TO DO List

******** Activity 1 : DHCP DNS FTP & TFTP servers ********

1. Analyse the topology of the given network :

2. Realize the configuration of the topology

The objective of this activity is to configure the following Web Services (DHCP, DNS,
http/HTTPS, FTP and TFTP) on the relevant networking devices.
Test the connectivity between the devices.
a. DHCP Server setup configuration
Note that DHCP server must have a static ip@ by specifying the pool range of the LAN -> Be
free for the start IP@.

b. DNS Server setup configuration

1/17
 c. FTP Server Setup configuration
It is requested to add one more server « Server-PT » named « Ftp » -> Then turn on the FTP
service.

2/17
Create users to handle different file management tasks -> add different users with diverse
permissions (Write, Read, Delete, …)

3/17
 d. Testing

Tape dir command « directory »

Copy this name of the .bin file (it is a default configuration file coded in binary -> it means that
it cannot be opened by the user to see its content).

4/17
Next, try to delete this file by using the following command :

You will see that you are not allowed (because the user login in is not permitted to delete).
Now, leave this user session and try to connect to the FTP server by login in using the other
username as follows :

Once again list the directory to see the configuration files saved by default in the FTP server :

Copy this file name (or any of the bin files that are listed) -> try to delete it. As depicted in the
capture, you will notice that the binary file is not listed anymore

5/17
 e. TFTP Server setup configuration
Note that for the TFTP (to enable the transfer of files from one emplacement to another) does
not require the user authentification.
Enable the TFTP service in the FTP Server.

Next, on the Router enter the CLI and try to show the files stored in the flash memory -> copy
the available bin file :

6/17
Open the FTP server -> TFTP Service (it will show the xyz file copied).

7/17
 *********** Activity 2 : SMTP & FTP servers ************
Build this network topology based on the following addressing table

Bref steps :

8/17
Try connectivity between the devices (an simple example is given below) :

9/17
Then, enable FTP service as the previous activity and create users with different permissions.
The try the different ftp commands :

Test as well the access to the Web Browser from the PCs :

Next, on the Mail Server enable the SMTP & POP Services : select the « Domain Name » +
users to serve for the senders and receivers of the tested emails

10/17
Configure the user informations for the Mails on PC1 for example :

Mail trial => compose a mail and try to check its reception by the receiver

11/17
Reply to the sent mail

12/17
 *********** Activity 3 : NAT & ACL **********
The topology is constituted of 4 LANs and 1 serial link between R1 and SPI « Service Provider
of Internet » as depicted below :
- 192.168.1.0/24

- 192.168.2.0/24

- 192.168.3.0/24

- 192.168.4.0/24

- 200.200.200.0/28

If you try the connectivity between PCs that belong to different LANs (for example from PC1
to PC5), you will not success.
 To fix this connectivity issue, you have to configure static or dynamic routes on the
routers present in the network architecture
Lets configure a default static route on R1 (on the serial port S0/0/0) for the LANs
(192.168.3.0/24 & 192.168.4.0/24) by means of SP1 router (l’intermédiaire) :

13/17
The command line to configure the default route on the interface S0/0/0 of R1 is :
ip route 0.0.0.0 0.0.0.0 @S0/0/0_SPI
 This means that the default route is enabled/activated at the interface S0/0/0 of R1 ->
Any packet inside the inside networks LANs (192.168.1.0/24 & 192.168.2.0/24)
traversing the interface S0/0/0 of R1 will be redirected automatically to S0/0/0 of SPI
to reach the remote/distant networks LANs (192.168.3.0/24 & 192.168.4.0/24).
N.B => Don’t forget to save the configuration everytime by the command wr or copy run
start :

Next, display the routing table of R1 by the command «R1#show ip route » :

It clearly shows 3 networks available. The last line with * refers to the default route.
To continue setting the static route on the topology, it is necessary to configure the remote
LANs not direclty connected to this router SPI (to continue configuring the static routes) which
are 192.168.1.0/24 & 192.168.2.0/24 by the command ip route :

 This way all the static routes are configured -> all the PCs should communicate with
each others without any problem

Step 1 : Blocking a LAN to communicate with a Remote LANs

14/17
The idea is to block all devices of the network@ 192.168.1.0/24 to communicate with the LANs
(192.168.3.0/24 & 192.168.4.0/24)
To do so, it is necessary to create an ACL « Access Control List » in SPI router. Access list
number 1 that deny the access for all devices containing in the LAN 192.168.1.0 and permit all
the others (permit any) :

Note that this ACL should be executed on the interface S0/0/0 of the router SPI :

In fact, « in » means the traffic coming inside the router SPI.

Once gain, don’t forget to save the configuration on the SPI router.
Try now to test the connectivity between PC1 and PC5 => It will fail (because they have a
denied access to enter s0/0/0 interface of SPI)
Try now to test the connectivity between PC3 and PC5 => It will succeed (because they have
a permitted access to enter s0/0/0 interface of SPI)
Step 2 : Static NAT Configuration
This step will allow us to configure NAT on R1 to allow the @IP_PC1 to go outside (traverse
R1) through G0/0 -> but the idea is to appear (to be replaced by) a public IP@ at the interface
S0/0/0 of R1.
 This time, by applying this process that will call NAT (conversion of a private_@IP to a
public_@IP), i twill be possible to enable the communication (ping) between PC1 and
PC5.
Now, to do so, next steps will show the command lines to set on R1 to configure the static
NAT @IP by @IP : ip nat inside source static 192.168.1.10 200.200.200.1

We say that the Internal private IP@ was mapped to the Outside public IP@.

15/17
Next, specify the interface G0/0 to be inside (traffic coming from this interface of R1) -> « ip
nat inside » command.
Specify the interface S0/0/0 to outside (la sortie du traffic) -> « ip nat outside » command.

Don’t forget to save the configuration. Otherwise you will loose all the work done if the PKT
file is closed.
If you try to ping from PC1 to PC5, you will see that the ping is successful -> because the IP@
of PC1 is mapped.
However, if you ping from PC2 to PC5, you will see that the ping is failed -> because the IP@
of PC2 is NOT YET MAPPED.
To check which IP@ are mapped :
- First, enable the NAT debugging by the command « R1#debug ip nat »
- Second, ping for example from PC1 to PC6 and return to the CLI of the router R1 to
analyse the NAT answer

The 1st line means that the source @PC1 (192.168.1.10) was translated/converted to
200.200.200.1 (en sortant du router R1 à travers l’interface S0/0/0) to reach (atteindre) the
destination @PC7 (192.168.4.40).
To stop the debugging process, set the command « R1#no debug ip nat » :

16/17
Finally, to verify the NAT settings, tape the command « R1#sh ip nat translations » :

********** Activity 4 : Dynamic NAT & PAT ***********

This activity will be explored back from holidays…. Stay tuned !

17/17