Differences
This shows you the differences between two versions of the page.
|
cns:laboratoare:laborator-06 [2012/11/26 16:20] traian.popeea [Tasks] |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Lab 6 - CBAC and ZPF ====== | ||
| - | ===== Topology ===== | ||
| - | {{ :cns:resurse:lab6_cns.png?direct&800 }} | ||
| - | ===== Interfaces ===== | ||
| - | ^ Device ^ Interface ^ IP Address ^ Subnet Mask ^ | ||
| - | | Pluto | Lo0 | 110.0.0.1 | 255.255.255.0 | | ||
| - | | Pluto | Fa0/0 | 10.1.0.1 | 255.255.255.252 | | ||
| - | | Scooby | Fa0/0 | 10.1.0.2 | 255.255.255.252 | | ||
| - | | Scooby | Fa1/0 | 10.2.0.2 | 255.255.255.252 | | ||
| - | | Muttley | Fa0/0 | 10.2.0.1 | 255.255.255.252 | | ||
| - | | Muttley | Fa1/0 | 10.3.0.1 | 255.255.255.252 | | ||
| - | | Spiuke | Fa0/0 | 10.3.0.2 | 255.255.255.252 | | ||
| - | |||
| - | |||
| - | ===== Tasks ===== | ||
| - | Open the [[http://ocw.cs.pub.ro/courses/_media/cns/laborator/lab6_cns_topology.net| Lab6_CNS_Topology.net]] file. | ||
| - | |||
| - | ** Important! Writing answers: ** | ||
| - | * Whenever you are asked to answer a question that doesn’t require configuration, type the answer in a notepad window and keep it until the lab assistant checks that task. | ||
| - | |||
| - | - [2p] Ensure connectivity between all devices using the addressing scheme printed above. Use static routes or a routing protocol (not recommended...). | ||
| - | * If you decide to use a routing protocol, make sure all your future access lists will allow the routing protocol’s traffic. | ||
| - | - [+3p=5p] Configure CBAC to inspect all TCP, UDP and ICMP traffic on Scooby’s FastEthernet1/0 interface. Use „show ip inspect sessions” to view an active Telnet session between Muttley and Pluto’s loopback0 interface. Make sure you don’t allow Pluto to connect to Muttley. From a firewall point of view: | ||
| - | - Muttley is on the INSIDE zone | ||
| - | - Pluto is on the OUTSIDE zone | ||
| - | - [+4p=9p] Create a ZPF configuration on Muttley while considering the following requirements: | ||
| - | - The inside interface will be Muttley’s connection to Spike | ||
| - | - The outside interface wll be Muttley’s connection to Scooby. | ||
| - | - All telnet traffic from the Muttley-Spike network to any outside destination is to be inspected. | ||
| - | - To check yourself, use the „show policy-map type inspect zone-pair sessions” command. | ||
| - | - [+2p=11p] Add to the above ZPF configuration of the Muttley router the necessary commands to pass all ping connections through the firewall. | ||
