CCNA Routing and Switching

Routing and Switching Essentials

Practice Skills Assessment - Packet Tracer

A few things to keep in mind while completing this activity:

1. Do not use the browser Back button or close or reload any exam
windows during the exam.
2. Do not close Packet Tracer when you are done. It will close
automatically.
3. Click the Submit Assessment button in the browser window to
submit your work.

Introduction

In this practice skills assessment, you will configure the XYZ

Corporation network with single-area OSPFv2. In addition, you will
configure router-on-a-stick routing between VLANs. You will also
implement NAT, DHCP and access lists.

All IOS device configurations should be completed from a direct

terminal connection to the device console.

Some values that are required to complete the configurations

have not been given to you. In those cases, create the values that
you need to complete the requirements. These values may
include certain IP addresses, passwords, interface descriptions,
banner text, and other values.

For the sake of time, many repetitive but important configuration tasks
have been omitted from this activity. Many of these tasks, especially
those related to device security, are essential elements of a network
configuration. The intent of this activity is not to diminish the
importance of full device configurations.

You will practice and be assessed on the following skills:

 Configuration of initial device settings

 IPv4 address assignment
 Configuration and addressing of router interfaces
 Configuration of a router as a DHCP server
 Implementation of static and dynamic NAT
 Configuration of the single-area OSPFv2 routing protocol
  Configuration of a default route and static summary routes
 Configuration of VLANs and trunks
 Configuration of routing between VLANs
 Configuration of ACL to limit device access

You are required to configure the following:

Site 1:

 Configuration of initial router settings

 Interface configuration and IPv4 addressing
 Configuration of DHCP
 Configuration of single-area OSPFv2
 Configuration of routing between VLANs

HQ:

 Interface configuration and IPv4 addressing

 Configuration of single-area OSPFv2
 Configuration of IPv4 route summarization
 Configuration and propagation of a default route
 Configuration of static summary routes
 Configuration of static and dynamic NAT
 Configuration of ACLs

Site 2:

 Interface configuration and IPv4 addressing

 Configuration of single-area OSPFv2
 Configuration of a static summary route

Site1-SW1:

 Configuration of VLANs
 Assignment of switch ports to VLANs
 Configuration of trunking
 Configuration of unused switch ports

Site1-SW2:

 Configuration of VLANs
 Assignment of switch ports to VLANs
 Configuration of trunking
 Configuration of unused switch ports

Internal PC hosts:
  Configuration as DHCP clients

Addressing Tables

Note: You are provided with the networks that interfaces should be
configured on. Unless you are told to do differently in the detailed
instructions below, you are free to choose the host addresses to
assign.

Addressing Table:

Device Interface Network Comm

S0/0/0 192.168.10.104/30 any address
Gi0/0.45 192.168.45.0/24 first address
Site 1
Gi0/0.47 192.168.47.0/24 first address
Gi0/0.101 192.168.101.0/24 first address
S0/0/0 192.168.10.104/30 any address
S0/0/1 192.168.10.112/30 any address
HQ
S0/1/0 198.51.100.0/28 first address
Gi0/0 192.168.18.40/29 first address
S0/0/0 192.168.10.124/30 second addres
Site 2
S0/0/1 192.168.10.112/30 any address
Site1-SW1 VLAN 101 192.168.101.0/24 any address
Site1-SW2 VLAN 101 192.168.101.0/24 any address

Pre-configured addresses for reference:

Device Address
Corporate Web Server 192.168.18.46/29
Admin Host 203.0.113.18
Internet Host 203.0.113.128
Web Server 209.165.201.235
East Host 192.168.200.10/24
Central Host 192.168.201.10/24
West Host 192.168.202.10/24

VLAN Table:
 VLAN
VLAN Name VLAN Network Device:Port
Number
Site1-SW1: Fa0/10
45 finance 192.168.45.0/24
Site1-SW2: Fa0/3
Site1-SW1: Fa0/15
47 sales 192.168.47.0/24
Site1-SW2: Fa0/21
101 netadmin 192.168.101.0/24 SVI

Instructions

All configurations must be performed through a direct terminal

connection to the device consoles.

Step 1: Determine the Addresses to Assign

Determine the IP addresses that you will use for the required interfaces
on the three routers and two switches. Use the information in the
Addressing Table and follow the guidelines below:

 Assign the first IP addresses in the networks that are provided in

the Addressing Table to the LAN interfaces.
 Assign the first address in the HQ subnet to the interface that is
connected to the Internet.
 Assign any valid host address in the networks that are provided
in the Addressing Table to the serial interfaces.
 The host PCs will receive IP addresses over DHCP.

Step 2: Configure Site 1

 Configure Site 1 with the following:

 Configure the router host name: Site-1
 Prevent the router from attempting to resolve command line
entries to IP addresses.
 Protect privileged EXEC mode from unauthorized access with
the MD5 encrypted password.
 Prevent device status messages from interrupting command line
entries at the device console.
 Secure the router console and terminal lines.
 Prevent all passwords from being viewed in clear text in the
device configuration file.
 Configure a message-of-the-day banner.
Step 3: Configure the Router Physical Interfaces

Configure the interfaces of the routers for full connectivity with the
following:

 IP addresses as shown in the addressing table.

 Describe the operational Site 1 serial interface. The Site 1
Ethernet interfaces will be configured at the end of this
assessment.
 DCE settings where appropriate. Use a rate of 128000.

Step 4: Configure static and default routing

Configure the following static routes:

a. Manually configure default routes to the Internet. Use the exit
interface argument. All hosts on the internal LANs and Branch Network
networks should be able to reach the Internet.

b. It has been decided to use static routes to reach the branch

networks that are connected to Site 2. Use a single summary to
represent the branch networks in the most efficient way possible.
Configure the summary static route onHQ and Site 2 using the exit
interface argument.
Step 5: Configure OSPF Routing

Configure single-area OSPFv2 to route between all internal networks.

The branch networks are not routed with OSPFv2.

 Use a process ID of 10.The routers should be configured in

area 0.
 Use the correct inverse masks for all network statements. Do not
use quad zero masks (0.0.0.0).

Step 6: Customize single-area OSPFv2

Customize single-area OSPFv2 by performing the following

configuration tasks:

a. Set the bandwidth of the serial interfaces to 128 kb/s.

b. Configure OSPF router IDs as follows:

 Site 1: 1.1.1.1
 HQ: 2.2.2.2
 Site 2: 3.3.3.3
c. Configure the OSPF cost of the link between Site 1 and HQ to 7500.

d. Prevent routing updates from being sent out of any of the LAN
interfaces that are routed with OSPFv2. Do not use the default
keyword in the commands you use to do this.

Step 7: Configure VLANs and Trunking

Configure Site1-SW1 and Site1-SW2 with VLANs and trunk ports as

follows:
a. Configure names for the VLANs. The VLAN names must be
configured to match the names in the VLAN Table exactly (case and
spelling). Refer to the VLAN table above for the VLAN numbers and
names that should be configured on both switches.

b. Configure the ports that link the switches with each other and the
Site 1 router as functioning trunk ports.

c. Assign the switch ports shown in the table as access ports in the
VLANs as indicated in the VLAN Table.

d. Address VLAN 101 on the network indicated in the VLAN Table.

Note that the first address in this network will be assigned to the router
in a later step in this assessment. The management interfaces of both
switches should configured to be reachable by hosts on other
networks.

e. Configure all unused switch ports as access ports, and shutdown

the unused ports.
Step 8: Configure DHCP

Site 1 should be configured as a DHCP server that provides

addressing to the hosts attached to Site1-SW1 and Site1-SW2. The
requirements are as follows:

 Use VLAN45 and VLAN47 as the pool names. Note that the
pool names must match the names given here exactly, all capital
letters and exact spelling.
 Addresses .1 to .20 should be reserved for static assignment
from each pool.
 The first address in each network will be assigned to the router
interface attached to the networks as shown in the addressing
table.
  Use a DNS server address of 192.168.18.100. This server has
not yet been added to the network, but the address must be
configured.
 Ensure that hosts in each LAN are able to communicate with
hosts on remote networks.

Step 9: Configure NAT

Configure NAT to translate internal private addresses into public

addresses for the Internet. The requirements are:
a. Configure static NAT to the Corporate Web Server.

 Translate the internal address of the server to the

address 198.51.100.14.
 Configure the correct interfaces to perform this NAT
translation.

b. Configure dynamic NAT (not NAT with overload, or PAT).

 Use the addresses remaining in the public address subnet

of198.51.100.0/28. The first two addresses in the subnet
have already been assigned to the HQ and ISP serial
interfaces. Also, another address has already been used in
the static mapping in the step above.
 Use a pool name of INTERNET. Note that the pool name
must match this name exactly, in spelling and
capitalization.
 Hosts on each of the internal LANs shown in the topology
and on all of the branch networks should be permitted to
use the NAT addresses to access the Internet.
 Use a source list number of 1.
 Your source list should consist of three entries, one each
for the LANs and one for the branch networks.

Step 10: Configure Access Control Lists

You will configure two access control lists to limit device access on
HQ. You should use the any and host keywords in the ACL statements
as required. The ACL requirements are:
a. Restrict access to the vty lines on HQ:

 Create a named standard ACL using the name MANAGE.

Be sure that you use this name exactly as it appears in
these instructions (case and spelling).
 Allow only the Admin Host to access the vty lines of HQ.
  No other Internet hosts (including Internet hosts not visible
in the topology) should be able to access the vty lines of
HQ.
 Your solution should consist of a single ACL statement.

b. Allow outside access to the Corporate Web Server while controlling

other traffic from the outside. Create the ACL as directed below:

 Use access list number 101.

 First, allow Admin Host full access to all network hosts and
devices.
 Then, allow outside hosts to access the Corporate Web
Server over HTTP only.
 Allow traffic that is in response to data requests from the
internal and Branch Network hosts to enter the network.
 Add a statement so that counts of all denied traffic will be
shown in theshow access-lists command output.
 Your ACL should have only four statements.

Your ACL should be placed in the most efficient location possible to

conserve network bandwidth and device processing resources.

Step 11: Configure Router-on-a-Stick Inter-VLAN Routing.

Configure Site 1 to provide routing between the VLANs configured on

the switches. As follows:

 Use the VLAN numbers for the required interface numbers.

 Use the first addresses in the VLAN networks for the interfaces.

Step 12: Test and Troubleshoot Connectivity.

Ensure that the hosts attached to the VLANs can reach hosts on the
Branch Network. Note: Pings to the Internet hosts will be blocked by
the ACL, however the server should be reachable over HTTP.