Documente Academic
Documente Profesional
Documente Cultură
1. Do not use the browser Back button or close or reload any exam windows during the
exam.
2. Do not close Packet Tracer when you are done. It will close automatically.
3. Click the Submit Assessment button in the browser window to submit your work.
Introduction
In Part I of this practice skills assessment, you will configure routing and ACLs. You will
configure dynamic routing with EIGRP for IPv4 and static and default routes. In addition, you
will configure two access control lists.
In Part II of this practice skills assessment, you will configure the Medical Company network
with RPVST+, port security, EtherChannel, DHCP, VLANs and trunking, and routing between
VLANs. In addition you will perform an initial configuration on a switch, secure unused switch
ports and secure SVIs. You will also control access to the switch management network with an
access control list.
All IOS device configurations should be completed from a direct terminal connection to the
device console from an available host.
Some values that are required to complete the configurations have not been given to you. In
those cases, create the values that you need to complete the requirements. These values may
include certain IP addresses, passwords, interface descriptions, banner text, and other
values.
For the sake of time, many repetitive but important configuration tasks have been omitted from
this activity. Many of these tasks, especially those related to device security, are essential
elements of a network configuration. The intent of this activity is not to diminish the importance
of full device configurations.
Configuration of RPVST+
Configuration of EtherChannel
East:
Central:
Configure interfaces with IPv4 addresses, descriptions, and other settings.
West:
Bldg1:
Configure EtherChannel.
Configure trunking.
Bldg2:
Configure trunking.
Activate RPVST+.
Bldg3:
Configure EtherChannel.
Configure trunking.
Internal PC hosts:
Tables
Note: You are provided with the networks that interfaces should be configured on. Unless you
are told to do differently in the detailed instructions below, you are free to choose the host
addresses to assign.
Addressing Table:
Bldg2 SVI 10.10.25.0/24 the second to the highest address in the network
Bldg3 SVI 10.10.25.0/24 the third to the highest address in the network
Switch
VLAN Name Network Device
Ports
Bldg1 Fa0/5
2 LAB-A 10.10.2.0/24
Bldg3 Fa0/7
Bldg1 Fa0/10
4 LAB-B 10.10.4.0/24
Bldg3 Fa0/10
Bldg1 Fa0/15
8 LAB-C 10.10.8.0/24
Bldg3 Fa0/15
Bldg1 Fa0/24
15 NetAdmin 10.10.15.0/24
Bldg3 Fa0/24
Bldg1 SVI
SW-
25 10.10.25.0/24 Bldg2 SVI
Admin
Bldg3 SVI
all
99 spare N/A Bldg1 unused
ports
Instructions
All configurations must be performed through a direct terminal connection to the device
console lines from an available host.
Determine the IP addresses that you will use for the required interfaces on the devices and LAN
hosts. Follow the configuration details provided in the Addressing Table.
Step 2: Configure East.
Configure the router host name: East. This value must be entered exactly as it appears
here.
Prevent the router from attempting to resolve command line entries to IP addresses.
Hostname East
No ip domain look up
Line console 0
Password cisco
Logging sinchronus
Login
Line vty 0 4
Password cisco
login
Service password-encryption
Step 3: Configure the Router Interfaces.
Use the information in the addressing table to configure the interfaces of all routers for full
connectivity with the following:
Configure IP addressing.
Configure router West to route between VLANs using information in the Addressing Table and
VLAN Switch Port Assignment Table. The VLANs will be configured on the switches later in
this assessment.
a. On all routers:
Configure EIGRP for IPv4 to route between the internal networks. Use ASN 100.
Use the precise wild card masks for all network statements.
You are not required to route the SW-Admin VLAN network over EIGRP.
Prevent routing updates from being sent on the LAN networks. Do not
use the default keyword version of the command to do so.
Prevent EIGRP for IPv4 from performing automatic route summarization on all routers.
Configure a default route to the Internet. Use the exit interface argument.
Configure EIGRP for IPv4 to distribute the default route to the other routers.
Create a summary route for the LANs connected to Bldg3. It should include all networks
from 10.10.0.0 to 10.10.15.0.
Configure EIGRP for IPv4 with the route summary so that it will be sent to the other
routers. Be sure to configure the summary on all of the appropriate interfaces.
You will configure two access control lists in this step. You should use
the any and host keywords in the ACL statements where appropriate. The ACL specifications are
as follows:
Create a named standard ACL using the name TELNET-BLOCK. Be sure that you enter
this name exactly as it appears in this instruction.
No other Internet hosts (including hosts not visible in the topology) should be able to
access the vty lines of Central.
Allow only Test PC to ping addresses within the Medical Company network. Only echo
messages should be permitted.
Prevent all other Internet hosts (not only the Internet hosts visible in the topology) from
pinging addresses inside the Medical Company network. Block echo messages only.
Your ACL should be placed in the most efficient location as possible to conserve network
bandwidth and device processing resources.
c. Control access to the management interfaces (SVI) of the three switches attached to West as
follows:
Permit only addresses from the NetAdmin VLAN network to access any address on
the SW-Admin VLAN network.
Hosts on the NetAdmin VLAN network should be able to reach all other destinations.
On all three switches that are attached to West, create and name the VLANs shown in the VLAN
Table.
The VLAN names that you configure must match the values in the table exactly.
Each switch should be configured with all of the VLANs shown in the table.
Using the VLAN table, assign the switch ports to the VLANs you created in Step 1, as follows:
All switch ports that you assign to VLANs should be configured to static access mode.
Refer to the Addressing Table. Create and address the SVIs on all three of the switches that are
attached to West. Configure the switches so that they can communicate with hosts on other
networks. Full connectivity will be established after routing between VLANs has been
configured later in this assessment.
a. Use the information in the Port-Channel Groups table to configure EtherChannel as follows:
Use LACP.
The switch ports on both sides of Channels 1 and 2 should initiate negotiations
for channel establishment.
The switch ports on the Bldg2 side of the Channel 3 should initiate negotiations with the
switch ports on Bldg3.
The switch ports on the Bldg3 side of Channel 3 should not initiate negotiations with the
switch ports on the other side of the channel.
All channels should be ready to forward data after they have been configured.
c. Configure static trunking on the switch port on Bldg2 that is connected to West.
Bldg1 should be configured as root primary for VLAN 2 and VLAN 4 using the default
primary priority values.
Bldg1 should be configured as root secondary for VLAN 8 and VLAN 15 using the
default secondary priority values.
Bldg3 should be configured as root primary for VLAN 8 and VLAN 15 using the default
primary priority values.
Bldg3 should be configured as root secondary for VLAN 2 and VLAN 4 using the default
secondary priority values.
b. Activate PortFast and BPDU Guard on the active Bldg3 switch access ports.
Activate BPDU Guard on all access ports that are connected to hosts.
a. Secure unused switch ports. Following security best practices, do the following on Bldg1 only:
Ensure that all unused switch ports have been assigned to VLAN 99.
Each switch port should accept only two MAC addresses before a security action occurs.
If a security violation occurs, the switch ports should provide notification that a violation
has occurred but not place the interface in an err-disabled state.
c. On Bldg2, configure the virtual terminal lines to accept only SSH connections.
Configure user-based authentication for the SSH connections with a user name
of netadmin and a secret password of SSH_secret9. The user name and password must
match the values provided here exactly in case, punctuation, and spelling.
Step 7: Configure West as a DHCP server for the hosts attached to the Bldg1 and Bldg2
switches.
Create a DHCP pool for hosts on VLAN 2 using the pool name vlan2pool.
Create a DHCP pool for hosts on VLAN 4 using the pool name vlan4pool.
Create a DHCP pool for hosts on VLAN 8 using the pool name vlan8pool.
All VLAN pool names must match the provided values exactly.
All hosts should be able to ping each other and the two external servers after they have been
addressed.
Hosts on the LANs attached to East should be statically assigned addressing that enables
them to communicate with hosts on other networks.
Configuration
Theese Configurations ate Created By Asitha Indunil Meegama From Srilanka.
Student of Srilanka Institiute of Infromation Technology and Curtin University of
Technology Australia.
I have scored 98% for this and i have corrected my mistake also here.
You can score 100%
***BLDG1*** or ***SW-A***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
no shutdown
interface fa0/5
interface fa0/10
interface fa0/15
shutdown
shutdown
ETHERCHANNEL
interface port-channel 1
interface port-channel 2
PVST+
SECURITY
interface fa0/5
switchport port-security
interface fa0/10
switchport port-security
interface fa0/15
switchport port-security
interface fa0/24
switchport port-security
***BLDG2*** or ***SW-B***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
no shutdown
interface gi 1/1
ETHERCHANNEL
interface port-channel 2
interface port-channel 3
PVST+
SSH
hostname SW-B
ip ssh version 2
ip domain-name ccnaPTSA.com
line vty 0 4
login local
line vty 5 15
login local
***BLDG3*** or ***SW-C***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
no shutdown
interface fa0/7
interface fa0/10
interface fa0/15
switchport mode acces
interface fa0/24
ETHERCHANNEL
no shutdown
interface port-channel 1
no shutdown
interface port-channel 3
PVST+
spanning-tree portfast
no shutdown
***Central*** or ***HQ***
bandwidth 128
description SITE
no shutdown
bandwidth 128
description SITE
no shutdown
bandwidth 128
description INTERNET
no shutdown
EIGRP
redistribute static
no auto-summary
ACCESS LIST
line vty 0 4
access-class TELNET-BLOCK in
ip access-group 101 in
***East*** or ***Site1***
hostname Site-1
no ip domain-lookup
line console 0
logging synchronous
password cisco
login
line vty 0 4
password cisco
login
service password-encryption
bandwidth 128
description HQ
no shutdown
bandwidth 128
description HQ
no shutdown
interface gi 0/0
description SITE
no shutdown
interface gi 0/1
ip address 192.168.9.1 255.255.255.0
no shutdown
EIGRP
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
no auto-summary
***West*** or ***Site2***
bandwidth 128
description SITE
no shutdown
bandwidth 128
description SITE
no shutdown
interface gig 0/1
description SITE
no shutdown
interface gi 0/1.2
encapsulation dot1q 2
interface gi 0/1.4
encapsulation dot1q 4
interface gi 0/1.8
encapsulation dot1q 8
interface gi 0/1.15
encapsulation dot1q 15
interface gi 0/1.25
encapsulation dot1q 25
EIGRP
passive-interface GigabitEthernet0/1
no auto-summary
passive-interface g0/1.2
passive-interface g0/1.4
passive-interface g0/1.8
passive-interface g0/1.15
ROUTE SUMMARIZATION
DHCP
default-router 10.10.2.1
dns-server 192.168.200.225
default-router 10.10.4.1
dns-server 192.168.200.225
default-router 10.10.8.1
dns-server 192.168.200.225
ACCESS LIST
interface gi0/1.25
ip access-group 1 out
***HOSTS***
audi
SITE 1
hostname Site-1
no ip domain-lookup
enable secret class
line console 0
logging synchronous
password cisco
login
line vty 0 4
password cisco
login
service password-encryption
banner motd Authorized acces only
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.21 255.255.255.252
description HQ
clock rate 128000
no shutdown
interface serial 0/0/1
bandwidth 128
ip address 192.168.100.29 255.255.255.252
description HQ
no shutdown
interface gi 0/0
ip address 192.168.8.1 255.255.255.0
description SITE
no shutdown
interface gi 0/1
ip address 192.168.9.1 255.255.255.0
no shutdown
EIGRP
router eigrp 100
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
network 192.168.100.20 0.0.0.3
network 192.168.100.28 0.0.0.3
network 192.168.8.0 0.0.0.255
network 192.168.9.0 0.0.0.255
no auto-summary
HQ
ip route 0.0.0.0 0.0.0.0 s0/1/0
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.22 255.255.255.252
description SITE
no shutdown
interface serial 0/0/1
bandwidth 128
ip address 192.168.100.37 255.255.255.252
description SITE
clock rate 128000
no shutdown
interface serial 0/1/0
bandwidth 128
ip address 203.0.113.18 255.255.255.248
description INTERNET
no shutdown
EIGRP
router eigrp 100
redistribute static
network 192.168.100.20 0.0.0.3
network 192.168.100.36 0.0.0.3
no auto-summary
ACCESS LIST
ip access-list standard TELNET-BLOCK
permit host 198.51.100.5
line vty 0 4
access-class TELNET-BLOCK in
SITE 2
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.30 255.255.255.252
description SITE
no shutdown
interface serial 0/0/1
bandwidth 128
ip address 192.168.100.38 255.255.255.252
description SITE
no shutdown
interface gi 0/1
no shutdown
interface gi 0/1.2
encapsulation dot1q 2
ip address 10.10.2.1 255.255.255.0
interface gi 0/1.4
encapsulation dot1q 4
ip address 10.10.4.1 255.255.255.0
interface gi 0/1.8
encapsulation dot1q 8
ip address 10.10.8.1 255.255.255.0
interface gi 0/1.15
encapsulation dot1q 15
ip address 10.10.15.1 255.255.255.0
interface gi 0/1.25
encapsulation dot1q 25
ip address 10.10.25.1 255.255.255.0
EIGRP
router eigrp 100
passive-interface GigabitEthernet0/1
network 192.168.100.28 0.0.0.3
network 192.168.100.36 0.0.0.3
network 10.10.2.0 0.0.0.255
network 10.10.4.0 0.0.0.255
network 10.10.8.0 0.0.0.255
network 10.10.15.0 0.0.0.255
no auto-summary
passive-interface g0/1.2
passive-interface g0/1.4
passive-interface g0/1.8
passive-interface g0/1.15
ROUTE SUMMARIZATION
interface serial 0/0/0
ip summary-address eigrp 100 10.10.0.0 255.255.240.0
interface serial 0/0/1
ip summary-address eigrp 100 10.10.0.0 255.255.240.0
DHCP
ip dhcp excluded-address 10.10.2.1 10.10.2.5
ip dhcp excluded-address 10.10.4.1 10.10.4.5
ip dhcp excluded-address 10.10.8.1 10.10.8.5
ip dhcp pool vlan2pool
network 10.10.2.0 255.255.255.0
default-router 10.10.2.1
dns-server 192.168.200.225
ip dhcp pool vlan4pool
network 10.10.4.0 255.255.255.0
default-router 10.10.4.1
dns-server 192.168.200.225
ip dhcp pool vlan8pool
network 10.10.8.0 255.255.255.0
default-router 10.10.8.1
dns-server 192.168.200.225
ACCESS LIST
access-list 1 permit 10.10.15.0 0.0.0.255
interface gi0/1.25
ip access-group 1 out
SW-A
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.254 255.255.255.0
no shutdown
interface fa0/5
switchport mode acces
switchport acces vlan 2
interface fa0/10
switchport mode acces
switchport acces vlan 4
interface fa0/15
switchport mode acces
switchport acces vlan 8
interface fa0/24
switchport mode acces
switchport acces vlan 15
ETHERCHANNEL
interface range fa0/1-2
channel-group 1 mode active
interface port-channel 1
switchport mode trunk
interface range fa0/3-4
channel-group 2 mode active
interface port-channel 2
switchport mode trunk
PVST+
spanning-tree mode rapid-pvst
spanning-tree vlan 2 root primary
spanning-tree vlan 4 root primary
spanning-tree vlan 8 root secondary
spanning-tree vlan 15 root secondary
SECURITY
interface fa0/5
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky
interface fa0/10
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky
interface fa0/15
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky
interface fa0/24
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky
SW-B
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.253 255.255.255.0
no shutdown
interface gi 1/1
switchport mode trunk
ETHERCHANNEL
interface range fa0/3-4
channel-group 2 mode active
interface port-channel 2
switchport mode trunk
interface range fa0/5-6
channel-group 3 mode active
interface port-channel 3
switchport mode trunk
PVST+
spanning-tree mode rapid-pvst
SSH
hostname SW-B
ip ssh version 2
ip domain-name ccnaPTSA.com
crypto key generate rsa
username netadmin password SSH_secret9
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
SW-C
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.252 255.255.255.0
no shutdown
interface fa0/7
switchport mode acces
switchport acces vlan 2
interface fa0/10
switchport mode acces
switchport acces vlan 4
interface fa0/15
switchport mode acces
switchport acces vlan 8
interface fa0/24
switchport mode acces
switchport acces vlan 15
ETHERCHANNEL
interface range fa0/1-2
channel-group 1 mode active
no shutdown
interface port-channel 1
switchport mode trunk
interface range fa0/5-6
channel-group 3 mode passive
no shutdown
interface port-channel 3
switchport mode trunk
PVST+
spanning-tree mode rapid-pvst
spanning-tree vlan 2 root secondary
spanning-tree vlan 4 root secondary
spanning-tree vlan 8 root primary
spanning-tree vlan 15 root primary