lab 9 cst332
DESCRIPTION
sasaTRANSCRIPT
DeviceInterfaceIP AddressSubnet MaskDefault Gateway
HQG0/0172.16.127.254255.255.192.0N/A
G0/1172.16.63.254255.255.192.0N/A
S0/0/0192.168.0.1255.255.255.252N/A
S0/0/164.104.34.2255.255.255.25264.104.34.1
BranchG0/0172.16.159.254255.255.240.0N/A
G0/1172.16.143.254255.255.240.0N/A
S0/0/0192.168.0.2255.255.255.252N/A
HQ1NIC172.16.64.1255.255.192.0172.16.127.254
HQ2NIC172.16.0.2255.255.192.0172.16.63.254
HQServer.pkaNIC172.16.0.1255.255.192.0172.16.63.254
B1NIC
B2NIC172.16.128.2255.255.240.0172.16.143.254
BranchServer.pkaNIC172.16.128.1255.255.240.0172.16.143.254
ScenarioIn this challenge activity, you will finish the addressing scheme, configure routing, and implement named access control lists.Requirementsa. Divide 172.16.128.0/19 into two equal subnets for use onBranch.
c.16.128.0/19 255.25.224.010101100. 00010000.10000000.00000000172.16.128.0/20Network address = 172.16.128.01st host = 172.16.128.1last host = 172.16.143.254Broadcast = 172.16.143.255
2nd Subnet172.16.144.0/20Network address = 172.16.144.01st host = 172.16.144.1last host = 172.16.159.254Broadcast = 172.16.159.255
Subnet mask= 255.255.240.0
1) Assign the last usable address of the second subnet to the Gigabit Ethernet 0/0 interface.Branch(config)#int g0/0Branch(config-if)#ip address 172.16.159.254 255.255.240.0Branch(config-if)#no shutdown
2) Assign the last usable address of the first subnet to the Gigabit Ethernet 0/1 interface.
Branch(config)#int g0/1Branch(config-if)#ip address 172.16.143.254 255.255.240.0Branch(config-if)#no shutdown
3)Document the addressing in the Addressing Table.4)ConfigureBranchwith appropriate addressing
b. ConfigureB1with appropriate addressing using the first available address of the network to which it is attached. Document the addressing in the Addressing Table.IP Addess: 172.16.144.1Subnet Mask: 255.255.240.0Default Gateway: 172.16.159.254
c.ConfigureHQandBranchwith OSPF routing according to the following criteria:Assign the process ID 1.Advertise all three attached networks. Do not advertise the link to the Internet.Configure appropriate interfaces as passive.
BRANCHBranch(config)#router ospf 1Branch(config-router)#do show ip route connectedBranch(config-router)#network 172.16.128.0 0.0.15.255 area 0Branch(config-router)#network 172.16.144.0 0.0.15.255 area 0Branch(config-router)#network 192.168.0.0 0.0.0.3 area 0Branch(config-router)#passive-interface g0/0Branch(config-router)#passive-interface g0/1
HQHQ(config)#router ospf 1HQ(config-router)#do show ip route connectedHQ(config-router)#network 172.16.0.0 0.0.63.255 area 0HQ(config-router)#network 172.16.64.0 0.0.63.255 area 0HQ(config-router)#network 192.168.0.0 0.0.0.3 area 0HQ(config-router)#passive-interface g0/1HQ(config-router)#passive-interface g0/0HQ(config-router)#passive-interface s0/0/1
d. Set a default route onHQwhich directs traffic to S0/0/1 interface. Redistribute the route toBranch.HQ(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1%Default route without gateway, if not a point-to-point interface, may impact performanceHQ(config)#router ospf 1HQ(config-router)#defuHQ(config-router)#defHQ(config-router)#default-information originate
e. Design a named access listHQServerto prevent any computers attached to the Gigabit Ethernet 0/0 interface of theBranchrouter from accessingHQServer.pka. All other traffic is permitted. Configure the access list on the appropriate router, apply it to the appropriate interface and in the appropriate direction.
Branch(config)#ip access-list extended HQServerBranch(config-ext-nacl)#deny ip any host 172.16.0.1Branch(config-ext-nacl)#permit ip any any
Branch(config)#int g0/0Branch(config-if)#ip access-group HQServer in
f. Design a named access listBranchServerto prevent any computers attached to the Gigabit Ethernet 0/0 interface of theHQrouter from accessing the HTTP and HTTPS service of theBranchserver. All other traffic is permitted. Configure the access list on the appropriate router, apply it to the appropriate interface and in the appropriate direction.
HQ(config)#ip access-list extended BranchServerHQ(config-ext-nacl)#deny tcp any host 172.16.128.1 eq 80HQ(config-ext-nacl)#deny tcp any host 172.16.128.1 eq 443HQ(config-ext-nacl)#permit ip any anyHQ(config-ext-nacl)#
HQ(config)#int g0/0HQ(config-if)#ip access-group BranchServer in