Router Configs

26 Jan
Published by admin

SunnySlope Router and ACL Configuration

Router>
Router>enable
Router#config t
Router(config)#hostname SunnySlope
SunnySlope(config)#enable password cisco
SunnySlope(config)#enable secret class

SunnySlope(config)#line con 0
SunnySlope(config-line)#password cisco
SunnySlope(config-line)#login
SunnySlope(config-line)#exit

SunnySlope(config)#line vty 0 4
SunnySlope(config-line)#password cisco
SunnySlope(config-line)#login
SunnySlope(config-line)#exit

SunnySlope(config)#ipx routing
SunnySlope(config)#ipx maximum-paths 1

SunnySlope(config)#interface e0.1
SunnySlope(config-subif)#ip address 156.1.10.1 255.255.254.0
SunnySlope(config-subif)#no shutdown
SunnySlope(config-subif)#interface e0.2
SunnySlope(config-subif)#ipx network a
SunnySlope(config-subif)#ipx encapsulation novell-ether
SunnySlope(config-subif)#description Admin network

SunnySlope(config)#interface e1.1
SunnySlope(config-if)#ip address 156.1.12.1 255.255.254.0
SunnySlope(config-if)#no shutdown
SunnySlope(config-subif)#interface e1.2
SunnySlope(config-subif)#ipx network c
SunnySlope(config-subif)#ipx encapsulation novell-ether
SunnySlope(config-if)#description Circ network

SunnySlope(config)#interface e2.1
SunnySlope(config-if)#ip address 156.1.14.1 255.255.254.0
SunnySlope(config-if)#no shutdown
SunnySlope(config-subif)#interface e2.2
SunnySlope(config-subif)#ipx network e
SunnySlope(config-subif)#ipx encapsulation novell-ether
SunnySlope(config-if)#description Server network

SunnySlope (config)#isdn switch-type basic-net3
SunnySlope (config)#dialer-list 1 protocol ip permit
SunnySlope (config)#interface bri 0
SunnySlope (config-if)#ip address 156.1.18.1 255.255.254.0
SunnySlope (config-if)#encapsulaton ppp
SunnySlope (config-if)#isdn spid1 3840000001
SunnySlope (config-if)#isdn spid2 3840000002
SunnySlope (config-if)#dialer map ip 156.1.18.2 name Bstop 384020
SunnySlope (config-if)#dialer-group 1
SunnySlope (config-if)#ppp authentication chap
SunnySlope (config-if)#dialer idle-time out 300
SunnySlope (config-if)#dialer wait-for-carrier-time 15
SunnySlope (config-if)#no shutdown
SunnySlope(config-if)#description ISDN connection to other schools
SunnySlope (config-if)# exit

SunnySlope(config-if)#interface s1
SunnySlope(config-if)#ip address 156.1.2.1 255.255.255.0
SunnySlope (config-if)#encapsulation frame-relay
SunnySlope(config-if)#no shutdown
SunnySlope(config-if)#description Internet Connection

SunnySlope(config-if)#exit

SunnySlope(config)#router rip
SunnySlope(config-router)#network 156.1.2.0
SunnySlope(config-router)#network 156.1.10.0
SunnySlope(config-router)#network 156.1.11.0
SunnySlope(config-router)#network 156.1.12.0
SunnySlope(config-router)#network 156.1.13.0
SunnySlope(config-router)#network 156.1.14.0
SunnySlope(config-router)#network 156.1.18.0-->

SunnySlope(config)#router igrp 10
SunnySlope(config-router)#timers basic 15 45 0 60
SunnySlope(config-router)#no metric holddown
SunnySlope(config-router)#metric maximum-hop 50
SunnySlope(config-router)#network 156.1.2.0
SunnySlope(config-router)#network 156.1.10.0
SunnySlope(config-router)#network 156.1.11.0
SunnySlope(config-router)#network 156.1.12.0
SunnySlope(config-router)#network 156.1.13.0
SunnySlope(config-router)#network 156.1.14.0
SunnySlope(config-router)#network 156.1.18.0

SunnySlope(config-router)#exit

SunnySlope(config)#ip host SunnySlope 156.1.10.2
SunnySlope(config)#ip host SunnySlope 156.1.11.2
SunnySlope(config)#ip host SunnySlope 156.1.12.2
SunnySlope(config)#ip host SunnySlope 156.1.13.2

SunnySlope#copy run start
SunnySlope(config)#exit

Access Control Lists and Their Placement
Access Control Lists

ACL 1 only allows traffic within the Facility numbering scheme to enter via SunnySlope Router Serial Interface 0

SunnySlope (config)#access-list 1 permit 156.1.0.0 0.0.255.255
SunnySlope (config)#access-list 1 deny any

SunnySlope (config) # interface s0
SunnySlope (config-if)# ip access-group 1 in

ACL 101 prohibits Circ network access to the Admin network other than mail (SMTP) protocol. It allows access to the Server network, the WAN link to other schools and to the Internet. 101 is placed on the input of interface e1 on the SunnySlope router.

SunnySlope (config)#access-list 101 permit tcp 156.1.12.0 0.0.1.255 156.1.10.0 0.0.1.255 eq smtp
SunnySlope(config)#access-list 101 permit ip 156.1.12.0 0.0.1.255 156.1.18.0 0.0.1.255
SunnySlope(config)#access-list 101 permit ip 156.1.12.0 0.0.1.255 156.1.14.0 0.0.0.255
SunnySlope(config)#access-list 101 permit ip 156.1.12.0 0.0.1.255 156.1.2.0 0.0.0.255

SunnySlope (config) # interface e1
SunnySlope (config-if)# ip access-group 101 in

ACL 102 only allows Curriculum range of address to receive http protocol from the internet ie downloads prohibited. Place on input of SunnySlope Router Serial Interface 1.

SunnySlope (config)#access-list 102 permit tcp any 156.1.12.0 0.0.1.255 eq http
SunnySlope (config)#access-list 102 permit tcp any 156.1.13.0 0.0.1.255 eq http
SunnySlope (config)#access-list 102 deny ip any any

SunnySlope (config) # interface s1
SunnySlope (config-if)# ip access-group 102 in

Designed by matt renfro