Step 1
First configure snmp agent on the cisco routers. Set up a read only community of public, and use ACL 10 to restrict SNMP access to only allow from 10.XX.0.0/16, 131.94.132.0/24, and 10.90.0.0/16.
Step 2
Configure snmp on juniper routers, community public, read only and restrict access to same set of netblocks as in step 1.
Step 3
Then make sure that ws1 is up, then ping ws1 from ocelot.aul.fiu.edu. Set the environment variable MIBS to be ALL so that you will make use of all the available mib translation files. Then you will do a snmpwalk of the .iso.org.dod.internet.mgmt.mib-2.interfaces, .iso.org.dod.internet.mgmt.mib-2.at, and iso.org.dod.internet.mgmt.mib-2.ip.ipAddrTable tables on R2 from ocelot.aul.fiu.edu and save to a file. You will use data from this file to answer questions below.
ping 10.XX.1.100 (do this ping first to be certain that some arp table entries exist.) ctrl-c setenv MIBS ALL snmpwalk -v2c -Of -c public 10.XX.0.2 .iso.org.dod.internet.mgmt.mib-2.interfaces > r2.snmpwalk snmpwalk -v2c -Of -c public 10.XX.0.2 .iso.org.dod.internet.mgmt.mib-2.at >> r2.snmpwalk #the >> appends to the file snmpwalk -v2c -Of -c public 10.XX.0.2 .iso.org.dod.internet.mgmt.mib-2.ip.ipAddrTable >> r2.snmpwalk #the >> appends to the file
From the R2 snmpwalk file you will need to answer the following questions.
Question 1. Show the lines that indicate the MAC addresses for each interface on R2. These can be found in the interfaces subsection of the MIB. You will turn in the ifDescr entry for each Layer3 ethernet interface (IE each interface that has a IP address) Description should be EthX/Y.Z (Z part will only be there for the vlan sub interfaces) or Null0 and the ifPhysAddress for each corresponding interface.
Question 2. Now look at the at.atTable OIDS on R2. Show the atIfIndex and atPhysAddress lines and note which interface each MAC address is seen on by correlating with the interface data from above. Turn in the atIfIndex and atPhysAddress oids for each MAC address in R2, and make a note of which interface (by name) each mac address is seen on. There will be a number lines for each atIfIndex and atPhysAddress.
As an example, if the at.atTable looked like this:
.iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.2.1.10.20.0.1 = INTEGER: 2 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.2.1.10.20.0.2 = INTEGER: 2 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.2.1.10.20.0.3 = INTEGER: 2 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.2.1.10.20.0.20 = INTEGER: 2 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.4.1.10.20.3.1 = INTEGER: 4 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.4.1.10.20.3.2 = INTEGER: 4 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.7.1.10.20.1.2 = INTEGER: 7 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.7.1.10.20.1.3 = INTEGER: 7 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.7.1.10.20.1.100 = INTEGER: 7 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.8.1.10.20.1.130 = INTEGER: 8 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.8.1.10.20.1.131 = INTEGER: 8 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atIfIndex.8.1.10.20.1.150 = INTEGER: 8 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.2.1.10.20.0.1 = Hex-STRING: 52 54 00 C8 F7 60 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.2.1.10.20.0.2 = Hex-STRING: CA CA 4E 34 00 1C .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.2.1.10.20.0.3 = Hex-STRING: CA CB 4E 35 00 1C .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.2.1.10.20.0.20 = Hex-STRING: 52 54 00 48 C7 71 .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.4.1.10.20.3.1 = Hex-STRING: CA CA 4E 34 00 1E .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.4.1.10.20.3.2 = Hex-STRING: CA 60 2E 9E 00 1E .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.7.1.10.20.1.2 = Hex-STRING: CA CA 4E 34 00 1D .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.7.1.10.20.1.3 = Hex-STRING: CA CB 4E 35 00 1D .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.7.1.10.20.1.100 = Hex-STRING: 52 54 00 7A 47 ED .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.8.1.10.20.1.130 = Hex-STRING: CA CA 4E 34 00 1D .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.8.1.10.20.1.131 = Hex-STRING: CA CB 4E 35 00 1D .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atNetAddress.8.1.10.20.1.150 = Network Address: 0A:14:01:96and interfaces.ifTable.ifEntry.ifDescr table looked like
.iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.1 = STRING: FastEthernet0 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.2 = STRING: Ethernet1/0 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.3 = STRING: Ethernet1/1 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.4 = STRING: Ethernet1/2 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.5 = STRING: Ethernet1/3 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.6 = STRING: Null0 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.7 = STRING: Ethernet1/1.201-802.1Q vLAN subif .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.8 = STRING: Ethernet1/1.202-802.1Q vLAN subifyou would correlate each IP address from the atIfIndex to a interface (via the OID and the ifTable.ifEntry.ifDescr table) and then correlate the atPhysAddress with that to turn in:
.iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.2.1.10.20.0.1 = Hex-STRING: 52 54 00 C8 F7 60 ( SEEN ON ethernet1/0) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.2.1.10.20.0.2 = Hex-STRING: CA CA 4E 34 00 1C ( SEEN ON ethernet1/0) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.2.1.10.20.0.3 = Hex-STRING: CA CB 4E 35 00 1C ( SEEN ON ethernet1/0) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.2.1.10.20.0.20 = Hex-STRING: 52 54 00 48 C7 71 ( SEEN ON ethernet1/0) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.4.1.10.20.3.1 = Hex-STRING: CA CA 4E 34 00 1E ( SEEN ON ethernet1/2) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.4.1.10.20.3.2 = Hex-STRING: CA 60 2E 9E 00 1E ( SEEN ON ethernet1/2) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.7.1.10.20.1.2 = Hex-STRING: CA CA 4E 34 00 1D ( SEEN ON ethernet1/1.201 ) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.7.1.10.20.1.3 = Hex-STRING: CA CB 4E 35 00 1D ( SEEN ON ethernet1/1.201 ) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.7.1.10.20.1.100 = Hex-STRING: 52 54 00 7A 47 ED ( SEEN ON ethernet1/1.201 ) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.8.1.10.20.1.130 = Hex-STRING: CA CA 4E 34 00 1D ( SEEN ON ethernet1/1.202 ) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atPhysAddress.8.1.10.20.1.131 = Hex-STRING: CA CB 4E 35 00 1D ( SEEN ON ethernet1/1.202 ) .iso.org.dod.internet.mgmt.mib-2.at.atTable.atEntry.atNetAddress.8.1.10.20.1.150 = Network Address: 0A:14:01:96 ( SEEN ON ethernet1/1.202 )Question 3. The border router for the SCIS has been set up to allow read only SNMP access using community cnt4504. On ocelot.aul.fiu.edu use traceroute to google.com to find the border router (last router in trace with address in 131.94.128.0/21) and then use snmpwalk to collect interface and IP information on the department border router you have identified. Be sure to use community cnt4504 (not public). Turn in a report which lists each interface on the router that has an IP address assigned to it, its state (administrative and operational) and the IP address/netmask assigned to it. Example of format:
interface name admin state oper state ip address vlan100 down down 131.94.111.222/20 vlan101 up up 131.94.222.111/24 vlan102 up up 131.94.222.111/24You will need to correlate data from the interfaces.ifTable table and ip.ipAddrTable table to answer this question. Since this router is a both a layer 2 switch and layer 3 router, I would start with the ip.ipAddrTable to see which "interfaces" have IP (layer 3 addresses) then once you have the OID collect the name and status from interfaces.ifTable
Grading:
Configure of junos and cisco routers - 10 points Mac address to interface correlation (question 1) - 5 points Arp table on R2 (question 2) - 5 points Interface info from border router (question 3) - 5 points