CCNA: Routing and Switching Essentials

Skills Assessment
Topology

Assessment Objectives
Part 1: Configure Device Basic Settings
Part 2: Configure Switch Security, VLANs, and Inter-VLAN Routing
Part 3: Configure RIPv2 Dynamic Routing Protocol
Part 4: Implement DHCP and NAT for IPv4
Part 5: Configure NTP
Part 6: Configure and Verify Access Control Lists (ACLs)

Scenario
In this Skills Assessment (SA) you will configure a small network to support IPv4 and IPv6 connectivity, switch
security, inter VLAN routing, RIPv2 dynamic routing protocol, Dynamic Host Configuration Protocol (DHCP), dynamic
and static Network Address Translation (NAT), Access Control Lists (ACLs), and server/client Network Time Protocol
(NTP). You will test and document the network using common CLI commands throughout the assessment.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Required Resources
 3 Routers (Cisco 1941 with Cisco IOS Release 15.4(3)M2 universal image or comparable)
 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2)SE7 lanbasek9 image or comparable)
 3 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
 Console cable to configure the Cisco IOS devices via the console ports
 Ethernet and Serial cables as shown in the topology

Part 1: Configure Device Basic Settings

Step 1: Configure the Internet Server.
Configuration tasks for the Internet Server include the following (refer to the Topology for IP address information):

Configuration Item or Task Specification

IPv4 Address 209.165.200.230

IPv4 Subnet Mask 255.255.255.248
Default Gateway 209.165.200.225
IPv6 Address/Subnet 2001:DB8:ACAD:2::30/64
IPv6 Default Gateway 2001:DB8:ACAD:2::1

Step 2: Configure R1.

Configuration tasks for R1 include the following:

Configuration Item or Task Specification

Disable DNS lookup R1(config)#no ip domain-lookup

Router name R1
Encrypted privileged exec password class
Console access password cisco
Telnet access password cisco
Encrypt the clear text passwords R1(config)#service password-encryption
MOTD banner Unauthorized Access is Prohibited!
Set the description
Set the IPv4 address. Refer to Topology diagram for
address information.
Set the IPv6 address. Refer to Topology diagram for
Interface S0/0/0 address information.
Set the IPv6 Link Local Address: FE80::1/64
Set the clocking rate to 128000
Activate Interface
Default routes Configure a default IPv6 route out S0/0/0

Note: Do not configure G0/1 at this time.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Step 3: Configure R2.

Configuration tasks for R2 include the following:

Configuration Item or Task Specification

Disable DNS lookup R2(config)#no ip domain-lookup

Router name R2
Encrypted privileged exec password class
Console access password cisco
Telnet access password cisco
Encrypt the clear text passwords R2(config)#service password-encryption
MOTD banner Unauthorized Access is Prohibited!
Set the description
Set the IPv4 address. Use the next available
address in the subnet.
Interface S0/0/0 Set the IPv6 address. Refer to Topology diagram
for address information.
Set the IPv6 Link Local Address FE80::2/64
Activate Interface
Set the description
Set the IPv4 address. Use the first available
address in the subnet.
Set the IPv6 address. Refer to Topology diagram
Interface S0/0/1 for address information.
Set the IPv6 Link Local Address FE80::2/64
Set clocking rate to 128000
Activate Interface
Set the Description
Set the IPv4 address. Use the first available
address in the subnet.
Interface G0/0 (Simulated Internet) Set the IPv6 address. Use the first available
address in the subnet.
Set the IPv6 Link Local Address FE80::2/64
Activate Interface

Interface Loopback 0 (Simulated Web Set the description.

Server) Set the IPv4 address.
Configure a default IPv4 route out G0/0.
Default route
Configure a default IPv6 route out G0/0.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Step 4: Configure R3.

Configuration tasks for R3 include the following:

Configuration Item or Task Specification

Disable DNS lookup R3(config)#no ip domain-lookup

Router name R3
Encrypted privileged exec password class
Console access password cisco
Telnet access password cisco
Encrypt the clear text passwords R3(config)#service password-encryption
MOTD banner Unauthorized Access is Prohibited!
Set the description
Set the IPv4 address. Use the next available address
in the subnet.
Interface S0/0/1 Set the IPv6 address. Refer to Topology diagram for
address information.
Set the IPv6 Link Local Address FE80::3/64
Activate Interface
Set the IPv4 address. Use the first available address
Interface Loopback 4
in the subnet.
Set the IPv4 address. Use the first available address
Interface Loopback 5
in the subnet.
Set the IPv4 address. Use the first available address
Interface Loopback 6
in the subnet.
Set the IPv6 address. Refer to Topology diagram for
Interface Loopback 7
address information.
Default routes Configure a default IPv6 route out S0/0/1.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Step 5: Configure S1.

Configuration tasks for S1 include the following:

Configuration Item or Task Specification

Disable DNS lookup S1(config)#no ip domain-lookup

Switch name S1
Encrypted privileged exec password class
Console access password cisco
Telnet access password cisco
Encrypt the clear text passwords S1(config)#service password-encryption
MOTD banner Unauthorized Access is Prohibited!

Step 6: Configure S3
Configuration tasks for S3 include the following:

Configuration Item or Task Specification

Disable DNS lookup S3(config)#no ip domain-lookup

Switch name S3
Encrypted privileged exec password class
Console access password cisco
Telnet access password cisco
Encrypt the clear text passwords S3(config)#service password-encryption
MOTD banner Unauthorized Access is Prohibited!

Step 7: Verify network connectivity.

Use the ping command to test connectivity between network devices.
Use the following table to methodically verify connectivity with each network device. Take corrective action to
establish connectivity if a test fails:

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 20
CCNA: Routing and Switching Essentials Skills Assessment

From To IP Address Ping Results

R1 R2, S0/0/0 172.16.12.2

Success rate is 100
percent (5/5)
R2 R3, S0/0/1 172.16.23.1 Success rate is 100
percent (5/5

Internet PC Default Gateway 209.165.200.225 Packets: Sent = 4,

Received = 4, Lost = 0
(0% loss),

Part 2: Configure Switch Security, VLANS, and Inter VLAN Routing

Step 1: Configure S1.
Configuration tasks for S1 include the following:

Configuration Item or Task Specification

Use Topology VLAN Key table to create and name

Create the VLAN database
each of the listed VLANS.
Assign the IPv4 address to the Management VLAN.
Assign the management IP address. Use the IP address assigned to S1 in the Topology
diagram.
Assign the first IPv4 address in the subnet as the
Assign the default-gateway
default-gateway.
Force trunking on Interface F0/3 Use VLAN 1 as the native VLAN.
Force trunking on Interface F0/5 Use VLAN 1 as the native VLAN.
Configure all other ports as access
ports Use the interface range command.
S1(config-if)#int fa0/6
Assign F0/6 to VLAN 31
S1(config-if)#switchport access Vlan 31
S1(config)#int range f0/1-2, f0/4, f0/7-24, g0/1-2
Shutdown all unused ports
S1(config-if-range)# shutdown

Step 2: Configure S3.

Configuration tasks for S3 include the following:

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Configuration Item or Task Specification

Use Topology VLAN Key Table to create each of the

Create the VLAN database
listed VLANS. Name each VLAN.
Assign the IPv4 address to the Management VLAN.
Assign the management IP address Use the IP address assigned to S3 in the Topology
diagram.
Assign the first IP address in the subnet as the
Assign the default-gateway
default-gateway.
Force trunking on Interface F0/3 Use VLAN 1 as the native VLAN.
Configure all other ports as access
ports Use the interface range command.
S3(config-if)#int fa0/18
Assign F0/18 to VLAN 33
S3(config-if)#switchport access Vlan 33
S3(config)#int range f0/1-2, f0/4-17 f0/19--24, g0/1-2
Shutdown all unused ports
S3(config-if-range)# shutdown

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Step 3: Configure R1.

Configuration tasks for R1 include the following:

Configuration Item or Task Specification

Description Accounting LAN

Configure 802.1Q subinterface .31 on
Assign VLAN 31.
G0/1
Assign the first available address to this interface.
Description Engineering LAN
Configure 802.1Q subinterface .33 on
Assign VLAN 33.
G0/1
Assign the first available address to this interface.
Description Management LAN
Configure 802.1Q subinterface .99 on
Assign VLAN 99.
G0/1
Assign the first available address to this interface.
R1(config)# int g0/1
Activate Interface G0/1
R1(config-if-)# no shutdown

Step 4: Verify network connectivity.

Use the ping command to test connectivity between the switches and R1.
Use the following table to methodically verify connectivity with each network device. Take corrective action to
establish connectivity if a test fails:

From To IP Address Ping Results

S1 R1, VLAN 99 address 192.168.99.1 Success rate is 100

percent (5/5), round-
trip min/avg/max =
0/0/2 ms
S3 R1, VLAN 99 address 192.168.99.1 Success rate is 80
percent (4/5), round-
trip min/avg/max =
0/0/1 ms
S1 R1, VLAN 31 address 192.168.31.1 Success rate is 100
percent (5/5), round-
trip min/avg/max =
0/0/2 ms
S3 R1, VLAN 33 address 192.168.33.1 Success rate is 100
percent (5/5), round-
trip min/avg/max =
0/0/2 ms

Part 3: Configure RIPv2 Dynamic Routing Protocol

Step 1: Configure RIPv2 on R1.
Configuration tasks for R1 include the following:

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Configuration Item or Task Specification

R1(config)# router rip

R1(config-router)# version 2

Configure RIP Version 2

Assign all directly connected

Advertise directly connected Networks networks.
R1(config-router)# passive-
interface g0/1.31
R1(config-router)# passive-
interface g0/1.33
R1(config-router)# passive-
interface g0/1.99

Set all LAN interfaces as passive

R1(config-router)# no auto-
Disable automatic summarization summary
R1(config-router)#default-
Advertise IPv4 Default Route information originate

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Step 2: Configure RIPv2 on R2.

Configuration tasks for R2 include the following:

Configuration Item or Task Specification

R2(config)# router rip

R2(config-router)# version 2
Configure RIP Version 2
Advertise directly connected Networks Note: Omit the G0/0 network.
R2(config-router)# passive-
interface loopback 0
Set the LAN (Loopback) interface as passive
R2(config-router)# no auto-
Disable automatic summarization summary

Step 3: Configure RIPv2 on R3.

Configuration tasks for R3 include the following:

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Configuration Item or Task Specification

R3(config)# router rip

R3config-router)# version 2
Configure RIP Version 2
R3(config)# router rip
R3(config-router)# network
192.168.4.0
R3(config-router)# network
192.168.5.0
R3(config-router)# network
192.168.6.0

R3(config-router)# network
172.16.23.0/30
Advertise directly connected IPv4 Networks
R3(config-router)# passive-interface
loopback 4
R3(config-router)# passive-interface
loopback 5
R3(config-router)# passive-interface
loopback 6

Set all IPv4 LAN (Loopback) interfaces as passive

R3(config-router)# no auto-
Disable automatic summarization summary

Step 4: Verify RIP information.

Verify that RIP is functioning as expected. Enter the appropriate CLI command to discover the following information:

Question Response

What command displays the RIP Process ID, Router ID, Rip, network, passive-interfaces
Routing Networks, and passive interfaces configured on a
router?
What command displays only RIP routes? Show ip route rip
What command displays the RIP section of the running- Debug ip rip
configuration?
Is default route out R2 advertised in R1 and R3 Routing no
Tables?

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Part 4: Implement DHCP and NAT for IPv4

Step 1: Configure R1 as the DHCP server for VLANs 31 and 33.
Configuration tasks for R1 include the following:

Configuration Item or Task Specification

Reserve the first 20 IP addresses in R1(config)#ip dhcp excluded-address 192.168.31.1

VLAN 31 for static configurations 192.168.31.20
Reserve the first 20 IP addresses in R1(config)#ip dhcp excluded-address 192.168.33.1
VLAN 33 for static configurations 192.168.33.20
Name: ACCT
DNS-Server: 10.10.10.10
Create a DHCP pool for VLAN 31
Domain-Name: ccna-sa.com
Set the default gateway.
Name: ENGNR
DNS-Server: 10.10.10.10
Create a DHCP pool for VLAN 33
Domain-Name: ccna-sa.com
Set the default gateway.

Step 2: Configure Static and Dynamic NAT on R2.

Configuration tasks for R2 include the following:

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Configuration Item or Task Specification

Username: webuser
Create a local database with 1 user
Password: cisco12345
account
Privilege level: 15
Create a static NAT to the Web Server Inside Global Address: 209.165.200.229
R2(config)#int loopback 0
R2(config-if)#ip nat inside
Assign the inside and outside interface R2(config-if)#int g0/0
for the static NAT
R2(config-if)#ip nat outside
R2(config-if)#
Access List: 1
Allow the Accounting and Engineering networks on
Configure the dynamic NAT inside
R1 to be translated.
private ACL
Allow a summary of the LANs (loopback) networks
on R3 to be translated.
Pool Name: INTERNET
Define the pool of usable public IP
Pool of addresses include:
addresses
209.165.200.225 – 209.165.200.228
R2(config)#ip nat inside source list 1 pool
Define the dynamic NAT translation – INTERNET
PAT Overload.
R2(config)#

Step 3: Verify DHCP and Static NAT.

Use the following tasks to verify that DHCP and Static NAT settings are functioning correctly. It may be necessary to
disable the PC firewall for pings to be successful:

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 20
CCNA: Routing and Switching Essentials
Test
Verify that PC-A acquired IP
information from the DHCP
server
Verify that PC-C acquired IP
information from the DHCP
server
Verify that PC-A can ping PC-C.
Note: It may be necessary to
disable the PC firewall
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Skills Assessment
Results
Ip address : 192.168.31.21
Subnet mask: 255.255.255.0
Default gateway: 192.168.31.1
Dns server : 10.10.10.10
Ip address : 192.168.33.21
Subnet mask: 255.255.255.0
Default gateway: 192.168.33.1
Dns server : 10.10.10.10
Packet Tracer PC Command Line 1.0
C:\>ping 192.168.33.1
Pinging 192.168.33.1 with 32 bytes of data:
Reply from 192.168.33.1: bytes=32 time<1ms
TTL=255
Reply from 192.168.33.1: bytes=32 time<1ms
TTL=255
Reply from 192.168.33.1: bytes=32 time<1ms
TTL=255
Reply from 192.168.33.1: bytes=32 time<1ms
TTL=255
Ping statistics for 192.168.33.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Page 14 of 20
CCNA: Routing and Switching Essentials Skills Assessment

C:\>ping 209.165.200.229

Pinging 209.165.200.229 with 32 bytes of data:

Reply from 209.165.200.229: bytes=32 time=1ms

TTL=255
Reply from 209.165.200.229: bytes=32 time<1ms
TTL=255
Use the Internet PC to ping the Reply from 209.165.200.229: bytes=32 time<1ms
Web server (209.165.200.229) TTL=255
Reply from 209.165.200.229: bytes=32 time<1ms
TTL=255

Ping statistics for 209.165.200.229:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\>

Note: Verification of dynamic NAT will be performed in Part 6.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 15 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Part 5: Configure NTP

Configuration Item or Task Specification

Set the date and time on R2. March 5, 2016, 9 am

Configure R2 as a NTP Master. Stratum level: 5
Configure R1 as an NTP client. Server: R2
R1(config)#ntp update-
Configure R1 for periodical calendar updates with NTP time. calendar

R1#show ntp associations

address ref clock st when

poll reach delay offset
disp
*~172.16.12.2
127.127.1.1 5 6 16 7 4.00
0.00 0.12
* sys.peer, # selected, +
candidate, - outlyer, x
falseticker, ~ configured
Verify the NTP configuration on R1. R1#

Part 6: Configure and Verify Access Control Lists (ACLs)

Step 1: Restrict access to VTY lines on R2.

Configuration Item or Task Specification

Configure a named access list to only allow R1 to telnet to R2 ACL Name: ADMIN-MGT
R2(config-line)#access-
Apply the named ACL to the VTY lines class ADMIN-MGT in
R2(config-line)#transport
Allow telnet access to VTY lines input telnet
R1#telnet 172.16.12.2

User Access Verification

Password: cisco
Verify ACL is working as expected R2>

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 20
CCNA: Routing and Switching Essentials Skills Assessment

Step 2: Enter the appropriate CLI command needed to display the following:

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 20
CCNA: Routing and Switching Essentials
Command Description
Display the matches an access-list
has received since the last reset.
Reset access-list counters.
What command is used to display
what ACL is applied to an
interface and the direction that it is
applied?
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Skills Assessment
Student Input (command)
R2#show access-list
Standard IP access list 1
10 permit 192.168.31.0 0.0.0.255
20 permit 192.168.33.0 0.0.0.255
30 permit 192.168.4.0 0.0.3.255
Standard IP access list ADMIN-MGT
10 permit host 172.16.12.1 (4 match(es))
R2#
R2#clear ip access-list counters
Show ip interface
Page 18 of 20
CCNA: Routing and Switching Essentials Skills Assessment

C:\>ping 209.165.200.230

Pinging 209.165.200.230 with 32 bytes of data:

Reply from 209.165.200.230: bytes=32 time=6ms

TTL=126
Reply from 209.165.200.230: bytes=32 time=1ms
TTL=126
Reply from 209.165.200.230: bytes=32 time=1ms
TTL=126
Reply from 209.165.200.230: bytes=32 time=1ms
TTL=126

Ping statistics for 209.165.200.230:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 6ms, Average = 2ms

C:\>

Note: The translations for PC-A and PC-C were added to

the table when the Internet PC attempted to ping these
PCs in Step 2. Pinging the Internet PC from PC-A or PC-
C will not add the translations to the table because of the
way the Internet is being simulated on the network.
R2#show ip nat translations
R2#show ip nat translations
Pro Inside global Inside local Outside local Outside
global
icmp 209.165.200.225:10192.168.31.21:10
209.165.200.230:10 209.165.200.230:10
icmp 209.165.200.225:11192.168.31.21:11
209.165.200.230:11 209.165.200.230:11
icmp 209.165.200.225:12192.168.31.21:12
209.165.200.230:12 209.165.200.230:12
icmp 209.165.200.225:9 192.168.31.21:9
209.165.200.230:9 209.165.200.230:9
--- 209.165.200.229 10.10.10.10 --- ---

What command displays the NAT R2#

translations?
What command is used to clear clear ip nat Translations
dynamic NAT translations?

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 19 of 20
CCNA: Routing and Switching Essentials Skills Assessment

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 20 of 20