650) this.width=650; "height=" 403 "title=" clip_image002 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/ M01/6d/e1/wkiol1vulivx2tinaadne63lddu204.jpg "border=" 0 "/>
GNS3 Simulation Diagram
Demand
1. A company a total of 200 access points (divided into two departments), the company headquarters has about 100 access points, Division 1 has more than 40 access points, Division 2 has 10 PCs. Company internal access, the designated network segment is 192.168.1.0/24. In order to fully use IP addresses, please plan your IP address appropriately.
Answer: Three network segments
192.168.1.0/25 255.255.255.128 (host:128 PCs)---> headquarters
192.168.1.0----192.168.1.127
192.168.1.128-----192.168.1.255- à Headquarters
192.168.1.0/27 255.255.255.192 (HOST:64PCS)---> Division 1
192.168.1.0------192.168.1.63
192.168.1.64-----192.168.1.127-- à Division 1
192.168.1.0/28 255.255.255.240 (HOST:16PCS)---> Division 2
192.168.1.0----192.168.1.15 - à Division 2
2. Between the headquarters and the division by dedicated line connection, using the PPP protocol PAP for two-way authentication,
R1#sh Run int S1/1
Interface SERIAL1/1
IP address 12.1.1.1 255.255.255.0
Encapsulation PPP
Serial Restart-delay 0
PPP Authentication PAP
PPP pap sent-username CCNP password 0 CCNP
End
R2#sh Run int s1/0
Interface serial1/0
IP address 12.1.1.2 255.255.255.0
Encapsulation PPP
Serial Restart-delay 0
PPP Authentication PAP
PPP pap sent-username CCNA password 0 CCNA
End
3. The RIP protocol runs between Division 1 and Division 2 (between R4 and R2), and OSPF is run between headquarters and division, requiring interoperability across the network.
RIP
t2|
Router RIP
Version 2
Redistribute OSPF metric 3
Network 24.0.0.0
Network 192.168.1.0
No auto-summary
R4 (config) #router rip
R4 (config-router) #no au
R4 (config-router) #v 2
R4 (Config-router) #net
R4 (config-router) #network 24.1.1.0
R4 (config-router) #net 192.168.1.64
OSPF:
R2:
router OSPF 110
Router-id 2.2.2.2
Log-adjacency-changes
Redistribute RIP subnets
Network 12.1.1.0 0.0.0.255 Area 0
Network 192.168.1.0 0.0.0.15 Area 0
R1:
router OSPF 110
Router-id 1.1.1.1
Log-adjacency-changes
Network 12.1.1.0 0.0.0.255 Area 0
Network 192.168.1.128 0.0.0.127 Area 0
4. Both headquarters and offices use R1 to access the extranet. However, only a public IP address is applied
13.1.1.1/30 headquarters access to the public network using PPPoE dial-up internet access.
R3:pppoe Provider Side
1. Username ccie password 0 ccie \ \ Define user name and password
2. IP local pool pppoe_pool 13.1.1.1 \ \ Define client-dial IP address pools
3. Interface Virtual-template1
IP address 13.1.1.2 255.255.255.252
Peer default IP address pool pppoe_pool \ \ Call Address pools
PPP authentication chap \ \ Opens PPP CHAP authentication on the interface
4.bba-group PPPoE Ccna-pppoe
Virtual-template 1 \ \ Invoke template
5. Interface FASTETHERNET0/1 \ Interface Association BBA Group
PPPoE Enable Group Ccna-pppoe
R1:pppoe Client
1.interface Dialer1
IP address negotiated \ \ addresses Negotiation
IP MTU 1492 \ \ Optimization mechanism: Prevent slicing because when the PPPoE data is encapsulated, 8 related bytes of PPPoE are inserted between the two-layer frame and the three-layer data header
Encapsulation PPP
IP tcp ADJUST-MSS 1452 \ \ Optimization mechanism
Dialer Pool 1 \ \ Configure dial-up user name and password
PPP chap hostname CCIE
PPP chap password 0 CCIE
2.interface fastethernet0/0
PPPoE Enable
Pppoe-client Dial-pool-number 1
5 analog public networks use R3 and R8 to run static routes, allowing their company A to access the Internet 8.8.8.8 (R8 loopback)
R1:
IP route 0.0.0.0 0.0.0.0 Dialer1 13.1.1.2
router OSPF 110
Router-id 1.1.1.1
Log-adjacency-changes
Network 12.1.1.0 0.0.0.255 Area 0
Network 192.168.1.128 0.0.0.127 Area 0
Default-information originate always//must pour a static route into company A
R3 (config) #ip Route 8.8.8.0 255.255.255.0 f0/0 38.1.1.8
R3 (config) #ip Route 0.0.0.0 0.0.0.0 13.1.1.1
R8 (config) #ip Route 0.0.0.0 0.0.0.0 F0/1 38.1.1.3
6. Allow Division A 1 to access the headquarters, but division a 2 can only access the headquarters HTTP server (IP address: 192.168.1.130)
R1#sh IP access-lists
Extended IP Access list 100
Permit TCP 192.168.1.0 255.255.255.240 host 192.168.1.130 eq www
Deny IP 192.168.1.0 255.255.255.240 192.168.1.128 255.255.255.128
Permit IP 192.168.1.64 255.255.255.192 192.168.1.128 255.255.255.128
Permit IP any any
R1 (config) #int S1/1
R1 (config-if) #ip Access-group
7. Without affecting other traffic, turn on the R2,R4 Telnet service and allow only HQ access. Division 1 and Division 2 cannot exchange visits, nor can they visit headquarters.
R2&r4
R4 (config) #access-list 1 Permit 192.168.1.128 255.255.255.128
R4 (config-line) #do sh Run | Se line vty
Line vty 0 4
Access-class 1 in
Exec-timeout 0 0
Logging synchronous
Login Local
GNS3 Test diagram:
650) this.width=650; "height=" 260 "title=" clip_image004 "style=" border:0px;padding-top:0px;padding-right:0px; Padding-left:0px;background-image:none, "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M02/6D/E1/ Wkiol1vulizyfzk8aadb9k6js18861.jpg "border=" 0 "/>
This article from the "Erick" blog, declined to reprint!
Cisco Network Assistant Experimental questions