CCNARout i ngandSwi t chi ng Rout i nga ndSwi t c hi ngEs se nt i a l s
Pr ac t i ceSki l l sAssess ment-Pack me etT r acer A few things to keep keep in mind while while completing this activity: 1. Do not not use use the the bro brows wser er Back button Back button or close or reload any exam windows during the exam. 2. Do not close close Packet rac racer er when you are are done. !t will will close close automatical automatically. ly. ". #lick th the Submit Assessment button Assessment button in the browser window to submit your work.
Introduction !n this practice skills assessment$ you will configure the %%label&rg'' network network with single(area &)P*v2. !n addition$ you will configure router(on(a(stick routing between +,A-s. ou will also implement -A$ D/#P and access lists. All IOS device configurations should be completed from a direct terminal connection to the device console. Some values that are required to complete the configurations have not been given to you. In those cases, create the values that you need to complete the requirements. These values may include certain I addresses, pass!ords, interface descriptions, banner te"t, and other values. *or the sake of time$ many repetitive but important configuration tasks have been omitted from this activity. activity. 0any of these tasks$ especially those related to device security$ are essential elements of a network configuration. he intent of this activity is not to diminish the importance of full device configurations. ou ou will practice and be assessed on the following skills: •
#onfiguration of initial device settings
•
!Pv address assignment
•
#onfiguration and addressing of router interfaces
•
#onfiguration of a router as a D/#P server
•
!mplementation of static and dynamic -A
•
#onfiguration of the single(area &)P*v2 routing protocol
•
#onfiguration of a default route and static summary routes
•
#onfiguration of +,A-s and trunks
•
#onfiguration of routing between +,A-s
•
#onfiguration of A#, to limit device access
+outing and S!itching ssentials ractice Skills Assessment - acket Tracer ou are reuired to configure the following: %%31-ame'': •
#onfiguration of initial router settings
•
!nterface configuration and !Pv addressing
•
#onfiguration of D/#P
•
#onfiguration of single(area &)P*v2
•
#onfiguration of routing between +,A-s
%%32-ame'': •
!nterface configuration and !Pv addressing
•
#onfiguration of single(area &)P*v2
•
#onfiguration of !Pv route summari4ation
•
#onfiguration and propagation of a default route
•
#onfiguration of static summary routes
•
#onfiguration of static and dynamic -A
•
#onfiguration of A#,s
%%3"-ame'': •
!nterface configuration and !Pv addressing
•
#onfiguration of single(area &)P*v2
•
#onfiguration of a static summary route
%%)1-ame'': •
•
#onfiguration of +,A-s Assignment of switch ports to +,A-s
•
#onfiguration of trunking
•
#onfiguration of unused switch ports
((A +S
+outing and S!itching ssentials ractice Skills Assessment - acket Tracer
((A +S
%%)2-ame'': •
•
#onfiguration of +,A-s Assignment of switch ports to +,A-s
•
#onfiguration of trunking
•
#onfiguration of unused switch ports
!nternal P# hosts: •
#onfiguration as D/#P clients
Addressing Tables ote0 1ou are provided !ith the net!orks that interfaces should be configured on. 2nless you are told to do differently in the detailed instructions belo!, you are free to choose the host addresses to assign. Addressing able:
3evice
Interface
et!ork
(omments
)56565
172.189.15.156"5
any address in the network
i565.;
172.189.;.562
first address in the network
i565.<
172.189.<.562
first address in the network
i565.151
172.189.151.562
first address in the network
)56565
172.189.15.156"5
any address in the network
)56561
172.189.15.1126"5
any address in the network
)56165
179.;1.155.5629
first address in the network
i565
172.189.19.5627
first address in the network
)56565
172.189.15.126"5
second address in the network
)56561
172.189.15.1126"5
any address in the network
44S&ame55
+,A- 151
172.189.151.562
any address in the network
44S$ame55
+,A- 151
172.189.151.562
any address in the network
44+&ame55
44+$ame55
44+'ame55
Pr ec onfi gur edaddr es s esf orr ef er enc e: 3evice
Address
44(orpServerame55
172.189.19.8627
+outing and S!itching ssentials ractice Skills Assessment - acket Tracer
44Test6ost55
25".5.11".19
44Other6ost55
25".5.11".129
44InetServerame55
257.18;.251.2";
44Branch&6ostame55
172.189.255.1562
44Branch$6ostame55
172.189.251.1562
44Branch'6ostame55
172.189.252.1562
((A +S
VLANTabl e: 78A umber
78A ame
78A et!ork
/9
%%+,A-;-ame''
172.189.;.562
%%)1-ame'': *a5615 %%)2-ame'': *a56"
/:
%%+,A-<-ame''
172.189.<.562
%%)1-ame'': *a561; %%)2-ame'': *a5621
&%&
%%+,A-151-ame''
172.189.151.562
3evice0ort
)+!
Instructions All configurations must be performed through a direct terminal connection to the device consoles. Step &0 3etermine the Addresses to Assign Determine the !P addresses that you will use for the reuired interfaces on the three routers and two switches. =se the information in the Addressing able and follow the guidelines below: •
•
•
•
Assign the first !P addresses in the networks that are provided in the Addressing able to the ,Ainterfaces. Assign the first address in the %%32-ame'' subnet to the interface that is connected to the !nternet. Assign any valid host address in the networks that are provided in the Addressing able to the serial interfaces. he host P#s will receive !P addresses over D/#P.
Step $0 (onfigure 44+&ame55 •
#onfigure %%31-ame'' with the following:
+outing and S!itching ssentials ractice Skills Assessment - acket Tracer
((A +S
•
#onfigure the router host name: 44+&6ostame55
•
Prevent the router from attempting to resolve command line entries to !P addresses.
•
Protect privileged >?># mode from unauthori4ed access with the 0D; encrypted password.
•
Prevent device status messages from interrupting command line entries at the device console.
•
)ecure the router console and elnet terminal lines.
•
Prevent all passwords from being viewed in clear text in the device configuration file.
•
#onfigure a message(of(the(day banner.
Step '0 (onfigure the +outer hysical Interfaces #onfigure the interfaces of the routers for full connectivity with the following: •
•
•
!P addresses as shown in the addressing table. Describe the operational %%31-ame'' serial interface. he %%31-ame'' >thernet interfaces will be configured at the end of this assessment. D#> settings where appropriate. =se a rate of &$*%%%.
Step /0 (onfigure static and default routing #onfigure the following static routes: a.
0anually configure default routes to the !nternet. =se the exit interface argument. All hosts on the internal ,A-s and %%@ranch#loud-ame'' networks should be able to reach the !nternet.
b. !t has been decided to use static routes to reach the branch networks that are connected to %%3"-ame''. =se a single summary to represent the branch networks in the most efficient way possible. #onfigure the summary static route on%%32-ame'' and %%3"-ame'' using the exit interface argument.
Step 90 (onfigure OS; +outing #onfigure single(area &)P*v2 to route between all internal networks. he branch networks are not routed with &)P*v2. •
=se a process !D of &%. he routers should be configured in area %.
•
=se the correct inverse masks for all network statements. Do not use uad 4ero masks 5.5.5.5B.
Step <0 (ustomi=e single-area OS;v$ #ustomi4e single(area &)P*v2 by performing the following configuration tasks:
+outing and S!itching ssentials ractice Skills Assessment - acket Tracer
((A +S
a. )et the bandwidth of the serial interfaces to &$* kb)s. b. #onfigure &)P* router !Ds as follows: •
%%31-ame'': &.&.&.&
•
%%32-ame'': $.$.$.$
•
%%3"-ame'': '.'.'.'
c. #onfigure the &)P* cost of the link between %%31-ame'' and %%32-ame'' to :9%%. d. Prevent routing updates from being sent out of any of the ,A- interfaces that are routed with &)P*v2. Do not use the default keyword in the commands you use to do this.
Step :0 (onfigure 78As and Trunking #onfigure %%)1-ame'' and %%)2-ame'' with +,A-s and trunk ports as follows: a. #onfigure names for the +,A-s. he +,A- names must be configured to match the names in the +,Aable exactly case and spellingB. 3efer to the +,A- table above for the +,A- numbers and names that should be configured on both switches. b. #onfigure the ports that link the switches with each other and the %%31-ame'' router as functioning trunk ports. c. Assign the switch ports shown in the table as access ports in the +,A-s as indicated in the +,A- able. d. Address +,A- 151 on the network indicated in the +,A- able. -ote that the first address in this network will be assigned to the router in a later step in this assessment. he management interfaces of both switches should configured to be reachable by hosts on other networks. e. #onfigure all unused switch ports as access ports$ and shutdown the unused ports.
Step *0 (onfigure 36( %%31-ame'' should be configured as a D/#P server that provides addressing to the hosts a ttached to %%)1-ame'' and %%)2-ame''. he reuirements are as follows: •
•
•
•
=se 78A/9 and 78A/: as the pool names. -ote that the pool names must match the names given here exactly$ all capital letters and exact spelling. Addresses .& to .$% should be reserved for static assignment from each pool. he first address in each network will be assigned to the router interface attached to the networks as shown in the addressing table. =se a D-) server address of &>$.&<*.&*.&%%. his server has not yet been added to the network$ but the address must be configured.
+outing and S!itching ssentials ractice Skills Assessment - acket Tracer
•
((A +S
>nsure that hosts in each ,A- are able to communicate with hosts on remote networks.
Step >0 (onfigure AT #onfigure -A to translate internal private addresses into public addresses for the !nternet. he reuirements are: a. #onfigure static -A to the %%#orp)erver-ame''. •
ranslate the internal address of the server to the address &>*.9&.&%%.&/.
•
#onfigure the correct interfaces to perform this -A translation.
b. #onfigure dynamic -A not -A with overload$ or PAB. •
•
•
=se the addresses remaining in the public address subnet of &>*.9&.&%%.%)$*. he first two addresses in the subnet have already been assigned to the %%32-ame'' and !)P serial interfaces. Also$ another address has already been used in the static mapping in the step above. =se a pool name of IT+T. -ote that the pool name must match this name exactly$ in spelling and capitali4ation. /osts on each of the internal ,A-s shown in the topology and on all of the branch networks should be permitted to use the -A addresses to access the !nternet.
•
=se a source list number of &.
•
our source list should consist of three entries$ one each for the ,A-s and one for the branch networks.
Step &%0 (onfigure Access (ontrol 8ists ou will configure two access control lists to limit device access on %%32-ame''. ou should use the any and host keywords in the A#, statements as reuired. he A#, reuirements are: a. 3estrict access to the vty lines on %%32-ame'': •
•
•
•
#reate a named standard A#, using the name ?AA@. @e sure that you use this name exactly as it appears in these instructions case and spellingB. Allow only the %%est/ost'' to access the vty lines of %%32-ame''. -o other !nternet hosts including !nternet hosts not visible in the topologyB should be able to access the vty lines of %%32-ame''. our solution should consist of a single A#, statement.
b. Allow outside access to the %%#orp)erver-ame'' while controlling other traffic from the outside. #reate the A#, as directed below: •
=se access list number &%&.
+outing and S!itching ssentials ractice Skills Assessment - acket Tracer
•
*irst$ allow %%est/ost'' full access to all network hosts and devices.
•
hen$ allow outside hosts to access the %%#orp)erver-ame'' over /P only.
•
•
•
((A +S
Allow traffic that is in response to data reuests from the internal and %%@ranch#loud-ame'' hosts to enter the network. Add a statement so that counts of all denied traffic will be shown in the sho! access-lists command output. our A#, should have only four statements.
our A#, should be placed in the most efficient location possible to conserve network bandwidth and device processing resources.
Step &&0 (onfigure +outer-on-a-Stick Inter-78A +outing. #onfigure %%31-ame'' to provide routing b etween the +,A-s configured on the switches. As follows: •
=se the +,A- numbers for the reuired interface numbers.
•
=se the first addresses in the +,A- networks for the interfaces.
Step &$0 Test and Troubleshoot (onnectivity. >nsure that the hosts attached to the +,A-s can reach hosts on the %%@ranch#loud-ame'' and the !nternet.
,ast =pdated: June, 2014 !D: %%name!ndex'' Version 2.1 Created in Packet Tracer 6.1 and Marvel 2.0.5 All contents are Copyright © 12 ! 201" Cisco #yste$s% &nc. All rights reserved. This doc'$ent is Cisco P'(lic &n)or$ation.
