Internet on the Internet ... a small update ...
One of the challenges in the creation of an ad-hoc client for a simulated internet on the internet is ensuring that the participant does not need to know what your addressing scheme is. Apart from confusing the poor soul with the addressing scheme, we need to hide their system from others.
With all this in mind, I am going down the route of having two clients.
- An advanced client, one where the user has full knowledge of our addressing scheme and can be trusted to create a system that will cause no chaos (we hope). In most cases this will be an experienced and trusted member of the Cisco teaching community.
- The adaptive client, using NAT, the user will 'eventually' have a locked down router capable of connecting to a fixed domain on the simulated internet. There will be an outer router with a 'suggested configuration' providing enough clues and addresses for the keen user to explore.
The reality for the adaptive clients is that we will share the configuration of the router facing the core system, but prevent any reconfiguration.
Follows is our first stab at the configuration ...
This is the router that will connect to the core and will eventually be locked down.
ip address dhcp
ip nat outside
encap dot1q 10
ip add 10.0.0.1 255.0.0.0
ip nat inside
encap dot1q 172
ip add 172.16.0.1 255.255.0.0
ip nat inside
encap dot1q 192
ip add 192.168.0.1 255.255.255.0
ip nat inside
router eigrp 99
network 18.104.22.168 0.0.0.255
redistribute static metric 4294967295 0 255 255 150
ip nat inside source list RelayNAT interface fastEthernet 0/0 overload
ip access-list extended RelayNAT
permit ip 192.168.0.0 0.0.255.255 any
permit ip 10.0.0.0 0.255.255.255 any
permit ip 172.16.0.0 0.31.255.255 any
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1.10 10
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1.172 10
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1.192 10
The following is the router that the user (aka student) will have access to), eventually it will have other interfaces and a suggested routing protocol redistributing the equal cost static router
hostname BehindNAT!interface FastEthernet0/1 no shut no ip address duplex auto speed auto!interface FastEthernet0/1.10 encapsulation dot1Q 10 ip address 10.0.0.2 255.0.0.0 no shut!interface FastEthernet0/1.172 encapsulation dot1Q 172 ip address 172.16.0.2 255.255.0.0 no shut!interface FastEthernet0/1.192 encapsulation dot1Q 192 ip address 192.168.0.2 255.255.255.0 no shut!ip route 0.0.0.0 0.0.0.0 10.0.0.1 10ip route 0.0.0.0 0.0.0.0 172.16.0.1 10ip route 0.0.0.0 0.0.0.0 192.168.0.1 10!
Whilst it is still a work in progress, I am sure you can begin to see how the idea is evolving.