Documente Academic
Documente Profesional
Documente Cultură
In this practice Packet Tracer Skills Exam, you are expected to:
Addressing Table
Device
R1
Interface
Fa0/0
S0/0/0
S0/0/1.101
Address
Subnet Mask
Default Gateway
172.30.1.1
10.10.10.1
255.255.255.252
255.255.255.252
n/a
n/a
R2
S0/0/0
S0/0/1.201
S0/1/0
172.30.1.6
10.10.10.2
209.165.201.2
255.255.255.252
255.255.255.252
255.255.255.252
n/a
n/a
n/a
R3
Fa0/0
S0/0/0
S0/0/1
172.30.1.2
172.30.1.5
255.255.255.252
255.255.255.252
n/a
n/a
n/a
DHCP Assigned
DHCP Assigned
DHCP Assigned
PC1
NIC
PC3
NIC
NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is
class.
c.
Assign the first (lowest) address in this subnet to the Fa0/0 interface on R3.
d.
Subnet the remaining address space to provide 30 host addresses for the R1 LAN while
wasting the fewest addresses.
e.
f.
g.
h.
Configure PC1 with IP addressing. PC3 will get its address from the DHCP server on R3 in
the next step.
b.
Verify that PC3 now has full IP addressing. It may be necessary to toggle between Static
and DHCP on the IP Configuration screen for PC3 before PC3 will send a DHCP request. PC3
should be able to ping the default gateway.
b.
Configure R2 with a default route using the outbound interface argument. Use one command
to propagate the default route into the EIGRP routing process.
c.
Verify PC1 and PC3 can ping each other as well as R1, R2 and R3. You will not be able to
ping Internet hosts yet.
b.
Verify that PC1 and PC3 can ping the Internet hosts.
Configure and apply an ACL with the number 50 that implements the following policy:
Deny any host from the R3 LAN from accessing hosts on the R1 LAN.
b.
c.
Configure and apply a named ACL with the case-sensitive name FIREWALL that
implements the following policy:
d.
SOLUTION
IP pool received 172.16.1.128 /25
172.16.1.192 /27
172.16.1.193 255.255.255.224
172.16.1.222 255.255.255.224
net 172.16.1.192
passive-interface fa0/0
Step 4: Configure R2 with a NAT
R2:
exit
access-list 1 permit 172.16.1.128 0.0.0.127
ip nat inside source list 1 interface s0/1/0
inter s0/0/0
ip nat inside
inter s0/0/1.201
ip nat inside
inter s0/1/0
ip nat outside
Step 5: Configure Access Control Lists to Satisfy a Security Policy.
A)
R1:
exit
access-list 50 deny 172.16.1.128 0.0.0.63
access-list 50 permit any
inter fa0/0
ip access-group 50 out
C)
R2:
exit
ip access-list extended FIREWALL
deny icmp any any echo
deny tcp any any eq telnet
deny tcp any any eq www
permit ip any any
exit
inter s0/1/0
ip access-group FIREWALL in
end
Introduction
In this practice Packet Tracer Skills Exam, you are expected to:
Addressing Table
Device
Interface
Address
Subnet Mask
Default Gateway
R1
Fa0/0
172.16.1.129
255.255.255.192
n/a
S0/0/0
172.30.1.1
255.255.255.252
n/a
S0/0/1.101
10.10.10.1
255.255.255.252
n/a
S0/0/0
172.30.1.6
255.255.255.252
n/a
S0/0/1.201
10.10.10.2
255.255.255.252
n/a
S0/1/0
209.165.201.2
255.255.255.252
n/a
Fa0/0
172.16.1.193
255.255.255.224
n/a
S0/0/0
172.30.1.2
255.255.255.252
n/a
S0/0/1
172.30.1.5
255.255.255.252
n/a
PC1
NIC
172.16.1.222
255.255.255.224
172.16.1.193
PC3
NIC
DHCP Assigned
DHCP Assigned
DHCP Assigned
R2
R3
NOTE:Use a printed version of these instructions to fill in the missing address information in the table during
Step 1 to aid in configuring, verifying and troubleshooting the devices.
NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode isclass.
Subnet the address space 172.16.1.128/25 to provide 50 host addresses for the R3 LAN while wasting the
fewest addresses.
b.
c.
Assign the first (lowest) address in this subnet to the Fa0/0 interface on R3.
d.
Subnet the remaining address space to provide 30 host addresses for the R1 LAN while wasting the
fewest addresses.
e.
f.
Assign the first (lowest) address in this subnet to the Fa0/0 interface on R1.
g.
h.
Configure PC1 with IP addressing. PC3 will get its address from the DHCP server on R3 in the next
step.
Configure R3 as the DHCP server for the LAN attached to Fa0/0 using the following guidelines:
b.
Verify that PC3 now has full IP addressing. It may be necessary to toggle between Static and DHCP on
the IP Configuration screen for PC3 before PC3 will send a DHCP request. PC3 should be able to ping the
default gateway.
The link between R3 and R2 uses PPP with CHAP. The password is ciscochap. Verify that R3 and R2
can ping each other.
b.
The link between R3 and R1 uses HDLC. R3 should be able to ping the other side of the link. Verify that
R3 and R1 can ping each other.
c.
The link between R1 and R2 uses point-to-point Frame Relay subinterfaces. Verify that R1 and R2 can
ping each other.
b.
Configure R2 with a default route using the outbound interface argument. Use one command to
propagate the default route into the EIGRP routing process.
c.
Verify PC1 and PC3 can ping each other as well as R1, R2 and R3. You will not be able to ping Internet
hosts yet.
b.
Verify that PC1 and PC3 can ping the Internet hosts.
Configure and apply an ACL with the number 50 that implements the following policy:
Deny any host from the R3 LAN from accessing hosts on the R1 LAN.
b.
c.
d.
Version 1.0
Created in Packet Tracer 5.2.1 and Marvel 1.0.1
All contents are Copyright 1992 - 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
R1
hostname R1
no ip domain-lookup
enable secret cisco
banner motd ^
***********************************
!!!Unauthorized access strictly prohibited and prosecuted
to the full extent of the law!!!
*********************************** ^
int fa0/0
ip add 172.16.1.193 255.255.255.224
ip access-group 50 out
no shut
int s0/0/0
ip add 172.30.1.1 255.255.255.252
clock rate 2000000
no shut
interface Serial0/0/1
no ip address
no shut
encapsulation frame-relay
interface Serial0/0/1.101 point-to-point
ip address 10.10.10.1 255.255.255.252
frame-relay interface-dlci 101
no shut
router eigrp 100
passive-interface FastEthernet0/0
network 172.16.0.0
network 172.30.0.0
network 10.0.0.0
no auto-summary
access-list 50 deny 172.16.1.128 0.0.0.63
access-list 50 permit any
logging trap debugging
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
ntp update-calendar
end
write me
R2
hostname R2
no ip domain-lookup
enable secret cisco
username R3 password 0 ciscochap
banner motd ^
***********************************
!!!Unauthorized access strictly prohibited and prosecuted
to the full extent of the law!!!
*********************************** ^
int s0/0/0
ip add 172.30.1.6 255.255.255.252
encapsulation ppp
ppp authentication chap
ip nat inside
no shut
interface Serial0/0/1
no ip address
no shut
encapsulation frame-relay
interface Serial0/0/1.201 point-to-point
ip address 10.10.10.2 255.255.255.252
frame-relay interface-dlci 201
ip nat inside
no shut
interface Serial0/1/0
ip address 209.165.201.2 255.255.255.252
ip access-group FIREWALL in
ip nat outside
no shut
router eigrp 100
redistribute static
passive-interface Serial0/1/0
network 172.30.0.0
network 10.0.0.0
no auto-summary
default-information originate
ip nat inside source list 1 interface Serial0/1/0 overload
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
access-list 1 permit 172.16.1.128 0.0.0.127
ip access-list extended FIREWALL
deny icmp any any echo
deny tcp any any eq telnet
deny tcp any any eq www
permit ip any any
logging trap debugging
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
ntp update-calendar
end
write me
R3
hostname R3
no ip domain-lookup
enable secret cisco
username R2 password 0 ciscochap
ip dhcp excluded-address 172.16.1.129 172.16.1.131
ip dhcp pool R3_LAN
network 172.16.1.128 255.255.255.192
default-router 172.16.1.129
banner motd ^
***********************************
!!!Unauthorized access strictly prohibited and prosecuted
to the full extent of the law!!!
*********************************** ^
int fa 0/0
ip add 172.16.1.129 255.255.255.192
no shut
int s0/0/0
ip add 172.30.1.2 255.255.255.252
no shut
int s0/0/1
ip add 172.30.1.5 255.255.255.252
encapsulation ppp
ppp authentication chap
clock rate 2000000
no shut
router eigrp 100
passive-interface FastEthernet0/0
network 172.16.0.0
network 172.30.0.0
no auto-summary
logging trap debugging
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
ntp update-calendar
end
write me