 |
 |
 |
At no time should the hardware/software configuration of frame switch (router 7) or ISP (router 8) be modified in any way
At no time are Static or Default routes to be used
Do not configure loopback interfaces unless requested
Review all of the steps in this document before you begin. Some steps must take into account information found later in this document. Create a network diagram on a separate piece of paper. Include all network numbers, subnet masks, and host addresses.
Create 2
VLAN's on the Catalyst 5000. Port 3/1 in
VLANA and port 3/2 in VLANB
Configure
R2s's e0/0 as 129.45.80.1/30 which in connected to VLANB
Configure R3's e0/0 as 129.45.80.49/30 which is connected to VLANA
Topology and Basic IP Setup
Configure R5's s1 as 129.45.80.74 with a 2 host subnet
Configure IP addresses on the rest of the network with the address 129.45.80/24
Allow at least 6 hosts per subnet on ethernet and token ring interfaces
Allow at least 2 hosts per subnet on each WAN link
Configure IP across the Frame-Relay nework
Configure R3 using two sub-interfaces
Use a sub-interface for the connection to R5 and use one sub-interface for the connection to R2 and R4. Do not configure sub-interfaces for R2, R4, or R5
Ensure that you can ping from any router to any
interface including your own
Configure
the ISDN link. Verify pings from R3 - R5
Configure
X.25 for the connection from R1 to R2
Configure
async routing between the auxillary ports on R1 and R4
Configure Routing Protocols per the Routing Topology Diagram
Configure
OSPF as shown in the diagram
Setup Area 3
as a Stubby Area and configure OSPF MD5 authentication throughout area 1
Configure
IGRP as shown in the diagram. Redistribute these routes with other routing protocols to allow full
network connectivity
Configure
EIGRP as shown in the diagram. Redistribute these routes with other routing protocols to allow full
network connectivity
Configure R5 and R2 to be IBGP neighbors
Configure R2 and R4 to be IBGP neighbors
Do not configure peering statements between R5 and R4
Configure BGP on R5, R4 and R2 with an AS of 5
Configure R5 such that it will pass routes to an EBGP neighbor (ISP) 129.45.80.73/30 AS 254
Make sure that the only external BGP route that is accepted by R5 is that of the network 192.78.5.0
Configure
BGP supernetting using ip address 129.45.0.0. This is to be advertised to AS 254 only. Make sure that there are no update problems with this route being
advertised back into your IGP and IBGP. Verify that all BGP speakers can see the proper BGP routes
Ensure that
routing advertisements for all protocols are only being sent out on the
interfaces noted in the diagram. Ensure
that the best path is taken as the limits of your routing protocols allow. Remember NO static or default routing of any
kind
At this point you should be able to ping from any interface to nearly any other interface throughout the ENTIRE network
Verify network connectivity
Configure ISDN using these numbers:
Port1 SPID1 0835866101 DN 835-8661 (Router 3)
Port1 SPID2 0835866301 DN 835-8663
Port2 SPID1 0835866201 DN 835-8662 (Router 5)
Port2 SPID2 0835866401 DN 835-8664
Switch type is NI1
R5 should be set up as the dialer when its serial link goes down
Use ISDN as a backup link, when the frame-relay connection to R3 is lost
Use CHAP authentication
Configure
fault tolerance between R2 and R4's Ethernet. Make sure that no packets from the Ethernet network are lost when the
frame-relay links on either of the routers goes down
Allow the partner subnet 192.64.5.0 access to R5's s1 network via R4 only
Make sure
all other subnets access R5's s1 via R2
Configure an outbound access list on R5's Serial1 Interface
Permit FTP originating from R1's Token Ring network
Deny TFTP anywhere
Allow smtp, www, and ping from anywhere
Configure NAT on R5's ethernet interface
Host addresses are 1.1.1.1 to 1.1.1.30
Use the valid network on R5's ethernet interface as the outside addresses
Configure authenticated NTP on all routers
Make R2 the authoritative NTP server
Only allow R3 to synchronize with the time on R2 the master timeserver
Configure R2s clock to represent the correct time
Enable IPX
RIP on all LAN segments
Enable IPX
EIGRP on the frame-relay, ISDN and x.25 network connections
Configure 2
static SAPs on R4's Token Ring
Filter SAP on R4's E0 such that it will only advertise 1 SAP
Verify that
these 2 SAPs appear in R2's SAP table
Configure
IPX route filtering such that R3 will not see IPX routes from R5
Configure LAT between R3 and R5
Verify that you can establish LAT sessions between R3 and R5
Ensure that
the connections made are always LAT and never telnet
Enable AppleTalk RTMP on all LAN segments
AppleTalk EIGRP on all possible WAN segments besides ISDN.
Configure tunnels in the Frame Relay Network
Make sure that the tunnel for the connection between R3 and R5 uses no AppleTalk cable ranges, while the other connections do.
Filter AppleTalk zones on R4 such that users on the token ring will only sees its own zone.
Configure
DLSW+ on R4's token ring and R1's and R3s ethernet interfaces
Configure R4 as a DLSW+ Border Peer to both R2 and R3
Use TCP for the connection between R3 and R4
Use FST for
the connection between R2 and R4
Allow only
SNA from R3 to R1 and R4
Allow only
Netbios between R1 and R4
Setup
filters such that the Token Ring announces only the Mac address of the FEP. Mac
for the FEP on R4 is 4444.4444.4444
Adjust DLSW+
Timers.
Verify that your configuration is correct by checking the peer capabilities
Configure IP
multicast such that a multicast server on R3s e0 can send multicast packets to
receivers on R1's and R4's token interfaces.
Add IPX to the ISDN configuration
Verify that
all updates and routing is available in the event the frame goes down
Configure
IPX on the ISDN such that RIP and SAP updates are kept to a minimum.
Frame Relay Switch Configuration
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname switch
ip subnet-zero
no ip domain-lookup
ip audit notify log
ip audit po max-events 100
frame-relay switching
cns event-service server
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
duplex auto
speed auto
interface Serial1/0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
no fair-queue
clockrate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 40 interface Serial1/2 140
interface Serial1/1
no ip address
no ip directed-broadcast
encapsulation frame-relay
clockrate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 20 interface Serial1/2 120
interface Serial1/2
no ip address
no ip directed-broadcast
encapsulation frame-relay
clockrate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 120 interface Serial1/1 20
frame-relay route 140 interface Serial1/0 40
frame-relay route 150 interface Serial1/3 50
interface Serial1/3
no ip address
no ip directed-broadcast
encapsulation frame-relay
clockrate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 50 interface Serial1/2 150
ip classless
no ip http server
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password cisco
login
end
|
