[CCNAv6 S2] 9.4.1.2 Packet Tracer - Skills Integration Challenge Part II



Packet Tracer – Skills Integration Challenge
Addressing Table

VLANs and Port Assignments Table



Scenario

This culminating activity includes many of the skills that you have acquired during this course. First, you will complete the documentation for the network. So make sure you have a printed version of the instructions. During implementation, you will configure VLANs, trunking, port security and SSH remote access on a switch. Then, you will implement inter-VLAN routing and NAT on a router. Finally, you will use your documentation to verify your implementation by testing end-to-end connectivity.

Documentation

You are required to fully document the network. You will need a print out of this instruction set, which will include an unlabeled topology diagram:

-       Label all the device names, network addresses and other important information that Packet Tracer generated.
-       Complete the Addressing Table and VLANs and Port Assignments Table.
-       Fill in any blanks in the Implementation and Verification steps. The information is supplied when you launch the Packet Tracer activity.
Implementation

Note: All devices in the topology except HQ, HQ-Sw, and Staff are fully configured. You do not have access to the other routers. You can access all the servers and PCs for testing purposes.

Implement to following requirements using your documentation:

HQ-Sw

·         Configure remote management access including IP addressing and SSH:
-       Domain is cisco.com
-       User Admin with password letmein
-       Crypto key length of 1024
-       SSH version 2, limited to 2 authentication attempts and a 60 second timeout
-       Clear text passwords should be encrypted.
·         Configure, name and assign VLANs. Ports should be manually configured as access ports.
·         Configure trunking.
·         Implement port security:
-       On Fa0/1, allow 2 MAC addresses that are automatically added to the configuration file when detected. The port should not be disabled, but a syslog message should be captured if a violation occurs.
-       Disable all other unused ports.
HQ

·         Configure inter-VLAN routing.
·         Configure DHCP services for VLAN 30. Use LAN as the case-sensitive name for the pool.
·         Implement routing:
-       Use OSPF process ID 1 and router ID 1.1.1.1
-       Configure one network statement for the entire 10.10.10.0/24 address space
-       Disable interfaces that should not send OSPF messages.
-       Configure a default route to the Internet.
·         Implement NAT:
-       Configure a standard, one statement ACL number 1. All IP addresses belonging to the 10.10.10.0/24 address space are allowed.
-       Refer to your documentation and configure static NAT for the File Server.
-       Configure dynamic NAT with PAT using a pool name of your choice, a /30 mask, and these two public addresses:
        198.133.219.128 and 198.133.219.129
Staff

Verify Staff has received full addressing information from HQ.
Verification

All devices should now be able to ping all other devices. If not, troubleshoot your configurations to isolate and solve problems. A few tests include:

·         Verify remote access to HQ-Sw by using SSH from a PC.
·         Verify VLANs are assigned to appropriate ports and port security is in force.
·         Verify OSPF neighbors and a complete routing table.
·         Verify NAT translations and statics.
-       Outside Host should be able to access File Server at the public address.
-       Inside PCs should be able to access Web Server.
·         Document any problems you encountered and the solutions in the Troubleshooting Documentation table below.



Configuration HQ-Sw:

enable
configure terminal
ip domain-name cisco.com
username Admin password letmein
crypto key generate rsa
1024
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 60
line vty 0 15
 transport input ssh
 login local
 exit
service password-encryption
vlan 15
 name Servers
vlan 30
 name PCs
vlan 45
 name Native
vlan 60
 name Management
 exit
ip default-gateway 10.10.10.145
interface range f0/1-20
 switchport mode access
 switchport access vlan 30
interface range f0/11-20
 switchport mode access
 switchport access vlan 15
interface g0/1
 switchport mode trunk
 switchport trunk native vlan 45
interface vlan 60
 ip address 10.10.10.146 255.255.255.240
interface f0/1
 switchport port-security
 switchport port-security maximum 2
 switchport port-security mac-address sticky
 switchport port-security violation restrict
interface range f0/21-24,g0/2
 shutdown
end
write memory
!

Configuration HQ:

enable
configure terminal
interface g0/0
 no shutdown
interface g0/0.15
 encapsulation dot1q 15
 ip address 10.10.10.161 255.255.255.224
interface g0/0.30
 encapsulation dot1q 30
 ip address 10.10.10.193 255.255.255.192
interface g0/0.45
 encapsulation dot1q 45 native
 ip address 10.10.10.129 255.255.255.240
interface g0/0.60
 encapsulation dot1q 60
 ip address 10.10.10.145 255.255.255.240
 exit
ip dhcp pool LAN
 network 10.10.10.192 255.255.255.192
 default-router 10.10.10.193
 dns-server 10.10.10.193
 exit
router ospf 1
 router-id 1.1.1.1
 passive-interface GigabitEthernet0/0
 passive-interface Serial0/1/0
 passive-interface GigabitEthernet0/0.15
 passive-interface GigabitEthernet0/0.30
 passive-interface GigabitEthernet0/0.45
 passive-interface GigabitEthernet0/0.60
 network 10.10.10.0 0.0.0.255 area 0
 default-information originate
 exit
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
access-list 1 permit 10.10.10.0 0.0.0.255
ip nat inside source static 10.10.10.162 198.133.219.130
ip nat pool PAT 198.133.219.128 198.133.219.129 netmask 255.255.255.252
ip nat inside source list 1 pool PAT overload
interface g0/0
 ip nat inside
interface g0/0.15
 ip nat inside
interface g0/0.30
 ip nat inside
interface g0/0.45
 ip nat inside
interface g0/0.60
 ip nat inside
interface s0/0/0
 ip nat inside
interface s0/0/1
 ip nat inside
interface s0/1/0
 ip nat outside
 end
write memory

!

Configuration Staff:


























Click Reset Activity to convert the lab!!!








Nhận xét

Bài đăng phổ biến từ blog này

[CCNAv6 S2] 2.2.2.4 Packet Tracer - Configuring IPv4 Static and Default Routes

[CCNAv6 S2] 8.3.1.2 Packet Tracer - Skills Integration Challenge

[CCNAv6 S3] 7.2.3.5 Packet Tracer - Troubleshooting EIGRP for IPv4