Networks Department NETW 905 Dr. Tallal El-Shabrawy Dr. Mohamed Ashour Eng.

Hatem Ayman

EIGRP- ACL Project

Due on the 29th of December (11:00 AM)

Phase 1 EIGRP CONFIGURATION

a- Create the following topology. b- Enable EIGRP at all interfaces given the IP addresses shown below. However, if an interface ip address is not stated, you are free to decide its ip address and subnet mask. c- Verify the EIGRP configuration on R3, R7 and R11. (Show the connected networks for those routers after enabling EIGRP). d- Define the successor and the feasible successor for R1, R5, and R8. Clearly indicate the reasons for choosing those successors and feasible successors.

Case scenarios:
In order to select a path from a certain source to a certain destination, you need to set appropriate costs on certain links. 1- R5 have to communicate with R9 using the following path: R5 R6 R10 R9. 2- R7 have to communicate with R9 using the following path: R7 R8R9. 3- R5 have to communicate with R1 using the following path: R5 R4 R2 R1.

Networks Department NETW 905 Dr. Tallal El-Shabrawy Dr. Mohamed Ashour Eng. Hatem Ayman

Phase 2 ACCESS LISTS

You MUST use BOTH Extended and Named Access Lists to assure the following security constraints for the network above: 1- PC 1 is not allowed to access to hosts on R4. 2- When FTP operates in passive mode, the FTP server uses port 21 for control and the dynamic ports greater than or equal to 1024 for data. You have to deny access to Servers 1 FTP server for PC 7, PC 8 and PC 9. 3- Allow HTTP, Telnet, Mail and POP3 traffic from PC 8 destined to PC 1, PC 2, PC 3 and PC 4. 4- PC 7 is not allowed to access servers 1 web server. 5- PC 8 is not allowed to access servers 2 snmp service. 6- Only PC 1, PC 4 and PC 8 will be granted telnet access to R4. In the evaluation, you will be asked to verify those access lists, i.e. you have to be sure that your access list is working appropriately. For the access lists, debugging traffic based on ACL is very helpful. For example, if you have Access list 199, you can debug ACL traffic using the following command: R1# debug ip packet 199 detail Important notes: 1- You can work in a group NOT more than 2 students. 2- You can find the complete set of commands you will need to use here: http://www.cisco.com/en/US/docs/ios/12_0/np1/command/reference/1reigrp.html 3- You can automatically configure the ports ip addresses and subnet masks from the interface, but at least show 2 or 3 ports configured manually. 4- Clearly indicate all the ip addresses and the subnet masks used for all PCs, routers and servers in a table, i.e. your table should look like: DEVICE Router 1 PC 6 IP ADDRESS 10.0.0.1 192.1.1.1 SUBNET MASK 255.0.0.0 255.255.255.0

. . . .
Server 1

. . . .
14.0.0.1

. . . .
255.0.0.0

Networks Department NETW 905 Dr. Tallal El-Shabrawy Dr. Mohamed Ashour Eng. Hatem Ayman

5- For some interfaces, the ip addresses are not given, you are free to decide their ip addresses and subnet masks. 6- A full documentation about all the steps done and the requirements should be delivered in HARD COPY along with an e-mail containing your project file (.pkt file). 7- For each requirement, you MUST submit a print screen for the results obtained and then explain with your own words the changes happened in the network. 8- The help tool (?) is very important in knowing what commands can be executed within each mode.