Objectives
- Understand the principles and functionality of standard IP Access Control Lists (ACLs).
- Learn the configuration mechanisms of CHAP authentication and DHCP services on routers.
- Gain familiarity with basic wireless router setup in a simulated home network environment.
Lab Tasks
- Configure a standard IP ACL to filter traffic.
- Implement CHAP authentication between two routers.
- Set up a DHCP server on a router to assign IP addresses dynamically.
- Configure Network Address Translation (NAT) for internal-to-external communication.
- Deploy and verify connectivity in a basic wireless LAN using a simulated wireless router.
Environment
- Hardware: Standard PC.
- Software: Windows OS, Cisco Packet Tracer 7.0.
Procedures and Implementation
1. Standard IP Access Control List (ACL)
Three PCs and two routers (Router0 and Router1) are interconnected: PCs connect to their respective routers via crossover cables, and the routers link through a serial DCE cable.
- Assign static IPs to all three PCs.
- Configure basic routing (e.g., static or RIP) on both routers to ensure initial end-to-end reachability.
- From PC0 and PC1, verify connnectivity to PC2 using
ping. - On Router0, apply a standard ACL to block traffic from a specific source: ```
Router0(config)# access-list 1 deny 192.168.1.10
Router0(config)# access-list 1 permit any
Router0(config)# interface GigabitEthernet0/0
Router0(config-if)# ip access-group 1 out
- Re-test pings: traffic from the denied host should fail, while others succeed.
2. CHAP Authentication
Two Cisco 2811 routers are connected via a serial link.
- On R1: ```
R1(config)# username R2 password secret123
R1(config)# interface Serial0/0/0
R1(config-if)# encapsulation ppp
R1(config-if)# ppp authentication chap
- On R2: ```
R2(config)# username R1 password secret123
R2(config)# interface Serial0/0/0
R2(config-if)# encapsulation ppp
R2(config-if)# ppp authentication chap
- Verify link status with
show interfaces serial0/0/0; successful CHAP negotiation confirms secure authentication.
3. DHCP Server Configuration
Two routers (R1 as DHCP server, R2 as client relay) and two PCs are set up.
- Configure PC0 and PC1 to obtain IP settings via DHCP.
- On R1 (DHCP server): ```
R1(config)# ip dhcp pool LAN_POOL
R1(dhcp-config)# network 192.168.10.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.10.1
R1(dhcp-config)# dns-server 8.8.8.8
- On R2 (interfacing the client subnet), configure an IP helper: ```
R2(config)# interface GigabitEthernet0/1
R2(config-if)# ip helper-address 10.0.0.1 ! Assuming R1's interface IP
- Verify that both PCs receive valid IP configurations via
ipconfig /all.
4. Network Address Translasion (NAT)
A topology includes one internal PC, one external server, a switch, and two routers (R0 as edge router, R1 as ISP gateway).
- Assign private IP (e.g., 192.168.1.10) to the PC and public IP (e.g., 203.0.113.10) to the server.
- On R0 (internal edge): ```
R0(config)# interface GigabitEthernet0/0
R0(config-if)# ip nat inside
R0(config)# interface Serial0/0/0
R0(config-if)# ip nat outside
R0(config)# access-list 10 permit 192.168.1.0 0.0.0.255
R0(config)# ip nat inside source list 10 interface Serial0/0/0 overload
- On R1, ensure a route back to the translated address space.
- From the PC, ping and access the server’s web page successfully—demonstrating NAT-enabled Internet access.
5. Wireless Router Deployment
A WET300N wireless router connects to a server via Ethernet and wirelessly serves three PCs.
- Enable DHCP on the wireelss router (default behavior in most consumer devices).
- On any PC, run
ipconfigto confirm receipt of an IP (e.g., 192.168.0.x), gateway, and DNS. - Open a web browser and navigate to the router’s management IP (commonly 192.168.0.1) to access its configuration interface—verifying administrative access over Wi-Fi.
Key Outcomes
- Standard ACLs effectively control traffic flow based on source IP.
- CHAP provides secure, authenticated point-to-point links.
- Router-based DHCP automates IP assignment, reducing manual configuration overhead.
- NAT enables private networks to communicate with public services using limited public IPs.
- Wireless routers support seamless client integration and centralized management in SOHO environments.