Professional Documents
Culture Documents
Client B
192.168.127.3
Client C
10.10.10.2
DMZ
Server A
Port 3
192.168.127.0
131.204.128.2
10.10.10.0
Port 4
Port 2
Internet
131.204.128.127
Port 1
172.25.25.0
Client A
172.25.25.2
1. Submit one report for each group. On the first page please include your group number
(same as the number on your router). Also please list your group members (along with
the IP address used in the Lab) in the format as below:
Harry Porter - 131.204.128.2
2. Please provide screenshots of configuration and ping result for each step as required.
Router Lab
3. Please read the Guideline of Router Configuration carefully. Important information is
included.
Router Lab
2. Lab Steps
2.1 Part 1
2.1.1 Step 1
Step 1: Establish routing between 4 subnets: 131.204.128.0/24, 192.168.127.0/24, 10.10.10.0/24,
172.25.25.0/24.Show that each subnet can ping the other three. NAPT needs to translate the
192.168.127.0/24, 10.10.10.0/24 and 172.25.25.0 to 131.204.128.127 for outside access. Show the routing
table and config file. Show ping to demonstrate the effect of routing.
For a group with 2 members, server A, B and client C must be completed which means you may need
one more machine.
For a group with 3 members, server A, B and client C must be completed.
For a group with 4 members, server A ,B and client A, C must be completed.
If the group has more than 4 people, the 5 th student should establish a client B in subnet
192.168.127.0/24 .
Section 8.2.4 is a guideline on how to do the lab.
Screenshots are required for each step.
2.1.2 Step 2
Step 2: Establish a firewall so that the three inside subnets can read 131.204.128.2 but outside subnet
cannot read inside subnets. Show the firewall effect by using ping.
2.2 Part 2
2.2.1 Step 3
Step 3: Punch a hole in the firewall so that outside computer can access the web server@ 192.168.127.2.
(You can use firewall wizard in Adtran 3120). The NAPT lets the DMZ web server have the outside IP
address of 131.204.128.127. Show the firewall effect by using ping and Wireshark.
2.2.2 Step 4
Router Lab
Step4: Establish the DMZ so that both the outside (131.204.128.2) and inside (10.10.10.0, 172.25.25.0)
can access 192.168.127.2; however the 192.168.127.2 cannot access 10.10.10.0 and 172.25.25.0. And
10.10.10.0, 192.168.127.0, and 172.25.25.0 can access 131.204.128.2. Show the DMZ effect by using ping.
Router Lab
Router Lab
3. Now you can visit the Router configuration page @10.10.10.1. (You may has problem with using
Chrome browser when the router is factory default status, so just use Firefox or IE or something
else).
4. The login username is: admin, and the password: password.
Router Lab
Router Lab
Router Lab
10
Router Lab
8. Then since the vlan has been created, we should assign the ports to vlan.
10
Router Lab
You should assign it according to the Network overview section.
The following figure is just a sample (not correct answer).
Change the VLAN membership then click the checkboxes and click apply.
Now, go to Routing Tables, see what entries you have now.
9. Then click the IP interfaces to assign an IP address for each port.
Dont forget the eth/0 should have an IP address!
11
12
Router Lab
12
Router Lab
13
14
Router Lab
If you use the advanced type, you will find some blanks need to be filled in your new policy:
When the action is Allow, which means allow some traffic from a range of sources to a range of
destinations (both of them can be one or more IP addresses and can be based on protocol and port
number).
When the action is Discard, which means some traffic from a range of sources to a range of
destinations will be discarded.(Same function to the Filter type)
When the action is NAT:
14
Router Lab
15
By moving your mouse to the question symbol, you will see the demonstration of each blanks
function.
Whats more, the advanced type need one/more traffic selector to do the work.
11. You must save your configuration before restart the router otherwise all the works will be gone!
By: Utilities- Configuration Click the Save!!!!
12. After all the steps, download your configuration file and print it out. This would be the important
evidence to show you have finished the lab!!!
16
Router Lab
In the installer window, leave the default name "named" and enter in your password.
16
Router Lab
17
3. In System Properties => Environment Variables, find the variable PATH and append the string ;
%SYSTEMROOT%\SysWOW64\dns\bin; (in case of Windows 64 bits) or;%SYSTEMROOT
%\system32\dns\bin; for Windows 32 bits.
4. Search for the DOS prompt cmd.exe and important!, right click and "Start as administrator". Now
browse to:
C:\Windows\SysWOW64\dns\etc
or in Windows 32 bits:
C:\Windows\system32\dns\etc
5.. By default the dns\etc folder is empty. Not for long. Execute the command:
rndc-confgen -a
18
Router Lab
18