ICND1 Review Rebuilding the Network

Scenario:
Your organization has just upgraded from using non-standardized devices to a complete Cisco solution.
Youve been offered a bonus of 3,281 Bitcoins to implement the new network infrastructure meeting
the standards outlined below.

Objectives:

Configure all routers and switches with a base configuration. This base configuration should include
the following:
o
o
o
o
o
o
o

Correct hostname
Telnet and console passwords of NuggetLove
Synchronous console logging
Prevent the console port from having an idle timer
Encrypted enable password of cisco
Prevent mistyped commands in privileged mode from hanging for 30 seconds
A logon banner threatening unauthorized users of dire consequences

Configure IP addressing appropriately on all routers and switches based on the diagram shown

Hardcode the speed and duplex between all routers and switches in the corporate office.

Configure basic OSPF routing between all routers. All networks will be in Area 0. You should be able
to ping / telnet to any device shown in the network diagram from any switch or router shown in the
network diagram.
o
o
o
o

Ensure you do not run OSPF on the R1 interface connected to the ISP.
Configure a unique OSPF router ID for each router in the network using a method where the
router ID will never change.
Ensure OSPF neighbor relationships never form between R3 and any device on the Branch
Office LAN (however, still advertise the 10.223.1.0/24 to other OSPF routers).
On S1, S2, and S3, disable IP routing (since these should act as L2 switches) and configure
them to use a default gateway of R1.

Configure a static, default route on R1 pointing to the ISP. Configure a static default route on R2
pointing to R1 and a static default route on R3 pointing to R2. Bonus Bitcoins if you can find a way to
do this using OSPF for R2 and R3 rather than the static default routes.

Manually configure trunk ports between S1, S2, and S3

Add the following VLANs to S1, S2, and S3. Ensure these VLANs (and the default VLAN) are the only
VLANs allowed to pass between all switches. You can optionally use VTP to save some configuration
time.
o
o

VLAN2 IT (10.24.2.0/24)
VLAN5 Accounting (10.24.5.0/24)

NOTE: The EtherSwitch module used for switch emulation in GNS3 uses the vlan database mode for
VLAN configuration.

Configure R1 to perform routing for VLANs 2 and 5. For each sub-interface, R1 should use the first
valid IP address from each VLAN.

Configure R1 as a DHCP server for VLANs 2 and 5. The DHCP server should distribute client IP
addresses between .100 and 150 for each subnet, a DNS server of 4.2.2.2 (with a secondary 8.8.8.8),
and the appropriate default gateway.

Assign PC A to the IT VLAN and PC B to the accounting VLAN. Verify (using show ip interface brief)
that they receive an IP address via DHCP. Verify routing by pinging from PC A to PC B.

Configure NAT on R1 in such a way that all users of the corporate office can access the Internet by
sharing the public IP address assigned to R1. NOTE: Only valid IP addresses from the corporate office
should be permitted to use NAT; R1 should NAT only IP subnets shown in the network diagram.
Verify NAT is working correctly by pinging 4.2.2.2 or 8.8.8.8 from PC A or PC B.

Implement security on R1 in such a way that internal users are only able to access the Internet using
HTTP and HTTPS. NOTE: This ACL should not prevent testing of the previous objective (ping
messages to outside addresses using ICMP).

Prevent users outside the 10.0.0.0/8 network from managing (via telnet or SSH) any device inside
your corporate network. Test your configuration from R1 using a source interface of S0/0.