CCNA Routing Routing and Switching Essentials
and
Switching
Practice Skills Assessment – Packet Tracer
A few things to keep in mind while completing this activity: 1. Do not use the br owser Back but ton or clo se or rel oad any exam wi ndows during the exam. 2. Do not close acket !racer when you are done. "t will close automatically. #. $lick the %ubmit Assessment button in the browser window to submit your work. Introduction
"n this practice skills assessment& you will configure the 'ur !own network with single(area '%)v2. "n addition& you will configure router(on(a(stick routing between *+A,s. -ou will also implement ,A!& D$ and access lists. All IOS device configurations should e com!leted from a direct terminal connection to the device console" Some values that are re#uired to com!lete the configurations have not een given to $ou" In those cases% create the values that $ou need to com!lete the re#uirements" These values ma$ include certain IP addresses% !asswords% interface descri!tions% anner te&t% and other values"
)or the sake of time& many repetitive but important configuration tasks have been omitted from this activity. /any of these tasks& especially those related to device security& are essential elements of a network configuration. !he intent of this activity is not to diminish the importance of full device configurations. 'ou will !ractice and e assessed on the following skills( •
$onfiguration of initial device settings
•
"v0 address assignment
•
$onfiguration and addressing of router interfaces
•
$onfiguration of a router as a D$ server
•
"mplementation of static and dynamic ,A!
•
$onfiguration of the single(area '%)v2 routing protocol
•
$onfiguration of a default route and static summary routes
•
$onfiguration of *+A,s and trunks
•
$onfiguration of routing between *+A,s
•
$onfiguration of A$+ to limit device access
'ou are re#uired to configure the following( Police( •
$onfiguration of initial router settings
•
"nterface configuration and "v0 addressing
•
$onfiguration of D$
•
$onfiguration of multiarea '%)v2
•
$onfiguration of routing between *+A,s
Central( •
"nterface configuration and "v0 addressing
•
$onfiguration of multiarea '%)v2
•
$onfiguration of "v0 route summariation
•
$onfiguration and propagation of a default route
•
$onfiguration of static summary routes
•
$onfiguration of static and dynamic ,A!
•
$onfiguration of A$+s
)ire( •
"nterface configuration and "v0 addressing
•
$onfiguration of multiarea '%)v2
•
$onfiguration of a static summary route
Police*S+,( •
$onfiguration of *+A,s
•
Assignment of switch ports to *+A,s
•
$onfiguration of trunking
•
$onfiguration of unused switch ports
Police*S+-( •
$onfiguration of *+A,s
•
Assignment of switch ports to *+A,s
•
$onfiguration of trunking
•
$onfiguration of unused switch ports
Internal PC hosts( •
$onfiguration as D$ clients
Addressing Tales
,ote: -ou are provided with the networks that interfaces should be configured on. nless you are told to do differently in the detailed instructions below& you are free to choose the host addresses to assign. Addressing Tale(
.evice
Interface
Network
Police
%34343
152.167.13.1304#3
Commen
anyaddressinth
8i343.09
152.167.09.3420
firstaddressinth
8i343.0
152.167.0.3420
firstaddressinth
8i343.131
152.167.131.3420
firstaddressinth
%34343
152.167.13.1304#3
anyaddressinth
%34341
152.167.13.1124#3
anyaddressinth
%34143
157.91.133.3427
firstaddressinth
8i343
152.167.17.03425
firstaddressinth
%34343
152.167.13.1204#3
secondaddressint
%34341
152.167.13.1124#3
anyaddressinth
Central
)ire
Police*S+,
*+A,131
152.167.131.3420
anyaddressinth
Police*S+-
*+A,131
152.167.131.3420
anyaddressinth
Pre*configured addresses for reference(
.evice
Address
Town Server
152.167.17.06425
NetAdmin /ost
23#.3.11#.17
Outside /ost
23#.3.11#.127
Pulic Server
235.169.231.2#9
S0 /ost
152.167.233.13420
S1 /ost
152.167.231.13420
S2 /ost
152.167.232.13420
34AN Tale(
34ANNumer
34ANName
34ANNetwork
.evice(Port
52
;
152.167.09.3420
olice(%<1: )a3413 olice(%<2: )a34#
56
records
152.167.0.3420
olice(%<1: )a3419 olice(%<2: )a3421
,7,
comm
152.167.131.3420
%*"
Instructions All configurations must e !erformed through a direct terminal connection to the device consoles" Ste! ,( .etermine the Addresses to Assign
Determine the " addresses that you will use for the re=uired interfaces on the three routers and two switches. se the information in the Addressing !able and follow the guidelines below:
•
•
•
Assign the first " addresses in the networks that are provided in the Addressing !able to the +A, interfaces. Assign the first address in the $entral subnet to the interface that is connected to the "nternet. Assign any valid host address in the networks that are provided in the Addressing !able to the serial interfaces.
•
!he host $s will receive " addresses over D$.
Ste! -( Configure Police •
$onfigure olice with the following:
•
$onfigure the router host name: Police.e!t
Router8config9: hostname Police.e!t •
revent the router from attempting to resolve command line entries to " addresses.
Police.e!t8config9: no i! domain*looku! •
rotect privileged >?>$ mode from unauthoried access with the /D9 encrypted password.
Police.e!t8config9: enale secret ;!assword< •
revent device status messages from interrupting command line entries at the device console.
Police.e!t8config9: line con 7 Police.e!t8config*line9: logging s$nchronous •
%ecure the router console and terminal lines.
Police.e!t8config9: line console 7 !assword ;!assword< login Police.e!t8config9: line vt$ 7 5
!assword ;!assword< login •
revent all passwords from being viewed in clear text in the device configuration file.
Police.e!t8config9: service !assword*encr$!tion •
$onfigure a message(of(the(day banner.
Police.e!t8config9: anner motd =message*of*the*da$> Ste! 0( Configure the Router Ph$sical Interfaces
$onfigure the interfaces of the routers for full connectivity with the following: •
•
•
" addresses as shown in the addressing table. Describe the operational olice serial interface. !he olice >thernet interfaces will be configured at the end of this assessment. D$> settings where appropriate. se a rate of ,-?777.
Police.e!t8config9: interface Serial7@7@7 Police.e!t8config*if9:andwidth ,-? Police.e!t8config*if9:i! address ,-",1?",7",72 -22"-22"-22"-2Police.e!t8config*if9:descri!tion Police and Central Police.e!t8config*if9:clock rate ,-?777 Police.e!t8config*if9:no shutdown Central8config9: interface Serial7@7@7 Central8config*if9:andwidth ,-? Central8config*if9:i! address ,-",1?",7",71 -22"-22"-22"-2Central8config*if9:no shutdown Central8config9: interface Serial7@7@, Central8config*if9:andwidth ,-? Central8config*if9:i! address ,-",1?",7",,5 -22"-22"-22"-2Central8config*if9:clock rate ,-?777 Central8config*if9:no shutdown Central8config9: interface g7@7 Central8config*if9:i! address ,-",1?",?"5, -22"-22"-22"-5? Central8config*if9:no shutdown
Central8config9: interface Serial7@,@7 Central8config*if9:i! address ,?"2,",77", -22"-22"-22"-57 Central8config*if9:no shutdown )ire8config9: interface Serial7@7@, )ire8config*if9:andwidth ,-? )ire8config*if9:i! address ,?"2,",77", -22"-22"-22"-57 )ire8config*if9:no shutdown Ste! 5( Configure static and default routing
$onfigure the following static routes: •
/anually configure default routes to the "nternet. se the exit interface argument. All hosts on the internal +A,s and %chool ,etwork networks should be able to reach the "nternet.
Police.e!t8config9:i! route 7"7"7"7 7"7"7"7 s7@7@7 Central8config9:i! route 7"7"7"7 7"7"7"7 s7@,@7 )ire8config9:i! route 7"7"7"7 7"7"7"7 s7@7@, •
"t has been decided to use static routes to reach the branch networks that are connected to )ire. se a single summary to represent the branch networks in the most efficient way possible. $onfigure the summary static route on$entral and )ire using the exit interface argument.
Central8config9:i! route ,-",1?"-77"7 -22"-22"-2-"7 s7@7@, )ire8config9:i! route ,-",1?"-77"7 -22"-22"-2-"7 s7@7@7
Ste! 2( Configure OSP) Routing
$onfigure single(area '%)v2 to route between all internal networks. !he branch networks are not routed with '%)v2. •
se a process "D of ,7.!he routers should be configured in area 7.
•
se the correct inverse masks for all network statements. Do not use =uad ero masks @3.3.3.3.
Ste! 1( CustomiBe single*area OSP)v-
$ustomie single(area '%)v2 by performing the following configuration tasks: a. %et the bandwidth of the serial interfaces to ,-? k@s. b. $onfigure '%) router "Ds as follows: •
olice: ,",",",
•
$entral: -"-"-"-
•
)ire: 0"0"0"0
c. $onfigure the '%) cost of the link between olice and $entral to 6277. d. revent routing updates from being sent out of any of the +A, interfaces that are routed with '%)v2. Do not use the default keyword in the commands you use to do this. Configuration ste! 2 and ste! 1 Police.e!t8config9:router os!f ,7 Police.e!t8config*router9:router*id ,",",", Police.e!t8config*router9:network Police.e!t8config*router9:network Police.e!t8config*router9:network Police.e!t8config*router9:network
,-",1?",7",75 7"7"7"0 area 7 ,-",1?"52"7 7"7"7"-22 area 7 ,-",1?"56"7 7"7"7"-22 area 7 ,-",1?",7,"7 7"7"7"-22 area 7
Police.e!t8config*router9:!assive*interface g7@7"52 Police.e!t8config*router9:!assive*interface g7@7"56 Police.e!t8config*router9:!assive*interface g7@7",7, Police.e!t8config9:interface s7@7@7 Police.e!t8config*if9:andwidth Police.e!t8config*if9:i! os!f cost ,-? 6277 Central8config9:router os!f ,7 Central8config*router9:router*id -"-"-"Central8config*router9:network ,-",1?",7",75 7"7"7"0 area 7 Central8config*router9:network ,-",1?",7",,- 7"7"7"0 area 7 Central8config*router9:network ,-",1?",?"57 7"7"7"6 area 7 Central8config*router9:!assive*interface g7@7 Central8config9:interface s7@7@7 Central8config*if9:andwidth ,-? Central8config*if9:i! os!f cost 6277
Central8config9:interface s7@7@, Central8config*if9:andwidth ,-? )ire8config9:router os!f ,7 )ire8config*router9:router*id 0"0"0"0 )ire8config*router9:network ,-",1?",7",,- 7"7"7"0 area 7
)ire8config9:interface s7@7@, )ire8config*if9:andwidth ,-? Ste! 6( Configure 34ANs and Trunking
$onfigure olice(%<1 and olice(%<2 with *+A,s and trunk ports as follows: •
;efer to the *+A, table above for the *+A, numbers and names that should be configured on both switches.
•
$onfigure names for the *+A,s. !he *+A, names must be configured to match the names in the *+A, !able exactly @case and spelling.
On Police*S+, Police*S+,8config9:vlan 52 Police*S+,8config*vlan9:name /R Police*S+,8config9:vlan 56 Police*S+,8config*vlan9:name records Police*S+,8config9:vlan ,7, Police*S+,8config*vlan9:name comm On Police*S+Police*S+-8config9:vlan 52 Police*S+-8config*vlan9:name /R Police*S+-8config9:vlan 56 Police*S+-8config*vlan9:name records Police*S+-8config9:vlan ,7, Police*S+-8config*vlan9:name comm •
$onfigure the appropriate ports that link the switches and olice with the router as functioning trunk ports.
Police*S+,8config9:int g,@, Police*S+,8config*if9:switch!ort mode trunk Police*S+,8config*if9:no shutdown Police*S+,8config9:int g,@Police*S+,8config*if9:switch!ort mode trunk Police*S+,8config*if9:no shutdown Police*S+-8config9:int g,@, Police*S+-8config*if9:switch!ort mode trunk Police*S+-8config*if9:no shutdown •
Assign the switch ports shown in the table as access ports in the *+A,s as indicated in the *+A, !able.
Police*S+,8config9:int fa7@,7 Police*S+,8config*if9:switch!ort mode access Police*S+,8config*if9:switch!ort access vlan 52 Police*S+,8config*if9:e&it Police*S+,8config9:int fa7@,2 Police*S+,8config*if9:switch!ort mode access Police*S+,8config*if9:switch!ort access vlan 56 Police*S+,8config*if9:e&it Police*S+-8config9:int fa7@0 Police*S+-8config*if9:switch!ort mode access Police*S+-8config*if9:switch!ort access vlan 52 Police*S+-8config*if9:e&it Police*S+-8config9:int fa7@-, Police*S+-8config*if9:switch!ort mode access Police*S+-8config*if9:switch!ort access vlan 56 Police*S+-8config*if9:e&it •
Address *+A, 131 on the network indicated in the *+A, !able. ,ote that the first address in this network will be assigned to the router in a later step in this assessment. !he management interfaces of both switches should configured to be reachable by hosts on other networks.
Police*S+,8config9:i! default*gatewa$ ,-",1?",7,", Police*S+,8config9:interface vlan ,7, Police*S+,8config*if9:i! address ,-",1?",7,"- -22"-22"-22"7
Police*S+-8config9:i! default*gatewa$ ,-",1?",7,", Police*S+-8config9:interface vlan ,7, Police*S+-8config*if9:i! address ,-",1?",7,"0 -22"-22"-22"7
•
$onfigure all unused switch ports as access ports& and shutdown the unused ports.
Police*S+,8config9:int range fa7@,*% fa7@,,*,5% fa7@,1*-5 Police*S+,8config*if*range9:switch!ort mode access Police*S+,8config*if*range9:shutdown Police*S+-8config9:int range fa7@,*-% fa7@5*-7% fa7@--*-5 Police*S+-8config*if*range9:switch!ort mode access Police*S+-8config*if*range9:shutdown Ste! ?( Configure ./CP
olice should be configured as a D$ server that provides addressing to the hosts attached to olice(%<1 and olice(%<2. !he re=uirements are as follows: •
•
•
•
•
se 34AN52 and 34AN56 as the pool names. ,ote that the pool names must match the names given here exactly& all capital letters and exact spelling. Addresses ", to "-7 should be reserved for static assignment from each pool. !he first address in each network will be assigned to the router interface attached to the networks as shown in the addressing table. se a D,% server address of ,-",1?",?",77. !his server has not yet been added to the network& but the address must be configured. >nsure that hosts in each +A, are able to communicate with hosts on remote networks.
Police.e!t8config9:i! dhc! e&cluded*address ,-",1?"52", ,-",1?"52"-7 Police.e!t8config9:i! dhc! e&cluded*address ,-",1?"56", ,-",1?"56"-7 Police.e!t8config9:i! dhc! !ool 34AN52 Police.e!t8dhc!*config9:network ,-",1?"52"7 -22"-22"-22"7 Police.e!t8dhc!*config9:default*router ,-",1?"52", Police.e!t8dhc!*config9:dns*server ,-",1?",?",77 Police.e!t8config9:i! dhc! !ool 34AN56 Police.e!t8dhc!*config9:network ,-",1?"56"7 -22"-22"-22"7
Police.e!t8dhc!*config9:default*router ,-",1?"56", Police.e!t8dhc!*config9:dns*server ,-",1?",?",77 Set Clients to ./CP PC,% PC-% PC0% PC5
Ste! ( Configure NAT
$onfigure ,A! to translate internal private addresses into public addresses for the "nternet. !he re=uirements are: a. $onfigure static ,A! to the !own %erver. •
!ranslate the internal address of the server to the address ,?"2,",77",5.
•
$onfigure the correct interfaces to perform this ,A! translation.
Central8config9:i! nat inside Central8config9:interface g7@7source static ,-",1?",?"51 ,?"2,",77",5 Central8config*if9:i! nat inside Central8config9:interface s7@,@7 Central8config*if9:i! nat outside
b.$onfigure dynamic ,A! @not ,A! with overload& or A!. •
•
•
•
•
se the addresses remaining in the public address subnet of ,?"2,",77"7@-?. !he first two addresses in the subnet have already been assigned to the $entral and "% serial interfaces. Also& another address has already been used in the static mapping in the step above. se a pool name of INTERNET. ,ote that the pool name must match this name exactly& in spelling and capitaliation. osts on each of the internal +A,s shown in the topology and on all of the branch networks should be permitted to use the ,A! addresses to access the "nternet. se a source list number of ,. -our source list should consist of three entries& one each for the +A,s and one for the branch networks.
B- Doogie i! nat !ool INTERNET ,?"2,",77"0 ,?"2,",77",0 netmask -22"-22"-22"-57 i! nat inside source list , !ool INTERNET i! nat inside source static ,-",1?",?"51 ,?"2,",77",5 i! access*list standard , !ermit ,-",1?"52"7 7"7"7"-22 !ermit ,-",1?"56"7 7"7"7"-22 !ermit ,-",1?"-77"7 7"7"0"-22 Ste! ,7( Configure Access Control 4ists
-ou will configure two access control lists to limit device access on $entral. -ou should use the any and host keywords in the A$+ statements as re=uired. !he A$+ re=uirements are: a. ;estrict access to the vty lines on $entral: •
$reate a named standard A$+ using the name ANAFE. Be sure that you use this name exactly as it appears in these instructions @case and spelling.
•
Allow only the ,etAdmin ost to access the vty lines of $entral. •
•
,o other "nternet hosts @including "nternet hosts not visible in the topology should be able to access the vty lines of $entral. -our solution should consist of a single A$+ statement.
b.Allow outside access to the !own %erver while controlling other traffic from the outside. $reate the A$+ as directed below: •
se access list number ,7,.
•
)irst& allow ,etAdmin ost full access to all network hosts and devices.
•
!hen& allow outside hosts to access the !own %erver over !! only.
•
Allow traffic that is in response to data re=uests from the internal and %chool ,etwork hosts to enter the network.
•
•
Add a statement so that counts of all denied traffic will be shown in the lists command output. -our A$+ should have only four statements.
show access*
-our A$+ should be placed in the most efficient location possible to conserve network bandwidth and device processing resources. Ste! ,,( Configure Router*on*a*Stick Inter*34AN Routing"
$onfigure olice to provide routing between the *+A,s configured on the switches. As follows: •
•
se the *+A, numbers for the re=uired interface numbers. se the first addresses in the *+A, networks for the interfaces.
Police.e!t8config9: interface g7@7 Police.e!t8config*if9:no sh Police.e!t8config9: interface g7@7"52 Police.e!t8config*suif9:enca!sulation dot,G 52 Police.e!t8config*suif9:i! address ,-",1?"52", -22"-22"-22"7 Police.e!t8config9: interface g7@7"56 Police.e!t8config*suif9:enca!sulation dot,G 56 Police.e!t8config*suif9:i! address ,-",1?"56", -22"-22"-22"7 Police.e!t8config9: interface g7@7",7, Police.e!t8config*suif9:enca!sulation dot,G ,7, Police.e!t8config*suif9:i! address ,-",1?",7,", -22"-22"-22"7 Ste! ,-( Test and Trouleshoot Connectivit$"
>nsure that the hosts attached to the *+A,s can reach hosts on the %chool ,etwork and the "nternet.