Southeast Europe Journal of Soft Computing ISSN 2233 – 1859

Available online: http://scjournal.ius.edu.ba

Vol 10, No. 1, March 2021, pp. 49-54

CCNA7 CISCO NETWORKING COURSE: PRACTICAL ASSIGNMENT

1*
Galymzada Alin, 2Talgat Nurlybayev
1,2
Department of Computer Engineering and Information Security
of the International University of Information Technologies,
050040, 34/1 Manas Str., suite 409
Kazakhstan, Almaty
*Corresponding Author: [email protected], [email protected]

Article Info ABSTRACT: This article discusses the general requirements of the new
Article history: Cisco CCNA7 course and particularly provides the ideas of practical
assignments for this course based on the Packet Tracer (PT). The modern
Article received on 15 March 2021 approaches to managing and automating the student practical skills
Received in revised form 25 March assessments recommend the application of the variables to create the
2021 different options and variants for groups of students. The article
demonstrates the several options of course skills assignments and discusses
the possible potholes and issues.

Keywords:
CCNA7 course; Packet Tracer; CCNA;
Networking; Assessments

internet service providers ISP1 and ISP2. ISP2

1. INTRODUCTION
CCNA course version 7 proposed several practical
assignments for networking skills in [5]. The
advantages of Cisco Packet Tracer were perfectly
reviewed in [4] as compared to GNS3 [3] Cisco PT
provides various methods to automate the process of
grading students’ level of assignment completion. Of
course, if we need to conduct the education for the
CCNP course [6] GNS3 tool is more preferable due to
the comprehensive functions and features covered in
CCNP materials. However, the migration to CCNA v7
started in the past year and there is still a requirement to
develop some non-standard and complicated
assignments for the new version. This article considers
the new assignment specifically developed to cover the
main topics of CCNA v7 course materials.
connection is used to setup IPsec tunnel between two
offices while ISP1 connection is used to install PAT on
R1 / R2 and then check the internet access from office
PCs to ISP server. R1 has also been configured by static
NAT to provide the access to the internal server of the
Head Quarter office – HQ TFTP/HTTP server.
The switching topology of both offices consists of one
core switch HQ-CS / BR-CS and two switches of access
level HQ-AS1 / BR-AS1 and HQ-AS2 / BR-AS2
connected by two uplinks configured into Ether
Channel ports to provide the required redundancy and
load balancing.

2. PACKET TRACER PROJECT DESCRIPTION

The topology of the PT project is presented in Figure 1
and it consists of Head Quarter and Branch offices
connected by router R1 / R2 correspondingly via two
49
/ Southeast Europe Journal of Soft Computing Vol. 10 No. 1 March 2021 (49-54)

G0/0/1.10 10
G0/0/1.20 20
G0/0/1.40 40
HQ-CS 2960 Fa0/23-24 TR
Fa0/21-22 TR

Fa0/1 10

G0/1 TR
VLAN40

Figure 1: Network topology HQ-AS1 2960 Fa0/23-24 TR

Fa0/1 10
The Variable Manager was set to use two numeric Fa0/2 20
variables G (group number) and V (variant number) –
VLAN40
see Figure 2:
HQ-AS2 2960 Fa0/23-24 TR
Fa0/1 10
Fa0/2 20
VLAN40
PC0/PC2 Fa0 10
PC3/PC4 Fa0 20
HQ TFTP /
HTTP Fa0
Server
R2 ISR4321 G0/0/0 -
S0/1/0 -
G0/0/0 TR
G0/0/0.30 30
Figure 2: Variable manager G0/0/0.50 50
G0/0/0.40 40
The instruction Table 1 (parts 1 and 2) represents BR-CS 2960 Fa0/23-24 TR
the main instruction of the PT project where [[G]]
Fa0/21-22 TR
and [[V]] are used to generate various IP addresses.
G0/1 TR
Table 1, part 1 Instruction table: device names, models, port
VLAN40
and VLANs
BR-AS1 2960 Fa0/23-24 TR
Device Fa0/1 30
Model Port VLAN
name
Fa0/2 50
ISP1 2911 G0/0 -
VLAN40
G0/1 -
BR-AS2 2960 Fa0/23-24 TR
G0/2 -
Fa0/1 30
ISP2 2911 S0/3/0 -
Fa0/2 50
S0/3/1 -
VLAN40
ISP server Fa0 -
PC1/PC6 Fa0 30
R1 ISR4321 G0/0/0 -
PC7/PC8 Fa0 50
S0/1/0 -
G0/0/1 TR

50
/ Southeast Europe Journal of Soft Computing Vol. 10 No. 1 March 2021 (49-54)

Table 2, part 2 instructions table: ip addresses, subnet mask, Ether channel

to BR-
default gateway and comments AS1
to BR-
Ether channel
Subnet AS2
IP address Default Gateway Comments
mask to R2
209.1[[G]].[[V]]1.1 /30 - to R1 Manage-
10.[[G]].4[[V]].2 /24 10.[[G]].4[[V]].1
ment
209.1[[G]].[[V]]2.1 /30 - to R2 Ether channel to BR-CS
to ISP
209.1[[G]].[[V]]3.1 /30 - to PC1
server
209.2[[G]].[[V]]1.1 /30 - to R1 to PC7
209.2[[G]].[[V]]2.1 /30 - to R2 Manage-
10.[[G]].4[[V]].3 /24 10.[[G]].4[[V]].1
ment
?.?.?.? /30 ?.?.?.? to ISP1 Ether channel to BR-CS
?.?.?.? /30 ?.?.?.? to ISP1 to PC6
?.?.?.? /30 ?.?.?.? to ISP2 to PC8
to HQ-CS Manage-
10.[[G]].4[[V]].4 /24 10.[[G]].4[[V]].1
10.[[G]].1[[V]].1 /24 - to HQ-CS ment
to BR-
10.[[G]].2[[V]].1 /24 - to HQ-CS DHCP VLAN30
AS1
10.[[G]].4[[V]].1 /24 - to HQ-CS to BR-
DHCP VLAN50
AS2
to HQ-
Ether channel
AS1
to HQ-
Ether channel
AS2
All corresponding variables are configured in
to HQ Answer Network (see Figure 3) to support the
TFTP
/ HTTP
collection of required grades:
Server
to R1
Manage-
10.[[G]].4[[V]].2 /24 10.[[G]].4[[V]].1
ment
Ether channel to HQ-CS
to PC0
to PC2
Manage-
10.[[G]].4[[V]].3 /24 10.[[G]].4[[V]].1
ment
Ether channel to HQ-CS
to PC3 Figure 3: Answer Network
to PC4
Manage-
10.[[G]].4[[V]].4 /24 10.[[G]].4[[V]].1 3. ASSIGNMENT CONTENT
ment
to HQ-
DHCP VLAN10
AS1 3.1. The first part of the project:
to HQ-
DHCP VLAN20 This part was developed to check the basic knowledge
AS2
of IP configuration, securing the router management
to HQ-CS access, and static routing [1], [2].
- Complete the missed information ‘?.?.?.?’ in the
?.?.?.? /30 ?.?.?.? to ISP1 instruction table and then configure IP addresses of
?.?.?.? /30 ?.?.?.? to ISP2 ISP1, ISP2, R1, R2, and ISP Server;
to BR-CS - Make sure that you can ping IP addresses of ISP1,
10.[[G]].3[[V]].1 /24 - to BR-CS ISP2 from R1, R2 and ISP Server from R1, R2;
- On the router R1, R2 please also configure the enable
10.[[G]].5[[V]].1 /24 - to BR-CS
secret password 'class', security account 'user ' (privilege
10.[[G]].4[[V]].1 /24 - to BR-CS
51
/ Southeast Europe Journal of Soft Computing Vol. 10 No. 1 March 2021 (49-54)
level 0) and 'admin' (privilege level 15) with passwords
'cisco'.
- Setup the remote connection via SSH only, the
encryption key size is 1024, ip domain is 'iitu.local'.
- Configure the default static routes on R1, R2 over ISP2
and the static routes on R1, R2 to ISP Server via ISP1.
3.2. The second part of the project:
This part was developed to check the basic knowledge
of switch access and trunk ports configuration, securing
the switch management access [1], [2].
Restore the configuration done in the previous parts of
the assignment and then configure the switches of Head
Quarter (HQ-CS, HQ-AS1, HQ-AS2) and Branch office
(BR-CS, BR-AS1, BR-AS2):
- On all switches please also configure the enable secret
password 'class', security account 'user ' (privilege level
0), and 'admin' (privilege level 15) with passwords
'cisco';
- Setup the remote connection via SSH only, the
encryption key size is 1024, ip domain is 'iitu.local'.
- Configure the port security settings on access port
(maximum MAC is 2, dynamic learning of MACs,
BPDU protection and portfast are enabled);
- Disable unused ports;
- Configure the Ether channels between core switches
and switches of access level (HQ-CS and HQ-AS1:
channel-group 1 mode ON / HQ-CS and HQ-AS2:
channel-group 2 mode ON) and the same in Branch
office (BR-CS and BR-AS1/BR-CS and BR-AS2);
- Configure the required VLAN 10,20,30,40,50 where
40 is Management VLAN;
- Make sure that native VLAN 99 on all trunk and list
of allowed VLAN includes only required ones
3.3. The third part of the project:
This part was developed to check the basic knowledge
of VLAN configuration, DHCP configuration, inter-
vlan routing and SVI configuration [1], [2].
Restore the configuration done in the previous parts of
the assignment and then setup the Management VLAN
40 on all switches and DHCP for PCs:
- Configure the required IP addresses and subnet mask
of VLAN 40 (Management VLAN) on all switches;
- Configure Router on stick (subinterfaces) in R1 and
R2 in order to provide the connectivity among VLANs;
Setup the Management VLAN 40 (description
'Management') on all switches and DHCP for PCs:
- Configure the required IP addresses and subnet mask
of VLAN 40 (Management VLAN) on all switches
52
- Configure Router on stick (subinterfaces) in R1 and
R2 in order to provide the connectivity among VLANs
(description of subinterfaces 'VLAN XX')
- Configure DHCP range on R1 and R2 for VLAN
10,20,30,50 (pool name VlanXX) and make sure that
PC1-PC8 can obtain the required IP addresses
- Exclude the gateway IP addresses and IP address of
HQ TFTP/HTTP Server (X.X.X.200-254)
- Configure formal DNS server 8.8.8.8. in each pool.
3.4. The fourth part of the project:
This part was developed to check the basic knowledge
of PAT and static NAT configuration, static routing [1],
[2].
Restore the configuration done in the previous parts of
assignment and then configure the Network Address
Translation on R1 and R2 routers:
- Make sure that all PCs of HQ and BR can open the
website of ISP Server via PAT (source ACL #1);
- Configure static NAT on R1 to access the HQ
TFTP/HTTP server via external IP address
64.1[[G]].5[[V]].1;
- Make sure that you can open the website on HQ
TFTP/HTTP server from ISP Server. In order to achieve
the website of the internal HQ TFTP/HTTP server from
ISP server please provide the proper static route on
ISP1.
3.5. The fifth part of the project:
This part was developed to check the basic knowledge
of IPSec tunnel configuration [1], [2].
Restore the configuration done in the previous parts of
assignment and then configure the IPSEC tunnel
between R1 and R2 routers:
- Make sure that you use policy 10 with encryption AES
256, authentication pre-share key "secretkey" and group
5;
- Transform-set with ESP-AES 256 ESP-SHA-MAC
and names R1->R2, R2->R1 correspondingly
- Configure crypto map IPSEC-MAP (Source ACL
#100);
- Make sure that you can open the web-site on HQ
HTTP/HTTP server from PC7 and PC1.
3.6. The sixth part of the project:
This part was developed to check the basic knowledge
of Cisco devices IOS and configuration maintenance by
using TFTP server [1], [2].
/ Southeast Europe Journal of Soft Computing Vol. 10 No. 1 March 2021 (49-54)
Restore the configuration done in the previous parts of
assignment and then backup all active equipment
configuration in HQ on HQ TFTP/HTTP server:
- Make sure that you can ping HQ TFTP/HTTP server
from all switches and router of HQ;
- Copy the configuration files to HQ TFTP/HTTP
server: R1-confg, HQ-CS-confg, HQ-AS1-confg, HQ-
AS2-confg;
- Make sure that you can copy the configuration of HQ
equipment from HQ TFTP/HTTP server to the flash:
R1-confg.text, HQ-CS-confg.text, HQ-AS1-confg.text,
HQ-AS2-confg.text
- Upgrade IOS of HQ switches from HQ TFTP server
up to version: c2960-lanbasek9-mz.150-2.SE4.bin
3.7. Additional task (bonus)
- Radius authentication
Please review the topology of your project (see the
figure 4) and the table with additional instructions (see
the figure 5)
Figure 4: Network topology of additional assignment
Figure 5. Instruction table of additional assignment (all
variables in [[…]] are setup via Variable Manager)
Please configure both Routers for Radius Server
authentication:
1) Split the network 200.100.4.0/24 into 32 subnets
and take the ([[V]]+1)-subnet
53
2) VTY access
- Setup the remote connection via SSH only, the
encryption key size is 1024, ip domain is 'iitu.local'.
3) Console, VTY access and enable mode via
Radius authentication and local authentication as a
backup method (see the Figure 6).
- Make sure that you can login to both routers with
AAA server online and offline (over backup
account).
Figure 6. Instruction table of additional assignment (all
variables in [[…]] are setup via Variable Manager)
4. CONCLUSION
The considered PT assignment consists of 6 main tasks
which encompassed the previously completed tasks and
covered all main modules of CCNA version 7 course
[5]: static routing, ACLs, NATs, IPSec and IOS
maintenance. However, there are several opportunities
and recommendations were identified:
- The variable manager of PT can give you enough
flexibility to create the group assignment for different
variants of IP addresses and other configuration settings
- To harden the completion of the assignment it is
recommended to include the connectivity tests and hide
the “Check results” or “Assessment tree”
- The formal check of PT completion does not mean that
the configured network is working properly. Therefore,
some comprehensive check is required
- Activity grader does not work properly in several
cases: for instance, when the total size of one pka-file
archive exceeded 6Mb or the pka-file inside of archive
is not converged properly.
Overall it is a good automation tool for student skills
assessment in addition to recommended assignments in
[7].
REFERENCES
[1] Lammle, T. Cisco CCNA Certification, 2 Volume
Set: Exam 200-301, 1st Edition, Sybex Publishing,
2020.
[2] Odom W. CCNA 200-301 Official Cert Guide,
Volume 2, 1st Edition, Cisco Press, 2020.
[3] Gil, P., Garcia, G. J., Delgado, A., Medina, R. M.,
Calderon, A., & Marti, P. (2015). Computer networks
virtualization with GNS3: Evaluating a solution to
optimize resources and achieve a distance learning.
In Proceedings - Frontiers in Education Conference,
/ Southeast Europe Journal of Soft Computing Vol. 10 No. 1 March 2021 (49-54)

FIE (Vol. 2015–Febru, pp. 1–4). IEEE.

https://doi.org/10.1109/fie.2014.7044343.
[4] Javid, S. R. (2014). Role of Packet Tracer in learning
Computer Networks. International Journal of
Advanced Research in Computer and
Communication Engineering, 3(5), 6508– 6511.
[5] Mark Taub, Editor-in-Chief. Enterprise Networking,
Security, and Automation Companion Guide
(CCNAv7) Cisco Networking Academy Copyright©
2020 Cisco Systems, Inc. Published by Cisco Press
2020.
[6] Brad Edgeworth, Ramiro Garza Rios, David Hucaby,
Jason Gooley CCNP and CCIE Enterprise Core
ENCOR 350-401 Official Cert Guide Copyright ©
2020 Cisco Systems, Inc. Published by: Cisco Press.
[7] CCNAv7 Enterprise Networking, Security, and
Automation (ENSA). Student Lab Manual (online
UML modeling and system architecture for agent
based information retrieval D. Muhammad Noorul
Mubarak, Philomina Simon. International Journal of
Computer Science & Information Technology
(IJCSIT) Vol 7, No 6, December 2015.

54