router - pt 3
Home | Pt 1 | Pt 2 | Pt 3 | Pt 4 | Pt 5 | Chall1 | Chall2 | Chall3 | Chall4Demo | 5-r | Test | [Bill's]

[[Expand][PDF Version]

Defining encapsulation. Encapsulation allows data packets to be wrapped in a defined protocol, and send over an Internet connection. One of the most popular encapsulation techniques is PPP (which is the standard used to connect users to the Internet from a modem). This is achieved with:

1

Go into the privileged mode by typing enable.

3

Configure the device using by typing config t.

4

Define

(config)# interface s0
(config-if)# encapsulation ppp

5

Go back to the user executive mode with the command exit, followed by exit

6

Show the main system configuration with show running-config.

An example of this programming is shown next:

Defining authentication. Along with encapsulation, there is normally an authentication for the connection. In the following the authentication is defined as chap (which is more secure than pap).

1

Go into the privileged mode by typing enable.

3

Configure the device using by typing config t.

4

Define

(config)# interface s0
(config-if)# ppp authentication chap

4

The CHAP protocol continually challenges the remote router for a user name and a password. Thus we must define a username and password (in this case a username of fred with a password of mypass):

(config)# username fred password mypass


5

Finally on the required interface we set the hostname and the password for the remote router:

(config)# interface s0
(config-if)# ppp chap hostname fred
(config-if)# ppp chap secret mypass



5

Go back to the user executive mode with the command exit, followed by exit

6

Show the main system configuration with show running-config.

Defining ACLs. Access Control Lists (ACLs) allow for incoming and outgoing data to be filtered, and are used to implement firewalls. A simple example is:

1

Go into the privileged mode by typing enable.

3

Configure the device using by typing config t.

4

To deny access from the incoming E0 port to every host on the 156.1.1.0 subnet:

(config)# access-list 1 deny ip 156.1.1.0 0.0.0.255
(config)# access-list 1 permit any any
(config)# interface e0
(config-if)# ip access-group 1 in

5

Go back to the user executive mode with the command exit, followed by exit

6

Show the main system configuration with show running-config.

At this point the running-config should look something like:

version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
Hostname Router
!
!
ip subnet-zero
!
ip domain-name mycomp.com
ip name-server 192.168.0.10
!
interface ethernet 0
 ip address 219.17.100.1 255.255.255.0
 no shutdown
 ip access-group 1 in
!
interface serial 0
 ip address 199.6.13.1 255.255.255.0
 no shutdown
 encapsulation ppp
 ppp authentication chap
!
interface serial 1
 ip address 201.100.11.2 255.255.255.0
 no shutdown
 encapsulation ppp
 ppp authentication chap
!
router rip
 network 199.6.13.0
 network 201.100.11.0
 network 219.17.100.0
!
access-list 1 deny ip 156.1.1.0 0.0.0.255
access-list 1 permit ip any any
!
ip host LAB_A 192.5.5.1 205.7.5.1 201.100.11.1
ip host LAB_B 210.100.11.2 219.17.100.1 199.6.13.1
ip host LAB_C 223.8.151.1 204.204.7.1 199.6.13.1
ip host LAB_D 210.93.105.1 204.204.7.2
ip host LAB_E 210.93.105.2
!
end

Defining ACLs using Named ACLs. It is also possible to define an ACL by a name. For example, the following permits accesses from the 10.11.12.0 and 20.31.42.0 subnets, and disallows all other subnets:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

To deny access from the incoming E0 port to every host on the 156.1.1.0 subnet:

(config)# access-list standard myacl
(config-std-nacl)# permit 10.11.12.0 0.0.0.255
(config-std-nacl)# permit 20.31.42.0 0.0.0.255
(config-std-nacl)# exit
(config)# int e0
(config-if)# ip access-group myacl out
(config-if)# exit

4

Go back to the user executive mode with the command exit

5

Show the main system configuration with show running-config.

6

An extended NACL is defined with access-list extended myextacl.

[Next part]

If you would like to register the router emulator, or obtain the full version, please complete the following: