ISHOD 2

http://ouprm.blogspot.hr/

https://trello.com/b/pD1mjbXs/vjezba1



Konfigurirati usmjernicke protokole prema shemi

1. Koristeci VPN template na R1 konfigurirajte Funkcionalan IPSec tunel kroz koji vace racunalo moce komunicirati s racunalom iza HQ usmjernika. Ne smije biti neopotrebne konfiguracije i sve mora biti precizno definirano
a. sve vezano za policu
b. sve vezano za transform set
c. sve vezano za crypto map
d. Sve veano za ACL
e. ostalo potrebno

2. vase racunalo takoder mora moci pingati ip adrese Lo5-8 na HQ usmjerniku
3. Konfigurirati sve potrebno na R1 za rucni IPv6 tunel tako da kroz njega mozete komunicirati izmedu vasih sucelja lo0 i lo1 na usmjerniku HQ (za usmjeravanje koristite ipv6 rip protokol naziva RIPng, izvor tunela je izlazno su?elje ,a odrediste 193.200.203.99, za tunel ipv6 adrese na shemi)
4. konfigurirajte automatske ipv6 tunele na r1 tako da mozete komunicirati s mrezema lo sucelja 100 i 101 na usmjerniku HQ. Za izradu vasih ipv6 adresa za sucelja 100 i 101 na vasem R1 usmjerniku koristite ipv4 sucelje lo10
5. Konfigurirjte ipv6 acl koji dopusta telnet na vas usmjernik R1 samo mrezama lo sucelja 0 i 1 na HQ usmjerniku.

R1#sh run
Building configuration...

Current configuration : 3468 bytes
!
! Last configuration change at 20:09:30 UTC Mon Nov 28 2016
! NVRAM config last updated at 20:10:06 UTC Mon Nov 28 2016
! NVRAM config last updated at 20:10:06 UTC Mon Nov 28 2016
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
no aaa new-model
!
!
ipv6 unicast-routing
ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
ip cef
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2901/K9 sn FCZ1614C50Y
license accept end user agreement
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key ciscokey123 address 193.200.0.99
!
!
crypto ipsec transform-set TS esp-aes 192 esp-md5-hmac
!
!
!
crypto map MAP 10 ipsec-isakmp
set peer 193.200.0.99
set transform-set TS
match address VPN_ACL
!
!
!
!
!
interface Loopback0
no ip address
ipv6 address 2A02:AC8:5:A::/64 eui-64
!
interface Loopback1
no ip address
!
interface Loopback2
no ip address
ipv6 address 2A02:AC8:5:B::1/64
!
interface Loopback5
ip address 88.88.5.1 255.255.255.192
!
interface Loopback6
ip address 88.88.5.65 255.255.255.192
!
interface Loopback7
ip address 88.88.5.129 255.255.255.192
!
interface Loopback8
ip address 88.88.5.193 255.255.255.192
!
interface Loopback10
ip address 173.100.5.1 255.255.255.0
!
interface Loopback100
no ip address
ipv6 address 2002:AD64:501:1::1/64
!
interface Loopback101
no ip address
ipv6 address 2002:AD64:501:2::1/64
!
interface Tunnel0
no ip address
ipv6 address 3005::1/112
ipv6 rip RIPng enable
tunnel source GigabitEthernet0/1
tunnel mode ipv6ip
tunnel destination 193.200.0.99
!
interface Tunnel1
no ip address
no ip redirects
ipv6 enable
tunnel source Loopback10
tunnel mode ipv6ip 6to4
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.5.5.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 11.5.5.1 255.255.255.0
duplex auto
speed auto
crypto map MAP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
!
!
router eigrp 1
network 10.5.5.0 0.0.0.255
network 11.5.5.0 0.0.0.255
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 11.5.5.2
!
ip access-list extended VPN_ACL
permit ip 10.5.5.0 0.0.0.255 172.31.16.0 0.0.0.255
!
ipv6 route 2002::/16 Tunnel1
ipv6 router rip RIPng
redistribute connected
!
!
!
!
ipv6 access-list TELNET
permit tcp host 2A02:AC8:99:1::1 host 2A02:AC8:5:A::1
permit tcp host 2A02:AC8:99:2::1 host 2A02:AC8:5:A::1
permit tcp host 2A02:AC8:99:1::1 host 2A02:AC8:5:B::1
permit tcp host 2A02:AC8:99:2::1 host 2A02:AC8:5:B::1
!
control-plane
!
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
ipv6 access-class TELNET in
login
transport input all
!
scheduler allocate 20000 1000
!
end
___________________________________________________________________________________________

R2(config)#do sh run
Building configuration...


Current configuration : 2141 bytes
!
! Last configuration change at 16:43:51 UTC Mon Nov 28 2016
! NVRAM config last updated at 16:44:33 UTC Mon Nov 28 2016
! NVRAM config last updated at 16:44:33 UTC Mon Nov 28 2016
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
no aaa new-model
!
!
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
ip cef
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2901/K9 sn FCZ1614C50V
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package uck9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 193.200.0.5 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 11.5.5.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
!
!
router eigrp 1
network 11.5.5.0 0.0.0.255
network 193.200.0.0 0.0.255.255
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
!
ip access-list extended NAT
deny ip 10.5.5.0 0.0.0.255 172.31.16.0 0.0.0.255
permit ip 10.5.5.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
!
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
scheduler allocate 20000 1000
!
end

_____________________________________________________________________________________________

ISHOD 4

hostname R2
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$srJZ$8mC4uM9fkOXRUBHI2fCuf/
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
cts logging verbose
!
!
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2901/K9 sn FCZ1614C512
license accept end user agreement
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package uck9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.131.1 255.255.255.0
!
interface Loopback1
ip address 88.13.1.1 255.255.255.0
!
interface Loopback2
ip address 11.13.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 22.22.22.13 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
!
router ospf 1
network 10.0.131.0 0.0.0.255 area 0
network 10.1.2.0 0.0.0.255 area 0
network 22.22.22.0 0.0.0.255 area 0
!
router bgp 13
bgp log-neighbor-changes
network 88.13.1.0 mask 255.255.255.0
neighbor 10.0.13.1 remote-as 13
neighbor 10.0.13.1 update-source Loopback0
neighbor 10.0.13.1 next-hop-self
neighbor 99.99.99.1 remote-as 34594
neighbor 99.99.99.1 ebgp-multihop 2
neighbor 99.99.99.1 update-source Loopback2
neighbor 99.99.99.1 route-map LP200 in
!
ip forward-protocol nd
!
ip as-path access-list 1 permit 34594
ip as-path access-list 1 deny .*
no ip http server
no ip http secure-server
!
ip route 99.99.99.1 255.255.255.255 22.22.22.99
!
!
route-map LP200 permit 10
match ip address 1
set local-preference 200
!
route-map LP200 permit 11
match as-path 1
!
route-map LP200 permit 20
!
!
access-list 1 permit 88.88.99.0 0.0.0.63
access-list 1 permit 88.88.99.64 0.0.0.63
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
password cisco
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input none
!
scheduler allocate 20000 1000
!
end
__________________________________________________________________________________________

hostname R3
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$6oxw$kpBazaQ5H/xovsYKkyNL31
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.13.1 255.255.255.0
!
interface Loopback1
ip address 88.13.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
interface Integrated-Service-Engine1/0
no ip address
shutdown
no keepalive
!
router ospf 1
log-adjacency-changes
network 10.0.13.0 0.0.0.255 area 0
network 10.1.2.0 0.0.0.255 area 0
!
router bgp 13
no synchronization
bgp log-neighbor-changes
network 88.13.0.0 mask 255.255.255.0
neighbor 10.0.131.1 remote-as 13
neighbor 10.0.131.1 update-source Loopback0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
!
!
!
line con 0
password cisco
logging synchronous
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
end

 

------------------------------------------

LINK NA STARO 4

----------------------------------------- 

 

 

 

------------------------------------------

LINK NA STARO 3

----------------------------------------- 

 

 

------------------------------------------

LINK NA STARO 2

----------------------------------------- 

------------------------------------------

LINK NA STARO 1

-----------------------------------------