Configure RIPv2 on Ac1 with the following conditions
Configure OSPF as per Diagram. Ensure Route-ID to be loopback 0 interface only on all device
Advertise ALS1 and DLS1 lo0 in Area 0 and DLS2, ALS2 into Area 1. Area 2 must confirm to RFC 1587 standards to disallow external LSA.
Use Route-map to publish 126.96.36.199 into R3. ALS2 must filter prefix 188.8.131.52, no ACL is allowed. It should also only allow 184.108.40.206 into backbone and no other Route. Ensure that R2 can ping 220.127.116.11
note: you will have to do Task4 before it
Redistribute all RIP routes into OSPF with incremental metric and tag of 2000. Do not Redistribute OSPF into RIP however for connectivity provide with Default Route only to R5. you can't use static or default-Information command.
EIGRP AS-10 is pre configured on DLS1, DLS2 and R1. You need to optimize EIGRP for Hub and spoke setup DLS1 and DLS2 act as Spokes whereas R1 is hub. R1 has three loopback in major network 89.x.x.x. You must Redistribute them into EIGRP however they must appear as Internal routes on DLS1 and DLS2.
Perform Bi-directional Redistribution of EIGRP to OSPF and vice versa on DLS1 and DLS2.1. Summarize all prefix of 89.x.x.x on DLS1 and DLS2 into OSPF
1. Configure BGP as per Diagram R1 is in AS 65525. ALS1, ALS2, DLS1 and DLS2 are all in AS 65500. Use Peer group for saving memory and better performance
1. Peering should be in the following manner
2. R1 to peer with DLS1 and DLS2
3. ALS1 to peer with DLS1 only
4. ALS2 to peer with DLS2 only
5. DLS1 and DLS2
6. Ensure Peering is done using Loopback0 on all
2. Advertise lo100 in BGP on ALS2 ensure all routers in AS 65500 have this route. Ensure that R1 use DLS1 to reach it you can't use any route filters on neighbours, Local-prefrence, Weight, Med.
3. Create loopback200 on R8 IP address 18.104.22.168. Mark it with community 65525:200 65525:300 65525:400 ensure all router in AS 65500 can see the exact community value for this route
DSW2 will act as RP and mapping agent. DSW2 should serve group 22.214.171.124, 126.96.36.199.
Use DSW1 vlan100 to join group 188.8.131.52 and 184.108.40.206. R2 will act as source for 220.127.116.11 using lo191 and R6 will be source of 18.104.22.168 using lo66. Ensure both source can ping their groups respectively.
Spare-mode should be used on all
1. Zone based Policy Firewall
Configure ASW2 as firewall create two zones name inbound and outbound put vlan45 into inbound and vlan65 into outbound. put no restriction on ICMP traffic in either direction however do not inspect it in any direction.
a. Allow web and remote management traffic from inbound to outbound sourced from lo66
b. allow telnet towards lo66
note: ensure everything else work properly after Firewall implementation
a. DLS1 as NTP server and R3 as client. use GMT plus 5.30 and current time. password is cisco
b. DLS1 must use lo0 for NTP and should server only 22.214.171.124 for updates
a. Ensure that when Inside host 126.96.36.199 telnet public IP 100.100.100.200 it should land up on DLS2 lo0 which will see the source address as 172.16.65.6.
b. Don't use Dynamic NAT