Tuesday, April 12, 2016

CCNAv2 Completed Packet Tracer 9.4.2.8

Greetings, and welcome to Seeseenayy.

Packet Tracer Details: This packet tracer asks us to finish the addressing scheme, configure routing, and implement named access control lists for both routers and any other affected devices. This PT is only harder because of how much we have to do. To summarize it, all we have to really configure is OSPF, the ACLs, and some here-and-there type of things.

Below you will find a download of the completed packet tracer file. It is recommended that you read the tutorial, it provides knowledge on the configuration of this ACL.


Download(s)

Alternatively, you may use the commands from the tutorial.

Tutorial / Walk-through 
  Divide 172.16.128.0/19 into two equal subnets for use on Branch.
1)     Assign the last usable address of the second subnet to the Gigabit Ethernet 0/0 interface.
2)     Assign the last usable address of the first subnet to the Gigabit Ethernet 0/1 interface.
3)     Document the addressing in the Addressing Table.
4)     Configure Branch with appropriate addressing

Start off with basic configuration and addressing assignment.
Branch>en
Branch#conf t
Branch(config)#int g0/0
Branch(config-if)#ip add 172.16.159.254 255.255.240.0
Branch(config-if)#ex
Branch(config)#int g0/1
Branch(config-if)#ip add 172.16.143.254 255.255.240.0
Branch(config-if)#ex

Configure B1 with appropriate addressing using the first available address of the network to which it is attached. Document the addressing in the Addressing Table.

Configure the PC with the appropriate address.
B1-IP: 172.16.144.1
B1-SM: 255.255.240.0
B1-DG: 172.16.159.254

Configure HQ and Branch with OSPF routing according to the following criteria:

        Assign the process ID 1.
        Advertise all three attached networks. Do not advertise the link to the Internet.
        Configure appropriate interfaces as passive.

The PT asks us to configure the network's routers, such as Branch-RT. This means we have to make the networks be able to talk to each other. Asking "Configure HQ and Branch with OSPF routing according to the following criteria" isn't too bad, it's just like our previous PTs with OSPF on them.

Branch(config)#router ospf 1
Branch(config-router)#network 172.16.144.0 0.0.0.31 area 0
Branch(config-router)#network 172.16.128.0 0.0.15.255 area 0
Branch(config-router)#network 192.168.0.0 0.0.0.3 area 0
Branch(config-router)#passive-interface g0/0
Branch(config-router)#passive-interface g0/1

(as well as the HQ Network)
We can pause Branch configuration for now. Lets go to HQ.
This is the same configuration. Note that HQ needs to be routed and configured.

HQ>en
HQ#conf t
HQ(config)#router ospf 1
HQ(config-router)#network 172.16.0.0 0.0.63.255 area 0
HQ(config-router)#network 172.16.64.0 0.0.63.255 area 0
HQ(config-router)#network 192.168.0.0 0.0.0.3 area 0
HQ(config-router)#passi
HQ(config-router)#passive-interface g0/0
HQ(config-router)#passive-interface g0/1
HQ(config-router)#passive-interface S0/0/1

Set a default route on HQ which directs traffic to S0/0/1 interface. Redistribute the route to Branch.

HQ(config)#ip route 0.0.0.0 0.0.0.0 S0/0/1
HQ(config)#router ospf 1
HQ(config-router)#default-information originate 

So, we have enough for HQ to be alive for now. Lets open up Branch and configure our access lists. PT asks for the following:

Design a named access list HQServer to prevent any computers attached to the Gigabit Ethernet 0/0 interface of the Branch router from accessing HQServer.pka. All other traffic is permitted. Configure the access list on the appropriate router, apply it to the appropriate interface and in the appropriate direction.

The last thing we did on our Branch router was OSPF, which is fine.
Lets open the RT to create an extended Access List named "HQServer" (Case sensitive) that blocks all any host addresses from accessing HQServer, and allowing all other.

Branch(config-router)#ex
Branch(config)#ip access-list extended HQServer
Branch(config-ext-nacl)#deny ip any host 172.16.0.1
Branch(config-ext-nacl)#permit ip any any
Branch(config-ext-nacl)#ex
Branch(config)#int g0/0
Branch(config-if)#ip access-group HQServer in

This is the same for HQ, so close out of Branch and go to HQ. PT asks for as follows: 

Design a named access list BranchServer to prevent any computers attached to the Gigabit Ethernet 0/0 interface of the HQ router from accessing the HTTP and HTTPS service of the Branch server. All other traffic is permitted. Configure the access list on the appropriate router, apply it to the appropriate interface and in the appropriate direction.

Configure HQ to have an Access List for "BranchServer" and then apply it to g0/0.
HQ(config-router)#ex
HQ(config)#ip access-list extended BranchServer
HQ(config-ext-nacl)#deny tcp any host 172.16.128.1 eq 80
HQ(config-ext-nacl)#deny tcp any host 172.16.128.1 eq 443
HQ(config-ext-nacl)#permit ip any any
HQ(config-ext-nacl)#int g0/0
HQ(config-ext-nacl)#ex
HQ(config)#int g0/0
HQ(config-if)#ip access-group BranchServer in

You should be 100% now, if not, check your steps and re-apply them.

You might have used incorrect wildcards or applied the ACL incorrectly.

2 comments:

  1. Why do you write incorrect values in the accesslist step and then correct it?
    Why not write the correct at once?

    Remove the following from your code:

    Branch(config)#ip access-list extended HQServer
    Branch(config-ext-nacl)#deny ip any host 162.16.0.1
    Branch(config-ext-nacl)#ex
    Branch(config)#no ip access-list extended HQServer

    ReplyDelete
    Replies
    1. When I solve this activity, I copy the commands I enter from the terminal into Notepad++.
      Usually, I correct these issues, but for one reason or another, I missed it.
      It's corrected, thank you for the catch, anon.

      Delete

Feel free to comment if you have a question, commendation, or concern. We love to hear your feedback!

Please do not share links to external websites if it not relevant to discussion. We reserve our right to remove any content we deem advertising.