Laboratórios CCNA

Download as pdf or txt
Download as pdf or txt
You are on page 1of 44

Topology 1

Tasks -All physical cabling between the two switches is installed. Configure the
network connectivity between the switches using the designated VLANs and
interfaces.

1. Configure VLAN 12 named Compute and VLAN 34 named Telephony where required
for each task.

2. Configure Ethernet0/1 on SW2 to use the existing VLAN named Available.

3. Configure the connection between the switches using access ports.

4. Configure Ethernet0/1 on SW1 using data and voice VLANs.

5. Configure Ethernet0/1 on SW2 so that the Cisco proprietary neighbor discovery


protocol is turned off for the designated interface only.
SW1>enable
SW1#config t
SW1(config)#vlan 12
SW1(config-vlan)#name Compute
SW1(config)#vlan 34
SW1(config-vlan)#name Telephony
SW1(config)#interface ethernet0/0
SW1(config-if)#Switchport mode access
SW1(config-if)#Switchport access vlan 12
SW1(config)#interface ethernet0/1
SW1(config-if)#Switchport mode access
SW1(config-if)#Switchport access vlan 12
SW1(config-if)#Switchport voice vlan 34
SW1(config-if)#end
SW1#wr

SW2>enable
SW2#config t
SW2(config)#vlan 12
SW2(config-vlan)#name Compute
SW2(config)#vlan 34
SW2(config-vlan)#name Telephony
SW2(config)#interface ethernet0/0
SW2(config-if)#Switchport mode access
SW2(config-if)#Switchport access vlan 12
SW2(config)#cdp run
SW2(config)#interface ethernet0/1
SW2(config-if)#Switchport mode access
SW2(config-if)#switchport access vlan (Available-vlan-id)
SW2(config-if)#no cdp enable
SW2(config-if)#end
SW2#wr

Topology 2

Tasks -Configure IPv4 and IPv6 connectivity between two routers. For IPv4, use a /28
network from the 192.168.180.0/24 private range. For IPv6, use the first /64 subnet
from the 2001:0db8:acca::/48 subnet.
1. Using Ethernet0/1 on routers R1 and R2, configure the next usable /28 from the
192.168.180.0/24 range. The network 192.168.180.0/28 is unavailable.

2. For the IPv4 /28 subnet, router R1 must be configured with the first usable host
address.

3. For the IPv4 /28 subnet, router R2 must be configured with the last usable host
address.

4. For the IPv6 /64 subnet, configure the routers with the IP addressing provided from
the topology.

5. A ping must work between the routers on the IPv4 and IPv6 address ranges.

R1>enable
R1#config terminal
R1(config)#ipv6 unicast-routing
R1(config)#inter eth0/1
R1(config-if)#ip address 192.168.180.17 255.255.255.240
R1(config-if)#ipv6 addre 2001:db8:acca::1/64
R1(config-if)#not shut
R1(config-if)#end

#### após configurar R2 realizar os seguintes testes ###


R1#ping 192.168.1.30
R1# trace 192.168.1.30
R1#ping ipv6 2001:db8:acca::2
R1# trace ipv6 2001:db8:acca::2
R1#copy running start

R2>enable
R2#config terminal
R2(config)#ipv6 unicast-routing
R2(config)#inter eth0/1
R2(config-if)#ip address 192.168.1.30 255.255.255.240
R2(config-if)#ipv6 address 2001:db8:acca::2/64
R2(config-if)#not shut
R2(config-if)#end
R2#copy running start
R2#ping 192.168.180.17
R2#ping ipv6 2001:db8:acca::1
R2#
Topology 3

Tasks -Three switches must be configured for Layer 2 connectivity. The company
requires only the designated VLANs to be configured on their respective switches and
permitted across any links between switches for security purposes. Do not modify or
delete VTP configurations.

The network needs two user-defined VLANs configured:

VLAN 202: MARKETING

VLAN 303: FINANCE

1. Configure the VLANs on the designated switches and assign them as access ports
to the interfaces connected to the PCs.

2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the
required VLANs permitted.

3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the
required VLANs permitted.
########## SW1 ##########
SW1>enable
SW1#configure terminal
SW1(config)#vlan 303
SW1(config-vlan)#name FINANCE
SW1(config-vlan)#exit
SW1(config)#interface e0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 303
SW1(config-if)#interface e0/2
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 303
SW1(config-if)#end
SW1#copy running-config startup-config

########## SW2 ##########


SW2>enable
SW2#configure terminal
SW2(config)#vlan 202
SW2(config-vlan)#name MARKETING
SW2(config-vlan)#exit
SW2(config-vlan)#vlan 303
SW2(config-vlan)#name FINANCE
SW2(config-vlan)#exit
SW2(config)#interface e0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 202
SW2(config-if)#interface e0/2
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport trunk allowed vlan 303
SW2(config-if)#interface e0/3
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport trunk allowed vlan 202,303
SW2(config-if)#end
SW2#copy running-config startup-config

########## SW3 ##########


SW3>enable
SW3#configure terminal
SW3(config)#vlan 202
SW3(config-vlan)#name MARKETING
SW3(config)#exit
SW3(config)#vlan 303
SW3(config-vlan)#name FINANCE
SW3(config)#exit
SW3(config)#interface e0/0
SW3(config-if)#switchport mode access
SW3(config-if)#switchport access vlan 202
SW3(config-if)#interface e0/1
SW3(config-if)#switchport mode access
SW3(config-if)#switchport access vlan 303
SW3(config-if)#interface e0/3
SW3(config-if)#switchport mode trunk
SW3(config-if)#switchport trunk allowed vlan 202,203
SW3(config-if)#end
copy running-config startup-config

Topology 4

Tasks -Refer to the topology. All physical cabling is in place. Configure a local user
account, a Named ACL (NACL), and security.

Task 1 –

Configure a local account on Sw101 with telnet access only on virtual ports 0-4. Use
the following information:
• Username: support

• Password: max2learn

• Privilege level: Exec mode

Task 2 -Configure and apply a single NACL on Sw101 using the following:
• Name: ENT_ACL

• Restrict only PC2 on VLAN 200 from pinging PC1

• Allow only PC2 on VLAN 200 to telnet to Sw101

• Prevent all other devices from telnetting from VLAN 200

• Allow all other network traffic from VLAN 200

Task 3 -Configure security on interface Ethernet 0/0 of Sw102:

• Set the maximum number of secure MAC addresses to four.

• Drop packets with unknown source addresses until the number of secure MAC
addresses drops below the configured maximum value. No notification action is
required.

• Allow secure MAC addresses to be learned dynamically.

########## SW101 ##########


SW101>enable
SW101#config t
SW101(config)#username support password max2learn privilege 15
SW101(config-line)#line vty 0 4
SW101(config-line)#login local
SW101(config-line)#transport input telnet
SW101(config-line)#exit
Sw101(config)#ip access list extended ENT_ACL
Sw101(config-nacl)#deny icmp host 192.168.200.10 host 192.168.100.10
Sw101(config-nacl)#permit tcp host 192.168.200.10 any eq 23
Sw101(config-nacl)#deny tcp any any eq 23
Sw101(config-nacl)#permit ip any any
Sw101(config-nacl)#exit
Sw101(config)#interface vlan200
Sw101(config-if)#ip access-group ENT_ACL in
Sw101(config-if)end
Sw101# wr

########## SW102 ##########


SW102>enable
SW102#config t
Sw102(config)#interface e0/0
Sw102(config-if)#switchport port-security
Sw102(config-if)#switchport port-security maximum 4
Sw102(config-if)#switchport port-security violation protect
Sw102(config-if)#switchport port-security mac-address sticky
Sw102(config-if)#end
SW102#wr
Topology 5

Tasks -Refer to the topology. All physical cabling is in place. Configure local users
accounts, modify the Named ACL (NACL), and configure DHCP Snooping. The
current contents of the NACL must remain intact.

Task 1 -Configure a local account on Gw1 with telnet access only on virtual ports 0-4.
Use the following information:
• Username: wheel
• Password: lock3path
• Algorithm type: Scrypt
• Privilege level: Exec mode

Task 2 -Configure and apply a NACL on Gw1 to control network traffic from VLAN 10:

• Name: CORP_ACL
• Allow BOOTP and HTTPS
• Restrict all other traffic and log the ingress interface, source MAC address, the
packet’s source and destination IP addresses, and ports
Task 3 -Configure Sw1:
• Enable DNCP Snooping for VLAN 10
• Disable DHCP Option-82 data insertion
• Enable DHCP Snooping MAC address verification
• Enable trusted interfaces

########## GW1 ##########


GW1>enable
GW1#config t
GW1(config)#username wheel privilege 15 algorithm-type scrypt secret
lock3path
GW1(config)#line vty 0 4
GW1(config-line)#login local
GW1(config-line)#transport input telnet
GW1(config-line)#exit
GW1(config)#access-list CORP_ACL
GW1(config-ext-nacl)#permit udp any any eq 67
GW1(config-ext-nacl)#permit udp any any eq 68
GW1(config-ext-acl)#permit tcp any any eq 443
GW1(config-ext-acl)#deny ip any any log
GW1(config-ext-acl)#exit
GW1(config)#int e0/0.10
GW1(config-subif)#ip access-group CORP_ACL in
GW1(config-subif)#no shut
GW1(config-subif)#end
GW1#wr

########## SW1 ##########


SW1>enable
SW1#config t
SW1(config)#ip dhcp snooping vlan 10
SW1(config)#ip dhcp snooping verify mac-address
SW1(config)#no ip dhcp snooping information option
SW1(config)interface e0/2
SW1(config-if)#ip dhcp snooping trust
SW1(config-if)#end
SW1#wr
Topology 6

Tasks -IP connectivity and OSPF are preconfigured on all devices where necessary. Do
not make any changes to the IP addressing or OSPF. The company policy uses
connected interfaces and next hops when configuring static routes except for load
balancing or redundancy without floating static. Connectivity must be established
between subnet 172.20.20.128/25 on the Internet and the LAN at 192.168.0.0/24
connected to SW1:

1. Configure reachability to the switch SW1 LAN subnet in router R2.


2. Configure default reachability to the Internet subnet in router R1.
3. Configure a single static route in router R2 to reach to the Internet subnet
considering both redundant links between routers R1 and R2. A default route is NOT
allowed in router R2.
4. Configure a static route in router R1 toward the switch SW1 LAN subnet where the
primary link must be through Ethernet0/1, and the backup link must be through
Ethernet0/2 using a floating route. Use the minimal administrative distance value
when required.
########## R1 ##########
R1>enable
R1#config t
R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.13.3
R1(config)#ip route 192.168.0.0.255.255.255.0 10.10.12.2
R1(config)#ip route 192.168.0.0.255.255.255.0 10.10.130 10
R1(config)#end
R1#wr

########## R2 ##########
R2>enable
R2#conf t
R2(config)#ip route 192.168.0.0.255.255.255.0 10.10.31.1
R2(config)#ip route 172.20.20.128 255.255.255.128 10.10.12.129
R2(config)#ip route 172.20.20.128 255.255.255.128 10.10.12.1
R2(config)#end
R2#wr

Topology 7

Tasks -IP connectivity between the three routers is configured. OSPF adjacencies
must be established.

1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is
shared between them.
2. Configure the R2 links with a max value facing R1 and R3. R2 must become the DR.
R1 and R3 links facing R2 must remain with the default OSPF configuration for DR
election. Verify the configuration after clearing the OSPF process.
3. Using a host wildcard mask, configure all three routers to advertise their respective
Loopback1 networks.
4. Configure the link between R1 and R3 to disable their ability to add other OSPF
routers.

########## R1 ##########
enable
conf t
interface loop 0
ip add 10.10.1.1 255.255.255.255
exit
int loop 1
ip add 192.168.1.1 255.255.255.0
exit
inter e0/1
ip add 10.10.13.1 255.255.255.0
no shut
inter e0/0
ip add 10.10.12.1 255.255.255.0
no shut
exit
router ospf 1
router-id 10.10.13.1
log-adjacency-changes
network 192.168.1.0 0.0.0.0 a 0
network 10.10.1.1 0.0.0.0 a 0
network 10.10.12.0 0.0.0.255 a 0
network 10.10.13.0 0.0.0.255 a 0
exit
interface e0/1
ip ospf 1 a 0
ip ospf network point-to-point
exit
interface e0/0
ip ospf 1 a 0
priority 0
end
wr
########## R3 ##########
enable
conf t
interface loop 0
ip add 10.10.3.3 255.255.255.255
exit
inter loop 1 192.168.3.3 255.255.255.0
exit
interface e0/2
ip add 10.10.23.3 255.255.255.0
no shut
interface e0/1
ip add 10.10.13.3 255.255.255.0
no shut
exit
router ospf 1
router-id 10.10.13.3
log-adjacency-changes
network 10.10.3.3 0.0.0.0 a 0
network 192.168.3.0 0.0.0.255 a 0
network 10.10.13.0 0.0.0.255 a 0
network 10.10.23.0 0.0.0.255 a 0
exit
interface e0/1
ip ospf 1 a 0
ip ospf network point-to-point
exit
interface e0/2
ip ospf 1 a 0
ip ospf priority 0
end
wr

########## R2 ##########
enable
conf t
interface loop 0
ip add 10.10.2.2 255.255.255.255
exit
interface loop 1
ip add 192.168.2.2 255.255.255.0
exit
interface e0/0
ip add 10.10.12.2 255.255.255.0
no shut
interface e0/2
ip add 10.10.23.2 255.255.255.0
no shut
exit
router ospf 1
router-id 10.10.2.2
log-adjacency-changes
network 10.10.2.2 0.0.0.0 a 0
network 192.168.2.0 0.0.0.255 a 0
network 10.10.23.0 0.0.0.255 a 0
network 10.10.12.0 0.0.0.255 a 0
exit
interface e0/0
ip ospf 1 a 0
ip ospf priority 255
exit
interface e0/2
ip ospf 1 a 0
ip ospf priority 255
end
wr

###### COMANDOS DE VERIFICAÇÃO ######


sh ip ospf
sh ip ospf interface
show ip ospf neighbor
show ip ospf database
show ip ospf lsa

Topology 8
Tasks -R1 has been pre-configured with all the necessary commands. All physical cabling is
in place and verified. Connectivity from PC1, PC3, and the Server must be established to
the switches, and each port must only allow one VLAN.

1. Configure the VLAN connecting to the switch port for PC3 with the name "SALES"
2. Configure the switch port connecting to Server1
3. Configure the switch port connecting to PC3 4. Ensure R1 discovers SW-1 via the
Cisco proprietary neighbor discovery protocol and all other devices on the network
are unable to discover SW- 1

SW-2>enable
SW-2#conf t
SW-2(config)#vlan 20
SW-2(config-vlan)#name SERVER1
SW-2(config-vlan)#exit
SW-2(config)#vlan 30
SW-2(config-vlan)#name SALES
SW-2(config-vlan)#exit
SW-2(config)#interface ETH0/2
SW-2(config-if)#switchport mode access
SW-2(config-if)#switchport access vlan 20
SW-2(config-if)#no sh
SW-2(config-if)#exit
SW-2(config)#interface ETH0/3
SW-2(config-if)#SW-1port mode access
SW-2(config-if)#SW-1port access vlan 30
SW-2(config-if)#no sh
SW-2(config-if)#end
SW-2#wr

SW-1>enable
SW-1#configure t
SW-1(config)#cdp run
SW-1(config)#interface fastEthernet 0/1
SW-1(config-if)#cdp enable
SW-1(config-if)#no sh
SW-1(config)#interface fastEthernet 0/2
SW-1(config-if)#no cdp enable
SW-1(config-if)#no sh
SW-1(config-if)#end
SW-1#wr
Topology 9

Tasks -All physical cabling is in place. Routers R3 and R4 are fully configured and
inaccessible. Configure static routes for various connectivity to the ISP and the LAN
that resides on R4.

1. Configure a route on R1 to ensure that R1 prefers R2 when traffic is destined to


the server only.
2. Configure a default route on R2 to the ISP
3. Configure a route on R1 to ensure that R1 will use R2 for the R4 LAN if the link fails
between R3 and R4
4. Configure a route on R1 to ensure that R1 prefers R3 when traffic is destined to the
R4 LAN at 10.0.41.0/24

R1>enable
R1#conf t
R1(config)#ip route 10.0.41.10 255.255.255.255 e0/0
R1(config)#ip route 10.0.41.0 255.255.255.0 e0/0 201
R1(config)#ip route 10.0.41.0 255.255.255.0 e0/1
R1(config)#end
R1#wr

R2>enable
R2#conf t
R2(config)#ip route 0.0.0.0 0.0.0.0 209.165.200.225
R2(config)#end
R2#wr
Topology 10

Tasks -All physical cabling is in place. A company plans to deploy 16 new sites. The
sites will utilize both IPv4 and IPv6 networks.

1. Subnet 172.16.0.0/16 to meet the subnet requirements and maximize the number of
hosts
• Using the second subnet
- Assign the first usable IP address to e0/0 on Sw101
- Assign the last usable IP address to e0/0 on Sw102

2. Subnet 2001:DB8::/50 to meet the subnet requirements and maximize the number of
hosts
• Using the second subnet
- Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw101
- Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw102

SW101>enable
SW101#conf t
SW101(config)#ipv6 unicast-routing
SW101(config)#int e0/0
SW101(config-if)#no switchport
SW101(config-if)#ip address 172.16.16.1 255.255.240.0
SW101(config-if)#ipv6 address 2001:db80:400::1/64
SW101(config-if)#no shutdown
SW101(config-if)#end
SW101#wr

SW102>enable
SW102#conf t
SW102(config)#ipv6 unicast-routing
SW102(config-if)#int e0/0
SW102(config-if)#no switchport
SW102(config-if)#ip address 172.16.31.254 255.255.240.0
SW102(config-if)#ipv6 address 2011:db8:0:400::2/64
SW102(config-if)#no shutdown
SW102(config-if)#end
SW102#wr
Topology 11

Tasks -Refer to the topology. All physical cabling is in place. Routers R3 and R4 are fully
configured and inaccessible. Configure static routes for various connectivity to the ISP and
the LAN, which resides on R4.

1. Configure a default route on R2 to the ISP


2. Configure a default route on R1 to the ISP
3. Configure R2 with a route to the Server at 10.0.41.10
4. Configure R1 with a route to the LAN that prefers R3 as the primary path to the LAN
R1>enable
R1#conf t
R1(config)#ip route 0.0.0.0 0.0.0.0 e0/0
R1(config)#ip route 10.0.41.0 255.255.255.0 e0/1
R1(config)#ip route 10.0.41.0 255.255.255.0 e0/0 10
R1(config)#end
R1#end

R2>enable
R2#conf t
R2(config)#ip route 0.0.0.0 0.0.0.0 e0/2
R2(config)#ip route 10.0.41.10 255.255.255.255 e0/0
R2(config)#end
R2#wr

Topology 12

Tasks -R1 and R2 are pre-configured with all the necessary commands. All physical cabling
is in place and verified. Connectivity for PC1 and PC2 must be established to the switches;
each port must only allow one VLAN and be operational.

1. Configure SW-1 with VLAN 15 and label it exactly as OPS


2. Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING
3. Configure the switch port connecting to PC1
4. Configure the switch port connecting to PC2
5. Configure the E0/2 connections on SW-1 and SW-2 for neighbor discovery using the
vendor-neutral standard protocol and ensure that E0/0 on both switches uses the Cisco
proprietary protocol

SW1>enable
SW1#conf t
SW1(config)# vlan 15
SW1(config-vlan)#name OPS
SW1(config-vlan)#exit
SW1(config)#interface etherne0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 15
SW1(config-if)#no shut
SW1(config-if)#exit
SW1(config)#lldp run
SW1(config)#interface e0/0
SW1(config-if)#no lldp transmit
SW1(config-if)#no lldp receive
SW1(config-if)#cdp enable
SW1(config-if)#end
SW1#wr

SW2>enable
SW2#conf t
SW2(config)#vlan 66
SW2(config-vlan)#name ENGINEERING
SW2(config-vlan)#exit
SW2(config)#int e0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 66
SW2(config-if)#no shut
SW2(config-if)#exit
SW2(config)#lldp run
SW2(config)#interface e0/0
SW2(config-if)#no lldp transmit
SW2(config-if)#no lldp receive
SW2(config-if)#cdp enable
SW2(config-if)#end
SW2#wr
Topology 13

Tasks -R1 has been pre-configured with all the necessary commands. All physical cabling is
in place and verified. Connectivity for PC1 and PC2 must be established to the switches,
and each port must only allow one VLAN.

1. Configure SW-1 with VLAN 35 and label it exactly as SALES


2. Configure SW-2 with VLAN 39 and label it exactly as MARKETING
3. Configure the switch port connecting to PC1
4. Configure the switch port connecting to PC2
5. Configure SW-1 and SW-2 for universal neighbor discovery using the industry standard
protocol and disable it on the interface connecting to PC1

SW1>enable
SW-1#conf t
SW-1(config)#vlan 35
SW-1(config-vlan)#name SALES
SW-1(config-vlan)#exit
SW-1(config)#interface gigabitEthernet 0/2
SW-1(config-if)#switchport mode access
SW-1(config-if)#switchport access vlan 35
SW-1(config-if)#no lldp receive
SW-1(config-if)#no lldp transmit
SW-1(config-if)#exit
SW-1(config)#lldp run
SW-1(config)#end
SW-1#wr
SW2>enable
SW2#conf t
SW-2(config)#vlan 39
SW-2(config-vlan)#name MARKETING
SW-2(config-vlan)#exit
SW-2(config)#interface gigabitEthernet 0/2
SW-2(config-if)#switchport mode access
SW-2(config-if)#switchport access vlan 39
SW-2(config-if)#exit
SW-2(config)#lldp run
SW-2(config)#end
SW-2#wr
Topology 14

Tasks -VLANS 35 and 45 have been configured in all three switches. All physical
connectivity has been installed and verified All inter-switch links must be operational.

1. Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for 802.1q trunking allowing
all VLANS

2. Configure the inter-switch links on SW-1 e0/2, SW-2 e0/2, and SW-3 e0/0 and e0/1
to use native VLAN 35

3. Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for link aggregation SW-1
should immediately negotiate LACP and SW-2 must only respond to LACP requests
SW1>enable
SW1#conf t
interface range e0/0 - 1
channel-group 12 mode active
shutdown
interface port-channel 12
no shutdown
switchport trunk encapsulation dotiq
switchport mode trunk
switchport trunk native vlan 35
end
wr

SW2>enable
SW2#conf t
interface range e0/0 – 1
shutdown
channel-group 12 mode passive
no shutdown
interface port-channel 12
switchport trunk encapsulation dotiq
switchport mode trunk
switchport trunk native vlan 35
interface e0/2
switchport trunk native vlan 35
end
wr

SW3>enable
SW3#conf t
interface range e0/0 – 1
shutdown
switchport mode trunk encapsulation dotiq
no shutdown
switchport mode trunk
switchport trunk native vlan 35
end
wr
Topology 15

Tasks -All physical cabling is in place and verified. Switch SW-1 is pre-configured
and inaccessible. SW-2 and SW-3 ports must be configured and operational to
complete the configuration.

1. Configure SW-2 and SW-3 ports E0/0 to use the industry standard encapsulation
method for trunking and only tag VLAN 10
2. Configure SW-2 and SW-3 ports E0/0 to send and receive untagged traffic over
VLAN 11
3. Configure SW-2 and SW-3 ports E0/2 and E0/3 to use the industry standard
encapsulation method for trunking and tag all VLANS
4. Configure SW-2 and SW-3 ports E0/2 and E0/3 for link aggregation using the
industry standard protocol with the following requirements: o SW-2 ports must not
initiate the negotiation for the aggregation protocol o SW-3 ports must
immediately negotiate the aggregation protocol o Use the designated number
assignment
Topology 16

Tasks -All physical cabling is in place. A company plans to deploy 16 new sites. The
sites will utilize both IPv4 and IPv6 networks.

1. Subnet 10.20.0.0/16 to meet the subnet requirements and maximize the number of
hosts

• Using the second subnet

- Assign the first usable IP address to e0/0 on Sw101

- Assign the last usable IP address to e0/0 on Sw102

2. Subnet 2001:db8::/52 to meet the subnet requirements and maximize the number
of hosts

• Using the second subnet

- Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw101

- Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw102
SW101>enable
SW101#conf t
SW101(config)#ipv6 unicast-routing
SW101(config)#interface gigabitEthernet 0/0
SW101(config-if)#no switchport
SW101(config-if)#ip address 10.20.16.1 255.255.240.0
SW101(config-if)#ipv6 address 2001:DB8:0:100::1/64
SW101(config-if)#no shutdown
SW101(config-if)#end
SW101#wr

SW102>enable
Sw102#conf t
SW102(config)#ipv6 unicast-routing
SW102(config)#interface gigabitEthernet 0/0
SW102(config-if)#no switchport
SW102(config-if)#ip address 10.20.31.254 255.255.240.0
SW102(config-if)#ipv6 address 2001:DB8:0:100::2/64
SW102(config-if)#no shutdown
SW102(config-if)#end
SW102#wr

Topology 17
Tasks -All physical cabling is in place and verified. Router R1 is configured and passing
traffic for VLANs 5 and 6. All relevant ports are pre-configured as 802.1q trunks.

1. Configure SW-1 port E0/0 to permit only VLANS 5 and 6

2. Configure both SW-1 and SW-2's E0/1 ports to send and receive untagged traffic
over VLAN 77

3. Configure SW-2 E0/2 port to permit only VLAN 6

4. Configure both SW-3 and SW-4 ports e0/0 and e0/1 for link aggregation using the
industry standard protocol with the following requirements:

- SW-3 ports must immediately negotiate the aggregation protocol

- SW-4 ports must not initiate the negotiation for the aggregation protocol

- Use the designated number assignment


Topology 18

Tasks -Refer to the topology. All physical cabling is in place. Configure local users
accounts, modify the Named ACL (NACL), and configure DHCP Snooping. The current
contents of the NACL must remain intact.

1. Configure a local account on Sw103 with telnet access only on virtual ports 0-4. Use the
following information:
• Username: devnet
• Password: access8cli
• Algorithm type: SHA256
• Privilege level: Exec mode

2. Using the minimum number of ACEs, modify the existing NACL "INTERNET_ACL" to
control network traffic destined for the Internet, and apply the ACL on R1:
• Allow HTTPS from 172.16.0.0/16
• Allow Telnet only for VLAN 101
• Restrict all other traffic and log the ingress interface, source MAC address, the packet's
source and destination IP addresses, and ports

3. Configure Sw101:
• Enable DHCP Snooping for VLAN 101
• Disable DHCP Option-82 data insertion
• Enable DHCP Snooping MAC address verification

Topology 19

Tasks -All physical cabling is in place. A company plans to deploy 64 new sites. The sites
will utilize both IPv4 and IPv6 networks.

1. Subnet 10.30.64.0/19 to meet the subnet requirements and maximize the number of hosts
• Using the second subnet
- Assign the first usable IP address to e0/0 on Sw101
- Assign the last usable IP address to e0/0 on Sw102

2. Subnet 2001:db8::/56 to meet the subnet requirements and maximize the number of hosts
• Using the second subnet
- Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw101
- Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw102

Topology 20

Tasks -All physical cabling is in place. Configurations should ensure that connectivity is
established end-to-end.
1. Configure a route on R1 to ensure that R1 prefers R2 to reach the 2001:db8:41::/64
network
2. Configure a floating route on R1, and ensure that R1 uses R3 to reach the 2001
:db8:41::/64 network if the connection between R1 and R2 is down
3. Ping and traceroute should be working
Topology 21

R1 has been pre-configured with all the necessary commands. All physical cabling is in
place and verified. Connectivity to the end devices must be configured.
1. Configure SW-1 switch port 0/1 to carry traffic for the Cisco IP phone and PC
2. Configure SW-2 E0/1 to carry traffic for PC2
3. Configure VLAN 10 with the name “Engineering” on SW-1
4. Configure the link between SW-1 and SW-2 to use the vendor neutral neighbor discovery
protocol
5. Configure the link on SW-1 to R1 so that it does not allow the Cisco neighbor discovery
protocol to pass
SW1>enable
S1#conf t
S1(config)#vlan 10
S1(config-vlan)#name Engineering
exit
S1(config-if)#interface e0/1
S1(config-if)#switchport mode access
S1(config-if)#switchport voice vlan 11
S1(config-if)#switchport access vlan 10
exit
S1(config)#lldp run
S1(config-if)#interface e0/0
S1(config-if)#lldp transmit
S1(config-if)#lldp receive
S1(config-if)#exit
S1(config)#cdp run
S1(config)#interface e0/2
S1(config-if)#no cdp enable
S1(config-if)#end
S1#wr

SW2>enable
S2#conf t
S2(config)#vlan 30
S2(config-vlan)#exit
S2(config)#interface e0/1
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 30
S2(config-if)#lldp run
S2(config-if)#interface e0/0
S2(config-if)#lldp transmit
S2(config-if)#lldp receive
S2(config-if)#end
S2#wr
Topology 22

Tasks -All physical cabling is in place and verified. Connectivity for the Switches on ports
E0/1, E0/2, and E0/3 must be configured and available for voice and data capabilities.

1. Configure Sw1 and Sw2 with both VLANS, naming them according to the VLAN Name
provided in the topology.
2. Configure the E0/1, E0/2, and E0/3 ports on both switches for both VLANS and ensure
that Cisco IP phones and PCs pass traffic.
3. Configure Sw1 and Sw2 to allow neighbor discovery via the vendor-neutral protocol on
e0/0.
SW1>enable
SW1#conf t
SW1(config)#vlan 77
SW1(config-vlan)#name User_VLAN
SW1(config-vlan)#exit
SW1(config)#vlan 177
SW1(config-vlan)#name Voice_VLAN
SW1(config-vlan)#exit
SW1(config)#interface range ethernet0/1-3
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 77
SW1(config-if)#switchport voice vlan 177
SW1(config-if)#exit
SW1(config)#lldp run
SW1(config)#interface ethernet0/0
SW1(config-if)#lldp transmit
SW1(config-if)#lldp receive
SW1(config-if)#end
S1#wr

SW2>enable
SW2#conf t
SW2(config)#vlan 77
SW2(config-vlan)#name User_VLAN
SW2(config)#exit
SW2(config)#vlan 177
SW2(config-vlan)#name Voice_VLAN
SW2(config-vlan)#exit
SW2(config)#interface range ethernet0/1-3
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 77
SW2(config-if)#switchport voice vlan 177
SW2(config-if)#end
SW2#wr
Topology 23

Tasks - All physical cabling is in place and verified. Connectivity between all four switches
must be established and operational. All ports are pre-configured as 802.1q trunks.
1. Configure both SW-1 and SW-2 ports e0/1 and e0/2 to permit only the allowed VLANs
2. Configure both SW-3 and SW-4 ports e0/2 to permit only the allowed VLANs
3. Configure both SW-1 and SW-2 e0/1 ports to send and receive untagged traffic over
VLAN 99
4. Configure both SW-3 and SW-4 ports e0/0 and e0/1 for link aggregation using the
industry standard protocol. All ports must immediately negotiate the link aggregation
5. Permit only the allowed VLANs on the new link
SW1>enable
S1#conf t
S1(config)#interface range e0/1-2
S1(config-if)#switchport trunk allowed vlan 56,77,99
S1(config-if)#switchport trunk native vlan 99
S1(config-if)#end
S1#wr

SW2>enable
S2#conf t
S2(config)#interface range e0/1-2
S2(config-if)#switchport trunk allowed vlan 56,77,99
S2(config-if)#switchport trunk native vlan 99
S2(config-if)#end
S2#wr

SW3>enable
SW3#conf t
SW3(config)#interface range 0/0-1
SW3(config-if)#shutdown
SW3(config-if)#channel-group 34 mode active
SW3(config-if)#no shutdown
SW3(config-if)#exit
SW3(config)#interface po34
SW3(config-if)#switchport trunk allowed vlan 56,77,99
SW3(config-if)#interface e0/2
S3(config-if)#switchport trunk native vlan 99
SW3(config-if)#switchport trunk allowed vlan 56,77,99
SW3(config-if)#end
SW3#wr

SW4>enable
SW4#conf t
SW4(config)#interface range e0/0-1
SW4(config-if)#shutdown
SW4(config-if)#channel-group 34 mode active
SW4(config-if)#no shutdown
SW4(config-if)#exit
SW4(config)#interface po34
SW4(config-if)#switchport trunk allowed vlan 56,77,99
SW4(config-if)#interface e0/2
SW4(config-if)#switchport trunk allowed vlan 56,77,99
SW4(config-if)#end
SW4#wr
Topology 24

Tasks -Physical connectivity is implemented between the two Layer 2 switches, and the
network connectivity between them must be configured.

1. Configure an LACP EtherChannel and number it as 44; configure it between switches


SW1 and SW2 using interfaces Ethemet0/0 and Ethernet0/1 on both sides. The LACP mode
must match on both ends.
2. Configure the EtherChannel as a trunk link.
3. Configure the trunk link with 802.1q tags.
4. Configure VLAN 'MONITORING' as the untagged VLAN of the EtherChannel.
SW1>enable
SW1#conf t
SW1(config)#interface range eth0/0-1
SW1(config-if)#shutdown
SW1(config-if)#channel-group 44 mode active
SW1(config-if)#no shut
SW1(config-if)#exit
SW1(config)#interface port-channel 44
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport trunk native vlan 746
SW1(config-if)#end
SW1#wr

SW2>enable
SW2#conf t
SW2(config)#interface range eth0/0-1
SW2(config-if)#shutdown
SW2(config-if)#channel-group 44 mode active
SW2(config-if)#no shut
SW2(config-if)#exit
SW2(config)#interface port-channel 44
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport trunk native vlan 746
SW2(config-if)#end
SW2#wr

Topology 25

Tasks -Connectivity between four routers has been established. IP connectivity must be
configured in the order presented to complete the implementation. No dynamic routing
protocols are included.
1. Configure static routing using host routes to establish connectivity from router R3 to the
router R1 Loopback address using the source IP of 209.165.200.230.
2. Configure an IPv4 default route on router R2 destined for router R4.
3. Configure an IPv6 default router on router R2 destined for router R4.

R1>enable
R1#conf t
R1(config)#ip route 192.168.8.1 255.255.255.255 209.165.200.226
R1(config)#end
R1#wr

R3>enable
R3#conf t
R3(config)#ip route 192.168.1.1 255.255.255.255 209.168.200.229
R3(config)#end
R3#wr

R2>enable
R2#conf t
R2(config)#ipv6 unicast-routing
R2(config)#ip route 0.0.0.0 0.0.0.0 209.165.202.130
R2(config)#ipv6 route ::/0 2001:db8:abcd::2
R2(config)#end
R2#wr

Topology

Tasks -Connectivity between three routers has been established, and IP services must be
configured in the order presented to complete the implementation. Tasks assigned include
configuration of NAT, NTP, DHCP, and SSH services.
1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2.
All source addresses must be translated from R3 to the IP address of Ethernet0/0 on R2,
while using only a standard access list named PUBNET. To verify, a ping must be
successful to the R1 Loopback address sourced from R3. Do not use NVI NAT
configuration.
2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of
the R1 Ethernet0/2 interface. Set the clock on the NTP server for midnight on May 1, 2018.
3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL.
Using a single command, exclude addresses 1 - 10 from the range. Interface Ethernet0/2 on
R3 must be issued the IP address of 10.1.3.11 via DHCP.
4. Configure SSH connectivity from R1 to R3, while excluding access via other remote
connection protocols. Access for user netadmin and password N3t4ccess must be set on
router R3 using RSA and 1024 bits. Verify connectivity using an SSH session from router R1
using a destination address of 10.1.3.11. Do NOT modify console
R2>enable
R2#conf t
R2(config)# ntp server 10.1.3.1
R2(config)# ip access list standard PUBNET
R2(config-std-nacl)# permit 10.2.3.3
R2(config-std-nacl)# permit 10.1.3.11
R2(config-std-nacl)# permit 192.168.3.1
R2(config-std-nacl)# exit
R2(config)# interface e0/1
R2(config-if)# ip nat inside
R2(config)# interface e0/0
R2(config-if)# ip nat outside
R2(config)# ip nat inside source list PUBNET interface e0/0 overload
R2(config)#end
R2# wr

R1>enable
R1# clock set 00:00:00 jan 1 2019
R1#conf t
R1(config)# ntp master 1
R1(config)# ip dhcp pool NETPOOL
R1(dhcp-config)# network 10.1.3.0 255.255.255.0
R1(config)# exit
R1(config)# ip dhcp excluded-address 10.1. 3.1 10.1.3.10
R1(config)#end
R1#wr

R3(config)# interface e0/2


R3(config-if)# ip address dhcp
R3(config)# username netadmin password N3t4ccess
R3(config)# line vty 0 4
R3(config-line)# login local
R3(config-line)# exit
R3(config)# ip domain-name cisco.com
R3(config)# crypto key generate rsa
R3(config)#end
R3#wr

You might also like