Lab 69 - HackMD

# Lab 69 ###### tags: `Lab` ![](https://i.imgur.com/3WzLDY8.png) ## BRa P1-6 : VLAN 10 ~ 10.10.10.0/26 – DHCP Server P7-12 : VLAN 20 ~ 10.10.10.64/26 P13-18: VLAN 30 ~ 10.10.10.128/26 P19-23: VLAN 40 ~ 10.10.10.192/26 P24 : uplink VLAN100 ~ 192.168.10.0/24 = MgtVLAN ```jarne stupid ena conf t hostname bra no ip domain-lookup int fa0/1 desc wan ip nat outside ip address 172.23.80.69 255.255.254.0 no shut int fa0/0 desc lan ip address 192.168.168.1 255.255.255.252 ip nat inside duplex auto no shut int fa0/0.10 desc vlan10 encapsulation dot1Q 10 ip nat inside no ip add no shut int fa0/0.20 desc vlan20 encapsulation dot1Q 20 ip nat inside no shut int fa0/0.30 desc vlan30 encapsulation dot1Q 30 ip nat inside no ip add no shut int fa0/0.40 desc vlan40 encapsulation dot1Q 40 ip nat inside no ip add no shut int fa0/0.100 desc mgnt encapsulation dot1Q 100 ip address 192.168.10.1 255.255.255.0 no shut int fa0/0.69 desc trash encapsulation dot1Q 69 no ip address no shut ip route 10.10.10.0 255.255.255.0 192.168.168.2 no access-list 1 ip nat inside source list 1 interface fa0/1 overload access-list 1 permit 10.10.10.0 0.0.0.63 access-list 1 permit 10.10.10.64 0.0.0.63 access-list 1 permit 10.10.10.128 0.0.0.63 access-list 1 permit 10.10.10.192 0.0.0.63 crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 86400 crypto isakmp key firewallcx address 172.23.81.70 ip access-list extended VPN-TRAFFIC permit ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255 no access-list 100 crypto ipsec transform-set TS esp-3des esp-md5-hmac crypto map CMAP 10 ipsec-isakmp set peer 172.23.81.70 set transform-set TS match address VPN-TRAFFIC int fa0/1 crypto map CMAP ip nat inside source list 100 interface fastethernet0/1 overload access-list 100 remark -=[Define NAT Service]=- access-list 100 deny ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255 access-list 100 permit ip 10.10.10.0 0.0.0.255 any access-list 100 remark ``` ## BRb P1-6 : VLAN 10 ~ 10.20.20.0/26 – DHCP server P7-12 : VLAN 20 ~ 10.20.20.64/26 P13-18: VLAN 30 ~ 10.20.20.128/26 P19-23: VLAN 40 ~ 10.20.20.192/26 P24 : uplink VLAN100 ~ 192.168.20.0/24 = Mgt VLAN ```jarne very stupid ena conf t hostname brb no ip domain-lookup int fa0/0 desc wan ip nat outside ip address 172.23.81.70 255.255.255.254 no shut int fa0/1 desc lan no ip address duplex auto no shut int fa0/1.10 encapsulation dot1q 10 ip nat inside ip address 10.20.20.1 255.255.255.192 ip helper-address 10.10.10.10 int fa0/1.20 encapsulation dot1q 20 ip nat inside ip address 10.20.20.65 255.255.255.192 ip helper-address 10.10.10.10 int fa0/1.30 encapsulation dot1q 30 ip nat inside ip address 10.20.20.129 255.255.255.192 ip helper-address 10.10.10.10 int fa0/1.40 encapsulation dot1q 40 ip nat inside ip address 10.20.20.193 255.255.255.192 ip helper-address 10.10.10.10 int fa0/1.100 encapsulation dot1q 100 ip nat inside ip address 192.168.20.1 255.255.255.0 int fa0/1.69 descr native ip route 0.0.0.0 0.0.0.0 fa0/0 #ip nat inside source list 1 interface fa0/0 overload #access-list 1 permit 10.20.20.0 0.0.0.63 #access-list 1 permit 10.20.20.64 0.0.0.63 #access-list 1 permit 10.20.20.128 0.0.0.63 #access-list 1 permit 10.20.20.192 0.0.0.63 crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 86400 crypto isakmp key firewallcx address 172.23.80.69 ip access-list extended VPN-TRAFFIC permit ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255 no access-list 100 crypto ipsec transform-set TS esp-3des esp-md5-hmac crypto map CMAP 10 ipsec-isakmp set peer 172.23.80.69 set transform-set TS match address VPN-TRAFFIC int fa0/0 crypto map CMAP ip nat inside source list 100 interface fastethernet0/0 overload access-list 100 remark -=[Define NAT Service]=- access-list 100 deny ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 100 permit ip 10.20.20.0 0.0.0.255 any access-list 100 remark ``` ## Layer-2 ```even more stupid? ena conf t hostname switchL2 vlan 10 name vlan10 int vlan10 no ip address no shut vlan 20 name vlan20 int vlan20 no ip address no shut vlan 30 name vlan30 int vlan30 no ip address no shut vlan 40 name vlan40 int vlan40 no ip address no shut vlan 100 name mgnt int vlan100 desc mgnt ip address 192.168.20.2 255.255.255.192 no shut ip default-gateway 192.168.20.1 vlan 69 name Native int vlan69 desc Native no ip address no shut int fa0/24 switchport mode trunk switchport trunk allowed vlan 10,20,30,40,100 int range fa0/1-6 switchport mode access switchport access vlan 10 int range fa0/7-12 switchport mode access switchport access vlan 20 int range fa0/13-18 switchport mode access switchport access vlan 30 int range fa0/19-23 switchport mode access switchport access vlan 40 ``` ## Layer-3 ``` confirmed according to science ena conf t hostname l3 ip routing vlan 10 name vlan10 int vlan10 desc vlan10 ip address 10.10.10.1 255.255.255.192 no shut vlan 20 name vlan20 int vlan20 desc vlan20 ip address 10.10.10.65 255.255.255.192 ip helper-address 10.10.10.10 no shut vlan 30 name vlan30 int vlan30 desc vlan30 ip address 10.10.10.129 255.255.255.192 ip helper-address 10.10.10.10 vlan 40 name vlan40 int vlan40 desc vlan40 ip address 10.10.10.193 255.255.255.192 no shut vlan100 name vlan100 int vlan100 desc mngt ip address 192.168.10.1 255.255.255.0 no shut vlan 69 name trash int vlan69 desc trash no ip address no shut ip route 0.0.0.0 0.0.0.0 gi1/0/24 int range gi0/1-6 switchport mode access switchport access vlan 10 int range gi0/7-12 switchport mode access switchport access vlan 20 int range gi0/13-18 switchport mode access switchport access vlan 30 int range gi0/19-23 switchport mode access switchport access vlan 40 int gi0/24 no switchport ip address 192.168.168.2 255.255.255.252 end ```