Laboratorio de EIGRP y enlaces WAN
Fecha:26 de abril del 2014, Clase:
Exploration 4 (CCNA 4 v 4.0)
Escenario
En este escenario se verifica la transparencia de los protocolos de capa 2 (HDLC, PPP y Frame Relay)en cuanto
al tráfico IP, de paso, se realizan pruebas de ACL.
Este escenario está disponible para realizar en ftp.vilarrasa.com.ar user y pass: ccna, archivo: Enlaces WAN.pkt
Gateway#show interfaces
Serial0/0/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 10.0.0.1/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability
255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback
not set, keepalive set (10 sec)
Last input never, output never, output hang
never
---resumido---
DCD=up
DSR=up DTR=up RTS=up
CTS=up
Serial0/0/1 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 10.0.0.5/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability
255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback
not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input never, output never, output hang
never
---resumido---
DCD=up
DSR=up DTR=up RTS=up
CTS=up
Serial0/1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 10.0.0.9/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability
255/255, txload 1/255, rxload 1/255
Encapsulation Frame Relay,
loopback not set, keepalive set (10 sec)
LMI enq sent
377, LMI stat recvd 376, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023
LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped
0/0, interface broadcasts 0
Last input never, output never, output hang
never
---resumido---
Serial0/1/1 is administratively down, line protocol is down
(disabled)
---resumido---
DCD=down
DSR=down DTR=down RTS=down
CTS=down
---resumido---
Gateway#
Configuración de enrutamiento:
Esta es una configuración simple de CCNA 2.
Gateway#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Gateway(config)#router eigrp 100
Gateway(config-router)#net 10.0.0.0 0.0.0.3
Gateway(config-router)#net 10.0.0.4 0.0.0.3
Gateway(config-router)#net 10.0.0.8 0.0.0.3
Gateway(config-router)#net 192.168.1.0 0.0.0.255
Gateway(config-router)#no auto (no es necesario)
Gateway(config-router)#end
Gateway#
WAN_1#conf t
WAN_1(config)#router eigrp 100
WAN_1(config-router)#net 10.0.0.0 0.0.0.3
WAN_1(config-router)#net 192.168.2.0 0.0.0.255
WAN_1(config-router)#no auto
WAN_1(config-router)#end
WAN_1#
WAN_2#conf t
WAN_2(config)#router eigrp 100
WAN_2(config-router)#net 10.0.0.4 0.0.0.3
WAN_2(config-router)#net 192.168.2.0 0.0.0.255
WAN_2(config-router)#no auto
WAN_2(config-router)#end
WAN_2#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.2.1 (FastEthernet0/0) is up: new adjacency
WAN_3#conf t
WAN_3(config)#router eigrp 100
WAN_3(config-router)#net 10.0.0.8 0.0.0.3
WAN_3(config-router)#net 192.168.2.0 0.0.0.255
WAN_3(config-router)#no auto
WAN_3(config-router)#end
WAN_3#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.2.1 (FastEthernet0/0) is up: new adjacency
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.2.2 (FastEthernet0/0) is up: new adjacency
Primer desafío: al server, que gateway le configuramos ?
Lo razonable es que sea el router de internet, ya que es el gateway por defecto, este se encargará
de reenviar el tráfico a la WAN vía EIGRP y el ICMP redirect.
ISP_CC#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ISP_CC(config)#router eigrp 100
ISP_CC(config-router)#net 192.168.2.0 0.0.0.255
ISP_CC(config-router)#no auto
ISP_CC(config-router)#end
ISP_CC#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.2.1 (FastEthernet0/0) is up: new adjacency
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.2.3 (FastEthernet0/0) is up: new adjacency
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.2.2 (FastEthernet0/0) is up: new adjacency
Verificación:
ISP_CC#sh ip route
---resumido---
10.0.0.0/30 is subnetted, 3 subnets
D 10.0.0.0 [90/2172416] via 192.168.2.1, 00:05:25, FastEthernet0/0
D 10.0.0.4 [90/2172416] via 192.168.2.2, 00:05:25, FastEthernet0/0
D 10.0.0.8 [90/2172416] via 192.168.2.3, 00:05:25, FastEthernet0/0
190.0.0.0/30 is subnetted, 1 subnets
C 190.0.0.0 is directly connected, FastEthernet0/1
D 192.168.1.0/24 [90/2174976] via 192.168.2.1, 00:05:25, FastEthernet0/0 (realiza balanceo de carga)
[90/2174976] via 192.168.2.3, 00:05:25, FastEthernet0/0
[90/2174976] via 192.168.2.2, 00:05:25, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
200.45.0.0/30 is subnetted, 1 subnets
O 200.45.0.0 [110/2] via 190.0.0.2, 00:14:26, FastEthernet0/1
200.69.0.0/30 is subnetted, 1 subnets
O 200.69.0.0 [110/3] via 190.0.0.2, 00:14:26, FastEthernet0/1
ISP_CC#
SERVER>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::20B:BEFF:FE88:8327
IP Address......................: 192.168.2.10
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.4
SERVER>tracert 192.168.1.10
Tracing route to 192.168.1.10 over a maximum of 30 hops:
1 16 ms 0 ms 0 ms 192.168.2.4
2 0 ms 0 ms 16 ms 192.168.2.2
3 0 ms 47 ms 16 ms 10.0.0.5
4 47 ms 0 ms 15 ms 192.168.1.10
Trace complete.
SERVER>
Prueba de redundancia
WAN_3#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.2.1 (FastEthernet0/0) is down: holding time expired
WAN_3#
WAN_3#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.2.2 (FastEthernet0/0) is down: holding time expired
WAN_3#
2do desafío: En caso de que también colapse WAN_3, nos quedamos sin enlace a sucursal:
ISP_CC#sh ip route
---resumido---
190.0.0.0/30 is subnetted, 1 subnets
C 190.0.0.0 is directly connected, FastEthernet0/1
C 192.168.2.0/24 is directly connected, FastEthernet0/0
200.45.0.0/30 is subnetted, 1 subnets
O 200.45.0.0 [110/2] via 190.0.0.2, 00:27:53, FastEthernet0/1
200.69.0.0/30 is subnetted, 1 subnets
O 200.69.0.0 [110/3] via 190.0.0.2, 00:27:53, FastEthernet0/1
ISP_CC#
Creamos una interface “WAN” a traves de internet:
En un extremo:
ISP_CC#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ISP_CC(config)#int tunnel 0
ISP_CC(config-if)#tunnel source fa0/1
ISP_CC(config-if)#tunnel destination 200.69.0.2
ISP_CC(config-if)#ip address 10.0.0.13 255.255.255.252
ISP_CC(config-if)#exit
ISP_CC(config)#router eigrp 100
ISP_CC(config-router)#net 10.0.0.12 0.0.0.3
ISP_CC(config-router)#end
ISP_CC#
En el otro extremo:
Gateway#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Gateway(config)#int tunnel 1
Gateway(config-if)#tunnel source fa0/1
Gateway(config-if)#tunnel destination 190.0.0.1
Gateway(config-if)#ip address 10.0.0.14 255.255.255.252
Gateway(config-if)#exit
Gateway(config)#router eigrp 100
Gateway(config-router)#net 10.0.0.12 0.0.0.3
Gateway(config-router)#end
Gateway#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.0.0.13 (Tunnel1) is up: new adjacency
Gateway#
ISP_CC#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
D 10.0.0.8 [90/27392000] via 10.0.0.14, 00:00:40, Tunnel0
C 10.0.0.12 is directly connected, Tunnel0
190.0.0.0/30 is subnetted, 1 subnets
C 190.0.0.0 is directly connected, FastEthernet0/1
D 192.168.1.0/24 [90/26882560]
via 10.0.0.14, 00:00:40, Tunnel0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
200.45.0.0/30 is subnetted, 1 subnets
O 200.45.0.0 [110/2] via 190.0.0.2, 00:31:55, FastEthernet0/1
200.69.0.0/30 is subnetted, 1 subnets
O 200.69.0.0 [110/3] via 190.0.0.2, 00:31:55, FastEthernet0/1
ISP_CC#
SERVER>tracert 192.168.1.10
Tracing route to 192.168.1.10 over a maximum of 30 hops:
1 31 ms 0 ms 0 ms 192.168.2.4
2 0 ms 0 ms 31 ms 10.0.0.14 (túnel vía internet)
3 32 ms 32 ms 16 ms 192.168.1.10
Trace complete.
SERVER>
3er desafío: listas de control de acceso (ACL)
Consignas:
En
sucursal:
PC 3 no puede conectarse al server por WAN_2
Gateway#conf t
Gateway(config)#access-list 10 deny host 192.168.1.33
Gateway(config)#access-list 10 permit 192.168.1.0 0.0.0.255
Gateway(config)#int s0/0/1
Gateway(config-if)#ip access-group 10 out
Gateway(config-if)#^Z
Gateway#
Gateway#sh ip route
---resumido---
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.0.0.4/30 is directly connected, Serial0/0/1
C 10.0.0.6/32 is directly connected, Serial0/0/1
C 10.0.0.12/30 is directly connected, Tunnel1
190.0.0.0/30 is subnetted, 1 subnets
O 190.0.0.0 [110/3] via 200.69.0.1, 00:42:18, FastEthernet0/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
D 192.168.2.0/24 [90/2172416]
via 10.0.0.6, 00:04:27, Serial0/0/1 (vía WAN_2)
200.45.0.0/30 is subnetted, 1 subnets
O 200.45.0.0 [110/2] via 200.69.0.1, 00:42:18, FastEthernet0/1
200.69.0.0/30 is subnetted, 1 subnets
C 200.69.0.0 is directly connected, FastEthernet0/1
Gateway#
PC>ipconfig
IP Address......................: 192.168.1.33
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.2.10
Pinging 192.168.2.10 with 32 bytes of data:
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Ping statistics for 192.168.2.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>
PC>ipconfig
IP Address......................: 192.168.1.10
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>
PC>ping 192.168.2.10
Pinging 192.168.2.10 with 32 bytes of data:
Reply from 192.168.2.10: bytes=32 time=33ms TTL=125
Reply from 192.168.2.10: bytes=32 time=47ms TTL=125
Reply from 192.168.2.10: bytes=32 time=78ms TTL=125
Reply from 192.168.2.10: bytes=32 time=31ms TTL=125
Ping statistics for 192.168.2.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 78ms, Average = 47ms
PC>
Gateway#sh access-lists
Standard IP access list 10
deny host 192.168.1.33 (4 match(es))
permit 192.168.1.0 0.0.0.255 (4 match(es))
Gateway#
En casa central:
Al server solo se conectan las IP pares salvo PC_2
Desarrollo:
PC>ipconfig (PC_1)
IP Address......................: 192.168.1.10 (IP par)
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.2.10
Pinging 192.168.2.10 with 32 bytes of data:
Reply from 192.168.2.10: bytes=32 time=63ms TTL=125
Reply from 192.168.2.10: bytes=32 time=47ms TTL=125
Reply from 192.168.2.10: bytes=32 time=47ms TTL=125
Reply from 192.168.2.10: bytes=32 time=48ms TTL=125
Ping statistics for 192.168.2.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 63ms, Average = 51ms
PC>
PC>ipconfig (PC_2)
IP Address......................: 192.168.1.21 (IP impar pero permitida)
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.2.10
Pinging 192.168.2.10 with 32 bytes of data:
Reply from 192.168.2.10: bytes=32 time=47ms TTL=125
Reply from 192.168.2.10: bytes=32 time=31ms TTL=125
Reply from 192.168.2.10: bytes=32 time=43ms TTL=125
Reply from 192.168.2.10: bytes=32 time=47ms TTL=125
Ping statistics for 192.168.2.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 47ms, Average = 42ms
PC>
PC>ipconfig (PC_X)
IP Address......................: 192.168.1.33 (IP impar, no permitida)
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.2.10
Pinging 192.168.2.10 with 32 bytes of data:
Reply from 192.168.1.1: Destination host unreachable. (vía WAN_2, no permitido localmente)
Reply from 10.0.0.10: Destination host unreachable. (vía WAN_1, notar el balanceo de carga)
Reply from 10.0.0.2: Destination host unreachable. (vía WAN_3, notar el balanceo de carga)
Reply from 192.168.1.1: Destination host unreachable. (vía WAN_2, no permitido localmente)
Ping statistics for 192.168.2.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>
WAN_1#sh access-lists
Standard IP access list 20
permit host
192.168.1.21 (3 match(es))
deny 192.168.1.1
0.0.0.254 (3 match(es))
permit 192.168.1.0
0.0.0.254 (1 match(es))
WAN_1#sh ip int Fa0/0
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 192.168.2.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 20
Inbound access list is not set
Proxy ARP is enabled
Security level is default
---resumido---
WAN_1#
Las interfaces tunnel no soportan ACL en Packet Tracer.
(2014) My mind make crash
with networking
Rosario, Argentina