So finally when I am done with CCIE Sec Lab, lets get back to some serious business before starting CCIE SP journey. How about starting with a small troubleshooting ticket to get start with.
Here is the quick topology:
so all routers have loopbacks configured as x.x.x.x where x=device number.
Now problem is when we telnet from R1 to R4's loopback we see :
But we want to see the output below red line. Right ?
So make it work under 10 mins :-)
Here are the initials :
##############
R1
---
!
en
!
conf t
!
ho R1
!
ip dhcp excluded-address 12.12.12.1 12.12.12.255
!
ip dhcp pool a
network 12.12.12.0 255.255.255.0
!
ip dhcp pool b
network 131.13.13.0 255.255.255.0
!
class-map match-all UDP
match access-group 100
exit
!
class-map match-all ALICE
match protocol telnet
exit
!
policy-map COPP
class UDP
drop
exit
!
policy-map BOB
class ALICE
drop
exit
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
no logging con
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
no sh
exit
!
interface FastEthernet1/0
ip address 13.13.13.1 255.255.255.0
no sh
exit
!
router eigrp 1234
network 0.0.0.0
no auto-summary
no eigrp log-neighbor-changes
!
access-list 100 deny udp any any
access-list 100 permit tcp any any
!
control-plane
service-policy input COPP
service-policy output COPP
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
transport input none
transport output none
!
end
!
wr mem
!
======================================
R2
---
!
en
!
conf t
!
ho R2
!
interface FastEthernet0/0
ip address dhcp
no sh
exit
!
interface FastEthernet1/0
ip address 24.24.24.2 255.255.255.0
no sh
exit
!
router eigrp 1234
network 0.0.0.0
no auto-summary
!
no logging con
!
end
!
wr mem
!
===================================
R3
---
!
en
!
conf t
!
ho R3
!
interface FastEthernet0/0
ip address dhcp
no sh
exit
!
interface FastEthernet1/0
ip address 34.34.34.3 255.255.255.0
no sh
exit
!
router eigrp 1234
network 0.0.0.0
no auto-summary
!
no logging con
!
end
!
wr mem
!
====================
R4
---
!
en
!
conf t
!
ho R4
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 24.24.24.4 255.255.255.0
no sh
exit
!
interface FastEthernet1/0
ip address 34.34.34.4 255.255.255.0
no sh
exit
!
router eigrp 1234
network 0.0.0.0
no auto-summary
!
no logging con
!
line vty 0 4
no login
!
line vty 0 4
no login
!
end
!
wr mem
!
HTH...
Deepak Arora
Evil CCIE
4 comments:
Is it a mistake or in purpose ?
ip dhcp pool b
network 131.13.13.0 255.255.255.0
BOOOYAH!!! 6.5 minutes... and that was because there was no "no ip domain-lookup." I think it would have been a LOT harder if you had put some restrictions on the lab. It might have also made it easier as I got to see the configs when I was pasting them into my routers... but here's what I done:
Firstly I checked that there was connectivity between R1-->R2 & R1-->R3 as I wasn't seeing any eigrp neighbors or any routes. When I jumped onto R2 & R3 I saw that they didn't have any addresses assigned, making me feel that there was a DHCP issue. So I checked R1 and saw that you had eliminated all the address range for 12.12.12.0/24 so i changed this to excluded 12.12.12.1 - 2. This assigned R2 an address. Great - same on R3 (didn't assign address - started panicking as the time limit - so shut no shut the interface - gave an address). After that I could ping R4's loopback - then I just removed the access-list on R1 denying UDP (does telnet use UDP port 23?) and that seemed to do the trick :)
Can't get into R4 though as there's no password set :(
If deleting the access-list hadn't worked, I would have deleted the "class-map match-all ALICE" - matching the telnet (which is actually TCP 23 :))
is it a mistake or on purpose ?
ip dhcp pool b
network 131.13.13.0 255.255.255.0
Post a Comment