Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

CCNA 2 Version 3 Hands-on Final (Instructor's Guide)

advertisement 
CCNA 2 Version 3 Hands-on Final (Instructor’s Guide)
Student name _______________________________ Date __________________ Start time ____________
This is the basic setup. The hosts require an operating system with TCP/IP installed and a web browser.
The hands-on final is designed for students to wire and program one side of the internetwork. The
student will be assigned either Anniston or Boaz and its associated components. The GAD router is to be
programmed by the instructor with the provided configuration. This configuration is very lengthy and
should be pasted in sections to prevent overrun.
The student can be assigned one of 10 different versions from either Branch location. The version will
determine the WAN network assigned, as well as the IGRP Autonomous System number. This allows for
20 different combinations plus unlimited variations in the LAN assignments. These are further explained
in the appropriate sections.
Circle one:
Location: Anniston or Boaz
Circle one:
Version 1 2 3 4 5 6 7 8 9 10
Instructor provided information:
The WAN IP network address is _________________ with a subnet mask of _______________.
The local LAN has been assigned an IP network address of ______________________________.
Each subnet of the above network needs to accommodate ___________ host addresses.
Use the ______ useable subnet for the LAN. Do NOT use subnet zero as the first subnet.
The IGRP AS number is ________.
S0/0 (S0)
DCE
GAD
S0/1 (S1)
DCE
S0/0 (S0)
S0/0 (S0)
Anniston
IBM Compatible
Boaz
IBM Compatible
Management
Production
IBM Compatible
IBM Compatible
Management
Production
There are 4 elements of this exam that can be weighted or can be a pass or fail exam.
This exam will occur in stages. Each element is a set of instructions that needs to be accomplished. The
instructor will initial each task as they are completed. Proceed to the next task only after the instructor has
approved the current task.
The 5 elements of this exam are:
12345-
planning
security
cabling
basic configuration
troubleshooting
The basic theme here is that Gadsden (GAD) is regional headquarters of the company. Anniston and Boaz
are branch offices. Each network associate (student) will be responsible for single branch office. The
internetwork team leader (instructor) is responsible for the regional router (GAD).
A network address and specific number of hosts per subnet has been assigned for the local LAN. From the
instructor provided information, the subnet address, the subnet mask, the first and last useable addresses, and
the broadcast address for each site’s LAN need to be determined.
This part of the exam is to test the student’s ability to subnet. This hands-on final allows for many
combinations. The instructor needs to assign the student a network address to be applied to the LAN,
as well as how many hosts per network are needed. The instructor can assign the student virtually ANY
network (except as below) and any number of hosts per network of 3 or more.
Addresses NOT to assign to the student: for the LAN:
192.168.1.0 – 192.168.10.0
192.168.101.0 – 192.168.110.0
172.16.0.0
209.0.0.0
62.0.0.0
198.0.0.0
the network assigned to the other branch (Anniston or Boaz)
The only issue to take care in is that there must be at least 10 subnets. That means that if assigning a
Class C address, no more than 14 hosts per network and when assigning a Class B address no more
than 4094 hosts per network should be assigned.
CCNA 2 Hands-on Version Assignment
Router
Final
segment version
number
WAN network
address
GAD Router Interface IGRP AS
address
Anniston
Anniston
Anniston
Anniston
Anniston
Anniston
Anniston
Anniston
Anniston
Anniston
1
2
3
4
5
6
7
8
9
10
192.168.1.0 /24
192.168.2.0 /24
192.168.3.0 /24
192.168.4.0 /24
192.168.5.0 /24
192.168.6.0 /24
192.168.7.0 /24
192.168.8.0 /24
192.168.9.0 /24
192.168.10.0 /24
192.168.1.1
192.168.2.1
192.168.3.1
192.168.4.1
192.168.5.1
192.168.6.1
192.168.7.1
192.168.8.1
192.168.9.1
192.168.10.1
1
2
3
4
5
6
7
8
9
10
Boaz
Boaz
Boaz
Boaz
Boaz
Boaz
Boaz
Boaz
Boaz
Boaz
1
2
3
4
5
6
7
8
9
10
192.168.101.0 /24
192.168.102.0 /24
192.168.103.0 /24
192.168.104.0 /24
192.168.105.0 /24
192.168.106.0 /24
192.168.107.0 /24
192.168.108.0 /24
192.168.109.0 /24
192.168.110.0 /24
192.168.101.1
192.168.102.1
192.168.103.1
192.168.104.1
192.168.105.1
192.168.106.1
192.168.107.1
192.168.108.1
192.168.109.1
192.168.110.1
101
102
103
104
105
106
107
108
109
110
Step 1 – Planning
Points __________________
The student is asked to plan the network subnets for the first 10 useable networks. The instructor
should plan this ahead of time so they are known.
Using the chart below, plan the first 10 usable subnets of the LAN network address assigned to you.
Subnet
(useable)
Subnet
Subnet
mask
First host
Last host
Broadcast
Address
(/x)
1
2
3
4
5
6
7
8
9
10
The configuration provided for the GAD router accommodates a variety of address for the WAN to the
branch. The WAN assignment will be based on the version number and the serial port on the GAD
router. The WAN connected to serial 0/0 (from GAD to Anniston) is assigned to use networks
192.168.1.0 –192.168.10.0. If the student on the Anniston site is assigned version 1 of the final, the
192.168.1.0 network should be assigned and an IGRP AS of 1 will be used.
The WAN assignments for the serial 0/1 (from GAD to Boaz), offsets the version number by 100. If the
student on the Boaz site is assigned version 1 of the final, the 192.168.101.0 network should be assigned
and an IGRP AS of 101 will be used.
The WAN interface of GAD is assigned the lowest useable address in the network.
Identify and use the second lowest useable WAN address for your S0 interface of the router assigned to you
_________________________.
The subnet number should be equal to the version number assigned to the student.
The student should properly select the address ranges for the Production and Management hosts. The
most significant bit of the host range should divide the address ranges. For example, if the subnet is
172.16.1.128 /26 the address range of the subnet would be 172.16.1.129 – 172.16.1.191. The lower
address range (production) is 172.16.1.129 – 172.16.1.159. The upper address range (management) is
172.16.1.160- 172.16.1.190. This chart below shows the binary representation of the last octet this
example.
Number
Lower
Range
Upper
Range
129
191
160
190
Network Bits
1
1
1
1
0
0
0
0
Host
Decision
Bit
0
0
1
1
Remaining Host Bits
0
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
1
0
0
0
For "Security" purposes, all of the production floor workstations will be assigned the lower half of the IP
address numbers of the subnet assigned by the instructor. All of network devices and management stations
will be assigned the upper half of the IP address numbers of the subnet assigned by the instructor. From this
upper half range of addresses, the Ethernet router interface is to be assigned the highest useable address.
Identify the required IP address of the Ethernet interface on your assigned router. ___________________
The host configurations must also be planned. Using the chart below, complete the host information.
Branch:
Anniston or Boaz
Production Host Range
(Lower half)
Management Host Range
(Upper half)
IP address range
Production Host
IP address ___________________________
Subnet Mask __________________
Default Gateway ___________________________
Management Host
IP address ___________________________
Subnet Mask __________________
Default Gateway ___________________________
Before proceeding to the next step have instructor approve this step.
Instructor _______________________________
Step2 – Security
Points __________________
There are several security concerns in the internetwork. Access Control List(s) should be developed to
address these issues. The following are the concerns:
1. The company has an intranet web server host that all systems can reach at IP address 172.16.0.1 with
only HTTP access. No other protocols will be permitted to this site.
2. The company also has a server pool in the 209.0.0.0 /24 network. The server pool addresses are
divided into halves. The servers in the upper half of the address range should only be reachable by
management hosts (all IP protocols). The servers in the lower half of the address range should be
reachable by all LAN hosts (all IP protocols). The servers should not be accessible any other hosts.
3. The company has discovered an Internet Web server at 198.0.0.1 that is known to contain viruses.
All hosts are to be banned from reaching this site.
Before proceeding to the next step have instructor approve this step.
Instructor ______________________________
Step 3 –Cabling
Points __________________
Now that the planning process is complete, it is time to construct the Physical layer. Using the diagram,
connect all the associated hardware for the local branch.
This should be a straightforward process. As long as the student uses the proper cables and does not
omit any of the connections. A hub can be substituted for a switch. When using a switch, make sure
that all custom configurations are erased. In particular, make sure the switch is using a single VLAN. If
using a hub, make sure that the student does not use an uplink port.
Below is a checklist to assure the proper connection.
Device
connection to Switch/Hub
S0/0 or S0/1
connection
[ ]
Anniston
Cat 5 straight
Serial (DTE)
[ ]
Boaz
Cat 5 straight
Serial (DTE)
[ ]
GAD
n/a
Serial (DCE)
[ ]
Production
Cat 5 straight
n/a
[ ]
Management
Cat 5 straight
n/a
Before proceeding to the next step have instructor approve this step.
Instructor _______________________________
Step 4 – Basic Configuration
Points __________________
The student is tested on the same basic configuration elements as have been used in lab throughout
the course. A checklist is provided below for some of the critical configuration items.
Criteria
passwords
Make sure that the student configures the console, secret, and VTY
passwords. (The VTY password can
Host Name
The student should configure the host name of Anniston or Boaz.
IP Address
The FastEthernet should be configured with the highest address in the
subnet. The Serial interface can be configured with any address in the
appropriate Class C EXCEPT the lowest.(GAD’s interface is .1)
Host Table
Make sure the router has host table entries for GAD
Message of
the Day
Make sure there is a properly functioning MOTD and that it reflects a
proper security message. (Do not attempt to …)
Serial 0/0
description
The serial interface should have a description for identifying that it
connects to GAD’s appropriate interface.
Fa 0/0
This description should identify that it connect to the LAN
Checked
description
Routing
Protocol
The routing protocol should be configured as IGRP with an
Autonomous System Number equal to the version number. There should
be 2 network statements. One for the WAN (192.168.y.0) and one for
the network assigned to the LAN.
Hosts
Make sure the hosts are configured with the appropriate IP address,
subnetmask, and gateway. The routers address (highest address in
subnet) should be the gateway on both hosts.
Connectivity From the hosts command prompt, make sure that the host can ping
GAD’s Serial interface as well as the loopback interfaces.
172.16.0.1, 209.0.0.1, 209.0.0.254, 62.0.0.1, and 198.0.0.1.
Browsing
Also make sure that the web browser on the host can bring up the login
popup for the loopback interfaces.
172.16.0.1, 209.0.0.1, 209.0.0.254, 62.0.0.1, and 198.0.0.1.
Apply a basic configuration to the router. This configuration should include contain all the normal
configuration items. These include (but not limited to): router name, passwords, interface descriptions,
routing, host table, and a banner to be displayed before login.
The routing and connectivity should be verified before notifying the instructor.
Before proceeding to the next step have instructor approve this step.
Instructor _______________________________
Step 4 – Security
Points __________________
This section tests the student’s skills to design and apply IP ACL lists for different purposes. The
following will require the student to develop a ACL statements for:
- Network to host for a specific protocol
- A range of hosts to a range of hosts all protocols
- Network to specific host all protocols
These can be accomplished using one access list applied in on the FastEthernet interface of applied
out on the serial interface. The answers provided are ONLY examples. There are many ways to
accomplish the intended outcome. Functionality should be tested.
There are several security concerns in the internetwork. Access Control List(s) should be developed to
address these issues. The following are the concerns:
1.
Access-list 100 permit tcp lan_address wildcard host 172.16.0.1 eq 80
Access-list 100 deny ip lan_address wildcard host 172.16.0.1
Where the lan_address is the subnet address of the LAN and the wildcard is the complement of the
subnetmask. Example: subnet 172.18.1.0 255.255.255.0 = address 172.18.1.0 wildcard 0.0.0.255
--- Make sure that the source is the whole subnet not just the specific hosts. --1.
The company has an intranet web server host that all systems can reach at IP address 172.16.0.1 with
only HTTP access. No other protocols will be permitted to this site.
2
Access-list 100 deny ip lan_address low_wildcard 209.0.0.128 0.0.0.127
Access-list 100 permit ip lan_address wildcard 209.0.0.0 0.0.0.255
Access-list 100 deny ip any 209.0.0.0 0.0.0.255
Where the lan_address is the subnet address of the LAN and the low_wildcard is the complement of
the subnetmask except the most significant host bit is 0. Example: subnet 172.18.1.0 255.255.255.0
= lan_address 172.18.1.0 low_wildcard 0.0.0.127
Where the lan_address is the subnet address of the LAN and the wildcard is the complement of the
subnetmask. Example: subnet 172.18.1.0 255.255.255.0 = address 172.18.1.0 wildcard 0.0.0.255
---- Make sure that the source is not just the specific hosts. --2. The company also has a server pool in the 209.0.0.0 /24 network. The server pool addresses are divided
into halves. The servers in the upper half of the address range should only be reachable by management hosts
(all IP protocols). The servers in the lower half of the address range should be reachable by all LAN hosts
(all IP protocols). The servers should not be accessible any other hosts.
3
Access-list 100 deny ip any host 198.0.0.1
3. The company has discovered an Internet Web server at 198.0.0.1 that is known to contain viruses.
All hosts are to be banned from reaching this site.
Tests
1.
The web browser on both hosts can bring up the login of IP address 172.16.0.1 but neither can ping
nor telnet.
2.
Management host can browse, ping, telnet … 209.0.0.1 and 209.0.0.254. Production host can browse,
ping, telnet … 209.0.0.1 but NOT 209.0.0.254.
3.
Neither host can browse, ping, telnet …198.0.0.1.
4.
The web browser on both hosts can bring up the login of IP address 62.0.0.1 (can also ping, telnet..)
Before proceeding to the next step have instructor approve this step.
Instructor _______________________________
Step 5 – Troubleshooting
Points __________________ (Optional)
This is an important part of the hands-on exam. The instructor should be more interested in the
troubleshooting methodology than correcting the problems. Students should not extensively use the
show run command. They should also not be allowed to paste the configuration back into the router to
correct the problem.
The student should use and document the appropriate show and debug commands to isolate the
problems.
As a general rule, one Physical layer problem and one configuration problem should be introduced.
Now that everything successfully configured, the instructor create some problems. The steps and commands
used correct these issues must be documented. The show run command should be used only as a last resort.
Symptom / Cause
Commands / Results
Instructor _______________________________
Grade ______________________________
Detailed Solutions
End time __________________
Initials
These are some recommended problems to be introduced and commands/methods to diagnose them.
Physical Issues
Pull the Cat 5 cable partially out of the router or hub far enough to turn of link lights or put a
bad/wrong Cat 5 cable in LAN.
- show interfaces or show ip interface brief
Power off router or remove power cord.
- visual inspection
Reverse the cable on the serial connection (DTE – DCE)
- show interfaces or show ip interface brief
- show controller serial
- show cdp neighbor
Connect 2 DCE cables back to back on the serial connection
- show interfaces or show ip interface brief
- show controller seria
- show cdp neighborl
Configuration Issues
Shutdown an interface
Example :
…if)# shutdown
Commands for troubleshooting
- show interfaces or show ip interface brief
Change the IP address to a similar one in another subnet
Example changing 172.32.24.1 /24 to 172.32.42.1 /24
…if)#ip address 172.32.42.1 255.255.255.0
Commands for troubleshooting
- show interfaces or show ip interface brief
- show ip route
Change the network statements in the routing protocol to similar network
Example changing 172.32.0.0 to 172.23.0.0
…-router)# no network 172.32.0.0
…-router)#network 172.23.0.0 ]
Commands for troubleshooting
- show ip route
- show ip protocols
Change the IGRP autonomous system number to something similar
Example changing AS from 102 to 120
…config)#no router igrp 102
…config)#no router igrp 120
…-router)#network xxx.yyy.zzz.aaa
…-router)#network rrr.sss.ttt.uuu
Commands for troubleshooting
- show ip route
- show ip protocols
Remove the IGRP routing protocol
Example removing AS 102
…config)#no router igrp 102
Commands for troubleshooting
- show ip route
- show ip protocols
Use a static route to override the route from the routing protocol to send traffic to null 0 (or to some other
ACTIVE interface)
Example rerouting route 172.16.0.0 255.255.0.0 to null 0
…config)#ip route 172.16.0.0 255.255.0.0 null 0
Commands for troubleshooting
- show ip route
- show ip protocols
Change the secret password so student has to do password recovery
Example change secret password to sneaky
…config)#enable secret sneaky
When introducing configuration changes a couple of things need to be done to insure the student does
not easily find the problems. One of these issues is that the changes are captured in the history buffer on
the router. The student can use the arrow keys (ctrl-p) or show history to see the changes made. Another
is that if the configuration changes made to the router are not saved to start up, the student can restart the
router to correct the configuration problems. A final issue is that the terminal emulation program often
has a buffer that will keep a copy of the changes. The student an look through the buffer to see the
changes that have been made.
]
For the reasons above, it is recommended that steps be taken to prevent the student from an “easy fix”.
After the configuration changes are made to inject a problem in the student’s router:
- issue a copy running-config startup-config command
- power cycle the router
- close the terminal session.
Related documents
prelab2
prelab2
IE 419/519: Wireless Networks Winter 2013 Homework #2
IE 419/519: Wireless Networks Winter 2013 Homework #2
CCNA 1v4 SkillsorPracticeSkills Ans v2
CCNA 1v4 SkillsorPracticeSkills Ans v2
CCNA 2 Skills-Based Assessment
CCNA 2 Skills-Based Assessment
prelab2
prelab2
Test3: Fall 12
Test3: Fall 12
CCNA Discovery: Introducing Routing and Switching in the
CCNA Discovery: Introducing Routing and Switching in the
Teaching VLSM - Texas Exercise 1
Teaching VLSM - Texas Exercise 1
Fall 2005
Fall 2005
Download
advertisement