Step 1: Cable and configure the current network
a. Cable the topology given in the diagram. Ensure that power has been applied to both the host
computer and router.
b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the
hostname and interfaces shown in the table.
c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be
configured on the three routers to establish data communications.
d. From PC1, ping PC2 and Discovery Server to confirm network connectivity. Troubleshoot and
establish connectivity if the pings fail.
Step 2: Configure NetFlow on router FC-CPE-1 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.
FC-CPE-1(config)#interface fastethernet 0/0
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#interface fastethernet 0/1
FC-CPE-1(config-if)#ip flow ingress
FC-CPE-1(config-if)#ip flow egress
FC-CPE-1(config-if)#end
Step 3: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface
command.
FC-CPE-1#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-1#clear ip flow stats
Step 4: Configure NetFlow on router FC-CPE-2 interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2:
FC-CPE-2(config)#interface fastethernet 0/0
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#interface fastethernet 0/1
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#interface serial 0/1/0
FC-CPE-2(config-if)#ip flow ingress
FC-CPE-2(config-if)#ip flow egress
FC-CPE-2(config-if)#end
Step 5: Verify the NetFlow configuration
a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface
command.
FC-CPE-2#show ip flow interface
FastEthernet0/0
ip flow ingress
ip flow egress
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
FC-CPE-2#clear ip flow stats
Step 6: Configure NetFlow on router ISP interfaces
From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:
ISP(config)#interface fastethernet 0/1
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#interface serial 0/1/0
ISP(config-if)#ip flow ingress
ISP(config-if)#ip flow egress
ISP(config-if)#end
Step 7: Verify the NetFlow configuration
a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.
ISP#show ip flow interface
FastEthernet0/1
ip flow ingress
ip flow egress
Serial0/1/0
ip flow ingress
ip flow egress
Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not
displayed.
b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are
reset:
ISP#clear ip flow stats
Step 8: Create network data traffic
Ideally, a range of network application data flows between the trusted extranet host PC2 and PC1 on the
FilmCompany LAN should be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab.
To simulate data traffic between the two PCs:
a. Ping between them.
b. Attempt to establish a Telnet session between the two PCs.
c. If you have rights, enable file sharing and copy a file in both directions between the two PCs.
Step 9: View the data flows
a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow
command from privileged EXEC mode on each router.
FC-CPE-1#show ip cache verbose flow
FC-CPE-2#show ip cache verbose flow
ISP#show ip cache verbose flow
Router 1 – Output
FC-CPE-1#show ip cache verbose flow
IP packet size distribution (12 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
0 active, 4096 inactive, 12 added
192 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 8 added, 8 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:03:38
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
UDP-DNS 2 0.0 1 70 0.0 0.0 15.7
UDP-other 10 0.0 1 87 0.0 0.0 15.5
Total: 12 0.0 1 84 0.0 0.0 15.5
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
FC-CPE-1#
Router 2 – Output
FC-CPE-2#show ip cache verbose flow
IP packet size distribution (5223 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .303 .030 .142 .031 .034 .001 .002 .001 .000 .000 .004 .000 .075 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .020 .351 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
9 active, 4087 inactive, 62 added
1970 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 20 added, 20 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:04:31
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 18 0.0 3 45 0.2 3.6 10.9
TCP-other 4 0.0 1 40 0.0 0.0 15.5
UDP-DNS 2 0.0 1 70 0.0 0.0 15.4
UDP-other 22 0.0 1 53 0.0 0.0 15.3
ICMP 8 0.0 14 60 0.4 13.9 15.2
Total: 54 0.2 3 54 0.7 3.2 13.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Fa0/1 0.0.0.0 Null 255.255.255.255 11 00 10 222
0044 /0 0 0043 /0 0 0.0.0.0 604 1356.9
Fa0/1 10.0.0.200 Se0/1/0 10.20.0.200 06 00 18 1368
01BD /0 0 06AA /0 0 0.0.0.0 970 184.9
Fa0/1 10.0.0.200 Se0/1/0* 10.20.0.200 06 00 18 1368
01BD /0 0 06AA /0 0 0.0.0.0 970 184.9
FFlags: 01
Se0/1/0 10.20.0.200 Fa0/0 172.17.1.1 11 00 10 5
0404 /0 0 0035 /0 0 0.0.0.0 62 4.3
Se0/1/0 10.20.0.200 Fa0/0* 172.17.1.1 11 00 10 5
0404 /0 0 0035 /0 0 0.0.0.0 62 4.3
FFlags: 01
Fa0/0 172.17.1.1 Se0/1/0* 10.20.0.200 11 00 10 5
0035 /0 0 0404 /0 0 0.0.0.0 62 4.3
FFlags: 01
Fa0/0 172.17.1.1 Se0/1/0 10.20.0.200 11 00 10 5
0035 /0 0 0404 /0 0 0.0.0.0 62 4.3
Se0/1/0 10.20.0.200 Fa0/1 10.0.0.200 06 00 18 1152
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
06AA /0 0 01BD /0 0 0.0.0.0 71 184.9
Se0/1/0 10.20.0.200 Fa0/1* 10.0.0.200 06 00 18 1210
06AA /0 0 01BD /0 0 0.0.0.0 71 194.7
FFlags: 01
Fa0/0 10.10.0.1 Null 224.0.0.9 11 C0 10 1
0208 /0 0 0208 /0 0 0.0.0.0 52 0.0
IPM: 0 0
FC-CPE-2#
Router 3 – Output
ISP#show ip cache verbose flow
IP packet size distribution (6724 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .306 .029 .138 .031 .032 .001 .001 .001 .000 .000 .003 .000 .080 .001
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .008 .362 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
5 active, 4091 inactive, 54 added
1881 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 12 added, 12 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:05:44
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 18 0.0 3 45 0.1 3.6 10.7
TCP-other 4 0.0 1 40 0.0 0.0 15.7
UDP-DNS 4 0.0 3 63 0.0 2.1 15.5
UDP-other 16 0.0 1 77 0.0 0.0 15.4
ICMP 8 0.0 14 60 0.3 13.4 15.5
Total: 50 0.1 4 58 0.6 3.6 13.7
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Se0/1/0 10.0.0.200 Fa0/1 10.20.0.200 06 00 18 1794
01BD /0 0 06AA /0 0 0.0.0.0 989 245.1
Se0/1/0 10.0.0.200 Fa0/1* 10.20.0.200 06 00 18 1794
01BD /0 0 06AA /0 0 0.0.0.0 989 245.1
FFlags: 01
Fa0/1 10.20.0.200 Se0/1/0 10.0.0.200 06 00 18 1502
06AA /0 0 01BD /0 0 0.0.0.0 69 245.0
Fa0/1 10.20.0.200 Se0/1/0* 10.0.0.200 06 00 18 1502
06AA /0 0 01BD /0 0 0.0.0.0 69 245.0
FFlags: 01
ISP#
b. Examine the output and record the different data flows for each router.
c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from
the previous Labs and the implications this has in understanding which network devices and
resources are used for particular flows.
Step 10: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
This lab simulates the flow of traffic to and from FilmCompany and from selected trusted partners and
customers. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access from trusted sites would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN.
On the FilmCompany initial current network topology shown on the next page, add two trusted remote site
hosts attached to the “far” side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study, initially the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Then, using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different extranet data flows between the trusted remote hosts and devices on the FilmCompany network. Diagram traffic flows to and from selected trusted partners, customers, and vendors.
Tidak ada komentar:
Posting Komentar