Router Security Configuration Lab: ACLs, CHAP, DHCP, NAT, and Wireless Setup

Objectives

  • Understand the principles and functionality of standard IP Access Control Lists (ACLs).
  • Learn the configuration mechanisms of CHAP authentication and DHCP services on routers.
  • Gain familiarity with basic wireless router setup in a simulated home network environment.

Lab Tasks

  1. Configure a standard IP ACL to filter traffic.
  2. Implement CHAP authentication between two routers.
  3. Set up a DHCP server on a router to assign IP addresses dynamically.
  4. Configure Network Address Translation (NAT) for internal-to-external communication.
  5. Deploy and verify connectivity in a basic wireless LAN using a simulated wireless router.

Environment

  • Hardware: Standard PC.
  • Software: Windows OS, Cisco Packet Tracer 7.0.

Procedures and Implementation

1. Standard IP Access Control List (ACL)

Three PCs and two routers (Router0 and Router1) are interconnected: PCs connect to their respective routers via crossover cables, and the routers link through a serial DCE cable.

  1. Assign static IPs to all three PCs.
  2. Configure basic routing (e.g., static or RIP) on both routers to ensure initial end-to-end reachability.
  3. From PC0 and PC1, verify connnectivity to PC2 using ping.
  4. On Router0, apply a standard ACL to block traffic from a specific source: ``` Router0(config)# access-list 1 deny 192.168.1.10 Router0(config)# access-list 1 permit any Router0(config)# interface GigabitEthernet0/0 Router0(config-if)# ip access-group 1 out
  5. Re-test pings: traffic from the denied host should fail, while others succeed.

2. CHAP Authentication

Two Cisco 2811 routers are connected via a serial link.

  1. On R1: ``` R1(config)# username R2 password secret123 R1(config)# interface Serial0/0/0 R1(config-if)# encapsulation ppp R1(config-if)# ppp authentication chap
  2. On R2: ``` R2(config)# username R1 password secret123 R2(config)# interface Serial0/0/0 R2(config-if)# encapsulation ppp R2(config-if)# ppp authentication chap
  3. Verify link status with show interfaces serial0/0/0; successful CHAP negotiation confirms secure authentication.

3. DHCP Server Configuration

Two routers (R1 as DHCP server, R2 as client relay) and two PCs are set up.

  1. Configure PC0 and PC1 to obtain IP settings via DHCP.
  2. On R1 (DHCP server): ``` R1(config)# ip dhcp pool LAN_POOL R1(dhcp-config)# network 192.168.10.0 255.255.255.0 R1(dhcp-config)# default-router 192.168.10.1 R1(dhcp-config)# dns-server 8.8.8.8
  3. On R2 (interfacing the client subnet), configure an IP helper: ``` R2(config)# interface GigabitEthernet0/1 R2(config-if)# ip helper-address 10.0.0.1 ! Assuming R1's interface IP
  4. Verify that both PCs receive valid IP configurations via ipconfig /all.

4. Network Address Translasion (NAT)

A topology includes one internal PC, one external server, a switch, and two routers (R0 as edge router, R1 as ISP gateway).

  1. Assign private IP (e.g., 192.168.1.10) to the PC and public IP (e.g., 203.0.113.10) to the server.
  2. On R0 (internal edge): ``` R0(config)# interface GigabitEthernet0/0 R0(config-if)# ip nat inside R0(config)# interface Serial0/0/0 R0(config-if)# ip nat outside R0(config)# access-list 10 permit 192.168.1.0 0.0.0.255 R0(config)# ip nat inside source list 10 interface Serial0/0/0 overload
  3. On R1, ensure a route back to the translated address space.
  4. From the PC, ping and access the server’s web page successfully—demonstrating NAT-enabled Internet access.

5. Wireless Router Deployment

A WET300N wireless router connects to a server via Ethernet and wirelessly serves three PCs.

  1. Enable DHCP on the wireelss router (default behavior in most consumer devices).
  2. On any PC, run ipconfig to confirm receipt of an IP (e.g., 192.168.0.x), gateway, and DNS.
  3. Open a web browser and navigate to the router’s management IP (commonly 192.168.0.1) to access its configuration interface—verifying administrative access over Wi-Fi.

Key Outcomes

  • Standard ACLs effectively control traffic flow based on source IP.
  • CHAP provides secure, authenticated point-to-point links.
  • Router-based DHCP automates IP assignment, reducing manual configuration overhead.
  • NAT enables private networks to communicate with public services using limited public IPs.
  • Wireless routers support seamless client integration and centralized management in SOHO environments.

Tags: Cisco Packet Tracer IP ACL CHAP DHCP NAT

Posted on Wed, 01 Jul 2026 16:31:21 +0000 by Crogge