Add to collection(s) Add to saved
  1. No category
Uploaded by yukwokyao2

2a

advertisement 
2a) Show (include descriptions) the relevant running configuration for the Edge Router.
The Edge router is configured in a way that the interface Fa0/1 acts as the gateway for the inner network
that consists of the 2 PCs, Internal Router and the Telnet Server. The gateway IP address that the edge
router uses in this interface is 192.168.1.254. This interface is also programmed with ip nat inside
suggesting that the network inside is a private network using private IP addresses. The commands that
configure these functions are:
‘ip address 192.168.1.254 255.255.255.0’
‘ip nat inside’
The other side, the interface Fa0/0 is set as ip nat outside is the global network as it is connected to the
Internet Gateway.The public IP address that is used by the Edge Router is 200.1.1.1. The command that
sets this up is :
‘ip address 200.1.1.1 255.255.255.0’
‘ip nat outside’
The command ‘ip route 10.1.1.0 255.255.255.0 192.168.1.1’ enables the relevant configuration of static
routing so that incoming traffic can travel to the destination network of 10.1.1.0 with the subnet mask
of 255.255.255.0 or 24. The route configuration also suggest that the router can use the router with the
IP address 192.168.1.1 as a next hop to reach the destination network.
The ‘access-list 10 permit 192.168.1.0 0.0.0.255’ command is configured to the establish a list of IP
addresses from that network can pass through the router.
The ‘ip nat inside source list 10 interface FastEthernet0/0 overload’ command is configured so that PAT
(interface mode) can be configured on this router. This is because there is only one global IP that is
available which is for PC1 (172.16.1.1). This command enables NAT overload for access-list 10 and
binds it to the outside interface of Fa0/0.
The command ‘ip nat inside source static tcp 192.168.1.2 23 200.1.1.1 23 extendable’ configures the
NAT( Port Forwarding) for private IP address(TelnetServer) so that it can be translated into public IP
of 200.1.1.1.Packets with destination port of 23 that reach the interface with a public IP will be directed
to the IP 192.168.1.2 .The extendable parameter is there so that the router can translate the private IP
into more than one public IP address.
2b) Show (include descriptions) the relevant running configuration for the Internal Router to enable
PC1 to access the Internet. PC0 however could only access the internal devices (PC1, Telnet Server).
Hint: This task should be accomplished using NAT.
Interface FastEthernet0/0 specifying the interface to configure.
IP address 10.1.1.254 255.255.255.0 configure the IP address and subnet mask for the interface.
Duplex auto configure the duplex setting for the interface to auto. Duplex specify to the ability of the
interface to send and receive data simultaneously.
Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data
is transmitted over the interface.
Interface FastEthernet0/1 specify the interface to configure.
Ip address 172.16.1.254 255.255.255.0 configure the IP address and subnet mask for the interface. The
IP address is 172.16.1.254 and the subnet mask is 255.255.255.0.
Ip nat inside configure the interface to be an inside interface for Network Address Translation (NAT).
This means that any traffic that originates from this interface and is destined for the outside world will
have its source IP address translated to the IP address of the outside interface.
Ip virtual-reassembly enable IP Virtual Reassembly on the interface. IP Virtual Reassemble is used to
reassemble fragmented IP packets that arrive at the interface.
Duplex auto configure the duplex setting for the interface to auto. Duplex refers to the ability of the
interface to send and receive data simultaneously.
Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data
is transmitted over the interface.
Interface FastEthernet1/0 specify the interface to configure.
Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data
is transmitted over the interface.
Interface FastEthernet0/1 specify the interface to configure.
Ip address 192.160.1.1 255.255.255.0 configure the IP address and subnet mask for the interface.
Ip nat inside configuring the interface to be an inside interface for Network Address Translation (NAT).
This means that any traffic that originates from this interface and is destined for the outside world will
have its source IP address translated to the IP address of the outside interface.
Ip virtual-reassembly enable IP Virtual Reassembly on the interface. IP Virtual Reassembly is used
to reassemble fragmented IP packets that arrive at the interface.
Duplex auto configure the duplex setting for the interface to auto. Duplex refers to the ability of the
interface to send and receive data simultaneously.
Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data
is transmitted over the interface.
Interface FastEthernet1/0 specify the interface to configure.
Ip address 192.168.1.1 255.255.255.0 configure the IP address and subnet mask for the interface.
Ip nat outside configure the interface to be an outside interface for Network Address Translation (NAT).
This means that any traffic that originates from the outside world and is destinated for the inside network
will have its destination IP address translated to the IP address of the inside interface.
Ip virtual-reassembly This line is enabling IP Virtual Reassembly on the interface. IP Virtual
Reassembly is used to reassemble fragmented IP packets that arrive at the interface.
Duplex auto configure the duplex setting for the interface to auto.Duplex refers to the ability of the
interface to send and receive data simultaneously.
Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data
is transmitted over the interface.
Interface FastEthernet2/0 This line is specifying the interface to configure.
No ip address This line is removing any previously configured IP address for the interface.
Shutdown administratively shutting down the interface. This means that the interface will not be able
to send or receive any data.
Duplex auto configure the duplex setting for the interface to auto.Duplex refers to the ability of the
interface to send and receive data simultaneously.
Speed auto configure the speed setting for the interface to auto. Speed refers to the rate at which data
is transmitted over the interface.
Ip forward-protocol nd is enabling forwarding of Neighbor Discovery (ND) packets. ND is used by
IPv6 to discover other devices on the network and to manage network traffic.
Ip route 0.0.0.0 0.0.0.0 192.168.1.254 is configuring the default route for the router. Any traffic that is
not destined for a specific network will be forwarded to the device with IP address 192.168.1.254.
No ip http server is disabling the HTTP server on the router. This means that the router will not be
able to serve any web pages.
No ip http secure-server is disabling the HTTPS server on the router. This means that the router will
not be able to serve any secure web pages.
Ip nat inside source static 172.16.1.1 192.168.1.3 is configuring a static NAT mapping. Any traffic
that originates from the inside network with the source IP address of 172.16.1.1 will have its source IP
address translated to 192.168.1.3 when it is sent to the outside network. This allows external devices to
initiate communication with the inside network using the translated IP address.
2c) Use Wireshark (integrate it to GNS3) and show (include descriptions) the following:
i) PC1 is able to Ping the Internet Gateway and all other internal devices.
The diagram above shows PC1 with IP address 172.16.1.1 was trying to ping the Internet
Gateway which has IP address 200.1.1.2. PC1 sent four requests and all of them were replied
to by Internet Gateway successfully. Since it has the Network Address Translation (NAT) on
the Internal Router, thus it is able to ping the outside internet which is Internet Gateway.
The diagram above shows PC1 with IP address 172.16.1.1 was trying to ping the TelnetServer
which has IP address 192.168.1.2. PC1 sent four requests and all of them were replied to by
TelnetServer successfully.
The diagram above shows PC1 with IP address 172.16.1.1 was trying to ping the PC0 which
has IP address 10.1.1.1. PC1 sent four requests and all of them were replied to by PC0
successfully.
The diagram above shows PC1 with IP address 172.16.1.1 was trying to ping the EdgeRouter
which has IP address 192.168.1.254. PC1 sent four requests and all of them were replied to by
EdgeRouter successfully.
ii) PC0 is unable to Ping the Internet Gateway but able to Ping all other internal devices.
The diagram above shows PC0 with IP address 10.1.1.1 was trying to ping the Internet
Gateway which has IP address 200.1.1.2. PC0 sent four requests and all of them were not
replied to by EdgeRouter. It is because the Internal Router does not have any Network
Address Translation (NAT) configuration to translate the IP address of PC0 to the specified IP
address range, which is between 192.168.1.1 and 192.168.1.254. Therefore, PC0 is not able to
access the Internet Gateway since there is an access-list which only allows the specified IP
address range to access.
The diagram above shows PC0 with IP address 10.1.1.1 was trying to ping the PC1 which has
IP address 172.16.1.1. PC0 sent four requests and all of them were replied to by PC1
successfully.
The diagram above shows PC0 with IP address 10.1.1.1 was trying to ping the TelnetServer
which has IP address 192.168.1.2. PC0 sent four requests and all of them were replied to by
TelentServer successfully since there is a static route for all the routers.
iii) The relevant NAT occurring in the Wireshark results
NAT for PC1 to Internet Gateway
Interface f0/1 (Internal Router)
Interface f1/0 (Internal Router)
Interface f0/0 (EdgeRouter)
Interface f0/1 (EdgeRouter)
As shown in the above diagrams, all the ID of the packets are the same which is 0x120b. It
means that all the packets came from the same operation. Network Address Translation (NAT) occurs
when PC1 which has IP address 172.16.1.1 is trying to ping the Internet Gateway. First diagram shows
that the request packet has the Source IP of 172.16.1.1 and Destination IP of 200.1.1.2. After it goes
into the Internal Router, it translates the IP address from 172.16.1.1 to 192.168.1.3. Therefore, the
second diagram shows that the Source IP is changed to 192.168.1.3 and Destination IP remains
unchanged. Since the packets are still in the same network, the Source IP and Destination IP remain
unchanged as shown in the third diagram. Second translation occurs when going to the EdgeRouter, it
translates the IP address from 192.168.1.3 to 200.1.1.1 due to the NAT configuration that has been set
on the EdgeRouter. Thus, the Source IP changes again, from 192.168.1.3 to 200.1.1.1 and Destination
IP remains unchanged. The Destination IP remains unchanged all the time because the request packet
is from the “inside” of the network (Private network) to the “outside” of the network (Public network).
On the other hand, the situation will be reversed when the reply packet goes from the “outside” network
to the “inside” network.
NAT for Internet Gateway access TelnetServer
Interface f0/1 (EdgeRouter)
Interface f0/1 (EdgeRouter)
Interface f0/0 (TelnetServer)
The diagrams above show that the packet transfers when Internet Gateway starts the connection to
TelnetServer. Since the connection is started from the outside network, which is opposite of the first
situation (NAT for PC1 to Internet Gateway), the Destination IP of the request packet will be changed
when it goes through routers and Source IP will always remain unchanged. From the first diagram, it
shows that the Internet Gateway starts the connection to TelnetServer. When the packet goes to the
EdgeRouter, it translates the Destination IP from 200.1.1.1 to 192.168.1.2 (TelnetServer) as shown in
the second diagram. This is because Port Forwarding is configured on the Edge Router, which forwards
the connection that was originally going into 200.1.1.1:23 to the Telnet Server 192.168.1.2:23. When
Internet Gateway is trying to connect to the TelnetServer by using ‘telnet 200.1.1.1’ command, the
telnet traffic will be redirected to the TelnetServer instead of the Edge Router. Third diagram shows
Source and Destination IP address remain unchanged because the packet has already gone into the
private network, but hadn’t yet gone through the Edge Router for the Source IP address to be changed
to Edge Router’s IP address 200.1.1.1.
2d) Show the Internet Gateway is able to connect to the Telnet Server using telnet, but unable to Ping
to the Telnet Server
Telnet:
Internet Gateway is able to connect to the Telnet Server using telnet as shown in the screenshot above
using the address translated using NAT, which is 200.1.1.1. The Telnet Server’s address 192.168.1.2:23
is translated to 200.1.1.1:23, and is accessed by telnetting to Edge Router, which will then redirect the
telnet traffic to the Telnet Server.
ping:
Internet Gateway is able to ping the Edge Router 200.1.1.1, but not the Telnet Server 192.168.1.2 since
NAT is applied and only Telnet connections (port 23) to the Telnet Server is allowed. When Internet
Gateway tries to ping 192.168.1.2, the packet will be rejected by the Edge Router as shown in the last
screenshot above, where there are “Destination unreachable” ICMP packets highlighted in black colour.
Related documents
C H A B O T O L L E G E
C H A B O T O L L E G E
120252-Case Study - Cisco Support Community
120252-Case Study - Cisco Support Community
Chapter 8 Troubleshooting Answers
Chapter 8 Troubleshooting Answers
Computer networks
Computer networks
Download
advertisement