Router> Router>enable Router#config t Router(config)#hostname Greensward Greensward(config)#enable password cisco Greensward(config)#enable secret class Greensward(config)#line con 0 Greensward(config-line)#password cisco Greensward(config-line)#login Greensward(config-line)#exit Greensward(config)#line vty 0 4 Greensward(config-line)#password cisco Greensward(config-line)#login Greensward(config-line)#exit Greensward(config)#ipx routing Greensward(config)#ipx maximum-paths 1 Greensward(config)#interface e0.1 Greensward(config-subif)#ip address 156.1.10.1 255.255.254.0 Greensward(config-subif)#no shutdown Greensward(config-subif)#interface e0.2 Greensward(config-subif)#ipx network a Greensward(config-subif)#ipx encapsulation novell-ether Greensward(config-subif)#description Admin network Greensward(config)#interface e1.1 Greensward(config-if)#ip address 156.1.12.1 255.255.254.0 Greensward(config-if)#no shutdown Greensward(config-subif)#interface e1.2 Greensward(config-subif)#ipx network c Greensward(config-subif)#ipx encapsulation novell-ether Greensward(config-if)#description Circ network Greensward(config)#interface e2.1 Greensward(config-if)#ip address 156.1.14.1 255.255.254.0 Greensward(config-if)#no shutdown Greensward(config-subif)#interface e2.2 Greensward(config-subif)#ipx network e Greensward(config-subif)#ipx encapsulation novell-ether Greensward(config-if)#description Server network Greensward (config)#isdn switch-type basic-net3 Greensward (config)#dialer-list 1 protocol ip permit Greensward (config)#interface bri 0 Greensward (config-if)#ip address 156.1.18.1 255.255.254.0 Greensward (config-if)#encapsulaton ppp Greensward (config-if)#isdn spid1 3840000001 Greensward (config-if)#isdn spid2 3840000002 Greensward (config-if)#dialer map ip 156.1.18.2 name Bstop 384020 Greensward (config-if)#dialer-group 1 Greensward (config-if)#ppp authentication chap Greensward (config-if)#dialer idle-time out 300 Greensward (config-if)#dialer wait-for-carrier-time 15 Greensward (config-if)#no shutdown Greensward(config-if)#description ISDN connection to other schools Greensward (config-if)# exit Greensward(config-if)#interface s1 Greensward(config-if)#ip address 156.1.2.1 255.255.255.0 Greensward (config-if)#encapsulation frame-relay Greensward(config-if)#no shutdown Greensward(config-if)#description Internet Connection Greensward(config-if)#exit Greensward(config)#router rip Greensward(config-router)#network 156.1.2.0 Greensward(config-router)#network 156.1.10.0 Greensward(config-router)#network 156.1.11.0 Greensward(config-router)#network 156.1.12.0 Greensward(config-router)#network 156.1.13.0 Greensward(config-router)#network 156.1.14.0 Greensward(config-router)#network 156.1.18.0 Greensward(config)#router igrp 10 Greensward(config-router)#timers basic 15 45 0 60 Greensward(config-router)#no metric holddown Greensward(config-router)#metric maximum-hop 50 Greensward(config-router)#network 156.1.2.0 Greensward(config-router)#network 156.1.10.0 Greensward(config-router)#network 156.1.11.0 Greensward(config-router)#network 156.1.12.0 Greensward(config-router)#network 156.1.13.0 Greensward(config-router)#network 156.1.14.0 Greensward(config-router)#network 156.1.18.0 Greensward(config-router)#exit Greensward(config)#ip host Greensward 156.1.10.2 Greensward(config)#ip host Greensward 156.1.11.2 Greensward(config)#ip host Greensward 156.1.12.2 Greensward(config)#ip host Greensward 156.1.13.2 Greensward#copy run start Greensward(config)#exit
ACL 1 only allows traffic within the VEAZ numbering scheme to enter via Greensward Router Serial Interface 0
Greensward (config)#access-list 1 permit 156.1.0.0 0.0.255.255 Greensward (config)#access-list 1 deny any Greensward (config) # interface s0 Greensward (config-if)# ip access-group 1 in
ACL 101 prohibits Circ network access to the Admin network other than mail (SMTP) protocol. It allows access to the Server network, the WAN link to other schools and to the Internet. 101 is placed on the input of interface e1 on the Greensward router.
Greensward (config)#access-list 101 permit tcp 156.1.12.0 0.0.1.255 156.1.10.0 0.0.1.255 eq smtp Greenward(config)#access-list 101 permit ip 156.1.12.0 0.0.1.255 156.1.18.0 0.0.1.255 Greenward(config)#access-list 101 permit ip 156.1.12.0 0.0.1.255 156.1.14.0 0.0.0.255 Greenward(config)#access-list 101 permit ip 156.1.12.0 0.0.1.255 156.1.2.0 0.0.0.255 Greensward (config) # interface e1 Greensward (config-if)# ip access-group 101 in
ACL 102 only allows Curriculum range of address to receive http protocol from the internet ie downloads prohibited. Place on input of Greensward Router Serial Interface 1.
Greensward (config)#access-list 102 permit tcp any 156.1.12.0 0.0.1.255 eq http Greensward (config)#access-list 102 permit tcp any 156.1.13.0 0.0.1.255 eq http Greensward (config)#access-list 102 deny ip any any Greensward (config) # interface s1 Greensward (config-if)# ip access-group 102 in
 | ||||
 |
 |
 |
 |
 |
 |
 |
|||
 | ||||
 | ||||