Differences
This shows you the differences between two versions of the page.
|
cns:laboratoare:laborator-05 [2012/11/26 16:20] traian.popeea [Tasks] |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Lab 5 - AAA and Advanced ACLs ====== | ||
| - | |||
| - | ===== Topology ===== | ||
| - | {{ :cns:resurse:lab5_cns.png?direct&800 }} | ||
| - | |||
| - | ===== Interfaces ===== | ||
| - | ^ Device ^ Interface ^ IP Address ^ Subnet Mask ^ | ||
| - | | Ping | Lo0 | 12.1.1.1 | 255.255.255.0 | | ||
| - | | Ping | Fa0/0 | 10.0.0.1 | 255.255.255.0 | | ||
| - | | Qing | Fa0/0 | 10.0.0.2 | 255.255.255.0 | | ||
| - | | Qing | Fa1/0 | 192.168.1.2 | 255.255.255.0 | | ||
| - | | Ring | Fa0/0 | 192.168.1.1 | 255.255.255.0 | | ||
| - | | Ring | Fa1/0 | 192.168.0.1 | 255.255.255.0 | | ||
| - | | Sing | Fa0/0 | 192.168.0.2 | 255.255.255.0 | | ||
| - | | Sing | Lo0 | 80.1.1.1 | 255.255.255.0 | | ||
| - | |||
| - | |||
| - | ===== Tasks ===== | ||
| - | |||
| - | |||
| - | Open the Open the [[http://ocw.cs.pub.ro/courses/_media/cns/laborator/lab5_cns_topology.net| Lab5_CNS_Topology.net]] file. | ||
| - | |||
| - | ** Important! Writing answers: ** | ||
| - | * Whenever you are asked to answer a question that doesn’t require configuration, type the answer in a notepad window and keep it until the lab assistant checks that task. | ||
| - | |||
| - | - [2p] Ensure connectivity between all devices using the addressing scheme printed above. Use static routes. DO NOT use a routing protocol. | ||
| - | - [+1.5p = 3.5p] Create a dynamic ACL between Qing and Ping’s loopback. Allow ping for 8 minutes after a successful authentication, deny everything else. Make sure Ping can allow telnet connections from Qing. | ||
| - | - [+2p = 5.5p] Create a reflexive ACL on Ring for all the traffic going from Sing to Qing. Consider Sing the be „inside” and Qing to be „outside”. Test using ping or telnet from „inside” to „outside” an vice-versa. | ||
| - | - [+1.5p = 7p] Manually set the correct time and date on router Ring and configure it to run an NTP server. Configure Sing as an NTP client, in order to obtain its time from Ring. | ||
| - | - [+1.5p = 8.5p] Create a time-based ACL on Sing to allow telnet on its Loopback0 interface only during the lab time. Test. | ||
| - | * Hint: dont’t forget that Sing is an NTP client; it must still be able to sync with Ring through this ACL. | ||
| - | - [+1.5p = 10p] Configure TCP Intercept on Ring to intercept www and telnet connections. Make it drop connections at random when the threshold is reached. | ||
| - | - [+1p = 11p] BONUS: Without removing or modifying any previous configuration, configure Qing to obtain its time from Ring, too, using NTP. | ||
| - | |||
