Documente Academic
Documente Profesional
Documente Cultură
Introduction
In this practice skills assessment, you will configure the XYZ Corporation
network with single-area OSPFv2. In addition, you will configure
router-on-a-stick routing between VLANs. You will also implement NAT,
DHCP and access lists.
All IOS device configurations should be completed from a direct terminal connection to the
device console.
Some values that are required to complete the configurations have not been
given to you. In those cases, create the values that you need to
complete the requirements. These values may include certain IP
addresses, passwords, interface descriptions, banner text, and other
values.
For the sake of time, many repetitive but important
configuration tasks have been omitted from this activity. Many of these
tasks, especially those related to device security, are essential
elements of a network configuration. The intent of this activity is not
to diminish the importance of full device configurations.
You will practice and be assessed on the following skills:
HQ:
Site 2:
Site1-SW1:
Configuration of VLANs
Assignment of switch ports to VLANs
Configuration of trunking
Configuration of unused switch ports
Site1-SW2:
Configuration of VLANs
Assignment of switch ports to VLANs
Configuration of trunking
Configuration of unused switch ports
Internal PC hosts:
Addressing Tables
Note: You are provided with the networks that interfaces should be configured
on. Unless you are told to do differently in the detailed instructions
below, you are free to choose the host addresses to assign.
Addressing Table:
Device
Interface
Network
Comments
S0/0/0
192.168.10.104/30
Gi0/0.45
192.168.45.0/24
Gi0/0.47
192.168.47.0/24
Gi0/0.101
192.168.101.0/24
S0/0/0
192.168.10.104/30
S0/0/1
192.168.10.112/30
S0/1/0
198.51.100.0/28
Gi0/0
192.168.18.40/29
S0/0/0
192.168.10.124/30
S0/0/1
192.168.10.112/30
Site1-SW1
VLAN 101
192.168.101.0/24
Site1-SW2
VLAN 101
192.168.101.0/24
Site 1
HQ
Site 2
Device
Address
192.168.18.46/29
Admin Host
203.0.113.18
Internet Host
203.0.113.128
Web Server
209.165.201.235
East Host
192.168.200.10/24
Central Host
192.168.201.10/24
West Host
192.168.202.10/24
VLAN Table:
VLAN Number
VLAN Name
VLAN Network
Device:Port
45
finance
192.168.45.0/24
Site1-SW1:Fa0/10
Site1-SW2: Fa0/3
47
sales
192.168.47.0/24
Site1-SW1:Fa0/15
Site1-SW2: Fa0/21
101
netadmin
192.168.101.0/24
SVI
Instruction
All configurations must be performed through a direct terminal connection to the device consoles.
Step 1: Determine the Addresses to Assign
Determine the IP addresses that you will use for the required interfaces on the
three routers and two switches. Use the information in the Addressing
Table and follow the guidelines below:
Assign the first IP addresses in the networks that are provided in the Addressing Table to the LAN
interfaces.
Assign the first address in the HQ subnet to the interface that is connected to the Internet.
Assign any valid host address in the networks that are provided in the Addressing Table to
the serial interfaces.
The host PCs will receive IP addresses over DHCP.
Configure the interfaces of the routers for full connectivity with the following:
IP addresses as shown in the addressing table.
Describe
the operational Site 1 serial interface. The Site 1 Ethernet
interfaces will be configured at the end of this assessment.
DCE settings where appropriate. Use a rate of 128000.
Configure single-area OSPFv2 to route between all internal networks. The branch networks are not
routed with OSPFv2.
Use a process ID of 10.The routers should be configured in area 0.
Use the correct inverse masks for all network statements. Do not use quad zero masks
(0.0.0.0).
Site 1: 1.1.1.1
HQ: 2.2.2.2
Site 2: 3.3.3.3
c. Configure the OSPF cost of the link between Site 1 and HQ to 7500.
d.Prevent routing updates from being sent out of any of the LAN
interfaces that are routed with OSPFv2. Do not use the default keyword
in the commands you use to do this.
Use VLAN45 and VLAN47 as the pool names. Note that the pool names must match the
names given here exactly, all capital letters and exact spelling.
Addresses .1 to .20 should be reserved for static assignment from each pool.
The
first address in each network will be assigned to the router interface
attached to the networks as shown in the addressing table.
Use a DNS server address of 192.168.18.100. This server has not yet been added to the
network, but the address must be configured.
Ensure that hosts in each LAN are able to communicate with hosts on remote networks.
Create a named standard ACL using the name MANAGE. Be sure that you use this name
exactly as it appears in these instructions (case and spelling).
Allow only the Admin Host to access the vty lines of HQ.
No other Internet hosts (including Internet hosts not visible in the
topology) should be able to access the vty lines of HQ.
b. Allow outside access to the Corporate Web Server while controlling other
traffic from the outside. Create the ACL as directed below:
Your ACL should be placed in the most efficient location possible to conserve network bandwidth
and device processing resources.
Step 11: Configure Router-on-a-Stick Inter-VLAN Routing.
Configure Site 1 to provide routing between the VLANs configured on the switches. As follows:
Ensure that the hosts attached to the VLANs can reach hosts on the
Branch Network. Note: Pings to the Internet hosts will be blocked
by the ACL, however the server should be reachable over HTTP.
Topology Type A
Step 1
Step 2
HQ
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname HQ
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO1941/K9 sn FTX1524Y7OR
!
!
spanning-tree mode pvst
!
!
interface GigabitEthernet0/0
ip address 192.168.18.41 255.255.255.248
no sh
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
bandwidth 128
ip address 192.168.10.105 255.255.255.252
no sh
ip ospf cost 7500
!
interface Serial0/0/1
bandwidth 128
ip address 192.168.10.113 255.255.255.252
no sh
clock rate 128000
!
interface Serial0/1/0
ip address 198.51.100.1 255.255.255.240
no sh
ip access-group 101 in
ip nat outside
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
passive-interface GigabitEthernet0/0
network 192.168.10.104 0.0.0.3 area 0
network 192.168.10.112 0.0.0.3 area 0
network 192.168.18.40 0.0.0.7 area 0
!
ip nat pool INTERNET 198.51.100.3 198.51.100.13 netmask 255.255.255.240
ip nat inside source list 1 pool INTERNET
ip nat inside source static 192.168.18.46 198.51.100.14
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
ip route 192.168.200.0 255.255.252.0 Serial0/0/1
!
ip flow-export version 9
!
!
access-list 1 permit 192.168.45.0 0.0.0.255
access-list 1 permit 192.168.47.0 0.0.0.255
access-list 1 permit 192.168.200.0 0.0.3.255
ip access-list standard MANAGE
permit host 203.0.113.18
access-list 101 permit ip host 203.0.113.18 any
access-list 101 permit tcp any host 198.51.100.14 eq www
access-list 101 permit tcp any any established
access-list 101 deny ip any any
!
!
line con 0
!
line aux 0
!
line vty 0 4
access-class MANAGE in
password class
login
!
!
end
Site1
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Site-1
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
ip dhcp excluded-address 192.168.45.1 192.168.45.20
ip dhcp excluded-address 192.168.47.1 192.168.47.20
!
ip dhcp pool VLAN45
network 192.168.45.0 255.255.255.0
default-router 192.168.45.1
dns-server 192.168.18.100
ip dhcp pool VLAN47
network 192.168.47.0 255.255.255.0
default-router 192.168.47.1
dns-server 192.168.18.100
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO1941/K9 sn FTX15245QA9
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
interface GigabitEthernet0/0
no sh
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.45
description any_text
encapsulation dot1Q 45
ip address 192.168.45.1 255.255.255.0
!
interface GigabitEthernet0/0.47
description any_text
encapsulation dot1Q 47
ip address 192.168.47.1 255.255.255.0
!
interface GigabitEthernet0/0.101
description any_text
encapsulation dot1Q 101
ip address 192.168.101.1 255.255.255.0
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description any_text
bandwidth 128
ip address 192.168.10.105 255.255.255.252
ip ospf cost 7500
clock rate 128000
no sh
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 10
router-id 1.1.1.1
log-adjacency-changes
passive-interface GigabitEthernet0/0.45
passive-interface GigabitEthernet0/0.47
passive-interface GigabitEthernet0/0.101
network 192.168.10.104 0.0.0.3 area 0
network 192.168.45.0 0.0.0.255 area 0
network 192.168.47.0 0.0.0.255 area 0
network 192.168.101.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
ip flow-export version 9
!
!
banner motd ^C
Any banner text.^C
!
!
line con 0
password 7 0822404F1A0A
logging synchronous
login
!
line aux 0
!
line vty 0 4
password 7 0822404F1A0A
login
!
!
end
Site2
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Site-2
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO1941/K9 sn FTX15248687
!
!
spanning-tree mode pvst
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.10.126 255.255.255.252
no sh
!
interface Serial0/0/1
bandwidth 128
ip address 192.168.10.114 255.255.255.252
no sh
!
interface Vlan1
no ip address
shutdown
!
router ospf 10
router-id 3.3.3.3
log-adjacency-changes
redistribute static
network 192.168.10.112 0.0.0.3 area 0
!
ip classless
ip route 192.168.200.0 255.255.252.0 Serial0/0/0
ip route 0.0.0.0 0.0.0.0 Serial0/0/1
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
password class
login
!
!
end
Site1-SW1
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Site1-SW1
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport mode access
shutdown
!
interface FastEthernet0/2
switchport mode access
shutdown
!
interface FastEthernet0/3
switchport mode access
shutdown
!
interface FastEthernet0/4
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport mode access
shutdown
!
interface FastEthernet0/6
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport mode access
shutdown
!
interface FastEthernet0/8
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport access vlan 45
switchport mode access
no sh
!
interface FastEthernet0/11
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport mode access
shutdown
!
interface FastEthernet0/13
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport access vlan 47
switchport mode access
no sh
!
interface FastEthernet0/16
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport mode access
shutdown
!
interface GigabitEthernet0/1
switchport mode trunk
no sh
!
interface GigabitEthernet0/2
switchport mode trunk
no sh
!
interface Vlan1
no ip address
shutdown
!
interface Vlan101
ip address 192.168.101.10 255.255.255.0
!
ip default-gateway 192.168.101.1
!
!
vl 45
na finance
vl 47
na sales
vl 101
na netadmin
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
Site1-SW2
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Site1-SW2
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport mode access
shutdown
!
interface FastEthernet0/2
switchport mode access
shutdown
!
interface FastEthernet0/3
switchport access vlan 45
switchport mode access
no sh
!
interface FastEthernet0/4
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport mode access
shutdown
!
interface FastEthernet0/6
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport mode access
shutdown
!
interface FastEthernet0/8
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport mode access
shutdown
!
interface FastEthernet0/11
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport mode access
shutdown
!
interface FastEthernet0/13
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 47
switchport mode access
no sh
!
interface FastEthernet0/22
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport mode access
shutdown
!
interface GigabitEthernet0/1
switchport mode trunk
no sh
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan101
ip address 192.168.101.15 255.255.255.0
!
ip default-gateway 192.168.101.1
!
!
vl 45
na finance
vl 47
na sales
vl 101
na netadmin
!
!
line con 0
!
line vty 0 4
pas class
login
line vty 5 15
pas class
login
!
!
end
Step 3