Hangelot's Website

Guida Minipwner Tp-Link TL-MR3020

marzo 25, 2013 - 18:06 GNU/Linux no comments

Questa è una rivisitazione e semplificazione, realizzata da me, della guida su minipwner.com. Grazie a minipwner.com per aver messo a disposizione il file minipwner.tar
Questa guida è specifica per Il router Tp-Link TL-MR3020

Avviso:
Non sono responsabile di danneggiamenti di alcun genere. Se seguite questa guida è a vostro rischio e pericolo.

La distribuzione usata per eseguire tutte le operazioni è stata Debian 7 Testing. Ma è possibile usare qualsiasi distribuzione.

Hardware necessario:
Tp-Link TL-MR3020
USB flash drive 4Gb (è consigliato il Cruzer Fit per le dimensioni ridotte)

Ripartiziona la USB flash drive come segue:
Partizione 1: Linux Swap Device
Partizione 2: ext4

Inserisci la USB stick nel router

Scarica l'immagine OpenWrt per il TP-Link MR3020 da
http://downloads.openwrt.org/snapshots/trunk/ar71xx/

e preleva i files:
openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin
openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

Scaricare il file minipwner.tar a questo link:
http://www.minipwner.com/images/minipwner.tar

collegare il router alla presa elettrica e collegarlo con il cavo ethernet al pc.

Via browser digitare l'indirizzo 192.168.0.254
Username: admin
Password: admin

Andare alla sezione system tools > firmware upgrade e caricare il firmware:
openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin

Cliccare sul tasto upgrade e il firmware verrà caricato. Alla fine il router verrà riavviato.

Disconnettere l'alimentazione e riconnetterla.

il nuovo indirizzo ip del router sarà 192.168.1.1 (la sezione web non funzionerà più)

connettersi via telnet al sistema
telnet 192.168.1.1

Cambiare la password del router nel terminale OpenWrt
passwd

nel terminale di OpenWrt andare nella directory tmp:
cd /tmp

Aprire un nuovo terminale e spostarsi nella directory dove sono stati scaricati i files

eseguire questo comando:
rcp openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/

Ora per effettuare l'upgrade digitare dal terminale OpenWrt:
sysupgrade -v /tmp/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

Appena terminato il router si riavvierà.

Connettersi nuovamente al router tramite il comando:
ssh root@192.168.1.1

quando richiesto, inserire la password.

Copiare minipwner.tar su /usr/share
Da un nuovo terminale posizionarsi nella directory del pc dove si trova il file minipwner.tar.
Eseguire questo comando:
rcp minipwner.tar root@192.168.1.1:/usr/share

Dal terminale Openwrt digitare:
cd /usr/share
tar -xf minipwner.tar

Copiare il MAC ADDRESS della scheda wireless per poterlo inserire nel nuovo file di configurazione
per fare ciò abilitiamo l'opzione wifi dal file /etc/config/wireless
vi /etc/config/wireless

troverete una linea con scritto:
# REMOVE THIS LINE TO ENABLE WIFI
option disabled 1

Inserire il # come mostrato qui:
# REMOVE THIS LINE TO ENABLE WIFI
# option disabled 1

Salvate con :wq! e premete invio.
Eseguire questi comandi:
wifi
ifconfig wlan0

Copiate il mac Address su un file di testo (servirà più volte).

Eseguire questi comandi:
cd /usr/share/minipwner
cp -f /etc/config/network /etc/config/network.orig
cp -f /etc/config/wireless /etc/config/wireless.orig
cp -f /etc/config/firewall /etc/config/firewall.orig
cp -f /etc/profile /etc/profile.orig
cp -f /etc/opkg.conf /etc/opkg.conf.orig
cp -f /etc/config/system /etc/config/system.orig
cp -f /etc/config/dhcp /etc/config/dhcp.orig
cp -f ./network.1 /etc/config/network
cp -f ./wireless.1 /etc/config/wireless
cp -f firewall.1 /etc/config/firewall

Editare il file /etc/config/wireless
vi /etc/config/wireless

Cancellare il vecchio MAC ADDRESS ed inserire quello precedentemente copiato.

A questo punto è necessario configurare il wifi.
Se il vostro router ha il wifi Aperto l'unica cosa che bisogna fare è settare il SSID del vostro router.
Il default SSID è TOKI (Cambiare TOKI con il vostro SSID).

Se Avete una rete wireless criptata (supponiamo WPA2 PSK), configurare in questo modo:
Option encryption psk2+tkip
option key tua_key

Maggiori info su OpenWrt Wiki

Salvare con :wq! e premere invio.

Ora bisogna riavviare la rete:
/etc/init.d/network restart

Controllare che la wlan0 abbia l'indirizzo IP assegnato.
ifconfig wlan0

Nel caso ci siano problemi fare troubleshooting a riguardo.

Eseguire questi comandi:
cd /usr/share/minipwner
opkg update
opkg install kernel
opkg install kmod-usb-storage
opkg install kmod-fs-ext4
opkg install block-mount
cp -f profile.1 /etc/profile
cp -f fstab.1 /etc/config/fstab
cp -f opkg.conf.1 /etc/opkg.conf
cp -f system.1 /etc/config/system
mkdir /mnt/usb
/etc/init.d/fstab enable
/etc/init.d/fstab start
ls /mnt/usb

controllare che la usb stick sia montata tramite "mount" oppure "df"

Eseguire questi comandi:
cd /usr/share/minipwner
ln -s /mnt/usb /opt
ln -s /etc /mnt/usb/etc
opkg update
opkg install netcat
opkg -dest usb install tar
opkg -dest usb install openssh-sftp-client
opkg -dest usb install nmap
opkg -dest usb install tcpdump
opkg -dest usb install aircrack-ng
opkg -dest usb install kismet-client
opkg -dest usb install kismet-server
opkg -dest usb install perl
opkg -dest usb install openvpn
opkg -dest usb install nbtscan
opkg -dest usb install snort
opkg -dest usb install karma
opkg -dest usb install samba36-client
opkg -dest usb install elinks
opkg -dest usb install yafc
cp -f /etc/config/wireless /etc/config/wireless.old
cp -f /etc/config/network /etc/config/network.old
cp -f /etc/config/dhcp /etc/config/dhcp.old
cp -f ./network.2 /etc/config/network
cp -f ./wireless.2 /etc/config/wireless
cp -f ./dhcp.2 /etc/config/dhcp
ln -s /mnt/usb/usr/share/nmap /usr/share/nmap

Editare /etc/config/wireless
vi /etc/config/wireless

cancellare il vecchio MAC Address ed incollare quello copiato precedentemente.
Salvare ed uscire.
:wq!

Riavviare il router
reboot

Il minipwner è pronto: L'accesso wireless è aperto e con SSID TOKI.
Il nuovo ip del router è ora 192.168.50.1
ssh root@192.168.50.1

Se vuoi installare altri pacchetti nella USB digita:
opkg -dest usb install (nomepacchetto)
esempio:
opkg -dest usb install elinks

Se ci sono problemi nelle librerie nella maggiorparte dei casi è possibile risolvere con un symlink tipo questo:
ln -s /mnt/usb/usr/share/nmap /usr/share/nmap

Il forum minipwner.com è molto utile per eventuali problemi.

Soluzione PT Activity 7.5.1: Packet Tracer Skills Integration Challenge

marzo 8, 2013 - 13:32 Cisco no comments

Domande e commenti sono graditi.

Task 1: Apply Basic Configurations
Step 1. Configure R1, R2, and R3 with the basic global configuration.
Hostname as listed in the addressing table
Console line for login with password cisco
vtys 0–4 for login with password cisco
Secret password class
Banner of “AUTHORIZED ACCESS ONLY!”
Only the hostname and banner are graded.

R1
Router>en
Router#conf t
Router(config)#Hostname R1
R1(config)#line con 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#enable secret class
R1(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R1(config)#

R2
Router>en
Router#conf t
Router(config)#hostname R2
R2(config)#line con 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#enable secret class
R2(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R2(config)#

R3
Router>en
Router#conf t
Router(config)#hostname R3
R3(config)#line con 0
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#line vty 0 4
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#exit
R3(config)#enable secret class
R3(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R3(config)#

Step 2. Configure the interfaces on R1, R2, and R3.
Use the addressing table to determine the interface addresses. Use the topology diagram to determine which interfaces are DCE interfaces. Configure the DCE interfaces for a clock rate of 64000.

R1
R1(config)#int f0/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int f0/1
R1(config-if)#ip address 192.168.11.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int s0/0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#

R2
R2(config)#int f0/0
R2(config-if)#ip address 192.168.20.1 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int s0/0/0
R2(config-if)#ip address 10.1.1.2 255.255.255.252
R2(config-if)#no sh
R2(config-if)#int s0/0/1
R2(config-if)#ip address 10.2.2.1 255.255.255.252
R2(config-if)#clock rate 64000
R2(config-if)#no sh
R2(config-if)#int s0/1/0
R2(config-if)#ip address 209.165.200.225 255.255.255.224
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#

R3
R3(config)#int f0/0
R3(config-if)#ip address 192.168.30.1 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int s0/0/1
R3(config-if)#ip address 10.2.2.2 255.255.255.252
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#

Task 2: Configure PPP Encapsulation with CHAP
Step 1. Configure the link between R1 and R2 to use PPP encapsulation with CHAP authentication.
The password for CHAP authentication is cisco123.

R1
R1(config)#int s0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#exit
R1(config)#username R2 password cisco123
R1(config)#

R2
R2(config)#int s0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
R2(config)#username R1 password cisco123
R2(config)#

Step 2. Configure the link between R2 and R3 to use PPP encapsulation with CHAP authentication.
The password for CHAP authentication is cisco123.

R2
R2(config)#int s0/0/1
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
R2(config)#username R3 password cisco123
R2(config)#

R3
R3(config)#int s0/0/1
R3(config-if)#encapsulation ppp
R3(config-if)#ppp authentication chap
R3(config-if)#exit
R3(config)#username R2 password cisco123
R3(config)#

Step 3. Verify that connectivity is restored between the routers.
R2 should be able to ping both R1 and R3. The interfaces may take a few minutes to come back up. You can switch back and forth between Realtime and Simulation modes to speed up the process. Another possible workaround to this Packet Tracer behavior is to use the shutdown and no shutdown commands on the interfaces.

R2
R2#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms

R2#ping 10.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms

Task 3: Configure Dynamic and Default Routing
Step 1. Configure R1, R2, and R3 to use the OSPF routing protocol.
Use a process ID of 1 when configuring OSPF on the routers.
Advertise all networks connected to R1 and R3, but do not send routing updates out the LAN interfaces.
On R2, do not advertise the 209.165.200.224 network, and do not send routing updates out the Fa0/0 or the Serial0/1/0 interfaces.

R1
R1(config)#router ospf 1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
R1(config-router)#network 192.168.11.0 0.0.0.255 area 0
R1(config-router)#passive-interface f0/0
R1(config-router)#passive-interface f0/1
R1(config-router)#exit
R1(config)#

R2
R2(config)#router ospf 1
R2(config-router)#network 10.1.1.0 0.0.0.3 area 0
R2(config-router)#network 10.2.2.0 0.0.0.3 area 0
R2(config-router)#network 192.168.20.0 0.0.0.255 area 0
R2(config-router)#passive-interface f0/0
R2(config-router)#passive-interface s0/1/0
R2(config-router)#exit
R2(config)#

R3
R3(config)#router ospf 1
R3(config-router)#network 10.2.2.0 0.0.0.3 area 0
R3(config-router)#network 192.168.30.0 0.0.0.255 area 0
R3(config-router)#passive-interface f0/0
R3(config-router)#exit
R3(config)#

Step 2. Configure a default route on R2.
Configure a default route to ISP, specifying the outgoing interface on R2 as the next-hop address.

ISP(config)#ip route 209.165.202.128 255.255.255.224 s0/0/0

Step 3. Configure OSPF to advertise the default route.
On R2, enter the command to advertise the default route to R1 and R3 via OSPF.

R2
R2(config)#router ospf 1
R2(config-router)#default-information originate
R2(config-router)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0
R2(config)#

Task 4: Configure Routers with Easy IP
Step 1. Configure R1 to act as a DHCP server for the 192.168.10.0 and 192.68.11.0 networks.
- Name the DHCP pool for the 192.168.10.0 network R1LAN1. For the 192.168.11.0 network, use the name R1LAN2.
- Exclude the first nine addresses on each network from dynamic assignment.
- In addition to the IP address and subnet mask, assign the default gateway and DNS server addresses.

R1(config)#ip dhcp pool R1LAN1
R1(dhcp-config)#network 192.168.10.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.10.1
R1(dhcp-config)#dns-server 192.168.20.254
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.9
R1(config)#ip dhcp excluded-address 192.168.11.1 192.168.11.9
R1(config)#ip dhcp pool R1LAN2
R1(dhcp-config)#network 192.168.11.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.11.1
R1(dhcp-config)#dns-server 192.168.20.254
R1(dhcp-config)#exit
R1(config)#

Step 2. Configure R3 to act as a DHCP server for the 192.168.30.0 network.
Name the DHCP pool for the 192.168.30.0 network R3LAN.
Exclude the first nine addresses on each network from dynamic assignment.
In addition to the IP address and subnet mask, assign the default gateway and DNS server addresses.

R3(config)#ip dhcp pool R3LAN
R3(dhcp-config)#network 192.168.30.0 255.255.255.0
R3(dhcp-config)#default-router 192.168.30.1
R3(dhcp-config)#dns-server 192.168.20.254
R3(dhcp-config)#exit
R3(config)#ip dhcp excluded-address 192.168.30.1 192.168.30.9
R3(config)#

Task 5: Verify that PCs Are Automatically Configured with Addressing Details
Step 1. Configure PC1, PC2, and PC3 for automatic IP configuration using DHCP.
Andare su ognuno dei pc e in config > global selezionare DHCP

Step 2. Verify that each PC has an address assigned from the correct DHCP pool.
controllare gli IP

Task 6: Configure a DNS Server with DNS Entries
Step 1. Configure the DNS server.
To configure DNS on the Inside Server, click the DNS button in the Config tab.
Make sure that DNS is turned on, and enter the following DNS entry:
www.cisco.com 209.165.201.30

Andare su Inside server
Config > DNS
name: www.cisco.com
Address: 209.165.201.30
Cliccare Add

Task 7: Configure an ACL to Permit NAT
Step 1. Create a standard named ACL.
Create the standard named ACL, R2NAT, which permits all the internal networks to be mapped by NAT.
Note: For Packet Tracer to grade this task correctly, you must enter the permitted networks in the following order:
192.168.10.0
192.168.20.0
192.168.30.0
192.168.11.0

R2(config)#ip access-list standard R2NAT
R2(config-std-nacl)#permit 192.168.10.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.20.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.30.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.11.0 0.0.0.255
R2(config-std-nacl)#exit
R2(config)#int fa0/0
R2(config-if)#ip access-group R2NAT in
R2(config-if)#exit
R2(config)#

Task 8: Configure Static NAT
Step 1. Configure static NAT for an inside web server.
Configure static NAT to map the local IP address and global IP addresses for Inside Server. Use the addresses listed in the addressing table.

R2(config)#ip nat inside source static 192.168.20.254 209.165.202.131

Task 9: Configure Dynamic NAT with Overload
Step 1. Configure the dynamic NAT pool.
Configure a dynamic NAT address pool using the Nat Pool specified in the topology diagram. Name the address pool R2POOL.

R2(config)#ip nat pool R2POOL 209.165.202.129 209.165.202.130 netmask 255.255.255.252

Step 2. Configure the dynamic NAT mapping.
Map the addresses in R2POOL to the networks defined above in R2NAT.

R2(config)#ip nat inside source list R2NAT pool R2POOL overload

Step 3. Apply NAT to the internal and external interfaces of R2.

R2(config)#int fa0/0
R2(config-if)#ip nat inside
R2(config-if)#int s0/0/0
R2(config-if)#ip nat inside
R2(config-if)#int s0/0/1
R2(config-if)#ip nat inside
R2(config-if)#int s0/1/0
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#

Task 10: Configure the ISP Router with a Static Route
Step 1. Configure a static route to the global IP addresses of R2.
This is the 209.165.202.128/27 network. Use the serial interface of ISP as the next-hop address.

ISP(config)#ip route 209.165.202.128 255.255.255.224 s0/0/0

Task 11: Test Connectivity
Inside hosts should be able to ping Outside Host.
PC3
PC>ping 209.165.201.14

Pinging 209.165.201.14 with 32 bytes of data:

Reply from 209.165.201.14: bytes=32 time=100ms TTL=125
Reply from 209.165.201.14: bytes=32 time=72ms TTL=125
Reply from 209.165.201.14: bytes=32 time=90ms TTL=125
Reply from 209.165.201.14: bytes=32 time=100ms TTL=125

Ping statistics for 209.165.201.14:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 72ms, Maximum = 100ms, Average = 90ms

PC>

Inside hosts should be able to ping www.cisco.com.
PC3
PC>ping www.cisco.com

Pinging 209.165.201.30 with 32 bytes of data:

Reply from 209.165.201.30: bytes=32 time=90ms TTL=125
Reply from 209.165.201.30: bytes=32 time=80ms TTL=125
Reply from 209.165.201.30: bytes=32 time=92ms TTL=125
Reply from 209.165.201.30: bytes=32 time=92ms TTL=125

Ping statistics for 209.165.201.30:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 80ms, Maximum = 92ms, Average = 88ms

PC>

Outside Host should be able to ping Inside Server by its global IP address.
PC-PT
PC>ping 209.165.202.131

Pinging 209.165.202.131 with 32 bytes of data:

Reply from 209.165.202.131: bytes=32 time=50ms TTL=126
Reply from 209.165.202.131: bytes=32 time=40ms TTL=126
Reply from 209.165.202.131: bytes=32 time=60ms TTL=126
Reply from 209.165.202.131: bytes=32 time=60ms TTL=126

Ping statistics for 209.165.202.131:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 60ms, Average = 52ms

PC>

Soluzione PT Activity 6.4.1: Packet Tracer Skills Integration Challenge

gennaio 5, 2013 - 12:08 Cisco no comments

Domande e suggerimenti sono graditi.

Task 1: Apply Basic Router Configurations
Step 1: Configure basic commands.
Using the information in the topology diagram and addressing table, configure the basic device configurations on R1, R2, and R3. Hostnames are configured for you.

R1
R1>en
R1#conf t
R1(config)#line con 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#banner motd "Access to Router R1"
R1(config)#no ip domain-lookup
R1(config)#int s0/0/0
R1(config-if)#description line to cloud-PT
R1(config-if)#exit
R1(config)#int f0/0
R1(config-if)#desc
R1(config-if)#description fastethernet LAN
R1(config-if)#exit
R1(config-if)#

R2
R2>en
R2#conf t
R2(config)#line con 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#banner motd "Access to Router R2"
R2(config)#no ip domain-lookup
R2(config)#int s0/0/0
R2(config-if)#description line to cloud-PT
R2(config-if)#exit
R2(config)#int s0/1/0
R2(config-if)#description line to ISP
R2(config-if)#exit
R2(config)#int f0/0
R2(config-if)#description line to LAN
R2(config-if)#exit
R2(config)#

R3
R3>en
R3#conf t
R3(config)#line con 0
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#exit
R3(config)#line vty 0 4
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#exit
R3(config)#banner motd "Access to Router R3"
R3(config)#no ip domain-lookup
R3(config)#int s0/0/0
R3(config-if)#description line to cloud-PT
R3(config-if)#exit
R3(config)#int f0/0
R3(config-if)#description line to LAN
R3(config-if)#exit
R3(config)#

Task 2: Configure Dynamic and Default Routing
Step 1. Configure default routing.
R2 needs a default route. Use the exit-interface argument in the default route configuration.

R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0

Step 2. Configure dynamic routing.
Configure RIPv2 on R1, R2, and R3 for all available networks. R2 needs to pass its default network configuration to the other routers. Also, be sure to use the passive-interface command on all active interfaces not used for routing.

R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 10.1.1.0
R1(config-router)#network 192.168.10.0
R1(config-router)#passive-interface f0/1
R1(config-router)#no auto-summary
R1(config-router)#exit
R1(config)#

R2
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 10.1.1.0
R2(config-router)#network 192.168.20.0
R2(config-router)#default-information originate
R2(config-router)#passive-interface s0/1/0
R2(config-router)#passive-interface f0/1
R2(config-router)#no auto-summary
R2(config-router)#exit
R2(config)#

R3
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 10.1.1.0
R3(config-router)#network 192.168.30.0
R3(config-router)#passive-interface f0/1
R3(config-router)#no auto-summary
R3(config-router)#exit
R3(config)#

Task 5: Apply ACL Policies
Step 1. Create and apply security policy number 1.
Implement the following ACL rules using ACL number 101:
Allow hosts on the 192.168.30.0/24 network web access to any destination.
Allow hosts on the 192.168.30.0/24 network ping access to any destination.
Deny any other access originating from the network.

R3
R3(config)#access-list 101 permit tcp 192.168.30.0 0.0.0.255 any eq www
R3(config)#access-list 101 permit icmp 192.168.30.0 0.0.0.255 any
R3(config)#access-list 101 deny ip any any
R3(config)#int fa0/1
R3(config-if)#ip access-group 101 in
R3(config-if)#exit
R3(config)#

Step 2. Create and apply security policy number 2.
Because ISP represents connectivity to the Internet, configure a named ACL called FIREWALL in the following order:
Allow TW-DSL web access to the Intranet server.
Allow TW-Cable web access to the Intranet server.
Allow only inbound ping replies from ISP and any source beyond ISP.
Allow only established TCP sessions from ISP and any source beyond ISP.
Explicitly block all other inbound access from ISP and any source beyond ISP.

R2
R2(config)#ip access-list extended FIREWALL
R2(config-ext-nacl)#permit tcp host 192.168.1.10 host 192.168.20.254 eq www
R2(config-ext-nacl)#permit tcp host 192.168.2.10 host 192.168.20.254 eq www
R2(config-ext-nacl)#permit icmp any any echo-reply
R2(config-ext-nacl)#permit tcp any any established
R2(config-ext-nacl)#deny ip any any
R2(config-ext-nacl)#int s0/1/0
R2(config-if)#ip access-group FIREWALL in
R2(config-if)#exit
R2(config)#

Soluzione PT Activity 5.6.1: Packet Tracer Skills Integration Challenge

gennaio 4, 2013 - 15:08 Cisco no comments

Task 1: Configure PPP with CHAP Authentication
Step 1. Configure the link between HQ and B1 to use PPP encapsulation with CHAP authentication.
The password for CHAP authentication is cisco123.

B1
User Access Verification
Password: cisco
B1>en
Password: class
B1#conf t
B1(config)#int s0/0/0
B1(config-if)#encapsulation ppp
B1(config-if)#ppp authentication chap
B1(config-if)#exit
B1(config)#username HQ password cisco123

HQ
User Access Verification
Password: cisco
HQ>en
Password: class
HQ#conf t
HQ(config)#int s0/0/0
HQ(config-if)#encapsulation ppp
HQ(config-if)#ppp authentication chap
HQ(config-if)#exit
HQ(config)#username B1 password cisco123

Step 2. Configure the link between HQ and B2 to use PPP encapsulation with CHAP authentication.
The password for CHAP authentication is cisco123.

HQ
HQ(config)#
HQ(config)#int s0/0/1
HQ(config-if)#encapsulation ppp
HQ(config-if)#ppp authentication chap
HQ(config-if)#exit
HQ(config)#username B2 password cisco123

B2
User Access Verification
Password: cisco
B2>en
Password: class
B2#conf t
B2(config)#int s0/0/0
B2(config-if)#encapsulation ppp
B2(config-if)#ppp authentication chap
B2(config-if)#exit
B2(config)#username HQ password cisco123

Step 3. Verify that connectivity is restored between the routers.
HQ should be able to ping both B1 and B2. The interfaces may take a few minutes to come back up. You can switch back and forth between Realtime and Simulation mode to speed up the process. Another possible workaround to this Packet Tracer behavior is to use the shutdown and no shutdown commands on the interfaces.

HQ
HQ#ping 10.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/6 ms

HQ#ping 10.1.1.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms

Task 2: Configure Default Routing
Step 1. Configure default routing from HQ to ISP.
Configure a default route on HQ using the exit interface argument to send all default traffic to ISP.

HQ
HQ(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0

Step 2. Test connectivity to Web Server.
HQ should be able to successfully ping Web Server at 209.165.202.130 as long as the ping is sourced from the Serial0/1/0 interface.

HQ#ping 209.165.202.130

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.202.130, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/9 ms

Task 3: Configure OSPF Routing
Step 1. Configure OSPF on HQ.
- Configure OSPF using the process ID 1.
- Advertise all subnets except the 209.165.201.0 network.
- Propagate the default route to OSPF neighbors.
- Disable OSPF updates to ISP and to the HQ LANs.

HQ
HQ(config)#router ospf 1
HQ(config-router)#network 10.1.1.4 0.0.0.3 area 0
HQ(config-router)#network 10.1.1.0 0.0.0.3 area 0
HQ(config-router)#network 10.1.50.0 0.0.0.255 area 0
HQ(config-router)#network 10.1.40.0 0.0.0.255 area 0
HQ(config-router)#default-information originate
HQ(config-router)#passive-interface S0/1/0
HQ(config-router)#passive-interface f0/0
HQ(config-router)#passive-interface f0/1
HQ(config-router)#exit

Step 2. Configure OSPF on B1 and B2.

- Configure OSPF using the process ID 1.
- On each router, configure the appropriate subnets.
- Disable OSPF updates to the LANs.

B1
B1(config)#router ospf 1
B1(config-router)#network 10.1.1.0 0.0.0.3 area 0
B1(config-router)#network 10.1.10.0 0.0.0.255 area 0
B1(config-router)#network 10.1.20.0 0.0.0.255 area 0
B1(config-router)#passive-interface f0/0
B1(config-router)#passive-interface f0/1
B1(config-router)#exit

B2
B2(config)#router ospf 1
B2(config-router)#network 10.1.1.4 0.0.0.3 area 0
B2(config-router)#network 10.1.70.0 0.0.0.255 area 0
B2(config-router)#network 10.1.80.0 0.0.0.255 area 0
B2(config-router)#passive-interface f0/0
B2(config-router)#passive-interface f0/1
B2(config-router)#exit

Task 4: Implement Multiple ACL Security Policies
Step 1. Implement security policy number 1.
Block the 10.1.10.0 network from accessing the 10.1.40.0 network. All other access to 10.1.40.0 is allowed. Configure the ACL on HQ using ACL number 10.
Use a standard or extended ACL? standard
Apply the ACL to which interface? f0/1
Apply the ACL in which direction? OUT

HQ
HQ(config)#access-list 10 deny 10.1.10.0 0.0.0.255
HQ(config)#access-list 10 permit any
HQ(config)#int fa0/1
HQ(config-if)#ip access-group 10 out

Step 4. Implement security policy number 2.
Host 10.1.10.5 is not allowed to access host 10.1.50.7. All other hosts are allowed to access 10.1.50.7. Configure the ACL on B1 using ACL number 115.
Use a standard or extended ACL? extended
Apply the ACL to which interface? f0/0
Apply the ACL in which direction? IN

B1
B1(config)#access-list 115 deny ip host 10.1.10.5 host 10.1.50.7
B1(config)#access-list 115 permit ip any any
B1(config)#int fa0/0
B1(config-if)#ip access-group 115 in

Step 7. Implement security policy number 3.
Hosts 10.1.50.1 through 10.1.50.63 are not allowed web access to Intranet server at 10.1.80.16. All other access is allowed. Configure the ACL on the appropriate router and use ACL number 101.
Use a standard or extended ACL? extended
Configure the ACL on which router? HQ
Apply the ACL to which interface? f0/0
Apply the ACL in which direction? IN

HQ
HQ(config)#access-list 101 deny tcp 10.1.50.0 0.0.0.63 host 10.1.80.16 eq www
HQ(config)#access-list 101 permit ip any any
HQ(config)#interface fa0/0
HQ(config-if)#ip access-group 101 in

Step 10. Implement security policy number 4.
Use the name NO_FTP to configure a named ACL that blocks the 10.1.70.0/24 network from accessing FTP services (port 21) on the file server at 10.1.10.2. All other access should be allowed.
Note: Names are case-sensitive.
Use a standard or extended ACL? extended
Configure the ACL on which router? B2
Apply the ACL to which interface? f0/1
Apply the ACL in which direction? IN

B2
B2(config)#ip access-list extended NO_FTP
B2(config-ext-nacl)#deny tcp 10.1.70.0 0.0.0.255 host 10.1.10.2 eq ftp
B2(config-ext-nacl)#permit ip any any
B2(config-ext-nacl)#interface fa0/1
B2(config-if)#ip access-group NO_FTP in

Step 12. Implement security policy number 5.
Since ISP represents connectivity to the Internet, configure a named ACL called FIREWALL in the following order:
Allow only inbound ping replies from ISP and any source beyond ISP.
Allow only established TCP sessions from ISP and any source beyond ISP.
Explicitly block all other inbound access from ISP and any source beyond ISP
Use a standard or extended ACL? extended
Configure the ACL on which router? HQ
Apply the ACL to which interface? s0/1/0
Apply the ACL in which direction? IN

HQ
HQ(confi)#ip access-list extended FIREWALL
HQ(config-ext-nacl)#permit icmp any any echo-reply
HQ(config-ext-nacl)#permit tcp any any established
HQ(config-ext-nacl)#deny ip any any
HQ(config-ext-nacl)#interface s0/1/0
HQ(config-if)#ip access-group FIREWALL in

← 1 2 3 4 … 7 →

Guida Minipwner Tp-Link TL-MR3020

Soluzione PT Activity 7.5.1: Packet Tracer Skills Integration Challenge

Soluzione PT Activity 6.4.1: Packet Tracer Skills Integration Challenge

Soluzione PT Activity 5.6.1: Packet Tracer Skills Integration Challenge

Your IP Address:

Categorie Articoli

Articoli recenti

Blogroll