Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (4.93 MB, 638 trang )
10.35700737 CH09 Page 508 Wednesday, February 17, 1999 3:05 PM
508
Chapter 9: Scenarios for Final Preparation
Figure 9-5
Scenario 9-3 Network Diagram
Server1
Server2
R1
PC11
PC12
DLCI 301
s0
Frame Relay
Partial Mesh
R2
PC21
s0
s0
DLCI 303
R3
Server3
s0
DLCI 304
R4
PC31
PC32
PC41
PC42
NA260905
DLCI 302
Table 9-10 Scenario 9-3a IP Subnet and IPX Network Planning Chart
Location of Subnet/Network
Geographically
Ethernet off Router 1
Ethernet off Router 2
Ethernet off Router 3
Ethernet off Router 4
Virtual Circuit between R1 and R2
Virtual Circuit between R1 and R3
Virtual Circuit between R1 and R4
Server1 Internal
Server2 Internal
Server3 Internal
Subnet Mask
Subnet
Number
IPX Network
10.35700737 CH09 Page 509 Wednesday, February 17, 1999 3:05 PM
Scenario 9-3
Table 9-11 Scenario 9-3a IP Address Planning Chart
Host
Address
PC11
PC12
PC13
PC21
PC22
PC31
PC32
R1-E0
R1-S0-sub ____
R1-S0-sub ____
R1-S0-sub ____
R2-E0
R2-S0-sub ____
R3-E0
R3-S0-sub ____
R4-E0
R4-S0-sub ____
Table 9-12 Scenario 9-3a IP Subnet Planning Chart
Subnet Number
Subnet Broadcast Address
Range of Valid Addresses
509
10.35700737 CH09 Page 510 Wednesday, February 17, 1999 3:05 PM
510
Chapter 9: Scenarios for Final Preparation
Scenario 9-3a—Planning Answers
The IP subnet design includes the use of mask 255.255.254.0. If the same mask is used
throughout the network, then at least nine host bits are needed because at least one subnet
contains 300 hosts. Only one subnet is needed per Ethernet port on each router because the
transparent bridges and switches do not separate the hosts into different subnets.
The IPX network number assignment is simple, other than remembering that two networks will
be needed on each Ethernet because two encapsulations are used. Each Encapsulation type on
the router requires the use of a separate IPX network. The subnets, networks, and IP addresses
are recorded in Table 9-13 and Table 9-14.
Table 9-13 Scenario 9-3a IP Subnet and IPX Network Planning Chart Completed
Location of Subnet/Network
Geographically
Subnet Mask
Subnet Number
IPX Network
Ethernet off Router 1
255.255.254.0
170.1.2.0
2,3
Ethernet off Router 2
255.255.254.0
170.1.4.0
4,5
Ethernet off Router 3
255.255.254.0
170.1.6.0
6,7
Ethernet off Router 4
255.255.254.0
170.1.8.0
8,9
Virtual Circuit between R1 and R2
255.255.254.0
170.1.10.0
10
Virtual Circuit between R1 and R3
255.255.254.0
170.1.12.0
12
Virtual Circuit between R1 and R4
255.255.254.0
170.1.14.0
14
Server1 Internal
N/A
N/A
101
Server2 Internal
N/A
N/A
102
Server3 Internal
N/A
N/A
103
The choice of IP addresses can conform to any standard you like, as long as the addresses are
in the correct subnets. Refer to Table 9-12 for the list of valid addresses for the subnets chosen.
In Table 9-14, the addresses chosen for the PCs reflect the number of the PC. For the routers,
the addresses chosen are in the second half of the range of addresses in each subnet and are
shown as a reminder of the addresses that are valid in this subnetting scheme.
Table 9-14 Scenario 9-3a IP Address Planning Chart Completed
Host
Address
PC11
170.1.2.11
PC12
170.1.2.12
PC13
170.1.2.13
PC21
170.1.4.21
10.35700737 CH09 Page 511 Wednesday, February 17, 1999 3:05 PM
Scenario 9-3
511
Table 9-14 Scenario 9-3a IP Address Planning Chart Completed (Continued)
PC22
170.1.4.22
PC31
170.1.6.31
PC32
170.1.6.32
PC41
170.1.8.41
PC42
170.1.8.42
R1-E0
170.1.3.1
R1-S0-sub __2__
170.1.10.1
R1-S0-sub __3__
170.1.12.1
R1-S0-sub __4__
170.1.14.1
R2-E0
170.1.5.2
R2-S0-sub __2__
170.1.10.2
R3-E0
170.1.7.3
R3-S0-sub __3__
170.1.12.3
R4-E0
170.1.9.4
R4-S0-sub __4__
170.1.14.4
The IP access lists can be placed in several places effectively. Stopping packets in one of the
two directions will succeed in stopping users from actually connecting to the servers. For the
first set of criteria, an access list stopping packets from entering the serial interface of R1,
stopping packets destined to PC11 and PC12, will suffice. For the second criteria, that of
disallowing traffic between Site 2 and Site 3, the access lists are also placed in R1. The access
lists will indeed stop the packets earlier in their life if they are placed in R2 and R3, but the
traffic will be minimal because no true application traffic will ever successfully be generated
between IP hosts at Sites 2 and 3.
So, the design calls for all filtered packets to be filtered via access lists enabled on subinterfaces
on R1’s S0 interface.
The SAP filter can be performed in one very obvious way. A SAP filter is added on R2 to filter
Server 3 from the SAP table. The filter could filter incoming SAPs on R2’s E0 or filter outgoing
SAP updates out R2’s S0 port. In this case, anticipating the day that a second Ethernet port is
used on R2 and anticipating the fact that the objective probably meant that local clients should
have access to Server 3, the plan in this case is to filter outbound SAPs on R2’s S0 interface.
Finally, the broadcast addresses for each subnet are shown in Table 9-12. As a reminder: to
calculate the broadcast address, write down the subnet number in binary. Then, copy down the
network and subnet portions of the subnet number directly below it, leaving the host bit
positions empty. Then, write all binary 1s in the host bit positions. Finally, convert the number
10.35700737 CH09 Page 512 Wednesday, February 17, 1999 3:05 PM
512
Chapter 9: Scenarios for Final Preparation
back to decimal, eight bits at a time. The result is the subnet broadcast address and is the high
end of the range of assignable addresses in that subnet.
The answers, which include the subnet numbers, their corresponding broadcast addresses, and
the range of valid assignable IP addresses, are shown in Table 9-15.
Table 9-15 Scenario 9-3a IP Subnet Planning Chart
Subnet Number
Subnet Broadcast Address
Range of Valid Addresses
(Last Two Bytes)
170.1.2.0
170.1.3.255
2.1 through 3.254
170.1.4.0
170.1.5.255
4.1 through 5.254
170.1.6.0
170.1.7.255
6.1 through 7.254
170.1.8.0
170.1.9.255
8.1 through 9.254
170.1.10.0
170.1.11.255
10.1 through 11.254
170.1.12.0
170.1.13.255
12.1 through 13.254
170.1.14.0
170.1.15.255
14.1 through 15.254
Scenario 9-3b—Configuration
The next step in your job is to deploy the network designed in Scenario 9-3a. Use the answers
for Scenario 9-3a to direct you in regards to IP and IPX addresses, access lists, and for the
encapsulations to be used. For Scenario 9-3b, perform the following tasks:
1. Configure IP and IPX to be routed. Use IP IGRP and IPX RIP as routing protocols. Use
IGRP process-id 1.
2. Use secondary IPX addresses to accommodate the multiple IPX encapsulation types
described in Scenario 9-3a.
3. Configure Frame Relay using point-to-point subinterfaces. R1’s attached Frame Relay
switch uses LMI type ANSI. Cisco encapsulation should be used for all routers, except for
the VC between R1 and R4.
Scenario 9-3b—Configuration Answers
The configurations for Steps 1, 2, and 3 are shown in Example 9-15, Example 9-16, Example
9-17, and Example 9-18.
Example 9-15 R1 Configuration
ipx routing 0200.aaaa.aaaa
!
interface serial0
encapsulation frame-relay
interface serial 0.2 point-to-point
ip address 170.1.10.1 255.255.254.0
10.35700737 CH09 Page 513 Wednesday, February 17, 1999 3:05 PM
Scenario 9-3
513
Example 9-15 R1 Configuration (Continued)
ipx network 10
frame-relay interface-dlci 302
ip access-group 102 in
!
interface serial 0.3 point-to-point
ip address 170.1.12.1 255.255.254.0
ipx network 12
frame-relay interface-dlci 303
ip access-group 103 in
!
interface serial 0.4 point-to-point
ip address 170.1.12.1 255.255.254.0
ipx network 12
frame-relay interface-dlci 303 ietf
ip access-group 104 in
!
interface ethernet 0
ip address 170.1.3.1 255.255.254.0
ipx network 2 encapsulation sap
ipx network 3 encapsulation snap secondary
!
router igrp 1
network 170.1.0.0
!
access-list
access-list
access-list
access-list
access-list
access-list
!
access-list
access-list
access-list
access-list
access-list
access-list
!
access-list
access-list
access-list
access-list
access-list
102
102
102
102
102
102
deny tcp any host
deny tcp any host
deny tcp any host
deny tcp any host
deny ip 170.1.4.0
permit ip any any
170.1.2.11 eq ftp
170.1.2.11 eq www
170.1.2.12 eq ftp
170.1.2.12 eq www
0.0.1.255 170.1.6.0 0.0.1.255
103
103
103
103
103
103
deny tcp any host
deny tcp any host
deny tcp any host
deny tcp any host
deny ip 170.1.6.0
permit ip any any
170.1.2.11 eq ftp
170.1.2.11 eq www
170.1.2.12 eq ftp
170.1.2.12 eq www
0.0.1.255 170.1.4.0 0.0.1.255
104
104
104
104
104
deny tcp any host
deny tcp any host
deny tcp any host
deny tcp any host
permit ip any any
170.1.2.11
170.1.2.11
170.1.2.12
170.1.2.12
eq
eq
eq
eq
ftp
www
ftp
www
Example 9-16 R2 Configuration
ipx routing 0200.bbbb.bbbb
!
interface serial0
encapsulation frame-relay
interface serial 0.2 point-to-point
continues
10.35700737 CH09 Page 514 Wednesday, February 17, 1999 3:05 PM
514
Chapter 9: Scenarios for Final Preparation
Example 9-16 R2 Configuration (Continued)
ip address 170.1.10.2 255.255.254.0
ipx network 10
frame-relay interface-dlci 301
ipx output-sap-filter 1001
!
interface ethernet 0
ip address 170.1.5.2 255.255.254.0
ipx network 4 encapsulation sap
ipx network 5 encapsulation snap secondary
!
router igrp 1
network 170.1.0.0
!
access-list 1001 deny 103
access-list 1001 permit -1
Example 9-17 R3 Configuration
ipx routing 0200.cccc.cccc
!
interface serial0
encapsulation frame-relay
interface serial 0.3 point-to-point
ip address 170.1.12.3 255.255.254.0
ipx routing 0200.0000.0000
ipx network 12
frame-relay interface-dlci 301
!
interface ethernet 0
ip address 170.1.7.3 255.255.254.0
ipx network 6 encapsulation sap
ipx network 7 encapsulation snap secondary
!
router igrp 1
network 170.1.0.0
Example 9-18 R4 Configuration
lpz routing 0200.dddd.dddd
!
interface serial0
encapsulation frame-relay ietf
interface serial 0.4 point-to-point
ip address 170.1.14.4 255.255.254.0
ipx network 14
frame-relay interface-dlci 301
!
interface ethernet 0
ip address 170.1.9.4 255.255.254.0
ipx network 8 encapsulation sap
ipx network 9 encapsulation snap secondary
10.35700737 CH09 Page 515 Wednesday, February 17, 1999 3:05 PM
Scenario 9-3
515
Example 9-18 R4 Configuration (Continued)
!
router igrp 1
network 170.1.0.0
Three different access lists are shown on R1. List 102 is used for packets entering subinterface
2. List 103 is used for packets entering subinterface 3, and list 104 is used for packets entering
subinterface 4. Lists 102 and 103 check for packets between sites 2 and 3, as well as check for
packets to PC11 and PC12. The mask used to check all hosts in subnets 170.1.4.0 and 170.1.6.0
is rather tricky. The mask represents 23 binary 0s and 9 binary 1s—meaning that the first 23 bits
of the number in the access list must match the first 23 bits in the source or destination address
in the packet. This matches all hosts in each subnet because there are 23 combined network and
subnet bits.
Two IPX networks are used on each Ethernet because two encapsulations are used.
The Frame Relay configuration was relatively straightforward. The LMI type is autosensed.
The encapsulation of ietf between R1 and R4 is configured in two ways. First, R1 uses the ietf
keyword on the frame-relay interface-dlci command. On R4, the encapsulation command
lists the ietf option, implying ietf encapsulation for all VCs on this serial interface.
Scenario 9-3c—Verification and Questions
The CCNA exam will test you on your memory of the kinds of information you can find in the
output of various show commands. Using Example 9-19, Example 9-20, Example 9-21, and
Example 9-22 as references, answer the questions following the examples.
Example 9-19 Scenario 9-3c R1 show and debug Output
R1#show ip interface brief
Interface
IP-Address
Serial0
unassigned
Serial0.2
170.1.10.1
Serial0.3
170.1.12.1
Serial0.4
170.1.14.1
Serial1
unassigned
Ethernet0
170.1.3.1
OK?
YES
YES
YES
YES
YES
YES
Method
unset
NVRAM
NVRAM
NVRAM
unset
NVRAM
Status
Protocol
up
up
up
up
up
up
up
up
administratively down down
up
up
R1#show cdp neighbor detail
------------------------Device ID: R2
Entry address(es):
IP address: 170.1.10.2
Novell address: 10.0200.bbbb.bbbb
Platform: cisco 2500, Capabilities: Router
Interface: Serial0.2, Port ID (outgoing port): Serial0.1
Holdtime : 132 sec
continues
10.35700737 CH09 Page 516 Wednesday, February 17, 1999 3:05 PM
516
Chapter 9: Scenarios for Final Preparation
Example 9-19 Scenario 9-3c R1 show and debug Output (Continued)
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-AINR-L), Version 11.2(11), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by Cisco Systems, Inc.
Compiled Mon 29-Dec-97 18:47 by ckralik
------------------------Device ID: R3
Entry address(es):
IP address: 170.1.12.3
Novell address: 12.0200.cccc.cccc
Platform: Cisco 2500, Capabilities: Router
Interface: Serial0.3, Port ID (outgoing port): Serial0.1
Holdtime : 148 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-AINR-L), Version 11.2(11), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by Cisco Systems, Inc.
Compiled Mon 29-Dec-97 18:47 by ckralik
------------------------Device ID: R4
Entry address(es):
IP address: 170.1.14.4
Novell address: 14.0200.dddd.dddd
Platform: Cisco 2500, Capabilities: Router
Interface: Serial0.4, Port ID (outgoing port): Serial0.1
Holdtime : 149 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-AINR-L), Version 11.2(11), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by Cisco Systems, Inc.
Compiled Mon 29-Dec-97 18:47 by ckralik
R1#show ipx servers
Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown, + = detail
2 Total IPX Servers
Table ordering is based on routing and server info
Type Name
P
4 Server1
P
4 Server2
R1#
R1#debug ipx sap activity
IPX service debugging is on
Net
Address
Port
101.0000.0000.0001:0451
102.0000.0000.0001:0451
Route Hops Itf
2/02
2 E0
2/02
2 E0
R1#
IPXSAP: positing update to 2.ffff.ffff.ffff via Ethernet0 (broadcast) (full)
IPXSAP: suppressing null update to 2.ffff.ffff.ffff
IPXSAP: positing update to 3.ffff.ffff.ffff via Ethernet0 (broadcast) (full)
10.35700737 CH09 Page 517 Wednesday, February 17, 1999 3:05 PM
Scenario 9-3
517
Example 9-19 Scenario 9-3c R1 show and debug Output (Continued)
IPXSAP: Update type 0x2 len 160 src:3.0000.0ccf.21cd dest:3.ffff.ffff.ffff(452)
type 0x4, "Server2", 102.0000.0000.0001(451), 3 hops
type 0x4, "Server1", 101.0000.0000.0001(451), 3 hops
IPXSAP: Response (in) type 0x2 len 160 src:2.0000.0c89.b130
dest:2.ffff.ffff.ffff(452)
type 0x4, "Server1", 101.0000.0000.0001(451), 2 hops
type 0x4, "Server2", 102.0000.0000.0001(451), 2 hops
IPXSAP: positing update to 10.ffff.ffff.ffff via Serial0.2 (broadcast) (full)
IPXSAP: Update type 0x2 len 160 src:10.0200.aaaa.aaaa dest:10.ffff.ffff.ffff(452)
type 0x4, "Server2", 102.0000.0000.0001(451), 3 hops
type 0x4, "Server1", 101.0000.0000.0001(451), 3 hops
IPXSAP: positing update to 14.ffff.ffff.ffff via Serial0.4 (broadcast) (full)
IPXSAP: Update type 0x2 len 160 src:14.0200.aaaa.aaaa dest:14.ffff.ffff.ffff(452)
type 0x4, "Server2", 102.0000.0000.0001(451), 3 hops
type 0x4, "Server1", 101.0000.0000.0001(451), 3 hops
R1#
IPXSAP: positing update to 12.ffff.ffff.ffff via Serial0.3 (broadcast) (full)
IPXSAP: Update type 0x2 len 160 src:12.0200.aaaa.aaaa dest:12.ffff.ffff.ffff(452)
type 0x4, "Server2", 102.0000.0000.0001(451), 3 hops
type 0x4, "Server1", 101.0000.0000.0001(451), 3 hops
R1#undebug all
All possible debugging has been turned off
R1#
R1#debug ipx routing activity
IPX routing debugging is on
R1#
IPXRIP: update from 12.0200.cccc.cccc
7 in 1 hops, delay 7
6 in 1 hops, delay 7
IPXRIP: positing full update to 14.ffff.ffff.ffff via
IPXRIP: src=14.0200.aaaa.aaaa, dst=14.ffff.ffff.ffff,
network 4, hops 2, delay 13
network 5, hops 2, delay 13
network 103, hops 4, delay 14
network 10, hops 1, delay 7
network 6, hops 2, delay 13
network 7, hops 2, delay 13
network 3, hops 1, delay 7
network 2, hops 1, delay 7
network 101, hops 3, delay 8
network 102, hops 3, delay 8
network 12, hops 1, delay 7
IPXRIP: positing full update to 12.ffff.ffff.ffff via
IPXRIP: src=12.0200.aaaa.aaaa, dst=12.ffff.ffff.ffff,
network 8, hops 2, delay 13
network 9, hops 2, delay 13
network 14, hops 1, delay 7
network 4, hops 2, delay 13
network 5, hops 2, delay 13
network 103, hops 4, delay 14
Serial0.4 (broadcast)
packet sent
Serial0.3 (broadcast)
packet sent
continues
10.35700737 CH09 Page 518 Wednesday, February 17, 1999 3:05 PM
518
Chapter 9: Scenarios for Final Preparation
Example 9-19 Scenario 9-3c R1 show and debug Output (Continued)
network 10, hops 1, delay 7
network 3, hops 1, delay 7
network 2, hops 1, delay 7
network 101, hops 3, delay 8
network 102, hops 3, delay 8
IPXRIP: update from 14.0200.dddd.dddd
9 in 1 hops, delay 7
8 in 1 hops, delay 7
IPXRIP: update from 10.0200.bbbb.bbbb
444 in 2 hops, delay 8
103 in 3 hops, delay 8
5 in 1 hops, delay 7
4 in 1 hops, delay 7
IPXRIP: positing full update to 3.ffff.ffff.ffff via Ethernet0 (broadcast)
IPXRIP: src=3.0000.0ccf.21cd, dst=3.ffff.ffff.ffff, packet sent
network 8, hops 2, delay 8
network 9, hops 2, delay 8
network 14, hops 1, delay 2
network 4, hops 2, delay 8
network 5, hops 2, delay 8
network 103, hops 4, delay 9
network 10, hops 1, delay 2
network 6, hops 2, delay 8
network 7, hops 2, delay 8
network 2, hops 1, delay 2
network 101, hops 3, delay 3
network 102, hops 3, delay 3
network 12, hops 1, delay 2
IPXRIP: update from 2.0000.0c89.b130
102 in 2 hops, delay 2
101 in 2 hops, delay 2
IPXRIP: positing full update to 2.ffff.ffff.ffff via Ethernet0 (broadcast)
IPXRIP: src=2.0000.0ccf.21cd, dst=2.ffff.ffff.ffff, packet sent
network 8, hops 2, delay 8
network 9, hops 2, delay 8
network 14, hops 1, delay 2
network 4, hops 2, delay 8
network 5, hops 2, delay 8
network 103, hops 4, delay 9
network 10, hops 1, delay 2
network 6, hops 2, delay 8
network 7, hops 2, delay 8
network 3, hops 1, delay 2
network 12, hops 1, delay 2
IPXRIP: positing full update to 10.ffff.ffff.ffff via Serial0.2 (broadcast)
IPXRIP: src=10.0200.aaaa.aaaa, dst=10.ffff.ffff.ffff, packet sent
network 8, hops 2, delay 13
network 9, hops 2, delay 13
network 14, hops 1, delay 7
network 6, hops 2, delay 13
network 7, hops 2, delay 13
network 3, hops 1, delay 7
network 2, hops 1, delay 7