jrivera – Page 2 – JoelRivera.com

Lab: Traditional Netflow vs Flexible Netflow

Posted on May 18, 2020August 7, 2020 by jrivera

**Update: Featured image was updated to change Netflow collector instead of server 05/27/2020

Netflow is a network protocol that provides a look into the network traffic and the capability to monitor the flow of data traversing the network. Traditional Netflow and Flexible Netflow is a feature that was added to Cisco routers. Flexible Netflow is an extension of traditional Netflow. It provides an insight into network traffic as does Traditional but in addition, Flexible Netflow provides the ability to monitor a wide range of packet information and expansion of Traditional Netflow. This flexibility and additional specific data are useful to troubleshoot network problems.

Before getting into those steps of each Netflow lets setup the router to use NAT overload.

Router>enable
Router#configure terminal
Router(config)#interface fastethernet 0/1
Router(config-if)#ip address dhcp
Router(config-if)#ip nat outside
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 192.168.113.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#ip name-server 8.8.8.8
Router(config)#access-list 10 permit 192.168.113.0 0.0.0.255
Router(config)#ip nat inside source list 10 interface fastethernet 0/1 overload

Traditional Netflow

Step 1: Define the IP address of the Netflow collector and the UDP port to be used. In this example, we will use UDP 2055.

Router(config)#ip flow-export destination 192.168.113.5 2055

Step 2: Specify the version of Netflow the export will use. For this example use version 9.

Router(config)#ip flow-export version 9

Step 3: Enable Netflow on the interface that you wish to monitor the ingress and egress Netflow traffic.

Router(config)#interface  fastethernet 0/0
Router(config-if)#ip flow ingress
Router(config-if)#ip flow egress

Flexible Netflow

Step 1: Configure a flow record.

Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#flow record Netflow-Record
Router(config-flow-record)#match ipv4 tos
Router(config-flow-record)#match ipv4 protocol
Router(config-flow-record)#match ipv4 source address
Router(config-flow-record)#match ipv4 destination address
Router(config-flow-record)#match transport source-port
Router(config-flow-record)#match transport destination-port
Router(config-flow-record)#match interface input
Router(config-flow-record)#collect interface output
Router(config-flow-record)#collect counter bytes
Router(config-flow-record)#collect counter packets
Router(config-flow-record)#exit

Step 2: Configure a flow exporter

Router(config)#flow exporter Netflow-Exporter
Router(config-flow-exporter)#destination 192.168.113.5
Router(config-flow-exporter)#source fa0/0
Router(config-flow-exporter)#transport udp 2055
Router(config-flow-exporter)#exit

Step 3: Configure a flow monitor

Router(config)#flow monitor Netflow-Monitor
Router(config-flow-monitor)#exporter Netflow-Exporter
Router(config-flow-monitor)#record Netflow-Record
Router(config-flow-monitor)#cache timeout active 60
Router(config-flow-monitor)#exit

Step 4: Apply the flow monitor to an interface

Router(config)#interface fa0/0
Router(config-if)#ip flow monitor Netflow-Monitor input
Router(config-if)#ip flow monitor Netflow-Monitor output
Router(config-if)#exit

Verify the NetFlow flow monitor statistics to see if the Router is collecting from the interface identified.

To test generate network traffic by browsing and/or pinging websites.

Verify the Netflow Collector is receiving the data. I used Solarwinds Real-Time Netflow Analyzer. It is free so long that you register a Solarwinds account. There are many open source programs as well that collect Netflow flows.

Lab: OSPF Route Summarization

Posted on April 27, 2020August 7, 2020 by jrivera

Route summarization is the method of summarizing routes of multiple networks/subnets to router neighbors routing table. Summarization provides advantages for example:
Saves memory – smaller routing tables reduces the memory requirements
Saves bandwidth – with less routes that need to be advertised, less data is traversed.
Saves CPU cycles – smaller routing tables means less packets need to be processed.

This is a multi-area OSPF lab, that provides an example of route summarization.

Task 1: Configure hostname of all three routers.

Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config)#no ip domain-lookup

Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config)#no ip domain-lookup

Router>enable
Router#configure terminal
Router(config)#hostname R3
R3(config)#no ip domain-lookup

Task 2: Assign IP addresses to the physical interfaces on all three routers.

R1(config)#interface ethernet 0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 1/0
R1(config-if)#ip address 100.0.25.2 255.255.255.252
R1(config-if)#no shutdown
R1(config-if)#exit


R2(config)#interface ethernet 0/0
R2(config-if)#ip address 192.168.2.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 1/1
R2(config-if)#ip address 100.0.25.6 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#exit


R3(config)#interface serial 1/0
R3(config-if)#clock rate 8064000
R3(config-if)#ip address 100.0.25.1 255.255.255.252
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface serial 1/1
R3(config-if)#clock rate 8064000
R3(config-if)#ip address 100.0.25.5 255.255.255.252
R3(config-if)#no shutdown
R3(config-if)#exit

Task 3: Configure loopback addresses on Router 2.

R2(config)#interface loopback 0
R2(config-if)#ip address 172.16.0.1 255.255.255.0
R2(config-if)#ip ospf network point-to-point
R2(config-if)#exit
R2(config)#interface loopback 1
R2(config-if)#ip address 172.16.1.1 255.255.255.0
R2(config-if)#ip ospf network point-to-point
R2(config-if)#exit
R2(config)#interface loopback 2
R2(config-if)#ip address 172.16.2.1 255.255.255.0
R2(config-if)#ip ospf network point-to-point
R2(config-if)#exit
R2(config)#interface loopback 3
R2(config-if)#ip address 172.16.3.1 255.255.255.0
R2(config-if)#ip ospf network point-to-point
R2(config-if)#exit

Task 4: Configure OSPF on all three routers. Advertise the physical and loopback interfaces for each router. Identify each router’s id with the following:
R1 = 1.1.1.1
R2 = 2.2.2.2
R3 = 3.3.3.3

R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R1(config-router)#network 100.0.25.0 0.0.0.3 area 0
R1(config-router)#


R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 192.168.2.0 0.0.0.255 area 1
R2(config-router)#network 100.0.25.4 0.0.0.3 area 1
R2(config-router)#network 172.16.0.0 0.0.3.255 area 1
R2(config-router)#exit


R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 100.0.25.0 0.0.0.3 area 0
R3(config-router)#network 100.0.25.4 0.0.0.3 area 1

View the R1’s routing table after the OSPF process has been completed by all routers.

Task 5: Now let’s summarize what R3 shares to R1. Clear the OSPF process in order to force R3 neighbors to receive updates to the routing table learned from OSPF.

R3(config)#router ospf 1
R3(config-router)#area 1 range 172.16.0.0 255.255.252.0 
R3(config-router)#end
R3#clear ip ospf process

Finally, return back to router R1 and review the routing table, you will now see the routes summarized. The loopback interfaces routes should be seen as a single summarized route outside of area 1.

Lab: IPSEC Site-to-Site VPN

Posted on April 17, 2020August 7, 2020 by jrivera

Simple IPSEC VPN lab. In this lab you will connect two sites through the internet with an IPSEC VPN tunnel. Each site has its own static public IP address assigned by the ISP.

IPSEC has five steps in the operation of IPSEC. Before getting to the first steps lets implement the basic configurations in order to setup the lab.

Configure the hostname and IP addresses of the ISP router.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname ISP
ISP(config)#no ip domain-lookup
ISP(config)#interface ethernet 0/0
ISP(config-if)#ip address 100.0.25.2 255.255.255.252
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#interface ethernet 0/1
ISP(config-if)#ip address 200.0.25.2 255.255.255.252
ISP(config-if)#no shutdown
ISP(config)#interface loopback 0
ISP(config-if)#ip address 1.1.1.1 255.255.255.255
ISP(config-if)#no shutdown

Configure the hostname and IP addresses of router R1.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#interface ethernet 0/0
R1(config-if)#ip address 100.0.25.1 255.255.255.252
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface ethernet 0/1
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit

Configure the hostname and IP address of router R2.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R2
R2(config)#no ip domain-lookup
R2(config)#interface ethernet 0/0
R2(config-if)#ip address 200.0.25.1 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface ethernet 0/1
R2(config-if)#ip address 192.168.2.254 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#

Configure the VPCs hostnames and IP addresses.

VPCS> set pcname PC-A
PC-A> ip 192.168.1.1 /24 192.168.1.254
Checking for duplicate address...
PC1 : 192.168.1.1 255.255.255.0 gateway 192.168.1.254

VPCS> set pcname PC-B
PC-B> ip 192.168.1.2 /24 192.168.1.254
Checking for duplicate address...
PC1 : 192.168.1.2 255.255.255.0 gateway 192.168.1.254

VPCS> set pcname PC-C
PC-C> ip 192.168.2.1 /24 192.168.2.254
Checking for duplicate address...
PC1 : 192.168.2.1 255.255.255.0 gateway 192.168.2.254

VPCS> set pcname PC-D
PC-D> ip 192.168.2.2 /24 192.168.2.254
Checking for duplicate address...
PC1 : 192.168.2.2 255.255.255.0 gateway 192.168.2.254

Now, the last thing before the 5 steps in configuring the IPSEC Site-to-Site VPN. Configure on router R1 and R2 a default route to the ISPs IP address of its external static public IP address.

R1(config)#ip route 0.0.0.0 0.0.0.0 100.0.25.2

R2(config)#ip route 0.0.0.0 0.0.0.0 200.0.25.2

Step 1:
Configure the traffic that we wish to encrypt. This is also known as Interesting traffic. This needs to be configured on both routers R1 and R2. The crypto ACL will need to identify only outbound traffic on each router. The permit statement in the ACL will specify the traffic flow that will be encrypted when exiting. Only traffic from R1 internal LAN network to R2 internal LAN will be encrypted, any traffic intended to any other network will not be encrypted.

R1(config)# ip access-list extended VPN-ACL
R1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

R2(config)# ip access-list extended VPN-ACL
R2(config-ext-nacl)# permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

Step 2:
We need to add an exemption for NAT traffic on the routers for Internet access. IPSEC does not work with NAT, so that is why we need to exclude the traffic in the Crypto ACL in order for it to not be translated. First exclude the traffic and then add the NAT functionality to each router.

R1(config)# ip access-list extended NAT-ACL
R1(config-ext-nacl)# deny  ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
R1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 any
R1(config-ext-nacl)#exit

R1(config)#ip nat inside source list NAT-ACL interface ethernet 0/0 overload

R1(config)#interface ethernet 0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#interface ethernet 0/1
R1(config-if)#ip nat inside
R1(config-if)#exit


R2(config)# ip access-list extended NAT-ACL
R2(config-ext-nacl)# deny  ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
R2(config-ext-nacl)# permit ip 192.168.2.0 0.0.0.255 any
R2(config-ext-nacl)#exit

R2(config)#ip nat inside source list NAT-ACL interface ethernet 0/0 overload

R2(config)#interface ethernet 0/0
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#interface ethernet 0/1
R2(config-if)#ip nat inside
R2(config-if)#exit

Step 3:
Configure Phase 1 (ISAKMP). Phase 1 of the IPSEC operation is used to establish a secure communication channel for further data transmission. VPN peers exchange a shared secret key, to authenticate each other, and negotiate IKE security policies. The ISAKMP policy will indicate to its peer what security parameters must be used in the VPN.

R1(config)#crypto isakmp policy 1
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#hash md5
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#group 2
R1(config-isakmp)#exit

R1(config)#crypto isakmp key secretkey address 200.0.25.1


R2(config)#crypto isakmp policy 1
R2(config-isakmp)#encryption 3des
R2(config-isakmp)#hash md5
R2(config-isakmp)#authentication pre-share
R2(config-isakmp)#group 2
R2(config-isakmp)#exit

R2(config)#crypto isakmp key secretkey address 100.0.25.1

Step 4:
Configure Phase 2 of the IPSEC. After a secured tunnel is established in phase 1, setting up the VPN is to negotiate the IPSEC security parameters that will be used to protect the data and messages within the tunnel. In this phase the following functions are performed:

Negotiation of IPSEC security parameters and IPSEC transform sets.
Establishment of IPSEC SAs.
Renegotiation of IPSEC SAs periodically to ensure security.

After configuration of a transform set on both routers peers, we need to configure the crypto map which will combine all Phase 2 IPSEC parameters. This crypto map is then attached to the VPN termination interface.

R1(config)#crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
R1(cfg-crypto-trans)#exit

R1(config)#crypto map VPNMAP 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
R1(config-crypto-map)#set peer 200.0.25.1
R1(config-crypto-map)#set transform-set TRSET
R1(config-crypto-map)#match address VPN-ACL
R1(config-crypto-map)#exit
R1(config)#interface ethernet 0/0
R1(config-if)#crypto map VPNMAP
R1(config-if)#exit


R2(config)#crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
R2(cfg-crypto-trans)#exit

R2(config)#crypto map VPNMAP 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
R2(config-crypto-map)#set peer 100.0.25.1
R2(config-crypto-map)#set transform-set TRSET
R2(config-crypto-map)#match address VPN-ACL
R2(config-crypto-map)#exit
R2(config)#interface ethernet 0/0
R2(config-if)#crypto map VPNMAP
R2(config-if)#exit

Step 5:
Verification of encrypted data transfer. The command “show crypto isakamp sa” can be used to verify if a tunnel has been established.

**If by any chance the tunnel doesn’t seem to have form you can ping one of the host devices that belong to the peer sourcing your internal network ip in this case router R1 – 192.168.1.254. Sometimes if forces the tunnel to form when you specify using

To verify the data is being encrypted and decrypted successfully use the “show crypto ipsec sa” command.

Make sure you can successfully ping from one host in the internal network to the another host on the peer’s internal network.

Doing a packet capture on wireshark and pinging from host to the peer’s host and then pinging the ISP loopback 0 to simulate traffic out to the worldwide web you can see how when communication flows through the IPSEC tunnel versus communication to a outside IP address on the web.

A packet captured from the ping from a host inside to one of the peers host will show you an encrypted packet using ESP (Encapsulating Security Payload) protocol.

In comparison, pinging normally to the loopback address where communication is not protected by the IPSEC tunnel thus in clear text.

RHCSA Lab

Posted on April 10, 2020August 7, 2020 by jrivera

RedHat Certified System Adminitrator is a systems administrator that has proven to have the sufficient knowledge to maintain and manage a Red Hat Linux enterprise environment. Since college, I have used Linux on and off. At work a few years back I was given the opportunity to take RHSA 1 and 2 courses. Each course is a week long course of labs and direct instruction from a certified RedHat instructor. I took the RHCSA 200 exam at the culmination of Red Hat classes. I didn’t pass, but thats ok. I always wanted to go back and study. So here is my chance of self-study. This will be an on going effort where I can test common tasks that are needed to pass the practical exam.

So as I complete each lab I will link back to this page. For the first lab lets get the three on the same network an talking with each other.

Task 1:
Configure the hostname on workstation1 using hostnamectl.

$ sudo hostnamectl set-hostname workstation1
$ hostnamectl

Task 2:
Configure the IP address, Gateway, DNS using nmcli. To list the currently active interfaces use the “nmcli connection” command.

2-a: Assign IPv4 address.

$ nmcli con mod ens3 ipv4.addresses 192.168.5.5/27

2-b: Set the gateway address.

$ nmcli con mod ens3 ipv4.gateway 192.168.5.1

2-c: Configure the DNS.

$ nmcli con mod ens3 ipv4.dns "8.8.8.8"

2-d: Set the interface as static.

$ nmcli con mod ens3 ipv4.method manual

2-e: Activate the network interface.

$ nmcli con up ens3

Task 3:
Use ping to confirm the connection.

Now you can repeat the process with workstation2 and server VMs.

Lab: Configure SSH

Posted on April 5, 2020August 7, 2020 by jrivera

Connecting via SSH is essential in today’s networks. Cisco devices are not automatically capable to use SSH. It has to be enabled and configured. SSH (Secure Shell) is a secure method to remote access network devices as it includes both authentication and encryption. To configure SSH you will need an IOS image that supports crypto features.

This lab is a basic SSH configuration. I will be using a Ubuntu 18.04 image as a workstation to connect to the router.

When configuring SSH on a Cisco router you will need to make sure the router has a host name. It will also need a domain name. An RSA key will need to be generated, user will need to be created on the Cisco router and finally after SSH is enabled you will need to configure the VTY lines to allow the connection to occur.

Task 1:
Configure the host name on the router.

Router>
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname BlueRtr
BlueRtr(config)#

Task 2:
Configure a domain name.

BlueRtr(config)#ip domain-name joelrivera.com.local

Task 3:
Generate a RSA key. I recommend 2048 or greater when configuring the modulus bits. Make sure you use SSH version 2.

BlueRtr(config)#crypto key generate rsa
The name for the keys will be: BlueRtr.joelrivera.com.local
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 5 seconds)

BlueRtr(config)#
*Apr  5 02:57:18.367: %SSH-5-ENABLED: SSH 1.99 has been enabled
BlueRtr(config)#ip ssh version 2

Task 4:
Create a user with a password and an enable password. Make sure you use your own password and that you follow your companies security policies when creating a user account.

BlueRtr(config)#username admin secret $TrongP@$$word1234
BlueRtr(config)#enable secret cisco

Task 5:
Now that SSH is enabled we need to configure the VTY lines to allow the SSH connection through.

BlueRtr(config)#line vty 0 4
BlueRtr(config-line)#transport input ssh
BlueRtr(config-line)#login local
BlueRtr(config-line)#exit

Task 6:
Configure the ip address of the LAN connection of the router.

BlueRtr(config)#interface ethernet 0/0
BlueRtr(config-if)#ip address 192.168.14.62 255.255.255.192
BlueRtr(config-if)#no shutdown
BlueRtr(config-if)#end

Once the configuration is complete, now we need to test. I am using an Ubuntu 18.04 image. In this lab the most important part is to configure the device to be on the same network. In reality, SSH will work when connecting from an outside network so long as the device has a route to the network device and that it is not blocked from an ACL or Firewall.

To configure a static IP address in Ubuntu 18.04, we will need to identify the physical named interface on the device. To find out the proper name type “ip addr“. Once identified in my case its ens3, Enter the following command to statically configure the IP address “sudo ip addr add 192.168.14.25/26 dev ens3“. To configure the gateway enter the following command “sudo ip route add default via 192.168.14.62“.

Ping the gateway to confirm the device can ping the router.

Finally let’s test the SSH connection by typing “ssh admin@192.168.14.62“. Type in the user’s password when requested, and the enable password as well. Congratulations you have configured and connected to a router via SSH.

Lab: GRE Tunnel

Posted on April 3, 2020August 7, 2020 by jrivera

Generic Routing Encapsulation (GRE) is a tunneling protocol. This protocol allows the encapsulation of the network layer protocols inside other packets (packets into packets). Tunnel allows the expansion of a network that are separated in two different locations to create a point-to-point connection between the two sites.

In this lab, we will build a simple GRE Tunnel between two different sites. We are not going to encrypt the traffic, so therefore this is a non-secure remote location network.

Task 1:
Lets start with the ISP router. Configure the host name of the router and both interfaces.

Router>enable
Router#configure terminal
Router(config)#hostname ISP
ISP(config)#interface ethernet 0/0
ISP(config-if)#ip address 199.100.25.38 255.255.255.252
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#
ISP(config)#interface ethernet 0/1
ISP(config-if)#ip address 199.100.25.25 255.255.255.252
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#
ISP(config)#end
ISP#

Task 2:
Configure the HQ router. Configure the host name and both its public IP interface and the loopback 0 interface.

Router>enable
Router#configure terminal
Router(config)#hostname HQ
HQ(config)#interface ethernet 0/0
HQ(config-if)#ip address 199.100.25.37 255.255.255.252
HQ(config-if)#no shutdown
HQ(config-if)#exit
HQ(config)#
HQ(config)#interface loopback 0
HQ(config-if)#ip address
HQ(config-if)#ip address 172.16.1.1 255.255.255.255
HQ(config-if)#no shutdown
HQ(config-if)#end
HQ#

Task 3:
Configure the Branch router. Configure the host name and both its public IP interface and the loopback 0 interface.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname Branch
Branch(config)#interface ethernet 0/1
Branch(config-if)#ip address 199.100.25.26 255.255.255.252
Branch(config-if)#no shutdown
Branch(config-if)#exit
Branch(config)#interface loopback 0
Branch(config-if)#ip address 172.16.3.3 255.255.255.255
Branch(config-if)#no shutdown
Branch(config-if)#exit
Branch(config)#end
Branch#

Task 4:
In order for a tunnel to form. Both the HQ router and the Branch router will need to know how to reach each others public IP address. Add a static route on both routers to the others public ip. After both static routes have been implemented ping from the HQ router the Branch’s IP address.

Branch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Branch(config)#ip route 199.100.25.37 255.255.255.255 199.100.25.25
Branch(config)#end
Branch#


HQ#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
HQ(config)#ip route 199.100.25.26 255.255.255.255 199.100.25.38
HQ(config)#end
HQ#ping 199.100.25.26
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.100.25.26, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Task 5:
Now we can create the tunnel interface in the HQ router. The tunnel source shall be the physical inteface towards the ISP. The destination will be the branch router public IP address.

HQ#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
HQ(config)#interface tunnel 105
HQ(config-if)#tunnel source ethernet 0/0
HQ(config-if)#tunnel destination 199.100.25.26
HQ(config-if)#ip address 10.220.105.1 255.255.255.252
HQ(config-if)#end
HQ#

Task 6:
Create the tunnel interface in the Branch router. The tunnel source shall be the physical port that connects to the ISP. The destination will be the HQ routers public IP address. Verify the connection after completion.

Branch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Branch(config)#interface tunnel 105
Branch(config-if)#tunnel source ethernet 0/1
Branch(config-if)#tunnel destination 199.100.25.37
Branch(config-if)#ip address 10.220.105.2 255.255.255.252
Branch(config-if)#exit
Branch(config)#exit
Branch#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES unset  administratively down down
Ethernet0/1                199.100.25.26   YES manual up                    up
Ethernet0/2                unassigned      YES unset  administratively down down
Ethernet0/3                unassigned      YES unset  administratively down down
Loopback0                  172.16.3.3      YES manual up                    up
Tunnel105                  10.220.105.2    YES manual up                    up
Branch#ping 10.220.105.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.220.105.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Branch#show interface tunnel 105
Tunnel105 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.220.105.2/30
  MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel linestate evaluation up
  Tunnel source 199.100.25.26 (Ethernet0/1), destination 199.100.25.37
   Tunnel Subblocks:
      src-track:
         Tunnel105 source tracking subblock associated with Ethernet0/1
          Set of tunnels with source Ethernet0/1, 1 member (includes iterators), on interface 
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Tunnel transport MTU 1476 bytes
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 00:22:20, output 00:01:02, output hang never
  Last clearing of "show interface" counters 00:25:21
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     5 packets input, 620 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     14 packets output, 1304 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

Task 7:
Now lets use a Dynamic routing protocol, in this lab I am going to use EIGRP. With the routing protocol configured we can have the HQ router and the Branch router learn about each other’s loopback address or in another instance the LANs IP address of the site. Verify after the configuration connectivity to the HQs Loopback from the Branch router.

HQ#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
HQ(config)#router eigrp 1
HQ(config-router)#no auto-summary
HQ(config-router)#network 172.16.1.1 0.0.0.0
HQ(config-router)#network 10.220.105.0 0.0.0.3
HQ(config-router)#end
HQ#

Branch(config)#router eigrp 1
Branch(config-router)#no auto-summary
Branch(config-router)#network 172.16.3.3 0.0.0.0
Branch(config-router)#network 10.220.105.0 0.0.0.3
Branch(config-router)#end
Branch#

Branch#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Lab: Using NAT Overload (PAT) – Using EVE-NG connect to Internet

Posted on April 1, 2020August 7, 2020 by jrivera

Different than Static NAT, PAT (Port Address Translation) allows internal IPs to be translated into one IP via Port numbers. This allows a network to support many hosts while conserving public IP addresses. The router keeps a NAT table entry for every unique combination of the private IP addresses and port, with translation to the global address and a unique port number.

This lab is divided into two parts. First connecting a Cisco router to the NAT network which allows a connection to the outside (Internet). Second is using NAT overload also known as PAT to connect multiple devices from your LAN to an outside IP.

Part 1:
This is related to EVE-NG. To test the connection of the router with multiple hosts. We want to first create a connection to the internet. This will allow a more realistic lab as this is how Cisco router will usually connect to an internet connection.

1-A: Once you are in the lab screen, Right click to add a new object and select network.

1-B: In the Drop down menu, select the NAT option and then click on the save button.

1-C: Add a new object (Node), a Cisco router. Link the router to the network connection that was previously created.

1-D: Once the router powers up enter the global configuration mode. Change the host name of the router. Then enter interface configuration mode to the corresponding port that is connected to the Network object created. Once in the interface configuration mode assign the ip address to dhcp.

Router>enable
Router# configure terminal
Router(config)#hostname R1
R1(config)#interface ethernet 0/0
R1(config-if)#ip address dhcp

1-E: After an IP address has been assigned from the DHCP server. Proceed to exit the configuration mode and ping 8.8.8.8, which is Google’s DNS server address. If the ping is successful, proceed to global configuration mode again and a DNS server IP. You can use your networks own DNS or add 8.8.8.8 by typing ‘ip name-server 8.8.8.8’. Exit the global configuration mode and ping using a URL (Uniform Resource Locator). If successful you are ready to proceed to the lab.

R1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/13/18 ms
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip name
R1(config)#ip name-server 8.8.8.8
R1(config)#exit
R1#ping www.joelrivera.com
Translating "www.joelrivera.com"...domain server (8.8.8.8) [OK]

Translating "www.joelrivera.com"...domain server (8.8.8.8) [OK]

Translating "www.joelrivera.com"...domain server (8.8.8.8) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.138.209.62, timeout is 2 seconds:
!!!!!

Now to the lab

Subnet IP	Mask	Gateway
192.168.113.0	255.255.255.0	192.168.113.254

Task 1: Configure the LAN connection.

R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#interface ethernet 0/1
R1(config-if)#ip address 192.168.113.254 255.255.255.0
R1(config-if)# no shutdown

Task 2: Define the inside and outside interfaces on R1.

R1(config)#interface ethernet 0/1
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#interface ethernet 0/0
R1(config-if)#ip nat outside
R1(config-if)#exit

Task 3: Define the access list that includes the IP addresses from the inside interface.

R1(config)#access-list 10 permit 192.168.113.0 0.0.0.255

Task 4: Enable NAT and refer to the ACL created in the previous step and the outside interface.

R1(config)#ip nat inside source list 10 interface Ethernet0/0 overload

Task 5: Assign an IP address to virtual PC. Ping the google’s DNS IP address.

VPCS> ip 192.168.113.1 /24 192.168.113.254

VPCS> ping 8.8.8.8

84 bytes from 8.8.8.8 icmp_seq=1 ttl=51 time=20.990 ms
84 bytes from 8.8.8.8 icmp_seq=2 ttl=51 time=16.394 ms
84 bytes from 8.8.8.8 icmp_seq=3 ttl=51 time=16.834 ms
84 bytes from 8.8.8.8 icmp_seq=4 ttl=51 time=13.980 ms
84 bytes from 8.8.8.8 icmp_seq=5 ttl=51 time=13.271 ms

Task 6: Assign a DNS to the PC, and ping a web URL.

VPCS> ip dns 8.8.8.8

VPCS> ping www.yahoo.com
www.yahoo.com resolved to atsv2-fp-shed.wg1.b.yahoo.com(98.138.219.231)

84 bytes from 98.138.219.231 icmp_seq=1 ttl=50 time=41.102 ms
84 bytes from 98.138.219.231 icmp_seq=2 ttl=50 time=45.928 ms
84 bytes from 98.138.219.231 icmp_seq=3 ttl=50 time=39.901 ms
84 bytes from 98.138.219.231 icmp_seq=4 ttl=50 time=41.942 ms
84 bytes from 98.138.219.231 icmp_seq=5 ttl=50 time=46.653 ms

Static NAT translation using a Cisco router

Posted on March 29, 2020August 7, 2020 by jrivera

Network address translation (NAT) is a process used in computer networks that allows private IP addresses to be translated into a public IP address. Public IP addresses are limited and in most cases most businesses will only have one public IP address assigned to them. For this reason they need to use NAT in order to translate a private IP address into a public IP address.

Static NAT allows the router translate one-to-one translations of inside local addresses to outside global address. When using static NAT the router assigns addresses on a one-to-one basis, so you will need an equal number of public addresses as private addresses.

This lab is a simple Static NAT lab, that translate one private IP to one public IP address.

Task 1:
Configure the host name on both the router and switch.

Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config)#

Task 2:
Set the IP address to the inside and outside interfaces.

R1(config)#interface ethernet 0/0
R1(config-if)#ip address 192.168.0.254 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface ethernet 0/1
R1(config-if)#ip address 199.100.25.1 255.255.255.248
R1(config-if)#no shutdown
R1(config-if)#exit

Task 3:
Configure the host name and assign the IP address to PC-1 . Ping the gateway to confirm the connectivity.

VPCS>  set pcname PC-1

PC-1> ip 192.168.0.1 /24 192.168.0.254
Checking for duplicate address...
PC1 : 192.168.0.1 255.255.255.0 gateway 192.168.0.254

PC-1> ping 192.168.0.254

84 bytes from 192.168.0.254 icmp_seq=1 ttl=255 time=0.480 ms
84 bytes from 192.168.0.254 icmp_seq=2 ttl=255 time=0.639 ms
84 bytes from 192.168.0.254 icmp_seq=3 ttl=255 time=0.693 ms
84 bytes from 192.168.0.254 icmp_seq=4 ttl=255 time=0.862 ms
84 bytes from 192.168.0.254 icmp_seq=5 ttl=255 time=0.658 ms

Task 4:
Configure the host name and assign the IP address to the Web server. Ping the gateway to confirm the connectivity.

VPCS> set pcname Web
Web> ip 199.100.25.6 /29 199.100.25.1
Checking for duplicate address...
PC1 : 199.100.25.6 255.255.255.248 gateway 199.100.25.1

Web> ping 199.100.25.1

84 bytes from 199.100.25.1 icmp_seq=1 ttl=255 time=0.417 ms
84 bytes from 199.100.25.1 icmp_seq=2 ttl=255 time=0.511 ms
84 bytes from 199.100.25.1 icmp_seq=3 ttl=255 time=0.528 ms
84 bytes from 199.100.25.1 icmp_seq=4 ttl=255 time=0.519 ms
84 bytes from 199.100.25.1 icmp_seq=5 ttl=255 time=0.502 ms

Task 5:
Configure the inside and outside NAT interfaces.

R1(config)#interface ethernet 0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#interface ethernet 0/1
R1(config-if)#ip nat outside
R1(config-if)#exit

Task 6:
Configure the static NAT rule.

R1(config)#ip nat inside source static 192.168.0.1 199.100.25.1

Task 7:
Verify the NAT translation on the router.

R1#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 199.100.25.1       192.168.0.1        ---                ---

Task 8:
Ping from PC-1 to the Web server. Afterwards, return back to the router and run the command ‘show ip nat statistics’.

PC-1> ping 199.100.25.6

84 bytes from 199.100.25.6 icmp_seq=1 ttl=63 time=0.909 ms
84 bytes from 199.100.25.6 icmp_seq=2 ttl=63 time=0.841 ms
84 bytes from 199.100.25.6 icmp_seq=3 ttl=63 time=1.166 ms
84 bytes from 199.100.25.6 icmp_seq=4 ttl=63 time=0.889 ms
84 bytes from 199.100.25.6 icmp_seq=5 ttl=63 time=0.883 ms


R1#show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Peak translations: 1, occurred 01:05:01 ago
Outside interfaces:
  Ethernet0/1
Inside interfaces:
  Ethernet0/0
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#show ip nat statistics
Total active translations: 6 (1 static, 5 dynamic; 5 extended)
Peak translations: 6, occurred 00:00:07 ago
Outside interfaces:
  Ethernet0/1
Inside interfaces:
  Ethernet0/0
Hits: 10  Misses: 0
CEF Translated packets: 10, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

Lab: DHCP Server with a VLSM network

Posted on March 29, 2020August 7, 2020 by jrivera

IP addresses are configured statically or dynamically. This lab is a simple lab of a small business network. Two of the subnets will be dynamically assigning IP addresses and the third subnet for the servers will be statically assigned. The class A subnet 10.75.20.0/24 is divided into three variable length subnets.

Variable length subnet mask (VLSM)is when the subnet design uses more than one mask in the same network. This lab requires the workstation subnet to have a subnet mask of 255.255.255.128 which allows 126 useable IP addresses. The laboratory subnet is smaller subnet that will only require a maximum of 28 IP addresses. The subnet mask used for the laboratory subnet will be 255.255.255.224, the mask allows a total of 30 useable IP addresses.

VLAN ID	Subnet Name	Subnet IP	Mask	Gateway
11	Laboratory	10.75.20.0	255.255.255.128	10.75.20.126
20	Workstation	10.75.20.128	255.255.255.224	10.75.20.158
35	Server	10.75.20.160	255.255.255.240	10.75.20.174

Task 1:
Configure the host name on both the router and switch.

Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config)#


Switch>enable
Switch#configure terminal
Switch(config)#hostname Sw1
Sw1(config)#

Task 2:
Configure the subinterfaces using 802.1q encapsulationon on the routers interface. Subinterfaces should match VLAN IDs. Assign IP addresses in each of the subinterfaces, using the identified gateway and subnet mask.

R1(config)#interface ethernet 0/0
R1(config-if)#no shutdown
R1(config-if)#interface ethernet 0/0.11
R1(config-subif)#encapsulation dot1q 11
R1(config-subif)#description vLAN-11_Laboratory
R1(config-subif)#ip address 10.75.20.126 255.255.255.128
R1(config-subif)#no shutdown
R1(config-subif)#exit
R1(config)#interface ethernet 0/0.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#description vLAN-20_Workstation
R1(config-subif)#ip address 10.75.20.158 255.255.255.224
R1(config-subif)#no shutdown
R1(config-subif)#exit
R1(config)#interface ethernet 0/0.35
R1(config-subif)#encapsulation dot1q 35
R1(config-subif)#description vLAN-35_Server
R1(config-subif)#ip address 10.75.20.174 255.255.255.240
R1(config-subif)#no shutdown
R1(config-subif)#exit
R1(config)#

Task 3:
Create DHCP pools on the DHCP Server router R1. Don’t forget to exclude the gateway address for both DHCP pools.

R1(config)#ip dhcp pool v11-Laboratory-Pool
R1(dhcp-config)#network 10.75.20.0 255.255.255.128
R1(dhcp-config)#default-router 10.75.20.126
R1(dhcp-config)#exit
R1(config)#ip dhcp pool v20-Workstation-Pool
R1(dhcp-config)#network 10.75.20.128 255.255.255.224
R1(dhcp-config)#default-router 10.75.20.158
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 10.75.20.126
R1(config)#ip dhcp excluded-address 10.75.20.158
R1(config)#end
R1#

Task 4:
Add VLANs to VLAN database on switch. Name them properly defined in the table next to the topology.

Sw1(config)#vlan 11
Sw1(config-vlan)#name vLAN-11-Laboratory
Sw1(config-vlan)#exit
Sw1(config)#vlan 20
Sw1(config-vlan)#name vLAN-20-Workstation
Sw1(config-vlan)#exit
Sw1(config)#vlan 35
Sw1(config-vlan)#name vLAN-35-Server
Sw1(config-vlan)#exit
Sw1(config)#

Task 5:
Configure the trunk from the switch to the router.

Sw1(config)#interface ethernet 3/3
Sw1(config-if)#switchport trunk encapsulation dot1q
Sw1(config-if)#switchport mode trunk
Sw1(config-if)#switchport trunk allowed vlan 11,20,35

Task 6:
Configure access ports for each of the devices and assign the proper VLAN to the respective subnet on the switch. Enable the ports to immediately go into a forwarding state.

Sw1(config)#interface range ethernet 0/1 - 2
Sw1(config-if-range)#switchport mode access
Sw1(config-if-range)#switchport access vlan 11
Sw1(config-if-range)#spanning-tree portfast
Sw1(config-if-range)#exit
Sw1(config)#interface range ethernet 1/1 - 2
Sw1(config-if-range)#switchport mode access
Sw1(config-if-range)#switchport access vlan 20
Sw1(config-if-range)#spanning-tree portfast
Sw1(config-if-range)#exit
Sw1(config)#interface range ethernet 2/1 - 2
Sw1(config-if-range)#switchport mode access
Sw1(config-if-range)#switchport access vlan 35
Sw1(config-if-range)#spanning-tree portfast
Sw1(config-if-range)#exit

Task 7:
Configure the servers with their respective host names, and Assign VPC7 the first available IP of the subnet and assign VPC8 the second available IP of the subnet. Don’t forget assign the gateway address.

VPCS> set pcname VPC7
VPC7> ip 10.75.20.161 /28 10.75.20.174
Checking for duplicate address...
PC1 : 10.75.20.161 255.255.255.240 gateway 10.75.20.174


VPCS> set pcname VPC8
VPC8> ip 10.75.20.162 /28 10.75.20.174
Checking for duplicate address...
PC1 : 10.75.20.162 255.255.255.240 gateway 10.75.20.174

Task 8:
Configure the host names of the Laboratory desktop PCs and configure them as DHCP clients. Ping the gateway to confirm the PCs connection.

VPCS> set pcname VPC3
VPC3> ip dhcp
DDORA IP 10.75.20.1/25 GW 10.75.20.126

VPC3> ping 10.75.20.126

84 bytes from 10.75.20.126 icmp_seq=1 ttl=255 time=0.566 ms
84 bytes from 10.75.20.126 icmp_seq=2 ttl=255 time=0.901 ms
84 bytes from 10.75.20.126 icmp_seq=3 ttl=255 time=1.188 ms
84 bytes from 10.75.20.126 icmp_seq=4 ttl=255 time=1.158 ms
84 bytes from 10.75.20.126 icmp_seq=5 ttl=255 time=0.947 ms

VPCS> set pcname VPC4
VPC4> ip dhcp
DDORA IP 10.75.20.2/25 GW 10.75.20.126

VPC4> ping 10.75.20.126

84 bytes from 10.75.20.126 icmp_seq=1 ttl=255 time=0.581 ms
84 bytes from 10.75.20.126 icmp_seq=2 ttl=255 time=0.952 ms
84 bytes from 10.75.20.126 icmp_seq=3 ttl=255 time=1.306 ms
84 bytes from 10.75.20.126 icmp_seq=4 ttl=255 time=0.921 ms
84 bytes from 10.75.20.126 icmp_seq=5 ttl=255 time=0.953 ms

Task 9:
Configure the host names of the Workstation Laptop PCs and configure them as DHCP clients. Ping the gateway to confirm the PCs connection.

VPCS> set pcname VPC5
VPC5> ip dhcp
DDORA IP 10.75.20.129/27 GW 10.75.20.158

VPC5> ping 10.75.20.158

84 bytes from 10.75.20.158 icmp_seq=1 ttl=255 time=0.606 ms
84 bytes from 10.75.20.158 icmp_seq=2 ttl=255 time=1.243 ms
84 bytes from 10.75.20.158 icmp_seq=3 ttl=255 time=1.294 ms
84 bytes from 10.75.20.158 icmp_seq=4 ttl=255 time=1.304 ms
84 bytes from 10.75.20.158 icmp_seq=5 ttl=255 time=1.386 ms



VPCS> set pcname VPC6
VPC6> ip dhcp
DDORA IP 10.75.20.130/27 GW 10.75.20.158

VPC6> ping 10.75.20.158

84 bytes from 10.75.20.158 icmp_seq=1 ttl=255 time=0.736 ms
84 bytes from 10.75.20.158 icmp_seq=2 ttl=255 time=1.036 ms
84 bytes from 10.75.20.158 icmp_seq=3 ttl=255 time=1.082 ms
84 bytes from 10.75.20.158 icmp_seq=4 ttl=255 time=1.138 ms
84 bytes from 10.75.20.158 icmp_seq=5 ttl=255 time=1.519 ms

Lab: OSPF Using Juniper and Cisco

Posted on March 28, 2020August 7, 2020 by jrivera

Multi-area OSPF lab using two different vendors Juniper and Cisco. This lab is a good example of how basic OSPF actions are taking on Juniper routers and in comparison Cisco routers.

OSPF (Open Shortest Path First) is a routing protocol for Internet Protocol (IP) networks. OSPF is a link-state protocol. OSPF uses a shorted path first algorithm in order to build and calculate the shortest path to all known destinations.The shortest path is calculated with the use of the Dijkstra algorithm.

Task 1:
Change the hostnames on both Juniper routers.

lab@Vmx>configure
Entering configuration mode

[edit]
lab@Vmx#set system host-name R1
lab@Vmx#commit and-quit
lab@R1>


lab@Vmx>configure
Entering configuration mode

[edit]
lab@Vmx#set system host-name R2
lab@Vmx#commit and-quit
lab@R2>

Task 2:
Change the host names on both Cisco routers.

Router>enable
Router#configure terminal
Router(config)#hostname R3
R3(config)#


Router>enable
Router#configure terminal
Router(config)#hostname R4
R4(config)#

Task 3:
Assign IP address to the Juniper routers.

lab@R1>configure
Entering configuration mode

[edit]
lab@R1#set interfaces ge-0/0/3 unit 0 family inet address 192.168.12.1/24
lab@R1#set interfaces ge-0/0/2 unit 0 family inet address 192.168.13.1/24
lab@R1#commit and-quit
lab@R1>


lab@R2>configure
Entering configuration mode

[edit]
lab@R2#set interfaces ge-0/0/3 unit 0 family inet address 192.168.12.2/24
lab@R1#set interfaces ge-0/0/2 unit 0 family inet address 192.168.24.2/24
lab@R2#commit and-quit
lab@R2>

Task 4:
Assign IP address to the Cisco routers.

R3#configure terminal
R3(config)#interface ethernet 0/0
R3(config-if)#ip address 192.168.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.255
R3(config-if)#no shutdown
R3(config-if)#exit



R4#configure terminal
R4(config)#interface ethernet 0/0
R4(config-if)#ip address 192.168.24.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#interface loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.255
R4(config-if)#no shutdown
R4(config-if)#exit

Task 5:
Configure OSPF on Juniper routers.

lab@R1>configure
Entering configuration mode

[edit]
lab@R1# set protocols ospf area 0.0.0.0 interface ge-0/0/0.3
lab@R1# set protocols ospf area 0.0.0.1 interface ge-0/0/0.2
lab@R1#commit and-quit


lab@R2>configure
Entering configuration mode

[edit]
lab@R2# set protocols ospf area 0.0.0.0 interface ge-0/0/0.3
lab@R2# set protocols ospf area 0.0.0.1 interface ge-0/0/0.2
lab@R1#commit and-quit

Task 6:
Configure OSPF on Cisco routers.

R3#configure terminal
R3(config)#router ospf 1
R3(config-router)#network 192.168.13.0 0.0.0.255 area 1
R3(config-router)#network 3.3.3.3 0.0.0.0 area 1
R3(config-router)#end
R3#



R4#configure terminal
R4(config)#router ospf 1
R4(config-router)#network 192.168.13.0 0.0.0.255 area 2
R4(config-router)#network 4.4.4.4 0.0.0.0 area 2
R4(config-router)#end
R4#

A Tech Blog/Portfolio

Author: jrivera