Answers to Chapter 4 Configuration Exercises

Previous page
Table of content
Next page
 

Refer to Figure 4-28 for Configuration Exercises 1 “5.

Figure 4-28. The Internetwork for Configuration Exercises 1 “5

graphics/ap04fig28.gif

1:

ISP1 in Figure 4-28 has assigned the address block 201.50.13.0/24 to AS 3. ISP2 has assigned the address block 200.100.30.0/24 to AS 3. RTR1 and RTR2 are accepting full BGP routes from the ISP routers but do not transmit any routes to the ISPs. They run IBGP between them and OSPF on all Ethernet interfaces. No routes are redistributed between BGP and OSPF. The addresses of the router interfaces are as follows :

RTR1, E0: 172.16.3.1/24

RTR1, E1: 172.16.2.1/24

RTR1, S0: 201.50.26.13/30

RTR2, E0: 172.16.3.2/24

RTR2, E1: 172.16.1.1/24

RTR2, S0: 200.100.29.241/30

SVR1 is the DNS server authoritative for AS 3; its address is 172.16.3.3. DNS1 reaches SVR1 at 201.50.13.1, whereas DNS2 reaches the same server at 200.100.30.254. Write routing and NAT configurations for RTR1 and RTR2, translating inside addresses appropriately for each ISP's assigned address block. Any inside device must be able to reach either ISP, but no packets can leave AS 3 with a private source address under any circumstance.

A:

[click here] 

  RTR1   interface Loopback0   ip address 172.16.255.2 255.255.255.255   !   interface Ethernet0   ip address 172.16.3.1 255.255.255.0   ip nat inside   !   interface Ethernet1   ip address 172.16.2.1 255.255.255.0   ip nat inside   !   interface Serial0   description to ISP1   ip address 201.50.26.13 255.255.255.252   ip access-group 101 out   ip nat outside   !   autonomous-system 3   !   router ospf 1   redistribute static   network 172.16.0.0 0.0.255.255 area 0   default-information originate   !   router bgp 3   neighbor 172.16.255.1 remote-as 3   neighbor 172.16.255.1 update-source Loopback0   neighbor 201.50.26.14 remote-as 1   !   ip nat pool ISP1Pool 201.50.13.2 201.50.13.254 netmask 255.255.255.0   ip nat inside source list 1 pool ISP1Pool   ip nat inside source static 172.16.3.3 201.50.13.1   !   ip route 0.0.0.0 0.0.0.0 201.50.26.14   ip route 201.50.0.0 255.255.192.0 201.50.26.14   !   access-list 1 permit 172.16.0.0 0.0.255.255   access-list 101 deny   ip 172.16.0.0 0.0.255.255 any   access-list 101 permit ip any any  __________________________________________________________________  RTR2   interface Loopback0   ip address 172.16.255.1 255.255.255.255   !   interface Ethernet0   ip address 172.16.3.2 255.255.255.0   ip nat inside   !   interface Ethernet1   ip address 172.16.1.1 255.255.255.0   ip nat inside   !   interface Serial0   description to ISP2   ip address 200.100.29.241 255.255.255.252   ip access-group 101 out   ip nat outside   !   autonomous-system 3   !   router ospf 1   redistribute static   network 172.16.0.0 0.0.255.255 area 0   default-information originate   !   router bgp 3   neighbor 172.16.255.2 remote-as 3   neighbor 172.16.255.2 update-source Loopback0   neighbor 200.100.29.242 remote-as 2   !   ip nat pool ISP2Pool 200.100.30.1 200.100.30.253 netmask 255.255.255.0   ip nat inside source list 1 pool ISP2Pool   ip nat inside source static 172.16.3.3 200.100.30.254   !   ip route 0.0.0.0 0.0.0.0 200.100.29.242   ip route 200.100.0.0 255.255.224.0 200.100.29.242   !   access-list 1 permit 172.16.0.0 0.0.255.255   access-list 101 deny ip 172.16.0.0 0.0.255.255 any   access-list 101 permit ip any any
2:

The address of SVR2 in Figure 4-28 is 172.16.2.2, and the address of SVR3 is 172.16.2.3. Modify the configurations of Configuration Exercise 1 so that devices within ISP1's AS connect to the servers round- robin at the address 201.50.13.3.

A:

Notice that in addition to the new commands, ISP1Pool has been modified to no longer include the address 201.50.13.3. 

  RTR1   ip nat pool ISP1Pool 201.50.13.4 201.50.13.254 netmask 255.255.255.0   ip nat pool SVRs 172.16.2.2 172.16.2.3 netmask 255.255.0.0 type rotary   ip nat inside source list 1 pool ISP1Pool   ip nat inside source static 172.16.3.3 201.50.13.1   ip nat inside destination list 2 pool SVRs   !   access-list 1 permit 172.16.0.0 0.0.255.255   access-list 2 permit 201.50.13.3
3:

HTTP packets sent to 200.100.30.50 from ISP2 are sent to SVR2 in Figure 4-28. SMTP packets sent to 200.100.30.50 from ISP2 are sent to SVR3. Modify the configurations of the previous exercises to implement these translations.

A:

The IG address falls in the middle of the ISP2Pool range, so in addition to the static NAT mappings, ISP2Pool must be reconfigured. 

  RTR2   ip nat pool ISP2Pool netmask 255.255.255.0   address 200.100.30.1 200.100.30.49   address 200.100.30.51 200.100.30.253   ip nat inside source list 1 pool ISP2Pool   ip nat inside source static tcp 172.16.2.3 24 200.100.30.50 25 extendable   ip nat inside source static tcp 172.16.2.2 80 200.100.30.50 80 extendable   ip nat inside source static 172.16.3.3 200.100.30.254   !   access-list 1 permit 172.16.0.0 0.0.255.255
4:

Five outside devices in Figure 4-28, 201.50.12.67 “201.50.12.71, must appear to devices within AS 3 as having addresses 192.168.1.1 “192.168.1.5, respectively. Add the appropriate NAT configurations to the previously created configurations.

A:

[click here] 

  RTR1   ip nat pool ISP1Pool 201.50.13.2 201.50.13.254 netmask 255.255.255.0   ip nat pool SVRs 172.16.2.2 172.16.2.3 netmask 255.255.255.0 type rotary   ip nat inside source list 1 pool ISP1Pool   ip nat inside source static 172.16.3.3 201.50.13.1   ip nat inside destination list 2 pool SVRs   ip nat outside source static 201.50.12.71 192.168.1.5   ip nat outside source static 201.50.12.70 192.168.1.4   ip nat outside source static 201.50.12.69 192.168.1.3   ip nat outside source static 201.50.12.68 192.168.1.2   ip nat outside source static 201.50.12.67 192.168.1.1   !   access-list 1 permit 172.16.0.0 0.0.255.255   access-list 2 permit 201.50.13.1
5:

Devices in AS 3 of Figure 4-28 with addresses in the 172.16.100.0/24 subnet should all appear to have the IG address 200.100.30.75 when sending packets to ISP2. Modify the configurations of the previous exercises to accommodate this.

A:

The solution is to configure PAT. Unlike the PAT example shown in this chapter, however, the address to be used here is not the address of the outgoing interface. So, an address pool is configured on RTR2 that consists of a single address. Notice also that access list 1 is modified so that the IL addresses used for PAT are not translated to the ISP2Pool range. 

  RTR2   ip nat pool ISP2Pool netmask 255.255.255.0   address 200.100.30.1 200.100.30.49   address 200.100.30.51 200.100.30.253   ip nat pool PATPool 200.100.30.75 200.100.30.75 netmask 255.255.0.0   ip nat inside source list 1 pool ISP2Pool   ip nat inside source list 3 pool PATPool overload   ip nat inside source static tcp 172.16.2.3 24 200.100.30.50 25 extendable   ip nat inside source static tcp 172.16.2.2 80 200.100.30.50 80 extendable   ip nat inside source static 172.16.3.3 200.100.30.254   !   access-list 1 deny 172.16.100.0 0.0.0.255   access-list 1 permit 172.16.0.0 0.0.255.255   access-list 3 permit 172.16.100.0 0.0.0.255
6:

In Figure 4-29, redundant links have been added so that RTR1 and RTR2 each have connections to both ISPs, and each accept full BGP routes from both ISPs. The address of RTR1, S1 is 200.100.29.137/30, and the address of RTR2, S1 is 201.50.26.93/30. Write configurations for the two routers, ensuring that all features added in the previous exercises still work correctly.

Figure 4-29. The Internetwork for Configuration Exercise 6

graphics/04fig29.gif

A:

[click here] 

  RTR1   interface Loopback0   ip address 172.16.255.2 255.255.255.255   !   interface Ethernet0   ip address 172.16.3.1 255.255.255.0   ip nat inside   !   interface Ethernet1   ip address 172.16.2.1 255.255.255.0   ip nat inside   !   interface Serial0   description to ISP1   ip address 201.50.26.13 255.255.255.252   ip access-group 101 out   ip nat outside   !   interface Serial1   description to ISP2   ip address 200.100.29.137 255.255.255.252   ip access-group 101 out   ip nat outside   !   autonomous-system 3   !   router ospf 1   redistribute static   network 172.16.0.0 0.0.255.255 area 0   default-information originate   !   router bgp 3   neighbor 172.16.255.1 remote-as 3   neighbor 172.16.255.1 update-source Loopback0   neighbor 200.100.29.138 remote-as 2   neighbor 201.50.26.14 remote-as 1   !   ip nat pool ISP1Pool 201.50.13.2 201.50.13.254 netmask 255.255.255.0   ip nat pool ISP2Pool netmask 255.255.255.0   address 200.100.30.1 200.100.30.49   address 200.100.30.51 200.100.30.253   ip nat pool PATPool 200.100.30.75 200.100.30.75 netmask 255.255.0.0   ip nat pool SVRs 172.16.2.2 172.16.2.3 netmask 255.255.255.0 type rotary   ip nat inside source route-map ISP1 pool ISP1Pool   ip nat inside source route-map ISP2 pool ISP2Pool   ip nat inside source list 3 pool PATPool overload   ip nat inside source static tcp 172.16.2.3 24 200.100.30.50 25 extendable   ip nat inside source static tcp 172.16.2.2 80 200.100.30.50 80 extendable   ip nat inside source static 172.16.3.3 201.50.13.1   ip nat inside destination list 2 pool SVRs   ip nat outside source static 201.50.12.71 192.168.1.5   ip nat outside source static 201.50.12.70 192.168.1.4   ip nat outside source static 201.50.12.69 192.168.1.3   ip nat outside source static 201.50.12.68 192.168.1.2   ip nat outside source static 201.50.12.67 192.168.1.1   !   access-list 1 deny 172.16.100.0 0.0.0.255   access-list 1 permit 172.16.0.0 0.0.255.255   access-list 2 permit 201.50.13.1   access-list 3 permit 172.16.100.0 0.0.0.255   access-list 4 permit 200.100.29.138   access-list 5 permit 201.50.26.14   access-list 101 deny   ip 172.16.0.0 0.0.255.255 any   access-list 101 permit ip any any   !   route-map ISP1 permit 10   match ip address 1   match ip next-hop 5   !   route-map ISP2 permit 10   match ip address 1   match ip next-hop 4  __________________________________________________________________  RTR2   interface Loopback0   ip address 172.16.255.1 255.255.255.255   !   interface Ethernet0   ip address 172.16.3.2 255.255.255.0   ip nat inside   !   interface Ethernet1   ip address 172.16.1.1 255.255.255.0   ip nat inside   !   interface Serial0   description to ISP2   ip address 200.100.29.241 255.255.255.252   ip access-group 101 out   ip nat outside   !   interface Serial1   description to ISP1   ip address 201.50.26.93 255.255.255.252   ip access-group 101 out   ip nat outside   autonomous-system 3   !   router ospf 1   redistribute static   network 172.16.0.0 0.0.255.255 area 0   default-information originate   !   router bgp 3   neighbor 172.16.255.2 remote-as 3   neighbor 172.16.255.2 update-source Loopback0   neighbor 200.100.29.242 remote-as 2   neighbor 201.50.26.94 remote-as 1   !   ip nat pool ISP1Pool 201.50.13.2 201.50.13.254 netmask 255.255.255.0   ip nat pool ISP2Pool netmask 255.255.255.0   address 200.100.30.1 200.100.30.49   address 200.100.30.51 200.100.30.253   ip nat pool PATPool 200.100.30.75 200.100.30.75 netmask 255.255.0.0   ip nat pool SVRs 172.16.2.2 172.16.2.3 netmask 255.255.255.0 type rotary   ip nat inside source route-map ISP1 pool ISP1Pool   ip nat inside source route-map ISP2 pool ISP2Pool   ip nat inside source list 3 pool PATPool overload   ip nat inside source static tcp 172.16.2.3 24 200.100.30.50 25 extendable   ip nat inside source static tcp 172.16.2.2 80 200.100.30.50 80 extendable   ip nat inside source static 172.16.3.3 200.100.30.254   ip nat inside destination list 2 pool SVRs   ip nat outside source static 201.50.12.71 192.168.1.5   ip nat outside source static 201.50.12.70 192.168.1.4   ip nat outside source static 201.50.12.69 192.168.1.3   ip nat outside source static 201.50.12.68 192.168.1.2   ip nat outside source static 201.50.12.67 192.168.1.1   !   access-list 1 deny 172.16.100.0 0.0.0.255   access-list 1 permit 172.16.0.0 0.0.255.255   access-list 2 permit 201.50.13.1   access-list 3 permit 172.16.100.0 0.0.0.255   access-list 4 permit 200.100.29.242   access-list 5 permit 201.50.26.94   access-list 101 deny ip 172.16.0.0 0.0.255.255 any   access-list 101 permit ip any any   !   route-map ISP1 permit 10   match ip address 1   match ip next-hop 5   !   route-map ISP2 permit 10   match ip address 1   match ip next-hop 4

Previous page
Table of content
Next page
Routing TCP[s]IP (Vol. 22001)
Routing TCP[s]IP (Vol. 22001)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 182
BUY ON AMAZON
Qshell for iSeries
A+ Fast Pass
Building Web Applications with UML (2nd Edition)
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Quantitative Methods in Project Management
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy