AppendixB_Lab1_FinalConfigurations.txt

(40 KB) Pobierz
!************************************************
!*						*
!* Lab 1 Final Solutions for all Devices	*
!*						*
!************************************************



!********************************
!*				*
!* R1 Final Solution Config	*
!*				*
!********************************
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
no logging console
enable password cisco
no aaa new-model
ip source-route
ip cef
no ip domain lookup
ip domain name cisco.com
no ipv6 cef
!
crypto key generate rsa exportable label gdoikeys modulus 1024



crypto key generate rsa exportable label myCA modulus 1024



!
!
!
!
!
!
!
!
!
!
crypto pki server myCA
 database level complete
 issuer-name CN=myCA.cisco.com
 grant auto
 lifetime ca-certificate 365
 database url flash:
 no shutdown
!
crypto pki trustpoint myCA
 revocation-check crl
 rsakeypair myCA
!
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 20
 encr aes
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac 
 mode transport
crypto ipsec transform-set gdoitrans esp-aes esp-sha-hmac 
!         
crypto ipsec profile dmvpn
 set transform-set cisco 
!
crypto ipsec profile gdoi_profile
 set security-association lifetime seconds 36000
 set transform-set gdoitrans 
!
crypto gdoi group lab1getvpn
 identity number 123
 server local
  rekey retransmit 30 number 2
  rekey authentication mypubkey rsa gdoikeys
  rekey transport unicast
  sa ipsec 1
   profile gdoi_profile
   match address ipv4 101
   replay time window-size 10
  address ipv4 192.168.3.11
!
!
!
load protocol flash:ip.phdf
load protocol flash:tcp.phdf
!
ip tcp synwait-time 5
!
class-map type access-control match-all TCP23classmap
 match field TCP dest-port eq 23
 match field IP dest-addr eq 10.1.1.1
class-map type stack match-all matchTCPstack
 match field IP protocol eq 6 next TCP
!
!
policy-map type access-control dropTCP23
 class TCP23classmap
   drop
policy-map type access-control blockTCP23
 class matchTCPstack
  service-policy dropTCP23
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.0
!
interface Loopback1
 ip address 11.11.11.11 255.255.255.255
!
interface Tunnel1
 bandwidth 1000
 ip address 172.1.0.1 255.255.255.0
 no ip redirects
 ip mtu 1360
 no ip next-hop-self eigrp 100
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 11
 ip nhrp holdtime 300
 no ip split-horizon eigrp 100
 delay 1100
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 11
 tunnel protection ipsec profile dmvpn
!
interface GigabitEthernet0/0
 ip address 192.168.3.11 255.255.255.0
 no shutdown
!
interface GigabitEthernet0/1
 ip address 192.168.2.11 255.255.255.0
 no shutdown
!
interface Serial0/0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 shutdown
 clock rate 2000000
!
router eigrp 100
 network 11.11.11.0 0.0.0.255
 network 172.1.0.0 0.0.0.255
 no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 10.0.0.0 255.0.0.0 192.168.3.10
ip route 172.17.0.0 255.255.0.0 192.168.3.10
ip route 192.168.0.0 255.255.0.0 192.168.3.10
ip http server
no ip http secure-server
!
!
!
access-list 1 permit 10.5.5.5
access-list 1 permit 192.168.2.12
access-list 1 permit 192.168.9.10
access-list 101 permit ip 172.17.0.0 0.0.255.255 172.17.0.0 0.0.255.255
access-list 120 permit ip host 192.168.64.6 any
access-list 120 permit ip any host 192.168.64.6
!
!
!
control-plane
 service-policy type access-control input blockTCP23
!
!
line con 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
line aux 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
 transport input telnet
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
 transport input telnet
!
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trusted-key 1
ntp source Loopback0
ntp access-group peer 1
ntp master 5
end



!********************************
!*				*
!* R2 Final Solution Config	*
!*				*
!********************************
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
enable password cisco
!
aaa new-model
aaa authentication login vtyauthen group tacacs+
aaa authentication login conauthen none
aaa authorization exec vtyexec group tacacs+ 
ip source-route
ip cef
no ip domain lookup
ip domain name cisco.com
no ipv6 cef
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac 
 mode transport
!
crypto ipsec profile dmvpn
 set transform-set cisco 
!
ip tcp synwait-time 5
!
class-map match-all copp
 match access-group 101
 match not access-group 102
!         
!
policy-map copp
 class copp
   drop
!
!
!
!
!
interface Loopback0
 ip address 10.2.2.2 255.255.255.0
!
interface Loopback1
 ip address 22.22.22.22 255.255.255.0
!
interface Tunnel1
 bandwidth 1000
 ip address 172.1.0.2 255.255.255.0
 no ip redirects
 ip mtu 1360
 ip nhrp authentication cisco
 ip nhrp map multicast 192.168.3.11
 ip nhrp map 172.1.0.1 192.168.3.11
 ip nhrp network-id 11
 ip nhrp holdtime 300
 ip nhrp nhs 172.1.0.1
 delay 1100
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 11
 tunnel protection ipsec profile dmvpn
!
interface GigabitEthernet0/0
 ip address 192.168.4.11 255.255.255.0
 no shutdown
!
interface GigabitEthernet0/1
 ip address 192.168.5.11 255.255.255.0
 no shutdown
!
interface Serial0/0/0
 no ip address
 shutdown
!
interface Serial0/0/1
 no ip address
 shutdown
!
router eigrp 100
 network 22.22.22.0 0.0.0.255
 network 172.1.0.0 0.0.0.255
 no auto-summary
!
router ospf 1
 log-adjacency-changes
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.4.10
ip http server
no ip http secure-server
!
!
!
access-list 101 permit icmp any any
access-list 102 permit icmp 10.0.0.0 0.255.255.255 any
access-list 102 permit icmp 172.16.0.0 0.15.255.255 any
access-list 102 permit icmp 192.168.0.0 0.0.255.255 any
!
tacacs-server host 192.168.2.14
tacacs-server key cisco
!
control-plane
 service-policy input copp
!
line con 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login authentication conauthen
line aux 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 transport input telnet
line vty 0 4
 exec-timeout 0 0
 password cisco
 authorization exec vtyexec
 logging synchronous
 login authentication vtyauthen
 transport input telnet
!
parser view netop
 secret 5 $1$.SqL$qcRMtupOtbjMledzQJwp20
 commands configure include all ip route
 commands configure include all router
 commands configure include all interface
 commands configure include ip
 commands exec include configure terminal
 commands exec include configure
 commands exec include all show
!
parser view secop
 secret 5 $1$o6m5$CtYHwt2EPE4/iKqHCTvEn.
 commands configure include all radius-server
 commands configure include all tacacs-server
 commands configure include all interface
 commands configure include all zone-pair
 commands configure include all zone
 commands configure include all policy-map
 commands configure include all class-map
 commands configure include all crypto
 commands configure include all aaa
 commands exec include configure terminal
 commands exec include configure
 commands exec include all show
!         
end



!********************************
!*				*
!* R3 Final Solution Config	*
!*				*
!********************************
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
enable password cisco
no aaa new-model
ip source-route
ip cef
no ip domain lookup
ip domain name cisco.com
no ipv6 cef
!
crypto isakmp policy 10
 encr aes
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!         
!
crypto gdoi group lab1getvpn
 identity number 123
 server address ipv4 192.168.3.11
!
!
crypto map gdoi 10 gdoi 
 set group lab1getvpn
!
ip tcp synwait-time 5
!
interface Loopback0
 ip address 10.3.3.3 255.255.255.0
!
interface Loopback10
 ip address 172.17.3.3 255.255.255.0
!
interface GigabitEthernet0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/1
 ip address 192.168.9.3 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 crypto map gdoi
 no shutdown
!
interface Serial0/0/0
 ip address 192.168.35.3 255.255.255.0
 encapsulation ppp
 ip ospf network point-to-point
 no fair-queue
 no shutdown
!
interface Serial0/0/1
 no ip address
 shutdown 
!
router ospf 1
 log-adjacency-changes
 network 10.3.3.0 0.0.0.255 area 0
 network 172.17.3.0 0.0.0.255 area 0
 network 192.168.9.0 0.0.0.255 area 0
 network 192.168.35.0 0.0.0.255 area 0
!
ip http server
no ip http secure-server
!
line con 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
line aux 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
 transport input telnet
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
 transport input telnet
!
end



!********************************
!*				*
!* R4 Final Solution Config	*
!*				*
!********************************
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R4
enable password cisco
no aaa new-model
ip source-route
ip cef
!
no ip domain lookup
ip domain name cisco.com
no ipv6 cef
!
frame-relay switching
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!         
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac 
 mode transport
!
crypto ipsec profile dm...
AppendixB_Lab1_FinalConfigurations.txt

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:
