A
few things to keep in mind while completing this activity:
- Do not use the browser Back button or
close or reload any Exam windows during the exam.
- Do not close Packet Tracer when you are done. It will
close automatically.
- Click the Submit Assessment button to
submit your work.
In
this practice Packet Tracer Skills Assessment, you will:
· finish the configuration of a partially
configured network
· establish connectivity within the enterprise and
to the Internet
· implement a VLAN policy including inter-VLAN
routing
|
Device
|
Interface
|
Address
|
Subnet Mask
|
Default Gateway
|
|
HQ
|
Fa0/0
|
10.10.10.129
|
255.255.255.248
|
n/a
|
|
S0/0/0
|
10.10.10.249
|
255.255.255.252
|
n/a
|
|
|
S0/1/0
|
10.10.10.253
|
255.255.255.252
|
n/a
|
|
|
S0/0/1
|
209.165.201.2
|
255.255.255.252
|
n/a
|
|
|
R1
|
Fa0/0
|
10.10.10.121
|
255.255.255.248
|
n/a
|
|
Fa0/1
|
10.10.10.113
|
255.255.255.248
|
n/a
|
|
|
S0/0/0
|
10.10.10.250
|
255.255.255.252
|
n/a
|
|
|
R2
|
Fa0/0.1
|
10.10.10.97
|
255.255.255.240
|
n/a
|
|
Fa0/0.10
|
10.10.10.1
|
255.255.255.192
|
n/a
|
|
|
Fa0/0.20
|
10.10.10.65
|
255.255.255.224
|
n/a
|
|
|
Fa0/1
|
10.10.10.114
|
255.255.255.248
|
n/a
|
|
|
S0/0/0
|
10.10.10.254
|
255.255.255.252
|
n/a
|
|
|
S1
|
VLAN 1
|
10.10.10.98
|
255.255.255.240
|
10.10.10.97
|
|
S2
|
VLAN 1
|
10.10.10.99
|
255.255.255.240
|
10.10.10.97
|
|
H1
|
NIC
|
10.10.10.10
|
255.255.255.192
|
10.10.10.1
|
|
H2
|
NIC
|
10.10.10.70
|
255.255.255.224
|
10.10.10.65
|
|
H3
|
NIC
|
10.10.10.125
|
255.255.255.248
|
10.10.10.121
|
|
Inside
Web Server
|
NIC
|
Inside:
10.10.10.132
Outside: 128.107.0.10 |
255.255.255.248
|
10.10.10.129
|
NOTE: The password for
user EXEC mode is cisco. The password for privileged EXEC mode
is class.
The
link between HQ and ISP uses PPP with CHAP. The password is ciscochap.
ISP is not accessible and is already configured.
Step 2: Configure
Default Routing.
a. Configure HQ with a default route using the exit interface argument.
b. Verify default routing.
Step 3: Configure EIGRP
Routing.
a. Configure EIGRP routing on HQ, R1, and R2 using the following
parameters:
· Use AS number 100.
· Do not use the wildcard mask argument.
· Do not advertise the network between HQ and ISP.
· On HQ, enter the command redistribute
static to propagate the default route to R1 and R2.
b. Configure the link between HQ and R2 so that the bandwidth of 128
is used in EIGRP calculations.
c. Configure R1 and R2 to summarize the following subnets into one
advertised route to be sent to HQ.
|
R1 and R2 Subnets
|
|
10.10.10.0/26
|
|
10.10.10.64/27
|
|
10.10.10.96/28
|
|
10.10.10.112/29
|
|
10.10.10.120/29
|
Step 4: Configure HQ
with NAT.
a. Configure a static NAT mapping for the Inside Web Server so that
the inside IP address is translated to the outside IP address when packets are
routed to the Internet. Use the addresses in the Addressing Table.
b. Configure dynamic NAT on HQ using the following guidelines:
· Only addresses in the 10.10.10.0/24 address
space will be translated.
· Use the number 1 for the access
list.
· Use PUBLIC as the NAT pool name
and translate all inside addresses to the 128.107.0.4/30 address space.
· Configure PAT.
c. Verify that NAT is working.
Step 5: Configure
Trunking.
Note: S2 is already
configured with trunking. You only have user EXEC mode access to S2.
On
S1, manually configure the necessary links for trunking mode.
Note: S2 is already
configured as a VTP client and will receive VLAN information from S1. You only
have user EXEC mode access to S2.
a. Configure S1 with the following VTP parameters:
· VTP server.
· VTP domain name: CCNA
· VTP password: ciscovtp
b. Create and name the following VLANs on S1:
· VLAN 10: Student
· VLAN 20: Faculty
c. Verify that S2 received VLAN information from S1.
Note: The VLAN interface
on S2 is already configured.
a. Configure S1 for remote management access.
b. Configure S1 interface Fa0/4 for access mode and assign it to VLAN
10.
S2
is the current STP root bridge. Using a priority of 4096,
configure S1 as the root bridge for all VLANs.
Note: Best practice
requires port security on all access ports. However, for this practice exercise
you will only configure one port with security.
a. Configure S1 with port security on FastEthernet 0/4:
· No more than 2 MAC addresses are allowed.
· Once learned, MAC addresses should be
automatically added to the running configuration.
· If this policy is violated, the port should
automatically shutdown.
b. Verify that port security is implemented.
Step 10: Configure
Inter-VLAN Routing.
a. Use the information in the Addressing Table to configure R2 for
inter-VLAN routing.
b. Verify inter-VLAN routing.
Although
these are not scored, the following connectivity tests should be successful.
- H3 can ping H1 and H2.
- H3 can ping the Inside Web Server at both addresses.
- H1, H2, and H3 can ping the Outside Web Server.
- H1 can ping S1.
Version
1.0
Created in Packet Tracer 5.3.1.0044 and Marvel 1.0.1
All contents are Copyright © 1992 - 2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Created in Packet Tracer 5.3.1.0044 and Marvel 1.0.1
All contents are Copyright © 1992 - 2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
A few things to keep in mind while completing this activity:
CCNA
- Do
not use the browser Back button or close or reload any
Exam windows during the exam.
- Do
not close Packet Tracer when you are done. It will close automatically.
- Click
the Submit Assessment button to submit your work.
Introduction
In this practice Packet Tracer Skills Assessment, you will:
· finish the configuration of a partially configured network
· establish connectivity within the enterprise and to the Internet
· implement a VLAN policy including inter-VLAN routing
In this practice Packet Tracer Skills Assessment, you will:
· finish the configuration of a partially configured network
· establish connectivity within the enterprise and to the Internet
· implement a VLAN policy including inter-VLAN routing
NOTE: The password for user EXEC mode is cisco. The
password for privileged EXEC mode is class.
Step 1: Configure PPP on HQ.
The link between HQ and ISP uses PPP with CHAP. The password is ciscochap. ISP is not accessible and is already configured.
HQ>en
HQ#config t
HQ(config)#interface serial 0/0/1
HQ(config-if)#encapsulation ppp
HQ(config-if)#ppp authentication chap
HQ(config-if)#exit
HQ(config)#username ISP password ciscochap
Step 2: Configure Default Routing.
a.Configure HQ with a default route using the exit interface argument.
HQ(config)#ip route 0.0.0.0 0.0.0.0 se0/0/1,0/0/0,0/1/0
b. Verify default routing.
HQ(config)#do show ip route
Step 3: Configure EIGRP Routing.
a. Configure EIGRP routing on HQ, R1, and R2 using the following parameters:
· Use AS number 100.
· Do not use the wildcard mask argument.
· Do not advertise the network between HQ and ISP.
HQ(config)#router eigrp 100
HQ(config-router)#network 10.10.10.128
HQ(config-router)#network 10.10.10.248
HQ(config-router)#network 10.10.10.252
R1(config)#router eigrp 100
R1(config-router)#network 10.10.10.120
R1(config-router)#network 10.10.10.112
R1(config-router)#network 10.10.10.248
R1(config-router)#no auto-summery
R2(config)#router eigrp 100
R2(config-router)#network 10.10.10.112
R2(config-router)#network 10.10.10.252
R2(config-router)#no auto-summary
· On HQ, enter the command redistribute static to propagate the default route to R1 and R2.
HQ(config-router)#redistribute static metric 10000 1 255 1 1500
b. Configure the link between HQ and R2 so that the bandwidth of 128 is used in EIGRP calculations.
R2(config)#interface serial 0/0/0
R2(config-if)#bandwidth 128
HQ(config)#interface serial 0/1/0
HQ(config-if)#bandwidth 128
c. Configure R1 and R2 to summarize the following subnets into one advertised route to be sent to HQ.
R1(config)#interface serial 0/0/0
R1(config-if)#ip summary-address eigrp 100 10.10.10.0 255.255.255.128
R2(config)#interface serial 0/0/0
R2(config-if)#ip summary-address eigrp 100 10.10.10.0 255.255.255.128
R1 and R2 Subnets
10.10.10.0/26
10.10.10.64/27
10.10.10.96/28
10.10.10.112/29
10.10.10.120/29
Step 4: Configure HQ with NAT.
a. Configure a static NAT mapping for the Inside Web Server so that the inside IP address is translated to the outside IP address when packets are routed to the Internet. Use the addresses in the Addressing Table.
HQ(config)#interface fastEthernet 0/0
HQ(config-if)#ipnat inside
HQ(config)#ipnat inside source static 10.10.10.132 128.107.0.10
HQ(config)#interface serial 0/0/1
HQ(config-if)#ipnat outside
b. Configure dynamic NAT on HQ using the following guidelines:
· Only addresses in the 10.10.10.0/24 address space will be translated.
· Use the number 1 for the access list.
· Use PUBLIC as the NAT pool name and translate all inside addresses to the 128.107.0.4/30 address space.
· Configure PAT.
HQ(config)#ipnat pool PUBLIC 128.107.0.5 128.107.0.6 netmask 255.255.255.252
HQ(config)#access-list 1 permit 10.10.10.0 0.0.0.255
HQ(config)#ipnat inside source list 1 pool public
HQ(config)#ipnat inside source list 1 pool public overload
b. Verify that NAT is working.
HQ#showipnat translations
Step 5: Configure Trunking.
Note: S2 is already configured with trunking. You only have user EXEC mode access to S2.
On S1, manually configure the necessary links for trunking mode.
S2(config)#interface gigabitEthernet1/2
S2(config-if)#switchport mode trunk
Step 6
Note: S2 is already configured as a VTP client and will receive VLAN information from S1. You only have user EXEC mode access to S2.
a. Configure S1 with the following VTP parameters:
· VTP server.
· VTP domain name: CCNA
· VTP password: ciscovtp
S1(config)#vtp domain CCNA
S1(config)#vtp mode server
S1(config)#vtp password ciscovtp
b. Create and name the following VLANs on S1:
· VLAN 10: Student
· VLAN 20: Faculty
S1(config)#vlan 10
S1(config-vlan)#name Student
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Faculty
c. Verify that S2 received VLAN information from S1.
S2#show vlan
Step 7
Note: The VLAN interface on S2 is already configured.
a. Configure S1 for remote management access.
S1(config)#interface vlan 1
S1(config-if)#ip address 10.10.10.98 255.255.255.240
S1(config-if)#no shut
S1(config-if)#exit
S1(config)#ip default-gateway 10.10.10.97
S1(config)#do write
S1(config)#line vty 0 3
S1(config-line)#password 123
S1(config-line)#login
b. Configure S1 interface Fa0/4 for access mode and assign it to VLAN 10.
S1(config)#interface fastEthernet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
Step 8
S2 is the current STP root bridge. Using a priority of 4096, configure S1 as the root bridge for all VLANs.
S1(config)#spanning-tree vlan 1-20 priority 4096
Step 9
Note: Best practice requires port security on all access ports. However, for this practice exercise you will only configure one port with security.
a. Configure S1 with port security on FastEthernet 0/4:
· No more than 2 MAC addresses are allowed.
· Once learned, MAC addresses should be automatically added to the running configuration.
· If this policy is violated, the port should automatically shutdown.
S1(config)#interface fastEthernet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation shutdown
b. Verify that port security is implemented.
S1#show port-security interface fastEthernet 0/4
Step 10: Configure Inter-VLAN Routing.
a. Use the information in the Addressing Table to configure R2 for inter-VLAN routing.
R2(config)#interface fastEthernet 0/0
R2(config-if)#no ip address
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#interface fastEthernet 0/0.1
R2(config-subif)#encapsulation dot1q 1
R2(config-subif)#ip address 10.10.10.97 255.255.255.240
R2(config-subif)#no shut
R2(config-subif)#exit
R2(config)#interface fastEthernet 0/0.10
R2(config-subif)#encapsulation dot1Q 10
R2(config-subif)#ip address 10.10.10.1 255.255.255.192
R2(config-subif)#no shut
R2(config-subif)#exit
R2(config)#interface fastEthernet 0/0.20
R2(config-subif)#encapsulation dot1Q 20
R2(config-subif)#ip address 10.10.10.65 255.255.255.224
R2(config-subif)#no shut
R2(config-subif)#exit
b. Verify inter-VLAN routing.
Step 11
Although these are not scored, the following connectivity tests should be successful.
Step 1: Configure PPP on HQ.
The link between HQ and ISP uses PPP with CHAP. The password is ciscochap. ISP is not accessible and is already configured.
HQ>en
HQ#config t
HQ(config)#interface serial 0/0/1
HQ(config-if)#encapsulation ppp
HQ(config-if)#ppp authentication chap
HQ(config-if)#exit
HQ(config)#username ISP password ciscochap
Step 2: Configure Default Routing.
a.Configure HQ with a default route using the exit interface argument.
HQ(config)#ip route 0.0.0.0 0.0.0.0 se0/0/1,0/0/0,0/1/0
b. Verify default routing.
HQ(config)#do show ip route
Step 3: Configure EIGRP Routing.
a. Configure EIGRP routing on HQ, R1, and R2 using the following parameters:
· Use AS number 100.
· Do not use the wildcard mask argument.
· Do not advertise the network between HQ and ISP.
HQ(config)#router eigrp 100
HQ(config-router)#network 10.10.10.128
HQ(config-router)#network 10.10.10.248
HQ(config-router)#network 10.10.10.252
R1(config)#router eigrp 100
R1(config-router)#network 10.10.10.120
R1(config-router)#network 10.10.10.112
R1(config-router)#network 10.10.10.248
R1(config-router)#no auto-summery
R2(config)#router eigrp 100
R2(config-router)#network 10.10.10.112
R2(config-router)#network 10.10.10.252
R2(config-router)#no auto-summary
· On HQ, enter the command redistribute static to propagate the default route to R1 and R2.
HQ(config-router)#redistribute static metric 10000 1 255 1 1500
b. Configure the link between HQ and R2 so that the bandwidth of 128 is used in EIGRP calculations.
R2(config)#interface serial 0/0/0
R2(config-if)#bandwidth 128
HQ(config)#interface serial 0/1/0
HQ(config-if)#bandwidth 128
c. Configure R1 and R2 to summarize the following subnets into one advertised route to be sent to HQ.
R1(config)#interface serial 0/0/0
R1(config-if)#ip summary-address eigrp 100 10.10.10.0 255.255.255.128
R2(config)#interface serial 0/0/0
R2(config-if)#ip summary-address eigrp 100 10.10.10.0 255.255.255.128
R1 and R2 Subnets
10.10.10.0/26
10.10.10.64/27
10.10.10.96/28
10.10.10.112/29
10.10.10.120/29
Step 4: Configure HQ with NAT.
a. Configure a static NAT mapping for the Inside Web Server so that the inside IP address is translated to the outside IP address when packets are routed to the Internet. Use the addresses in the Addressing Table.
HQ(config)#interface fastEthernet 0/0
HQ(config-if)#ipnat inside
HQ(config)#ipnat inside source static 10.10.10.132 128.107.0.10
HQ(config)#interface serial 0/0/1
HQ(config-if)#ipnat outside
b. Configure dynamic NAT on HQ using the following guidelines:
· Only addresses in the 10.10.10.0/24 address space will be translated.
· Use the number 1 for the access list.
· Use PUBLIC as the NAT pool name and translate all inside addresses to the 128.107.0.4/30 address space.
· Configure PAT.
HQ(config)#ipnat pool PUBLIC 128.107.0.5 128.107.0.6 netmask 255.255.255.252
HQ(config)#access-list 1 permit 10.10.10.0 0.0.0.255
HQ(config)#ipnat inside source list 1 pool public
HQ(config)#ipnat inside source list 1 pool public overload
b. Verify that NAT is working.
HQ#showipnat translations
Step 5: Configure Trunking.
Note: S2 is already configured with trunking. You only have user EXEC mode access to S2.
On S1, manually configure the necessary links for trunking mode.
S2(config)#interface gigabitEthernet1/2
S2(config-if)#switchport mode trunk
Step 6
Note: S2 is already configured as a VTP client and will receive VLAN information from S1. You only have user EXEC mode access to S2.
a. Configure S1 with the following VTP parameters:
· VTP server.
· VTP domain name: CCNA
· VTP password: ciscovtp
S1(config)#vtp domain CCNA
S1(config)#vtp mode server
S1(config)#vtp password ciscovtp
b. Create and name the following VLANs on S1:
· VLAN 10: Student
· VLAN 20: Faculty
S1(config)#vlan 10
S1(config-vlan)#name Student
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Faculty
c. Verify that S2 received VLAN information from S1.
S2#show vlan
Step 7
Note: The VLAN interface on S2 is already configured.
a. Configure S1 for remote management access.
S1(config)#interface vlan 1
S1(config-if)#ip address 10.10.10.98 255.255.255.240
S1(config-if)#no shut
S1(config-if)#exit
S1(config)#ip default-gateway 10.10.10.97
S1(config)#do write
S1(config)#line vty 0 3
S1(config-line)#password 123
S1(config-line)#login
b. Configure S1 interface Fa0/4 for access mode and assign it to VLAN 10.
S1(config)#interface fastEthernet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
Step 8
S2 is the current STP root bridge. Using a priority of 4096, configure S1 as the root bridge for all VLANs.
S1(config)#spanning-tree vlan 1-20 priority 4096
Step 9
Note: Best practice requires port security on all access ports. However, for this practice exercise you will only configure one port with security.
a. Configure S1 with port security on FastEthernet 0/4:
· No more than 2 MAC addresses are allowed.
· Once learned, MAC addresses should be automatically added to the running configuration.
· If this policy is violated, the port should automatically shutdown.
S1(config)#interface fastEthernet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation shutdown
b. Verify that port security is implemented.
S1#show port-security interface fastEthernet 0/4
Step 10: Configure Inter-VLAN Routing.
a. Use the information in the Addressing Table to configure R2 for inter-VLAN routing.
R2(config)#interface fastEthernet 0/0
R2(config-if)#no ip address
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#interface fastEthernet 0/0.1
R2(config-subif)#encapsulation dot1q 1
R2(config-subif)#ip address 10.10.10.97 255.255.255.240
R2(config-subif)#no shut
R2(config-subif)#exit
R2(config)#interface fastEthernet 0/0.10
R2(config-subif)#encapsulation dot1Q 10
R2(config-subif)#ip address 10.10.10.1 255.255.255.192
R2(config-subif)#no shut
R2(config-subif)#exit
R2(config)#interface fastEthernet 0/0.20
R2(config-subif)#encapsulation dot1Q 20
R2(config-subif)#ip address 10.10.10.65 255.255.255.224
R2(config-subif)#no shut
R2(config-subif)#exit
b. Verify inter-VLAN routing.
Step 11
Although these are not scored, the following connectivity tests should be successful.
- H3
can ping H1 and H2.
- H3
can ping the Inside Web Server at both addresses.
- H1,
H2, and H3 can ping the Outside Web Server.
- H1
can ping S1.
Drsent Eigrp/Nat/Vlan Pt Practice Sba - Ccna Exam Preparation >>>>> Download Now
ReplyDelete>>>>> Download Full
Drsent Eigrp/Nat/Vlan Pt Practice Sba - Ccna Exam Preparation >>>>> Download LINK
>>>>> Download Now
Drsent Eigrp/Nat/Vlan Pt Practice Sba - Ccna Exam Preparation >>>>> Download Full
>>>>> Download LINK