BMIT3094 Advanced Computer Networks

Skills Based Assessment SBA

Session: 2021 Jan Semester Week 13
Date: 12 Apr 2021 Time: 6.00pm – 8.15pm (including 15 minutes of submission time)
Reminder: Any late submission 15 minutes after the end time, 20 marks will be deducted from the
SBA score. Any late submission thereafter, no marks will be awarded.
Topology – As shown in the Packet Tracer
Addressing Table
 

Default
Device Interface IP Address Subnet Mask Gateway

G0/1 202.105.103.1 255.255.255.0 N/A

S0/0/0 N/A
(DCE) 202.105.100.5 255.255.255.252
ISP S0/0/1 N/A
(DCE) 202.105.100.1 255.255.255.252
S0/1/0
(DCE) 202.105.100.9 255.255.255.252 N/A
S0/0/0 202.105.100.6 255.255.255.252 N/A
VPN1
G0/1 192.168.10.1 255.255.255.0 N/A
S0/0/0 202.105.100.10 255.255.255.252 N/A
VPN2
G0/1 192.168.10.2 255.255.255.0 N/A
S0/0/1 202.105.100.2 255.255.255.252 N/A
NAT G0/0 10.16.20.1 255.255.255.0 N/A
G0/1 10.16.30.1 255.255.255.0 N/A
G0/0 10.16.20.2 255.255.255.0 N/A
DHCP
G0/1 10.16.10.1 255.255.255.0 N/A
PC-A NIC DHCP Client
PC-Office NIC 10.16.10.128 255.255.255.0 10.16.10.1
PC-B NIC DHCP Client

PC-C NIC 192.168.10.12 255.255.255.0 192.168.10.2

PC-D NIC 192.168.10.129 255.255.255.0 192.168.10.1

LocalServer/DNS
Server NIC 10.16.30.254 255.255.255.0 10.16.30.1

ExternalServer NIC 202.105.103.254 255.255.255.0 202.105.103.1

ExternalHost NIC 202.105.103.203 255.255.255.0 202.105.103.1

 

1
Assessment Objectives
        Configure OSPF and static route
        Configure IP services: NAT and DHCP
        Configure GRE tunnel
        Configure network access control using ACLs
   
 
User Profile
You are required to fill in your name and email address in the Packet Tracer User Profile
 
Pre-configuration:
All devices have been pre-configured with the basic IP addresses except PC-A, PC-B, PC-C and PC-D.
Enable password for NAT router is cisco
 
Complete the following task:
1.      Configure OSPF
a.      Configure a single area OSPF on all routers except ISP using area-id 20.
router ospf 8
network 192.168.10.0 0.0.0.255 area 20
base on router interface G 的 ip address
b. Configuring the LAN interfaces as passive interfaces to ensure they do not form
a neighbour relationship with each other.
passive-interface g0/1
router 都有用到的 g
c. Adjust the reference bandwidth to 100000 on each OSPF router
auto-cost reference-bandwidth 100000
d.      Propagate a default route configured using next hop IP address.
ip route 0.0.0.0 0.0.0.0 202.105.100.1
base on router interface S 的 ip address
router ospf 8
default-information originate
下面有 tunnel 的就不需要这个
-----------
这一 part 的是给图里有红线的
2.      Configure Static Route
a.      Configure a static route on ISP router to route to the public network address for
Network LHDN and TNB using next hop IP address.
ip route 202.105.102.0 255.255.255.248 202.105.100.2

b.      Configure 2 static routes on ISP to route packets to Network JPJ using respective
next hop IP address.
ip route 192.168.10.0 255.255.255.0 202.105.100.10
ip route 192.168.10.0 255.255.255.0 202.105.100.6
 

2
 3.      Configure DHCP
a.      Network LHDN
                                                    i.     Exclude first 6 IP addresses from the pool
                                                   ii.     DHCP pool name: POOL-LHDN
                                                  iii.     DNS 10.16.30.254
ip dhcp excluded-address 10.16.10.1 10.16.10.6
拿图里的 LHDN 第一个，6 是题目 require
ip dhcp pool POOL-LHDN
network 10.16.10.0 255.255.255.0
拿图里的 LHDN ip address, router 的 subnet
dns-server 10.16.30.254
拿图里的 DNS ip address
default-router 10.16.10.1
拿图里的 LHDN 第一个

b.      Network TNB
                                                    i.     Exclude first 6 IP addresses from the pool
                                                   ii.     DHCP pool name: POOL-TNB
                                                  iii.     DNS 10.16.30.254
ip dhcp excluded-address 10.16.30.1 10.16.30.6
拿图里的 TNB 第一个，6 是题目 require
ip dhcp pool POOL-TNB
network 10.16.30.0 255.255.255.0
拿图里的 TNB ip address, router 的 subnet
dns-server 10.16.30.254
拿图里的 DNS ip address
default-router 10.16.30.1 
拿图里的 TNB 第一个
-----------------------------------------
int g0/1
ip helper-address 10.16.20.2
exit
对面 router 需要 link 这个 help, NAT for 这题

3
 4.      Configure NAT
a.      Configure dynamic NAT with Overload
                                                    i.     NAT pool name: NAT-TARUCPOOL
                                                   ii.     Public network address: 202.105.102.0/29
                                                  iii.     Reserve the LAST usable IP address for STATIC mapping to the LocalServer
                                                  iv.     Network TNB and Network LHDN are allowed to access to anywhere in the
Internet (use keyword) using a named extended ACL NAT-ACL

ip nat pool NAT-TARUCPOOL 202.105.102.1 202.105.102.5 netmask 255.255.255.248

ip access-list extended NAT-ACL

permit ip 10.16.30.0 0.0.0.255 any
permit ip 10.16.10.0 0.0.0.255 any
ip nat inside source list NAT-ACL pool NAT-TARUCPOOL overload

b.      Configure static NAT

                                                    i.     Map
the LocalServer to the LAST usable IP address from
the 202.105.102.0/29.
ip nat inside source static 10.16.30.254 202.105.102.6
int s0/0/1
ip nat outside
int g0/0
ip nat inside
int g0/1
ip nat inside
 
5.      Configure a GRE tunnel between VPN1 and NAT router
a.      Tunnel number 1
b.      Use the FIRST usable IP address from 10.16.1.0/30 for the tunnel interface at VPN1
int tunnel 1
ip address 10.16.1.1 255.255.255.252
no shut
tunnel source s0/0/0
tunnel destination 202.105.100.2

6.      Configure a GRE tunnel between VPN2 and NAT router

a.      Tunnel number 2
b.      Use the FIRST usable IP address from 10.16.2.0/30 for the tunnel interface at VPN2
int tunnel 2
ip address 10.16.2.1 255.255.255.252
no shut
tunnel source s0/0/0
tunnel destination 202.105.100.2
 
7.      Configure named standard ACL (use keyword host wherever applicable)
a.      Configure a named standard ACL OFFICE-ACL on NAT router to allow Telnet access
b.      Use telnet password cisco
c.      Allow only PC-Office.
ip access-list standard OFFICE-ACL
permit host 10.16.10.128

4
 line vty 0 4
transport input telnet
password cisco
login
access-class OFFICE-ACL in
exit
 
8.   Configure numbered extended ACL (use keyword host wherever applicable)
a.      Configure a numbered extended ACL using 188 on DHCP router
b.      Permit any DHCP clients communicate to any DHCP Servers
c.       Permit DNS access from Network LHDN to the DNS Server 
d.       SECOND half of Network LHDN is allowed to HTTPS to the LocalServer (use port
number)
e.      PC-Office is allowed to HTTPS to the LocalServer(use port number)
f.       SECOND half of the Network LHDN is allowed to FTP to the LocalServer 
g.      Network LHDN is allowed to access 202.105.103.0/24
h.      Ensure PC-Office can telnet to G0/0 of NAT router

access-list 188 permit udp any eq bootpc any eq bootps

access-list 188 permit udp 10.16.10.0 0.0.0.255 host 10.16.30.254 eq domain
access-list 188 permit tcp 10.16.10.128 0.0.0.127 host 10.16.30.254 eq 443
access-list 188 permit tcp host 10.16.10.128 host 10.16.30.254 eq 443
access-list 188 permit tcp 10.16.10.128 0.0.0.127 host 10.16.30.254 eq ftp
access-list 188 permit ip 10.16.10.0 0.0.0.255 202.105.103.0 0.0.0.255
access-list 188 permit tcp host 10.16.10.128 host 10.16.20.1 eq
telnet int g0/1
ip access-group 188 in
 
9.   You are required to submit (upload and turn in) the following:
a.      A screen shot of the score with your User Profile details
b.      A configured Packet Tracer file.