Copyright © 2001, Cisco Systems, Inc. CSPFA Remote Lab Instructor Guide 2.0 5
Physical Connections
© 2001, Cisco Systems, Inc.
www.cisco.com
Connections with Aironet
Connections with Aironet
1 2 3 4 5 6 7 8 9 10
ETHERNET 0/0ETHERNET 0/1
Cisco 2611
CONSOLE
Internet
© 2001, Cisco Systems, Inc.
www.cisco.com
Connections with Hub
Connections with Hub
1 2 3 4 5 6 7 8 9 10
1X
2X 3X 4X 5X 6X 7X 8X 9X 10X 11X 12X
FastHub 400
ETHERNET 0/0ETHERNET 0/1
Cisco 2611
CONSOLE
Internet
Initial student PC Configuration
IP ADDRESS 10.1.P.3
MASK 255.255.255.0
GATEWAY 10.1.P.1
6 CSPFA Remote Lab Instructor Guide 2.0 Copyright © 2001, Cisco Systems, Inc.
Classroom Router Configuration
You will need the following parameters from Cisco’s ILSG lab administrator
before configuring the classroom router:
RL-PIX-CSPFA IP ADDRESS (IPsec peer IP address)
AUTHENTICATION KEY
Note The classroom router is configured to get a DHCP address, including a default
route, on the outside interface (Ethernet 0/1). If DHCP is not supported at your
location then a manually enter IP address and default route must be configured.
RL-LCL-2611 Configuration
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RL-LCL-2611
!
enable secret 5 <ENABLE PASSWORD>
!
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 11
hash md5
authentication pre-share
group 2
crypto isakmp key <AUTHENTICATION KEY> address <RL-PIX-CSPFA IP ADDRESS>
!
crypto ipsec transform-set RL-TRANS esp-3des esp-md5-hmac
!
crypto map RL-MAP 22 ipsec-isakmp
set peer <RL-PIX-CSPFA IP ADDRESS>
set security-association lifetime seconds 86400
set transform-set RL-TRANS
set pfs group2
match address TO-RMT
!
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0 secondary
ip address 10.1.2.1 255.255.255.0 secondary
ip address 10.1.3.1 255.255.255.0 secondary
ip address 10.1.4.1 255.255.255.0 secondary
ip address 10.1.5.1 255.255.255.0 secondary
ip address 10.1.6.1 255.255.255.0 secondary
ip address 10.1.7.1 255.255.255.0 secondary
Copyright © 2001, Cisco Systems, Inc. CSPFA Remote Lab Instructor Guide 2.0 7
ip address 10.1.8.1 255.255.255.0 secondary
ip address 10.1.9.1 255.255.255.0 secondary
ip address 10.1.10.1 255.255.255.0 secondary
ip address 172.27.27.100 255.255.255.0
no cdp enable
!
interface Ethernet0/1
ip address dhcp
no cdp enable
crypto map RL-MAP
!
ip classless
no ip http server
!
ip access-list extended TO-RMT
permit ip 10.1.0.0 0.0.255.255 any
permit ip 172.27.27.0 0.0.0.255 any
no cdp run
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
no scheduler allocate
end
8 CSPFA Remote Lab Instructor Guide 2.0 Copyright © 2001, Cisco Systems, Inc.
Remote Lab Setup
This section covers the procedures required to connect to the remote lab and to
setup and test the lab devices before the beginning of class.
Establishing and Testing Connectivity to the Remote Lab
Perform the following procedures to establish and test connectivity to the remote
lab.
From the console of your RL-LCL-2611 router:
Step 1 RL-LCL-2611> ping <YOUR LOCAL DEFAULT GATEWAY>
If unsuccessful
• check physical Internet connectivity.
• check ethernet link from RL-LCL-2611 to your Internet connection.
• check IP address received from DHCP:
RL-LCL-2611# show ip interface brief ethernet0/1
Step 2 RL-LCL-2611> ping <RL-PIX-CSPFA IP ADDRESS>
If unsuccessful
• check default gateway setting on RL-LCL-2611:
RL-LCL-2611# show ip route
From the Pod 1 student PC:
Step 3 C:\> ping 10.1.1.1
If unsuccessful
• check Aironet link or ethernet link from the PC to Aironet access point or hub.
• check ethernet link from RL-LCL-2611 to Aironet access point or hub.
• check IP address/netmask settings on the student PC.
• check Aironet configuration and range.
• check RL-LCL-2611 configuration.
Copyright © 2001, Cisco Systems, Inc. CSPFA Remote Lab Instructor Guide 2.0 9
Step 4 C:\> ping 10.90.90.1
This will initiate the VPN tunnel to the remote PIX. It will take a few ping tries
before the VPN tunnel is established and the ping is successful.
If unsuccessful
• ensure that you’ve given the router/PIX enough time to setup the VPN tunnel.
• check default gateway setting on the student PC.
• check the ISAKMP settings on RL-LCL-2611:
crypto isakmp key <AUTHENTICATION KEY> address <RL-PIX-CSPFA IP ADDRESS>
• check the IPSEC settings on RL-LCL-2611:
crypto map RL-MAP 22 ipsec-isakmp
set peer <RL-PIX-CSPFA IP ADDRESS>
• clear all security associations (SAs) on the RL-LCL-2611:
RL-LCL-2611# clear crypto sa
From each student PC (1 through 10)
Step 5 C:\> ping 10.0.P.100 (remote terminal server)
If unsuccessful
• check Aironet link or ethernet link from the PC to Aironet access point or hub.
• check IP address/netmask/default gateway settings on the student PC.
• check Aironet configuration and range.
• check RL-LCL-2611 configuration.
Telneting to the Remote Terminal Server
Note USE “CTRL+SHIFT+6 then X” TO EXIT A CONSOLE SESSION.
Telnet to RL-RTS-CSPFA:
C:\> telnet 10.0.P.100
User Access Verification
Password: cisco
RL-RTS-CSPFA>
For chapter 15 lab, Configure a Secure VPN Using IPSec Between a PIX Firewall
and a VPN Client, telnet to 172.26.26.150:
C:\> telnet 172.26.26.150
User Access Verification
Password: cisco
RL-RTS-CSPFA>
10 CSPFA Remote Lab Instructor Guide 2.0 Copyright © 2001, Cisco Systems, Inc.
PIX Initial Configurations
The PIX firewalls are resetted to default before each class. Check that all pod PIX
firewalls are resetted.
Note Pods 1 through 10 access their PIX from RL-RTS-CSPFA as follows:
RL-RTS-CSPFA> pPp (where P = pod number)
Translating "pPp"
Trying pPp (10.93.93.1, 2033) Open
pixfirewall> enable
Password: <enter>
pixfirewall#
To reset a PIX firewall:
pixP# write erase
Erase PIX configuration in flash memory? [confirm] <enter>
pixP# reload
Proceed with reload? [confirm] <enter>
Rebooting
Router Initial Configurations
The student routers should already by configured with a default configuration
before each class. Check that all student routers are already configured.
Note Pods 1 through 10 access their router console from RL-RTS-CSPFA as follows:
RL-RTS-CSPFA> rP (where P = pod number)
Translating "rP"
Trying rP (10.91.91.1, 2033) Open
rP> enable
Password: cisco
rP#
Router Default Configuration
Note Remember to replace the Ps with the actual pod number.
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RL-RPCSPFA
!
no logging console
Copyright © 2001, Cisco Systems, Inc. CSPFA Remote Lab Instructor Guide 2.0 11
aaa new-model
aaa authentication login LOCAL line enable
enable password cisco
!
memory-size iomem 15
ip subnet-zero
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
!
interface Ethernet0/0
ip address 10.0.P.2 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface Ethernet0/1
ip address 172.30.P.2 255.255.255.0
!
router eigrp 1
network 10.0.0.0
network 172.30.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
no ip http server
!
line con 0
password cisco
login authentication LOCAL
transport input none
line aux 0
line vty 0 4
password cisco
!
no scheduler allocate
end
12 CSPFA Remote Lab Instructor Guide 2.0 Copyright © 2001, Cisco Systems, Inc.
Turning Secondary PIXen On and Off
Note The secondary PIXen used for Chapter 14’s failover lab MUST be OFF at all times,
except when doing the lab. To turn them ON or OFF, you connect to manageable
power strips that control power to the secondary PIXen units.
Note Access the manageable power strip for Pods 1 through 8 from RL-RTS-CSPFA as
follows:
RL-RTS-CSPFA> apc1
Translating "apc1"
Trying sP (10.93.93.1, 2063) Open
User Name : instructor
Password : cisco
Access the manageable power strip for Pods 9 and 10 from RL-RTS-CSPFA as
follows:
RL-RTS-CSPFA> apc2
Translating "apc2"
Trying sP (10.93.93.1, 2064) Open
User Name : instructor
Password : cisco
Copyright © 2001, Cisco Systems, Inc. CSPFA Remote Lab Instructor Guide 2.0 13
TO TURN SECONDARY PIXEN OFF:
American Power Conversion Web/SNMP Management Card AOS v2.5.4
(c) Copyright 2000 All Rights Reserved MasterSwitch APP v2.1.0
Name : Unknown Date : 11/28/2001
Contact : Unknown Time : 10:08:53
Location : Unknown Up Time : 6 Days 22 Hours 38 Minutes
Status : P+ N+ A+ User : Outlet User
MasterSwitch : Serial Communication Established
Control Console
1- Device Manager
2- Network
3- System
4- Logout
?- Help, <ESC>- Main Menu, <ENTER>- Refresh
>
1
Device Manager
1- P1S ON
2- P2S ON
3- P3S ON
4- P4S ON
5- P5S ON
6- P6S ON
7- P7S ON
8- P8S ON
9- ALL Accessible Outlets
<ESC>- Back, <ENTER>- Refresh
>
9 or 3 (enter 9 or 3 for ALL Accessible Outlets or select a specific PIX)
ALL Accessible Outlets
Outlet Name Pwr On Dly Pwr Off Dly Reboot Dur.
1: ON P1S Immediate Immediate 05 Seconds
2: ON P2S Immediate Immediate 05 Seconds
3: ON P3S Immediate Immediate 05 Seconds
4: ON P4S Immediate Immediate 05 Seconds
5: ON P5S Immediate Immediate 05 Seconds
6: ON P6S Immediate Immediate 05 Seconds
7: ON P7S Immediate Immediate 05 Seconds
8: ON P8S Immediate Immediate 05 Seconds
1- Immediate On
2- Immediate Off
3- Immediate Reboot
4- Delayed On
5- Delayed Off
6- Sequenced Reboot
7- Delayed Reboot
8- Delayed Sequenced Reboot
9- Cancel Pending Commands
?- Help, <ESC>- Back, <ENTER>- Refresh
>
2
14 CSPFA Remote Lab Instructor Guide 2.0 Copyright © 2001, Cisco Systems, Inc.
Immediate Off
Turn all outlets OFF immediately.
Enter 'YES' to continue or <ENTER> to cancel :
YES (enter YES exactly)
Command successfully issued.
Press <ENTER> to continue
<ENTER>
ALL Accessible Outlets
Outlet Name Pwr On Dly Pwr Off Dly Reboot Dur.
1: OFF P1S Immediate Immediate 05 Seconds
2: OFF P2S Immediate Immediate 05 Seconds
3: OFF P3S Immediate Immediate 05 Seconds
4: OFF P4S Immediate Immediate 05 Seconds
5: OFF P5S Immediate Immediate 05 Seconds
1- Immediate On
2- Immediate Off
3- Immediate Reboot
4- Delayed On
5- Delayed Off
6- Sequenced Reboot
7- Delayed Reboot
8- Delayed Sequenced Reboot
9- Cancel Pending Commands
?- Help, <ESC>- Back, <ENTER>- Refresh
>
<ESC> (keep hitting <ESC> until you exit back to Control Console)
Control Console
1- Device Manager
2- Network
3- System
4- Logout
?- Help, <ESC>- Main Menu, <ENTER>- Refresh
>
4
You are now in passthru mode.
Không có nhận xét nào:
Đăng nhận xét