6 - Configuring EIGRP - Leak Maps ************************************************************ Requirement: R5 should leak the 10.1.58.0/24 network towards R4 to provide load sharing from R3 towards R5. ----- R5 ----- access-list 1 permit 10.1.58.0 0.0.0.255 ! route-map LM match ip address 1 ! router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface E0/0 summary-address 10.1.56.0 255.255.252.0 leak-map LM ************************************************************ Lab 7 - Configuring EIGRP - Route Filtering ************************************************************ ++++++++++++++ ACLs ++++++++++++++ Requirement # 1: R2 should block all the 10.1.X.0/24 network from R3 which have an Odd number in the 3rd Octet access-list 1 deny 10.1.1.0 0.0.254.255 access-list 1 permit any ! router eigrp 100 distribute-list 1 in E0/1 Requirement # 2: Block all network from the 10.0.0.0/8 range coming into R4. access-list 1 deny 10.0.0.0 0.255.255.255 access-list 1 permit any ! router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! topology base distribute-list 1 in ++++++++++++++ Prefix-List ++++++++++++++ ------ R6 ------ ---------------------------------------------------------------- 1. Create the following Loopbacks on R6 & enable them in EIGRP ---------------------------------------------------------------- interface Loopback301 ip address 150.1.16.1 255.255.255.0 ! interface Loopback302 ip address 150.1.17.1 255.255.255.224 ! interface Loopback303 ip address 150.1.17.33 255.255.255.240 ! interface Loopback304 ip address 150.1.17.49 255.255.255.248 ! router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 network 150.1.0.0 ------------------------------------------------------------------------- 2. Block any 150.1.0.0/16 network that has a mask greater than 27 on R6 ------------------------------------------------------------------------- ----- R6 ----- ip prefix-list ABC deny 150.1.0.0/16 ge 28 ip prefix-list ABC permit 0.0.0.0/0 le 32 ! router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 topology base distribute-list prefix ABC out E0/0 ************************************************************ Lab 8 - Configuring EIGRP - Authentication (MD5) ************************************************************ Requirement # 1: Authenticate the neighbor relationship between R1 & R2 using a key of Cisco@123 with a Key-id of 11. ----- R1 ----- key chain ABC key 11 key-string Cisco@123 ! Interface E0/0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 ABC ----- R2 ----- key chain DDD key 11 key-string Cisco@123 ! Interface E0/0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 DDD Requirement # 2: Authenticate the neighbor relationship between R3 & R4 using a key of Cisco@123 with a Key-id of 11. ----- R3 ----- key chain DDD key 11 key-string Cisco@123 ! router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface E0/1 authentication mode md5 authentication key-chain DDD ----- R4 ----- key chain DDD key 11 key-string Cisco@123 ! router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface E0/0 authentication mode md5 authentication key-chain DDD ************************************************************ Lab 9 - Configuring EIGRP - Authentication (SHA) ************************************************************ Requirement # 1: Authenticate the neighbor relationship between R4 & R5 using a key of Cisco@123 with SHA-256 as the hash mechanism ----- R4 ----- router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface E0/1 authentication mode hmac-sha-256 Cisco@123 ----- R5 ----- router eigrp KBITS ! address-family ipv4 unicast autonomous-system 200 ! af-interface E0/0 authentication mode hmac-sha-256 Cisco@123