Solusi kayaknya seperti ini dech :
R1
hostname R1
username R3 password 0 ciscoccna
username ccna password 0 ciscoccna
!
no ip domain-lookup
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.11.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
encapsulation frame-relay
frame-relay map ip 10.1.1.1 201
frame-relay map ip 10.1.1.2 201 broadcast
no keepalive
clock rate 4000000
!
interface Serial0/0/1
ip address 10.3.3.1 255.255.255.252
encapsulation ppp
ppp authentication chap
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
passive-interface default
network 10.0.0.0
network 192.168.10.0
network 192.168.11.0
no auto-summary
!
ip classless
!
ip access-list standard Anti-spoofing
permit 192.168.10.0 0.0.0.255
deny any
ip access-list standard VTY
permit 10.0.0.0 0.255.255.255
permit 192.168.10.0 0.0.0.255
permit 192.168.11.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
permit 192.168.30.0 0.0.0.255
!
ip dhcp pool Access1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
!
line con 0
line vty 0 4
access-class VTY in
login
end
R2
hostname R2
!
username ccna password 0 ciscoccna
!
no ip domain-lookup
interface Loopback0
ip address 209.165.200.245 255.255.255.224
ip access-group private in
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
ip access-group Anti-spoofing in
ip access-group TFTP out
ip nat outside
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
encapsulation frame-relay
frame-relay map ip 10.1.1.1 201 broadcast
frame-relay map ip 10.1.1.2 201
no keepalive
ip nat inside
!
interface Serial0/0/1
ip address 10.2.2.1 255.255.255.252
ip access-group R3-telnet in
ip nat inside
clock rate 4000000
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
passive-interface default
no passive-interface FastEthernet0/1
no passive-interface Serial0/0/0
no passive-interface Serial0/0/1
network 10.0.0.0
network 192.168.20.0
default-information originate
no auto-summary
!
ip nat inside source list NAT interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 209.165.200.226
!
ip access-list standard Anti-spoofing
permit 192.168.20.0 0.0.0.255
deny any
ip access-list standard NAT
permit 10.0.0.0 0.255.255.255
permit 192.168.0.0 0.0.255.255
ip access-list standard private
deny host 127.0.0.1
deny 10.0.0.0 0.255.255.255
deny 172.0.0.0 0.31.255.255
deny 192.168.0.0 0.0.255.255
permit any
ip access-list extended R3-telnet
deny tcp host 10.2.2.2 host 10.2.2.1 eq telnet
deny tcp host 10.3.3.2 host 10.2.2.1 eq telnet
deny tcp host 192.168.11.3 host 10.2.2.1 eq telnet
deny tcp host 192.168.30.1 host 10.2.2.1 eq telnet
permit ip any any
ip access-list standard TFTP
permit 192.168.20.0 0.0.0.255
!
line con 0
line vty 0 4
login
end
R3
hostname R3
username R1 password 0 ciscoccna
username ccna password 0 ciscoccna
no ip domain-lookup
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.11
encapsulation dot1Q 11
ip address 192.168.11.3 255.255.255.0
!
interface FastEthernet0/1.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
ip access-group Anti-spoofing in
!
interface Serial0/0/0
ip address 10.3.3.2 255.255.255.252
encapsulation ppp
ppp authentication chap
clock rate 4000000
!
interface Serial0/0/1
ip address 10.2.2.2 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
passive-interface default
no passive-interface Serial0/0/0
no passive-interface Serial0/0/1
no passive-interface FastEthernet0/1.11
no passive-interface FastEthernet0/1.30
network 10.0.0.0
network 192.168.11.0
network 192.168.30.0
no auto-summary
!
ip classless
!
!
ip access-list standard Anti-spoofing
permit 192.168.30.0 0.0.0.255
deny any
ip access-list standard VTY
permit 10.0.0.0 0.255.255.255
permit 192.168.10.0 0.0.0.255
permit 192.168.11.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
permit 192.168.30.0 0.0.0.255
!
line con 0
line vty 0 4
login
end
S1
hostname S1
no ip domain-lookup
vtp domain CCNA_Troubleshooting
vtp mode transparent
vtp password ciscoccna
vlan 10
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address dhcp
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
end
S2
hostname S2
no ip domain-lookup
spanning-tree vlan 11 priority 24576
spanning-tree vlan 30 priority 28672
!
interface FastEthernet0/1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/3
switchport trunk native vlan 99
switchport trunk allowed vlan 11,30
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk native vlan 99
switchport trunk allowed vlan 11,30
switchport mode trunk
interface Vlan1
no ip address
shutdown
!
interface Vlan11
ip address 192.168.11.2 255.255.255.0
line con 0
!
line vty 0 4
login
line vty 5 15
login
end
S3
hostname S3
no ip domain-lookup
spanning-tree vlan 30 priority 24576
spanning-tree vlan 11 priority 28672
interface FastEthernet0/1
switchport trunk allowed vlan 30
switchport mode trunk
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport trunk native vlan 99
switchport trunk allowed vlan 11,30
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk native vlan 99
switchport trunk allowed vlan 11,30
switchport mode trunk
interface Vlan1
no ip address
shutdown
interface Vlan30
ip address 192.168.30.2 255.255.255.0
!
ip default-gateway 192.168.30.1
line con 0
!
line vty 0 4
login
line vty 5 15
login
end
cisco 3560
