Task 1:
R2(config)# ip access-list standard NAT //Note: The name of the ACL may be different so please check carefully! R2(config-std-nacl)#permit 10.2.3.3
R2(config-std-nacl)#permit 192.168.3.1
R2(config-std-nacl)#permit 10.1.3.11 R2(config-std-nacl)#exit
R2(config)# interface e0/1 R2(config-if)#ip nat inside R2(config-if)#exit R2(config)#interface e0/0 R2(config-if)#ip nat outside R2(config-if)#exit
R2(config)#ip nat inside source list NAT interface e0/0 overload
Verification
R3#ping 192.168.1.1
.!!!! (ping should work)
Task 2:
R1#clock set 00:00:00 January 1 2019 //Midnight means 00:00:00. Note: The date may be different so please check carefully! R1#config t
R1(config)#ntp master 1 //Configure R1 as an NTP server
A strange thing of this sim is that E0/2 of R1 has not been configured an IP address so we must assign the IP address of 10.1.3.1 as shown in the topology for it. Maybe it is the reason the requirement says “using the IP address of the R1 Ethernet0/2 interface”.
R1(config)#interface e0/2
R1(config)#ip address 10.1.3.1 255.255.255.0 Configure R2 as the NTP client (not NTP peer):
R2#config t
R2(config)#ntp server 10.1.3.1
Verification__Check_the_clock_on_R2_to_see_if_it_is_the_same_as_R1:__R2show_clock_0:0:01.60_UTC_Tue_Jan_1_2019___Task_3'>Verification
Check the clock on R2 to see if it is the same as R1:
R2#show clock
0:0:01.60 UTC Tue Jan 1 2019
Task 3:
R1(config)#ip dhcp pool NETPOOL
R1(dhcp-config)#network 10.1.3.0 255.255.255.0 R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 10.1.3.1 10.1.3.10
Configure interface E0/2 of R3 to receive IP address issued from R1 (DHCP Server):
R3(config)#interface e0/2 R3(config-if)#ip address dhcp
Verification R3(config-if)#exit R3(config)#exit
R3#show ip interface brief (E0/2 interface is assigned the IP address of 10.1.3.11)
Interface IP-Address OK? Method Status Protocol
…
Ethernet0/2 10.1.3.11 YES DHCP up up
Task 4:
R3(config)#line vty 0 4 //we should use the “show run” command to confirm if the “line vty 0 4” or “line vty 0 15” R3(config-line)#transport input ssh
R3(config-line)#login local R3(config-line)#exit
R3(config)#username netadmin password N3t4ccess //Note: Please check the username and password given carefully. It may not be “netadmin” and “N3t4ccess” as shown here
R3(config)#crypto key generate rsa modulus 1024
Note: The command “ip domain-name xyz.com” has been configured so we don’t need to type this command again. This command must be used before the “crypto key generate rsa” command or an error will be shown.
Verification
R1# ssh -l netadmin 10.1.3.11 Password: {please type N3t4ccess here}
Save the configuration
As the guidelines clearly stated that we have to save the configuration to NVRAM so please save all your configurations on R1, R2 and R3: R1#, R2#, R3#copy running-config startup-config
Note: Just for your information, this lab requires “Do not use NVI NAT configuration” so what is NVI NAT?
Cisco IOS Release 12.3(14)T introduced a feature called NAT Virtual Interface (NVI), which allows you to do a NAT configuration without the need to specify an interface as being an inside or an outside interface. Specifically, instead of issuing the “ip nat inside” or “ip nat outside” command in interface configuration mode, you can issue the “ip nat enable” command. Not only does this feature make configuration easier , but it also allows traffic to flow between two interfaces that would both be considered inside interfaces, from a classic NAT perspective.
Dostları ilə paylaş: |