Scribd Logo
Upload

Welcome to Scribd!

  • CCNA Exploration: Accessing The WAN Student Skills Based Assessment Lab (CCNA 4 Skill 2011)

    Uploaded by

    Cường Ngô
    65 views13 pages
    CCNA Exploration: Accessing the WAN is a skills-based assessment lab. This lab tests you on the skills and knowledge that you learned in Exploration 4. Clear any existing configurations on the routers, except for the enable secret password, which is class.

    Original Description:

    Original Title

    Skill 02

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CCNA Exploration: Accessing the WAN is a skills-based assessment lab. This lab tests you on the skills and knowledge that you learned in Exploration 4. Clear any existing configurations on the routers, except for the enable secret password, which is class.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    65 views13 pages

    CCNA Exploration: Accessing The WAN Student Skills Based Assessment Lab (CCNA 4 Skill 2011)

    Uploaded by

    Cường Ngô
    CCNA Exploration: Accessing the WAN is a skills-based assessment lab. This lab tests you on the skills and knowledge that you learned in Exploration 4. Clear any existing configurations on the routers, except for the enable secret password, which is class.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    CCNA Exploration: Accessing the WAN Student Skills Based Assessment Lab (CCNA 4 Skill 2011)

    Topology Diagram

    Addressing Table

    Learning Objectives To complete this lab:


    Cable a network according to the topology diagram Erase the startup configuration and reload a router to the default state Perform basic configuration tasks on a router Configure and activate interfaces Configure and activate serial interfaces (PPP with CHAP, HDLC, and Frame Relay) Configure RIP on all the routers Configure basic router security Configure ACLs Configure basic NAT

    Scenario This lab tests you on the skills and knowledge that you learned in Exploration 4. Use cisco for all passwords in this lab, except for the enable secret password, which is class. Task 1: Prepare the Network

    Step 1: Cable a network that is similar to the one in the topology diagram. Step 2: Clear any existing configurations on the routers.

    Task 2: Perform Basic Device Configurations Configure the R1, R2, and R3 routers according to the following guidelines:

    Configure the router hostname. Disable DNS lookup. Configure an EXEC mode password. Configure a message-of-the-day banner. Configure a password for console connections. Configure synchronous logging. Configure a password for vty connections.

    Task 3: Configure and Activate Serial and Ethernet Addresses


    Step 1: Configure interfaces on R1, R2, and R3. Step 2: Verify IP addressing and interfaces. Step 3: Configure the PC1 and PC3 Ethernet interfaces. Step 4: Test connectivity between the PCs and routers.

    Task 4: Configure Serial Interfaces


    Step 1: Configure and verify PPP encapsulation with CHAP authentication between R1 and R2. The password is cisco. Step 2: Configure and verify HDLC encapsulation between R2 and R3. Step 3: Configure Frame Relay between R1 and R3.

    Task 5: Configure RIP


    Step 1: Configure RIP on R1, R2, and R3. RIP updates should only be sent on the serial links between the routers. Prevent all other RIP updates on all networks. Step 2: Test connectivity with the ping command. Step 3: Verify the routing table with the appropriate command.

    Task 6: Configure Basic Router Security


    Step 1: Enable a secure Telnet login using a local database on R2. Step 2: Disable unused services and interfaces on R2. Step 3: Confirm that R2 is secured.

    Task 7: Configure Access Control Lists


    Step 1: Allow telnet to R1 and R3 from R2 only. Step 2: Do not allowlHTTP, Telnet, and FTP traffic from the Internet to PC1. Step 3: Do not allow PC1 to receive traffic from the 10.0.0.128 /25 network. Step 4: Verify that PC3 cannot ping PC1, but can ping 10.0.0.1.

    Task 8: Configure NAT.


    Step 1: Configure NAT to allow PC3 to ping PC1. Step 2: Verify that PC3 can reach PC1.

    Task 9: Document the Router Configurations Task 10: Clean Up Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are normally connected to other networks, such as the school LAN or to the Internet, reconnect the appropriate cabling and restore the TCP/IP settings.

    here's configuration for Router R1: hostname R1 ! enable secret class ! no ip domain-lookup ! enable password cisco ! username R2 password 0 cisco username R3 password 0 cisco ! interface FastEthernet0/0 duplex auto speed auto shutdown ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.128 duplex auto speed auto no shutdown ! interface Serial0/0/0 ip address 172.16.0.1 255.255.255.252 clock rate 64000 encapsulation ppp ppp authentication chap no shutdown ! interface Serial0/0/1 ip address 172.16.0.9 255.255.255.252 encapsulation ppp

    ppp authentication chap no shutdown ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.0.0.127 area 0 passive-interface fa0/1 network 172.16.0.0 0.0.0.3 area 0 network 172.16.0.8 0.0.0.3 area 0 ! ip classless ! banner motd ^C Unauthorized access strictly prohibited and prosecuted to the full extent of the law ^^C ! line con 0 password cisco login line vty 0 4 password cisco login ! exit ! end

    hostname R2 ! no ip domain-lookup ! username R1 password 0 cisco username R3 password 0 class ! interface Loopback0 ip address 209.165.200.161 255.255.255.224 no shutdown

    ! enable secret class ! enable password cisco ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.16.0.2 255.255.255.252 encapsulation ppp ppp authentication chap no shut ! interface Serial0/0/1 ip address 172.16.0.5 255.255.255.252 encapsulation ppp clock rate 64000 ppp authentication chap no shut ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 172.16.0.0 0.0.0.3 area 0 network 172.16.0.4 0.0.0.3 area 0 network 209.165.200.160 0.0.0.31 area 0 ! ip classless !

    banner motd ^C Unauthorized access strictly prohibited and prosecuted to the full extent of the law ^^C ! line con 0 password cisco login line vty 0 4 password cisco login ! exit ! exit ! copy run start ! end

    hostname R3 ! enable secret class enable password cisco ! username R1 password 0 cisco username R3 password 0 cisco ! no ip domain-lookup ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 ip address 10.0.0.129 255.255.255.128 duplex auto speed auto

    no shutdown ! interface Serial0/0/0 ip address 172.16.0.10 255.255.255.252 clock rate 64000 encapsulation ppp ppp authentication chap no shutdown ! interface Serial0/0/1 ip address 172.16.0.6 255.255.255.252 encapsulation ppp ppp authentication chap no shutdown ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 10.0.0.128 0.0.0.127 area 0 passive-interface fa0/1 network 172.16.0.4 0.0.0.3 area 0 network 192.16.0.8 0.0.0.3 area 0 ! ip classless ! banner motd ^C Unauthorized access strictly prohibited and prosecuted to the full extent of the law ^^C ! line con 0 password cisco login line vty 0 4 password cisco login ! end

    hostname R1 ! enable secret class ! username R2 password 0 cisco ! no ip domain-lookup ! interface FastEthernet0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.128 ! interface Serial0/0/0 ip address 172.16.0.1 255.255.255.252 encapsulation ppp ppp authentication chap ip access-group 102 in clock rate 64000 ! interface Serial0/0/1 ip address 172.16.0.9 255.255.255.252 encapsulation frame-relay frame-relay map ip 172.16.0.9 101 broadcast frame-relay map ip 172.16.0.10 101 broadcast frame-relay interface-dlci 101 no keepalive ip access-group 102 in ! interface Vlan1 no ip address shutdown ! router rip version 2 passive-interface FastEthernet0/1 network 10.0.0.0 network 172.16.0.0 no auto-summary !

    ip classless ! access-list 102 permit tcp 172.16.0.0 0.0.0.3 172.16.0.0 0.0.0.3 eq telnet access-list 102 deny tcp any any eq telnet access-list 102 permit ip any any ! banner motd #R1# !! line con 0 password cisco logging synchronous login line vty 0 4 password cisco login ! ! ! end

    hostname R2 ! enable secret class ! username R1 password 0 cisco ! no ip domain-lookup ! interface Loopback0 ip address 209.165.200.161 255.255.255.224 ip access-group 103 in ! interface FastEthernet0/0 no ip address shutdown ! interface FastEthernet0/1 no ip address shutdown

    ! interface Serial0/0/0 ip address 172.16.0.2 255.255.255.252 encapsulation ppp ppp authentication chap ip access-group 103 out ! interface Serial0/0/1 ip address 172.16.0.6 255.255.255.252 ip access-group 103 out clock rate 64000 router rip version 2 network 10.0.0.0 network 172.16.0.0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 Loopback0 ! access-list 103 deny tcp 209.165.200.160 0.0.0.31 host 10.0.0.10 eq www access-list 103 deny tcp 209.165.200.160 0.0.0.31 host 10.0.0.10 eq telnet access-list 103 deny tcp 209.165.200.160 0.0.0.31 host 10.0.0.10 eq ftp access-list 103 permit ip any any ! banner motd #R2# ! line con 0 password cisco logging synchronous login line vty 0 4 password cisco login ! ! ! end

    ! hostname R3 ! enable secret class ! no ip domain-lookup ! interface FastEthernet0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 10.0.0.129 255.255.255.128 ip nat inside ! interface Serial0/0/0 ip address 172.16.0.10 255.255.255.252 encapsulation frame-relay frame-relay map ip 172.16.0.10 101 broadcast frame-relay map ip 172.16.0.9 101 broadcast frame-relay interface-dlci 101 no keepalive ip access-group 102 in ip access-group 103 out ip nat outside clock rate 64000 ! interface Serial0/0/1 ip address 172.16.0.6 255.255.255.252 ip access-group 102 in ! interface Vlan1 no ip address shutdown ! router rip version 2 passive-interface FastEthernet0/1 network 10.0.0.0 network 172.16.0.0 no auto-summary !

    ip nat inside source list 1 interface Serial0/0/0 overload ip classless ! access-list 102 permit tcp 172.16.0.4 0.0.0.3 172.16.0.4 0.0.0.3 eq telnet access-list 102 permit tcp any any eq telnet access-list 102 permit ip any any access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10 access-list 103 permit ip any any access-list 1 permit 10.0.0.128 0.0.0.127 ! banner motd #R3# ! line con 0 password cisco logging synchronous login line vty 0 4 password cisco login ! ! ! end

    You might also like