Home Outline Lectures Labs/Tutorials Resources

Static Routing and Access List Lab/Assignment 1 - Part 1

The work you do in this lab will form part of your first assignment. In this lab you are required to work in groups of two or at most three. Each group is to configure one router so it will participate in the following simple network:

Network diagram

Int. Router 1 Router 2 Router 3 Router 4
E0/0 192.168.100.200/24 192.168.100.201/24 192.168.100.202/24 192.168.100.203/24
E1/0 192.168.10.254/24 192.168.20.254/24 192.168.30.254/24 192.168.40.254/24
E1/1 192.168.11.254/24 192.168.21.254/24 192.168.31.254/24 192.168.41.254/24
E1/2 192.168.12.254/24 192.168.22.254/24 192.168.32.254/24 192.168.42.254/24
E1/3 192.168.13.254/24 192.168.23.254/24 192.168.33.254/24 192.168.43.254/24

Note the hub on your local subnets. It would normally never be connected like this! The "standard" way of connecting a LAN is to have a separate Ethernet switch for each subnet.

The function of the hub is to:

  1. Keep the Ethernet ports "up" (active link state).
  2. Provide an easy connection when you try to ping from your subnets. You won't have to keep swapping cables around.

This lab requires you to configure your router to participate in the specified networks and implement access control lists as follows:

  • Your router is to only allow out (to the "backbone" hub) packets that have a valid source address - ie. from the networks connected to Ethernet interfaces Ethernet1/0..3 on your router.
  • Your router is to allow in only packets having a valid from address. Here we interpret a valid address as being from any of the networks connected to any other routers interfaces Ethernet1/0..3 or from the central computer or from any other router's Ethernet0/0 interface.
  • Your router is to block access to and from "host number 10" on each of your subnets. This is for test purposes.
  • You are not to block other networks "host number 10" from accessing your subnets.

Laboratory Tasks

  1. Configure your router with the appropriate IP addresses.
  2. Establish static routes so that you can reach all of the networks that are directly attached to other routers.
  3. Confirm that you can reach the central computer from each (all four!) of your networks. Record evidence of this eg. capture four ping sessions. Note that you will probably have to use ifconfig command to change the IP address and default route/gateway on your Linux box in order to suit the network you are using it in (see ifconfig(8) and route(8) - happy man page reading!).
  4. If possible, confirm that you can reach the other group's routers - or better still, their computer (capture a ping session again). You won't be penalised if they can't get their router configured.
  5. Configure appropriate access lists and apply these to the appropriate interfaces.
  6. Confirm that that you have successfully blocked access to and from "host 10" on each of your subnets.
  7. Capture a ping packet from a "host 10" and the router's response to it. To do this, use the sniffer tool whilst running ping - the -c option for ping is helpful! Also capture a ping packet from a non-blocked host (eg. host 20) and the router's response to it.
  8. Record your router configuration (eg. a copy of the running-configuration).
  9. Record your router's routing table.

Analysis

  1. Dissect the router's response to a blocked "host 10" to see exactly what the router says. The aim is to find out what causes ping to report "packet filtered".
  2. Dissect the destination host's response to a non-blocked host to see exactly what the router says. How does this differ from the previous question?

Report

Printed evidence of your work is required as follows (to be submitted after both parts 1 and 2 have been completed):

  1. Your analysis of the routers responses to ping packets.
  2. A copy of your router configuration.
  3. A copy of your routing table.
  4. Discuss the effect of asymmetric filtering. "Who gets told a packet has been filtered?" "Who doesn't get told?"
  5. Include anything else about your investigations that will amaze or delight me.

Whilst your reports must be submitted individually, you are welcome to work in groups to undertake the investigation and research component. If you do this please identify this in your report.