Lab 8.5.3 Configuring the PIX Firewall as a DHCP Server



Similar documents
Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Lab Configure IOS Firewall IDS

Lab Configuring Access Policies and DMZ Settings

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Lab Diagramming External Traffic Flows

1 PC to WX64 direction connection with crossover cable or hub/switch

Lab Diagramming Intranet Traffic Flows

Lab Configure Intrusion Prevention on the PIX Security Appliance

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

1. Hardware Installation

Lab Configure Remote Access Using Cisco Easy VPN

Using Cisco UC320W with Windows Small Business Server

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Symphony Network Troubleshooting

Lab PC Network TCP/IP Configuration

Skills Assessment Student Training Exam

Lab a Configure Remote Access Using Cisco Easy VPN

Lab Configuring DHCP with SDM and the Cisco IOS CLI

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

Prestige 324. Prestige 324. Intelligent Broadband Sharing Gateway. Version 3.60 January 2003 Quick Start Guide

Device Interface IP Address Subnet Mask Default Gateway

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Connecting the DG-102S VoIP Gateway to your network

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Lab Configuring Access Policies and DMZ Settings

Configuration Guide. DHCP Server. LAN client

Lab Developing ACLs to Implement Firewall Rule Sets

Prestige 650R-31/33 Read Me First

Chapter 2 Preparing Your Network

HOW TO CONFIGURE CISCO FIREWALL PART I

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

- The PIX OS Command-Line Interface -

BROADBAND INTERNET ROUTER USER S MANUAL. Version Page 1 of 13 -

Prestige 324 Quick Start Guide. Prestige 324. Intelligent Broadband Sharing Gateway. Version V3.61(JF.0) May 2004 Quick Start Guide

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Wireless G Broadband quick install

DSL- G604T Frequently asked Questions.

LAN TCP/IP and DHCP Setup

Step-by-Step Guide for Setting Up IPv6 in a Test Lab

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Lab Creating a Logical Network Diagram

LevelOne. User Manual. FBR-1430 VPN Broadband Router, 1W 4L V1.0

Deploying Secure Internet Connectivity

Chapter 15: Advanced Networks

Savvius Insight Initial Configuration

Broadband Router ALL1294B

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version /2004

Use this guide if you are no longer able to scan to Sharpdesk. Begin with section 1 (easiest) and complete all sections only if necessary.

Self Help Guide. Please read the following carefully; Synopsis: Requirements: A Computer with a working RJ45 LAN Port All Belkin Modem Routers

Pre-lab and In-class Laboratory Exercise 10 (L10)

Part A:Background/Preparation

IP Address and Pre-configuration Information

Configuring the Content Routing Software

DHCP Server. Heng Sovannarith

Lab Load Balancing Across Multiple Paths

Topic 7 DHCP and NAT. Networking BAsics.

Client and Server System Requirements

CCNA Exploration: Accessing the WAN Chapter 7 Case Study

TW100-BRV204 VPN Firewall Router

50.XXX is based on your station number

Basic IPv6 WAN and LAN Configuration

Steltronic Focus. Main Desk Internet connection

Basics of Port Forwarding on a Router for Security DVR s

Multifunctional Broadband Router User Guide. Copyright Statement

Application Note: Upgrading Interceptor software with FTP server on local PC

Configuring Routers and Their Settings

Classroom Management network FAQ and troubleshooting

How to configure your Thomson SpeedTouch 780WL for ADSL2+

Lab - Observing DNS Resolution

Debugging Network Communications. 1 Check the Network Cabling

How to Remotely View Security Cameras Using the Internet

This techno knowledge paper can help you if: You need to setup a WAN connection between a Patton Router and a NetGuardian.

Configuring a customer owned router to function as a switch with Ultra TV

Prestige 314 Read Me First

Understanding Windows Server 2003 Networking p. 1 The OSI Model p. 2 Protocol Stacks p. 4 Communication between Stacks p. 13 Microsoft's Network

F-SECURE MESSAGING SECURITY GATEWAY

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Lab: Basic Router Configuration

LAB Configuring NAT. Objective. Background/Preparation

Lab Configure Cisco IOS Firewall CBAC

Lab Configure Basic AP Security through IOS CLI

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

HREP Series DVR DDNS Configuration Application Note

TW100-BRF114 Firewall Router. User's Guide. Cable/DSL Internet Access. 4-Port Switching Hub

H0/H2/H4 -ECOM100 DHCP & HTML Configuration. H0/H2/H4--ECOM100 DHCP Disabling DHCP and Assigning a Static IP Address Using HTML Configuration

Mobility System Software Quick Start Guide

Cisco Configuration Professional Quick Start Guide

Packet Tracer - Subnetting Scenario 1 (Instructor Version)

Installation of MicroSoft Active Directory

Digi Connect WAN Application Helper Configuring and Testing the Digi Connect WAN GSM

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

CYAN SECURE WEB APPLIANCE. User interface manual

3.5 EXTERNAL NETWORK HDD. User s Manual

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Protecting the Home Network (Firewall)

EDGE FX Network configuration

How to Configure an Initial Installation of the VMware ESXi Hypervisor

SETTING UP REMOTE ACCESS FOR Q-SEE DVR SYSTEMS MODEL NUMBER: QC40198

Transcription:

Lab 8.5.3 Configuring the PIX Firewall as a DHCP Server Objective Scenario Estimated Time: 15 minutes Number of Team Members: Two teams with four students per team. In this lab, students will learn the following objectives: Define a DHCP address pool Define a DHCP domain name Verify DHCP settings on a PIX Firewall Verify DHCP on a PC Dynamic Host Configuration Protocol (DHCP) is a method of automatically assigning a TCP/IP address from a pool of addresses to a requesting client. DHCP eliminates the need to manually assign static IP addresses. Implementing DHCP client and server features in the PIX significantly eases deployment into cable and digital subscriber line (DSL) broadband environments, where static IP addresses can be costly and cumbersome to maintain. A PIX Firewall can provide DHCP services for hosts located on the trusted network, allowing it to automatically assign IP addresses to machines that are configured for dynamic addressing. A DHCP server is simply a computer that provides configuration parameters to a DHCP client. A DHCP client is a computer or network device that uses DHCP to obtain network configuration parameters. Note: Version 5.2 or higher, the PIX Firewall DHCP server daemon can only be enabled on the inside interface, and does not support clients that are not directly connected to the inside interface. 1-6 Fundamentals of Network Security v 1.0 - Lab 8.5.3 Copyright 2003, Cisco Systems, Inc.

Topology This figure illustrates the lab network environment. Preparation Verify the standard PIX configuration on the pod firewall and test the connectivity. Access the PIX console port using the terminal emulator on the student PC. If desired, save the configuration to a text file for later analysis. Refer back to the Student Lab Orientation if more help is needed. Tools and Resources In order to complete the lab, the standard lab topology is required: Two pod PIX Firewalls Two student PCs One SuperServer Additional materials Backbone switch and one backbone router Two console cables and HyperTerminal Further information about the objectives covered in this lab can be found at, http://www.cisco.com/en/us/products/sw/secursw/ps2120/products_command_reference_book0918 6a0080104234.html 2-6 Fundamentals of Network Security v 1.0 - Lab 8.5.3 Copyright 2003, Cisco Systems, Inc.

Command list In this lab exercise, the following commands will be used. Refer to this list if assistance or help is needed during the lab exercise. Command dhcpd address ip1[-ip2] [if_name] dhcpd domain domain_name dhcpd lease lease_length show dhcpd [binding statistics] Description This command defines the IP pool address range. The size of the pool is limited to 32 addresses with a 10- user license and 128 addresses with a 50-user license on the PIX 501. All other PIX Firewall platforms support 256 addresses. This command defines the DNS domain name. For example, example.com. This command defines the length of the lease, in seconds, granted to DHCP client from the DHCP server. The lease indicates how long the client can use the assigned IP address. The default is 3600 seconds. The minimum lease length is 300 seconds, and the maximum lease length is 2,147,483,647 seconds. Displays the binding and statistics information associated with the dhcpd commands. Step 1 Verify the PIX Firewall Inside IP Address Complete the following steps to verify the PIX Firewall inside IP address: a. Display the currently configured IP addresses: PixP(config)# show ip address b. Ensure that the IP address on the inside interface is 10.0.P.1. c. Establish a connection to the web server at 172.26.26.50 by completing the following substeps: d. Open a web browser on the student PC. e. Use the web browser to access the web server by entering http://172.26.26.50. Step 2 Configure the PIX Firewall DHCP Server Feature Complete the following steps to configure the PIX Firewall DHCP server feature: a. In order to configure the PIX as a DHCP server, the inside interface is required to be configured with an IP address. This IP address is required to be on the same subnet as the pool of dynamically assigned DHCP addresses. To configure the DHCP address pool use the dhcpd address command in the Global Configuration mode. The PIX Firewall will assign the client one of the addresses from this pool to use for a given length of time. The default is the inside interface. Specify a range of addresses for the DHCP server to distribute: PixP (config)# dhcpd address 10.0.P.51-10.0.P.60 inside 3-6 Fundamentals of Network Security v 1.0 - Lab 8.5.3 Copyright 2003, Cisco Systems, Inc.

b. Specify the IP address of the Domain Name System (DNS) server the client will use: PixP (config)# dhcpd dns 10.0.P.75 1. What is the maximum number of DNS servers that can be entered? c. Specify the IP address of the WINS server the client will use: PixP (config)# dhcpd wins 10.0.P.76 d. Specify the lease length to be granted to the client. This lease equals the amount of time in seconds the client can use its allocated IP address before the lease expires. To configure the DHCP lease length use the dhcpd lease (lease length) command. The default value is 3600 seconds. e. Specify the lease length to grant the client as 3000: PixP (config)# dhcpd lease 3000 f. Configure the domain name the client will use: PixP (config)# dhcpd domain cisco.com g. Enable the DHCP daemon within the PIX Firewall to listen for DHCP client requests on the enabled interface: PixP (config)# dhcpd enable inside h. Display the DHCP configuration and binding: PixP (config)# show dhcpd dhcpd address 10.0.P.51-10.0.P.60 inside dhcpd dns 10.0.P.75 dhcpd wins 10.0.P.76 dhcpd lease 3000 dhcpd ping_timeout 750 dhcpd domain cisco.com dhcpd enable inside i. Save the DHCP configuration: PixP (config)# write memory Step 3 Test the PIX Firewall DHCP Server Feature Complete the following steps to test the PIX Firewall DHCP server feature: a. Reconfigure the student PC to obtain IP and DNS addresses from a DHCP server. b. Open a Windows 2000 command prompt, and release and renew the IP address: C:\> ipconfig /release C:\> ipconfig /renew 4-6 Fundamentals of Network Security v 1.0 - Lab 8.5.3 Copyright 2003, Cisco Systems, Inc.

c. Verify that the PIX Firewall assigned an IP address, subnet mask, DNS address, WINS address, and domain name to the student PC by opening a Windows 2000 command prompt and viewing the IP configuration: C:\> ipconfig /all 2. Fill in the information below: Connection-specific DNS suffix IP Address Subnet Mask Default Gateway If you are not using Windows 2000, please ask your instructor for the commands and instructions to check the DHCP configurations. d. Establish a connection to the web server at 172.26.26.50 by completing the following substeps: e. From the Student PC, ping 172.26.26.50. f. Open a web browser and access the web server by entering http://172.26.26.50. Step 4 Disable the DHCP on the Student PC Complete the following steps to reset the student PC: a. Disable DHCP on the student PC. Manually enter the following parameters: IP Address- 10.0.P.11 Subnet Mask - 255.255.255.0 Default Gateway - 10.0.P.1 b. Restart the computer. c. Log back into the computer. d. At a command prompt, verify that the configuration supplied by the PIX Firewall DHCP server has been removed, and that the following IP configuration exists on the student PC: C:\> ipconfig /all Hostname - StudentPCP DNS Server -(blank) DHCP Enabled -no IP Address - 10.0.P.11 Subnet Mask - 255.255.255.0 Default Gateway - 10.0.P.1 5-6 Fundamentals of Network Security v 1.0 - Lab 8.5.3 Copyright 2003, Cisco Systems, Inc.

Step 5 Disable the PIX Firewall DHCP Server Feature Complete the following steps to disable the PIX Firewall DHCP server feature: a. Clear all dhcpd commands, binding, and statistics information: PixP (config)# clear dhcpd b. Verify that the DHCP feature has been disabled: PixP (config)# show dhcpd c. Save the current configuration: PixP(config)# write memory 6-6 Fundamentals of Network Security v 1.0 - Lab 8.5.3 Copyright 2003, Cisco Systems, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information