Defining encapsulation. Encapsulation
allows data packets to be wrapped in a defined protocol,
and send over an Internet connection. One of the
most popular encapsulation techniques is PPP (which
is the standard used to connect users to the Internet
from a modem). This is achieved with:
Go back to the user executive
mode with the command exit,
followed by exit
6
Show the main system configuration with
show
running-config.
An example of this programming is shown next:
Defining authentication. Along
with encapsulation, there is normally an authentication
for the connection. In the following the authentication
is defined as chap (which is more secure than pap).
1
Go into the privileged mode
by typing enable.
3
Configure the device using by typing config
t.
4
Define
(config)#
interface s0 (config-if)#
ppp authentication chap
4
The CHAP protocol continually challenges
the remote router for a user name and a password.
Thus we must define a username and password
(in this case a username of fred
with a password of mypass):
(config)#
username fred password mypass
5
Finally on the required interface we set
the hostname and the password for the remote
router:
(config)#
interface s0 (config-if)#
ppp chap hostname fred (config-if)#
ppp chap secret mypass
5
Go back to the user executive
mode with the command exit,
followed by exit
6
Show the main system configuration with
show
running-config.
Defining ACLs. Access Control
Lists (ACLs) allow for incoming and outgoing data
to be filtered, and are used to implement firewalls.
A simple example is:
1
Go into the privileged mode
by typing enable.
3
Configure the device using by typing config
t.
4
To deny access from the incoming E0 port
to every host on the 156.1.1.0 subnet:
(config)#
access-list 1 deny ip 156.1.1.0 0.0.0.255 (config)#
access-list 1 permit any any (config)#
interface e0 (config-if)#
ip access-group 1 in
5
Go back to the user executive
mode with the command exit,
followed by exit
6
Show the main system configuration with
show
running-config.
At this point the running-config should look something
like:
version
12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
Hostname Router
!
!
ip subnet-zero
!
ip domain-name mycomp.com
ip name-server 192.168.0.10
!
interface ethernet 0
ip address 219.17.100.1 255.255.255.0
no shutdown
ip access-group 1 in
!
interface serial 0
ip address 199.6.13.1 255.255.255.0
no shutdown
encapsulation ppp
ppp authentication chap
!
interface serial 1
ip address 201.100.11.2 255.255.255.0
no shutdown
encapsulation ppp
ppp authentication chap
!
router rip
network 199.6.13.0
network 201.100.11.0
network 219.17.100.0
!
access-list 1 deny ip 156.1.1.0 0.0.0.255
access-list 1 permit ip any any
!
ip host LAB_A 192.5.5.1 205.7.5.1 201.100.11.1
ip host LAB_B 210.100.11.2 219.17.100.1 199.6.13.1
ip host LAB_C 223.8.151.1 204.204.7.1 199.6.13.1
ip host LAB_D 210.93.105.1 204.204.7.2
ip host LAB_E 210.93.105.2
!
end
Defining ACLs using Named ACLs.
It is also possible to define an ACL by a name.
For example, the following permits accesses from
the 10.11.12.0 and 20.31.42.0 subnets, and disallows
all other subnets:
1
Go into the privileged mode
by typing enable.
2
Configure the device using by typing config
t.
3
To deny access from the incoming E0 port
to every host on the 156.1.1.0 subnet:
(config)#
access-list standard myacl (config-std-nacl)#
permit 10.11.12.0 0.0.0.255 (config-std-nacl)#
permit 20.31.42.0 0.0.0.255 (config-std-nacl)#
exit (config)#
int e0 (config-if)#
ip access-group myacl out (config-if)#
exit
4
Go back to the user executive
mode with the command exit
5
Show the main system configuration with
show
running-config.
6
An extended NACL is defined with access-list
extended myextacl.
[