Activity 7.4.2: Challenge DHCP and NAT Configuration

Activity 7.4.2: Challenge DHCP and NAT Configuration Topology Diagram

Addreing Ta!le Device

"nterface

"P Addre

#u!net $a%

#()()(

172.16.0.1

255.255.255.252

*a()(

172.16.10.1

255.255.255.0

*a()'

172.16.11.1

255.255.255.0

#()()(

172.16.0.2

255.255.255.252

#()()'

209.165.201.1

255.255.255.252

*a()(

172.16.20.1

255.255.255.0

#()()'

209.165.201.2

255.255.255.252

&'

&2

"#P

+earning ,!-ective Upon completion of this lab, you will be able to: •

Prepare the networ

•

Perform basic router confi!urations

•

"onfi!ure a "isco #$% &'"P ser(er 

•

"onfi!ure static an) )efault routin!

•

"onfi!ure static *+

 +ll contents are "opyri!ht "opyri!ht - 19922007 "isco %ystems, %ystems, #nc. +ll ri!hts reser(e). his his )ocument is "isco Public Public #nformation.

Pa!e 1 of 5

""*+ /ploration  +ccessin! the +*: #P +))ressin! %er(ices

P +cti(ity 7..2: "hallen!e &'"P an) *+ "onfi!uration

•

"onfi!ure )ynamic *+ with a pool of a))resses

•

"onfi!ure *+ o(erloa)

#cenario #n this lab, confi!ure the #P a))ress ser(ices usin! the networ shown in the topolo!y )ia!ram. #f you nee) assistance, refer bac to the basic &'"P an) *+ confi!uration lab. 'owe(er, try to )o as much on your own as possible.

Ta% ': Perform aic &outer Configuration "onfi!ure the 31, 32, an) #%P routers accor)in! to the followin! !ui)elines: •

"onfi!ure the )e(ice hostname.

•

&isable &*% looup.

•

"onfi!ure a pri(ile!e) /4/" mo)e passwor).

•

"onfi!ure a messa!eofthe)ay banner.

•

"onfi!ure a passwor) for the console connections.

•

"onfi!ure a passwor) for all (ty connections.

•

"onfi!ure #P a))resses on all routers. he P"s recei(e #P a))ressin! from &'"P later in the lab.

•

/nable 3#P(2 on 31 an) 32. &o not a)(ertise the 209.165.200.2227 networ.

*or all device: enable conf t no ip domain-lookup enable secret class banner motd $Authorized Access Only!$ ! line con 0 logging synchronous  password cisco  login ! line vty 0 4  password cisco  login end copy run start

&': hostname  int fa0"0  ip address  no shut int fa0"  ip address  no shut int s0"0"0  ip address  clock rate  no shut ! router rip

#%&%0% ''%''%''%0

#%&%% ''%''%''%0

#%&%0% ''%''%''%' '000

 +ll contents are "opyri!ht - 19922007 "isco %ystems, #nc. +ll ri!hts reser(e). his )ocument is "isco Public #nformation.

Pa!e 2 of 5

""*+ /ploration  +ccessin! the +*: #P +))ressin! %er(ices

P +cti(ity 7..2: "hallen!e &'"P an) *+ "onfi!uration

version   network #%&%0%0  no auto-summary

&2: hostname  int fa0"0  ip address #%&%0% ''%''%''%0  no shut int s0"0"0  ip address #%&%0% ''%''%''%'  no shut int s0"0"  ip address 0(%&'%0% ''%''%''%'  clock rate '000  no shut ! router rip  version   network #%&%0%0  no auto-summary

"#P: hostname )*+ int s0"0" ip address 0(%&'%0% ''%''%''%'  no shut !

Ta% 2: Configure a Cico ",# DHCP #erver  "onfi!ure 31 as the &'"P ser(er for the two )irectly attache) +*s. #tep '. /0clude tatically aigned addree. /clu)e the first three a))resses from each pool. ,config.ip dhcp excluded-address 172.16.10.1 172.16.10.3 ,config.ip dhcp excluded-address 172.16.11.1 172.16.11.3

#tep 2. Configure the DHCP pool. •

•

"reate two &'"P pools. *ame one of them &'1+AN'( for the 172.16.10.02 networ, an) name the other  &'1+AN'' for the 172.16.11.02 networ. "onfi!ure each pool with a )efault !ateway an) a simulate) &*% at 172.16.20.25.

,config.ip dhcp pool R1_LAN10 ,dhcp-config.network 172.16.10.0 2.2.2.0 ,dhcp-config.de!ault-router 172.16.10.1 ,dhcp-config.dns-ser"er 172.16.20.2# ,dhcp-config.ip dhcp pool R1_LAN11 ,dhcp-config.network 172.16.11.0 2.2.2.0 ,dhcp-config.de!ault-router 172.16.11.1 ,dhcp-config.dns-ser"er 172.16.20.2#

 +ll contents are "opyri!ht - 19922007 "isco %ystems, #nc. +ll ri!hts reser(e). his )ocument is "isco Public #nformation.

Pa!e 8 of 5

""*+ /ploration  +ccessin! the +*: #P +))ressin! %er(ices

P +cti(ity 7..2: "hallen!e &'"P an) *+ "onfi!uration

#tep . 3erify the DHCP configuration. .show ip dhcp $indin% )+ address /lient-)" ardware address #%&%0%4 0050%6#0/%#55 #%&%%4 000(%#/70%8(5&

1ease e2piration

3ype

---

Automatic Automatic

Ta% : Configure #tatic and Default &outing •

"onfi!ure #%P with a static route for the 209.165.201.027 networ. Use the eit interface as an ar!ument.

)*+,config.ip route 20&.16.201.0 2.2.2.22# serial 0'0'1 •

"onfi!ure a )efault route on 32 an) propa!ate the route in $%P. Use the nethop #P a))ress as an ar!ument.

,config.ip route 0.0.0.0 0.0.0.0 20&.16.201.2 ,config.router rip ,config-router.de!ault-in!or(ation ori%inate

Ta% 4: Configure #tatic NAT #tep '. #tatically map a pu!lic "P addre to a private "P addre. %tatically map the insi)e ser(er #P a))ress to the public a))ress 209.165.201.80. ,config.ip nat inside source static 172.16.20.2# 20&.16.201.30

#tep 2. #pecify inide and outide NAT interface. ,config.inter!ace serial 0'0'1 ,config-if.ip nat outside ,config-if.inter!ace !a0'0 ,config-if.ip nat inside

#tep . 3erify the tatic NAT configuration. .show ip nat translations +ro )nside global )nside local --- 0(%&'%0%80 #%&%0%'4

Outside local ---

Outside global ---

Ta% : Configure Dynamic NAT 5ith a Pool of Addree #tep '. Define a pool of glo!al addree. "reate a pool name) NAT1P,,+ for the #P a))resses 209.165.201.9 throu!h 209.165.201.1 usin! a  29 subnet mas. ,config.ip nat pool NA)_*++L 20&.16.201.& 20&.16.201.1# net(ask

2.2.2.2#, #tep 2. Create a tandard named acce control lit to identify 5hich inide addree are tranlated. Use the name NAT1AC+ an) allow all hosts attache) to the two +*s on 31. *ote: he .'( +* must be confi!ure) first, then the .'' +*. $therwise, Pacet racer will not !ra)e the  +" as correct.  +ll contents are "opyri!ht - 19922007 "isco %ystems, #nc. +ll ri!hts reser(e). his )ocument is "isco Public #nformation.

Pa!e  of 5

""*+ /ploration  +ccessin! the +*: #P +))ressin! %er(ices

P +cti(ity 7..2: "hallen!e &'"P an) *+ "onfi!uration

,config.ip access-list standard NA)_AL ,config-std-nacl.  per(it 172.16.10.0 0.0.0.2 ,config-std-nacl.  per(it 172.16.11.0 0.0.0.2

#tep . /ta!lih dynamic ource tranlation. in) the *+ pool to the +" an) allow *+ o(erloa)in!. ,config.ip nat inside source list NA)_AL pool NA)_*++L o"erload 

#tep 4. #pecify the inide and outide NAT interface. ;erify that the insi)e an) outsi)e interfaces are all correctly specifie). ,config.inter!ace serial 0'0'0 ,config-if.ip nat inside

#tep . 3erify the dynamic NAT configuration !y pinging from PC' and PC2 to "#P. .show ip nat translations +ro )nside global )nside local icmp 0(%&'%0%(9 #%&%0%49 icmp 0(%&'%0%(904#%&% %49 --- 0(%&'%0%80 #%&%0%'4

Outside local 0(%&'%0%9 0(%&'%0%9 ---

Outside global 0(%&'%0%9 0(%&'%0%904 ---

Ta% 6: Document the Net5or% $n each router, issue the ho5 run comman) an) capture the confi!urations.

 +ll contents are "opyri!ht - 19922007 "isco %ystems, #nc. +ll ri!hts reser(e). his )ocument is "isco Public #nformation.

Pa!e 5 of 5