GNS3 CCNA R/S Lab #2

EDIT: Note that I made a change to the topology. I decided two links to Salado was stupid since if that core went down Jim was hosed. Still create GLBP links on the inside but instead connect to Austin as the new image shows. Yep, still studying for the new CCNA R/S and whipped up a second lab that you can try on your own and see how far you get. This one is a little more complex than the other one. Also, on the other one, if the texas remote office couldn't ping across its because I had a tunnel setup and the remote computer had to send an ICMP or some sort of data to the distant end before the crypto tunnel would stand up. See below for the latest lab image. I won't bother adding in configs for you as this is supposed to be done from the ground up. I may add more to this later, I can't think of any exam objectives I would be missing at this point other than switching with STP/SRTP/PVST+....Come to think of it, I will post a file when I am 100% satisfied I have configured this lab to my satisfaction so you can get a working model and compare.



Please note that this lab may require in excess of 3-5 GB of RAM. My laptop has 8 GB and I was sitting right around 5.16 GB of RAM chewed up from this lab. I'm not taking into account all of my other programs open however, I had email, a ticketing system, and notepad++ open. For Jim's network, it is up to you to design a proper subnet for the GLBP and WAN links. Part of learning is doing something yourself! Whip up a DHCP server while you are at it for him too. IPv6 lab will be coming soon.

• ensure the line console doesn't interrupt your typing
• setup telnet and ssh except Salado-Exec, ssh should only be enabled for this gateway
• configure both the console and vty lines for a password of cisco and enforce logging in
• create a username of cisco and a secret password of cisco
• create a secret enable password of cisco
• make sure random words don't force DNS lookups if you make a mistake typing
• configure all ip interfaces as shown
• configure EIGRP in AS 1 and only send hello packets on interfaces that you own or networks that are completely behind the GW you are on
• Configure the frame relay interfaces according to the DLCI chart
• Configure the frame relay switch
• EIGRP should be establishing adjacencies at this point, verify by pinging across
• configure DHCP for 10.x.x.x networks and exclude .1 to .9 while setting DNS to 8.8.8.8 and the default-router to the .1 address
• make sure all clients get their respective DHCP addresses and other information such as gateway and dns
• configure NAT for the additional router added into the Salado portion to use PAT, ensure nat translations are occuring on the inside global address to the inside local
• configure GLBP for Jim's setup and ensure the timers are set to miliseconds of 50 and 160 dead
• configure static routes for Jim's network to Salado-Exec and beyond
• configure default routes that all point to Corp-HQ in case a route is not known
• configure a proper route in the correct gateways to ensure data gets routed statically to Jim's computer since he is a loner and no one likes him
• configure eigrp md5 authentication between corp HQ and all other cores
• configure PPP Chap between Jim's GWs
• deny telnet to all gateways except from the engineers and IT networks
• deny ssh to all gateways except from the engineers and IT networks
• ONLY deny the CEO and CFO, permit the CTO to do his job with all engineering tasks like icmp, telnet,ssh
• deny ICMP on all host networks except IT and engineering
• deny http traffic from the corp sales department, they are committing shenangians on youtube