Add to collection(s) Add to saved
  1. No category
Uploaded by Zongo koné

All CCNA Exploration Accessing the WAN S

advertisement 
CCNA Exploration: Accessing the WAN Student Skills Based
Assessment Lab Answer Key
Topology Diagram
Addressing Table
Device
R1
R2
R3
Interface
IP Address
Subnet Mask
Default Gateway
Fa0/1
10.0.0.1
255.255.255.128
N/A
S0/0/0
172.16.0.1
255.255.255.252
N/A
S0/0/1
172.16.0.9
255.255.255.252
N/A
Lo0
209.165.200.161
255.255.255.224
N/A
S0/0/0
172.16.0.2
255.255.255.252
N/A
S0/0/1
172.16.0.5
255.255.255.252
N/A
Fa0/1
10.0.0.129
255.255.255.128
N/A
S0/0/0
172.16.0.10
255.255.255.252
N/A
S0/0/1
172.16.0.6
255.255.255.252
N/A
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
CCNA Exploration
Accessing the WAN: Skills Based Assessment
Student Skills based Assessment Lab
Device
Interface
IP Address
Subnet Mask
Default Gateway
PC1
NIC
10.0.0.10
255.255.255.128
10.0.0.1
PC3
NIC
10.0.0.139
255.255.255.128
10.0.0.129
Learning Objectives
To complete this lab:
•
•
•
•
•
•
•
•
•
Cable a network according to the topology diagram
Erase the startup configuration and reload a router to the default state
Perform basic configuration tasks on a router
Configure and activate interfaces
Configure and activate serial interfaces (PPP with CHAP, HDLC, and Frame Relay)
Configure RIP on all the routers
Configure basic router security
Configure ACLs
Configure basic NAT
Scenario
This lab tests you on the skills and knowledge that you learned in Exploration 4. Use cisco for all passwords in
this lab, except for the enable secret password, which is class.
Task 1: Prepare the Network
Step 1: Cable a network that is similar to the one in the topology diagram.
Step 2: Clear any existing configurations on the routers.
Task 2: Perform Basic Device Configurations
Configure the R1, R2, and R3 routers according to the following guidelines:
•
•
•
•
•
•
•
Configure the router hostname.
Disable DNS lookup.
Configure an EXEC mode password.
Configure a message-of-the-day banner.
Configure a password for console connections.
Configure synchronous logging.
Configure a password for vty connections.
R1:
Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config)#banner motd #R1#
R1(config)#no ip domain-lookup
R1(config)#enable secret class
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 9
CCNA Exploration
Accessing the WAN: Skills Based Assessment
Student Skills based Assessment Lab
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#logging synchronous
R1(config-line)#exec-timeout 5
R1(config-line)#exit
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#logging synchronous
R1(config-line)#exec-timeout 5
R1(config-line)#exit
R2:
Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config)#banner motd #R2#
R2(config)#no ip domain-lookup
R2(config)#enable secret class
R2(config)#line console 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#logging synchronous
R2(config-line)#exec-timeout 5
R2(config-line)#exit
R2(config)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#logging synchronous
R2(config-line)#exec-timeout 5
R2(config-line)#exit
R3:
Router>enable
Router#configure terminal
Router(config)#hostname R3
R3(config)#banner motd #R3#
R3(config)#no ip domain-lookup
R3(config)#enable secret class
R3(config)#line console 0
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#logging synchronous
R3(config-line)#exec-timeout 5
R3(config-line)#exit
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
CCNA Exploration
Accessing the WAN: Skills Based Assessment
Student Skills based Assessment Lab
R3(config)#line vty 0 4
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#logging synchronous
R3(config-line)#exec-timeout 5
R3(config-line)#exit
Task 3: Configure and Activate Serial and Ethernet Addresses
Step 1: Configure interfaces on R1, R2, and R3.
Step 2: Verify IP addressing and interfaces.
Step 3: Configure the PC1 and PC3 Ethernet interfaces.
Step 4: Test connectivity between the PCs and routers.
R1:
R1(config)#interface fastEthernet0/1
R1(config-if)#ip address 10.0.0.1 255.255.255.128
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface Serial0/0/0
R1(config-if)#ip address 172.16.0.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface Serial0/0/1
R1(config-if)#ip address 172.16.0.9 255.255.255.252
R1(config-if)#no shutdown
R1(config-if)#end
R1#show ip interface brief
R2:
R2(config)#interface Serial0/0/0
R2(config-if)#ip address 172.16.0.2 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface Serial0/0/1
R2(config-if)#ip address 172.16.0.5 255.255.255.252
R1(config-if)#clock rate 64000
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface Loopback0
R2(config-if)#ip address 209.165.200.161 255.255.255.224
R2(config-if)#no shutdown
R2(config-if)#end
R2#show ip interface brief
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 9
CCNA Exploration
Accessing the WAN: Skills Based Assessment
Student Skills based Assessment Lab
R3:
R3(config)#interface fastEthernet0/1
R3(config-if)#ip address 10.0.0.129 255.255.255.128
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface Serial0/0/0
R3(config-if)#ip address 172.16.0.10 255.255.255.252
R3(config-if)#clock rate 64000
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface Serial0/0/1
R3(config-if)#ip address 172.16.0.6 255.255.255.252
R3(config-if)#no shutdown
R3(config-if)#end
R3#show ip interface brief
Task 4: Configure Serial Interfaces
Step 1: Configure and verify PPP encapsulation with CHAP authentication between R1 and R2. The
password is “cisco”.
Step 2: Configure and verify HDLC encapsulation between R2 and R3.
Step 3: Configure Frame Relay between R1 and R3.
R1:
R1#configure terminal
R1(config)#username R2 password cisco
R1(config)#interface Serial0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#exit
R1(config)#interface Serial0/0/1
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay map ip 172.16.0.9 101 broadcast
R1(config-if)#frame-relay map ip 172.16.0.10 101 broadcast
R1(config-if)#frame-relay interface-dlci 101
R1(config-if)#no keepalive
R1(config-if)#end
R1#show
R1#show
R3#show
R3#show
interface Serial0/0/0
interface Serial0/0/1
frame-relay pvc
frame-relay map
R2:
R2#configure terminal
R2(config)#username R1 password cisco
R2(config)#interface Serial0/0/0
R2(config-if)#encapsulation ppp
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 9
CCNA Exploration
Accessing the WAN: Skills Based Assessment
Student Skills based Assessment Lab
R2(config-if)#ppp authentication chap
R2(config-if)#exit
R2(config)#interface Serial0/0/1
R2(config-if)#encapsulation hdlc
R2(config-if)#end
R2#show interface Serial0/0/0
R2#show interface Serial0/0/1
R3:
R3#configure terminal
R3(config)#interface Serial0/0/0
R3(config-if)#encapsulation frame-relay
R3(config-if)#frame-relay map ip 172.16.0.10 101 broadcast
R3(config-if)#frame-relay map ip 172.16.0.9 101 broadcast
R3(config-if)#frame-relay interface-dlci 101
R3(config-if)#no keepalive
R3(config-if)#exit
R3(config)#interface Serial0/0/1
R3(config-if)#encapsulation hdlc
R3(config-if)#end
R3#show
R3#show
R3#show
R3#show
interface Serial0/0/0
interface Serial0/0/1
frame-relay pvc
frame-relay map
Task 5: Configure RIP
Step 1: Configure RIP on R1, R2, and R3.
RIP updates should only be sent on the serial links between the routers. Prevent all other RIP updates on
all networks.
Step 2: Test connectivity with the ping command.
Step 3: Verify the routing table with the appropriate command.
R1:
R1#configure terminal
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 10.0.0.0
R1(config-router)#network 172.16.0.0
R1(config-router)#passive-interface fastEthernet0/1
R1(config-router)#no auto-summary
R1(config-router)#end
R1#show ip protocols
R1#show ip route
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 9
CCNA Exploration
Accessing the WAN: Skills Based Assessment
Student Skills based Assessment Lab
R2:
R2#configure terminal
R2(config)#ip route 0.0.0.0 0.0.0.0 Loopback0
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 172.16.0.0
R2(config-router)#no auto-summary
R2(config-router)#redistribute static
R2(config-router)#end
R2#show ip protocols
R2#show ip route
R3:
R3#configure terminal
R3(config)#router rip
R1(config-router)#version 2
R3(config-router)#network 10.0.0.0
R3(config-router)#network 172.16.0.0
R3(config-router)#passive-interface fastEthernet0/1
R3(config-router)#no auto-summary
R3(config-router)#end
R3#show ip protocols
R3#show ip route
Task 6: Configure Basic Router Security
Step 1: Enable a secure Telnet login using a local database on R2.
Step 2: Disable unused services and interfaces on R2.
Step 3: Confirm that R2 is secured.
R2:
R2#configure terminal
R2(config)#username cisco password cisco
R2(config)#aaa new-model
R2(config)#aaa authentication login LOCAL_AUTH local
R2(config)#line vty 0 4
R2(config-line)#login authentication LOCAL_AUTH
R2(config)#no
R2(config)#no
R2(config)#no
R2(config)#no
R2(config)#no
R2(config)#no
R2(config)#no
R2(config)#no
R2(config)#no
service pad
service finger
service udp-small-server
service tcp-small-server
ip bootp server
ip http server
ip finger
ip source-route
ip gratuitous-arps
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 9
CCNA Exploration
Accessing the WAN: Skills Based Assessment
Student Skills based Assessment Lab
R2(config)#no cdp run
Task 7: Configure Access Control Lists
Step 1: Allow telnet to R1 and R3 from R2 only.
Step 2: Do not allow HTTP, Telnet, and FTP traffic from the Internet to PC1.
Step 3: Do not allow PC1 to receive traffic from the 10.0.0.128 /25 network.
Step 4: Verify that PC3 cannot ping PC1, but can ping 10.0.0.1.
R1:
R1#configure terminal
R1(config)#access-list
R1(config)#access-list
R1(config)#access-list
R1(config)#access-list
101
101
101
101
permit tcp host 172.16.0.2 any eq 23
permit tcp host 172.16.0.5 any eq 23
deny tcp any any eq 23
permit ip any any
R1(config)#line vty 0 4
R1(config-line)#access-class 101 in
R1(config-line)#end
R1#show ip access-lists
R2:
R2#configure terminal
R2(config)#access-list
R2(config)#access-list
R2(config)#access-list
R2(config)#access-list
R2(config)#access-list
102
102
102
102
102
deny tcp any host
deny tcp any host
deny tcp any host
deny tcp any host
permit ip any any
10.0.0.10
10.0.0.10
10.0.0.10
10.0.0.10
eq
eq
eq
eq
80
23
21
20
R2(config)#interface Loopback0
R2(config-if)#ip access-group 102 in
R2(config-if)#end
R2#show ip access-lists
R3:
R3#configure terminal
R3(config)#access-list
R3(config)#access-list
R3(config)#access-list
R3(config)#access-list
101
101
101
101
permit tcp host 172.16.0.2 any eq 23
permit tcp host 172.16.0.5 any eq 23
deny tcp any any eq 23
permit ip any any
R3(config)#line vty 0 4
R3(config-line)#access-class 101 in
R3(config-line)#end
R3(config)#access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10
R3(config)#access-list 103 permit ip any any
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 9
CCNA Exploration
Accessing the WAN: Skills Based Assessment
Student Skills based Assessment Lab
R3(config)#interface Serial0/0/0
R3(config-if)#ip access-group 103 out
R3(config-if)#exit
R3(config)#interface Serial0/0/1
R3(config-if)#ip access-group 103 out
R3(config-if)#end
R3#show ip access-lists
Task 8: Configure NAT.
Step 1: Configure NAT to allow PC3 to ping PC1.
Step 2: Verify that PC3 can reach PC1.
R3:
R3#configure terminal
R3(config)#access-list 104 permit ip 10.0.0.128 0.0.0.127 any
R3(config)#ip nat inside source list 104 interface Serial0/0/0 overload
R3(config)#interface fastEthernet0/1
R3(config-if)#ip access-group 104 in
R3(config-if)#ip nat inside
R3(config-if)#exit
R3(config)#interface Serial0/0/0
R3(config-if)#ip nat outside
R3(config-if)#exit
R3(config)#interface Serial0/0/1
R3(config-if)#ip nat outside
R3(config-if)#end
R3#show ip access-lists
Task 9: Document the Router Configurations
Task 10: Clean Up
Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are normally
connected to other networks, such as the school LAN or to the Internet, reconnect the appropriate cabling and
restore the TCP/IP settings.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 9
Related documents
Basic Switch Configuration
Basic Switch Configuration
SSH beáll
SSH beáll
Packet Tracer – Configuring Secure Passwords and SSH (Instructor
Packet Tracer – Configuring Secure Passwords and SSH (Instructor
Command line commands
Command line commands
11.6.1.2 Packet Tracer - Skills Integration Challenge Instructions IG
11.6.1.2 Packet Tracer - Skills Integration Challenge Instructions IG
CommunicationProjectHandout
CommunicationProjectHandout
Download
advertisement