[CCNAv6 S4] 8.3.1.2 Packet Tracer - CCNA Skills Integration Challenge
Packet Tracer – CCNA Skills Integration Challenge
Addressing Table
VLAN Configurations and Port Mappings
Scenario
In this comprehensive CCNA skills activity, the XYZ Corporation uses a combination of eBGP and PPP for WAN connections. Other technologies include NAT, DHCP, static and default routing, EIGRP for IPv4, inter-VLAN routing, and VLAN configurations. Security configurations include SSH, port security, switch security, and ACLs.
Note: Only HQ, B1, B1-S2, and the PCs are accessible. The user EXEC password is cisco and the privileged EXEC password is class.
Requirements
PPP
· Configure the WAN link from HQ to the Internet using PPP encapsulation and CHAP authentication.
o Create a user ISP with the password of cisco.
· Configure the WAN link from HQ to NewB using PPP encapsulation and PAP authentication.
o Create a user NewB with the password of cisco.
Note: The ppp pap sent-username is not graded by Packet Tracer. However, it must be configured before the link will come up between HQ and NewB.
eBGP
· Configure eBGP between HQ and the Internet.
o HQ belongs to AS 65000.
o The IP address for the BGP router in the Internet cloud is 209.165.201.2.
o Advertise the 192.0.2.0/24 network to the Internet.
NAT
· Configure dynamic NAT on HQ
o Allow all addresses for the 10.0.0.0/8 address space to be translated using a standard access list named NAT.
o XYZ Corporation owns the 209.165.200.240/29 address space. The pool, HQ, uses addresses .241 to .245 with a /29 mask. Bind the NAT ACL to the pool HQ. Configure PAT.
o The connections to the Internet and HQ-DataCenter are outside XYZ Corporation.
Inter-VLAN Routing
· Configure B1 for inter-VLAN routing.
o Using the addressing table for branch routers, configure and activate the LAN interface for inter-VLAN routing. VLAN 99 is the native VLAN.
Static and Default Routing
· Configure HQ with a static route to the NewB LAN. Use the exit interface as an argument.
· Configure B1 with a default route to HQ. Use the next-hop IP address as an argument.
EIGRP Routing
· Configure and optimize HQ and B1 with EIGRP routing.
o Use autonomous system 100.
o Disable EIGRP updates on appropriate interfaces.
VLANs and Trunking Configurations
Note: Logging to the console is turned off on B1-S2 so that the Native VLAN mismatch messages will not interrupt your configurations. If you would prefer to view console messages, enter the global configuration command logging console.
· Configure trunking and VLANs on B1-S2.
o Create and name the VLANs listed in the VLAN Configuration and Port Mappings table on B1-S2 only.
o Configure the VLAN 99 interface and default gateway.
o Set trunking mode to on for F0/1 - F0/4.
o Assign VLANs to the appropriate access ports.
o Disable all unused ports and assign the BlackHole VLAN.
Port Security
· Use the following policy to establish port security on the B1-S2 access ports:
o Allow two MAC addresses to be learned on the port.
o Configure the learned MAC addresses to be added to the configuration.
o Set the port to send a message if there is a security violation. Traffic is still allowed from the first two MAC addresses learned.
SSH
· Configure HQ to use SSH for remote access.
o Set the modulus to 2048. The domain name is CCNASkills.com.
o The username is admin and the password is adminonly.
o Only SSH should be allowed on VTY lines.
o Modify the SSH defaults: version 2; 60-second timeout; two retries.
DHCP
· On B1, configure a DHCP pool for the Sales VLAN 20 using the following requirements:
o Exclude the first 10 IP addresses in the range.
o The case-sensitive pool name is VLAN20.
o Include the DNS server attached to the HQ LAN as part of the DHCP configuration.
· Configure the Sales PC to use DHCP.
Access List Policy
· Because HQ is connected to the Internet, configure and apply a named ACL called HQINBOUND in the following order:
o Allow inbound BGP updates (TCP port 179) for any source to any destination.
o Allow inbound HTTP requests from any source to the HQ-DataCenter network.
o Allow only established TCP sessions from the Internet.
o Allow only inbound ping replies from the Internet.
o Explicitly block all other inbound access from the Internet.
Connectivity
· Verify full connectivity from each PC to WWW.pka and www.cisco.pka.
· The Outside Host should be able to access the webpage at WWW.pka.
· All the test in Scenario 0 should be successful.
Configuration B1-S2:
enable
configure terminal
vlan 10
name Admin
vlan 20
name Sales
vlan 30
name Production
vlan 99
name Mgmt&Native
vlan 999
name BlackHole
interface Vlan 99
ip address 10.1.99.22 255.255.255.0
ip default-gateway 10.1.99.1
interface FastEthernet0/16
switchport access vlan 30
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
!
interface range FastEthernet0/1-4
switchport trunk native vlan 99
switchport mode trunk
interface range f0/5,f0/7-10,f0/12-15,f0/17-24,g0/1-2
switchport access vlan 999
switchport mode access
shutdown
Configuration HQ:
enable
configure terminal
interface Serial0/0/1
encapsulation ppp
ppp authentication pap
ppp pap sent-username HQ password 0 cisco
ip nat inside
interface Serial0/1/0
encapsulation ppp
ppp authentication chap
ip access-group HQINBOUND in
ip nat outside
interface Serial0/0/1
ip nat inside
interface GigabitEthernet0/1
ip nat outside
interface GigabitEthernet0/0
ip nat inside
interface s0/0/0
ip nat inside
exit
!
username ISP password cisco
username NewB password cisco
username admin password adminonly
ip route 10.4.5.0 255.255.255.0 Serial0/0/1
router eigrp 100
redistribute static
passive-interface default
no passive-interface Serial0/0/0
network 10.0.0.0
!
router bgp 65000
bgp log-neighbor-changes
no synchronization
neighbor 209.165.201.2 remote-as 65001
network 192.0.2.0
exit
!
ip domain-name CCNASkills.com
crypto key generate rsa
2048
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 60
!
line vty 0 15
login local
transport input ssh
exit
!
ip nat pool HQ 209.165.200.241 209.165.200.245 netmask 255.255.255.248
ip nat inside source list NAT pool HQ overload
ip access-list standard NAT
permit 10.0.0.0 0.255.255.255
ip access-list extended HQINBOUND
permit tcp any any eq 179
permit tcp any 192.0.2.0 0.0.0.255 eq www
permit tcp any any established
permit icmp any any echo-reply
deny ip any any
!
!
Configuration B1:
enable
configure terminal
ip dhcp excluded-address 10.1.20.1 10.1.20.10
!
ip dhcp pool VLAN20
network 10.1.20.0 255.255.255.0
default-router 10.1.20.1
dns-server 10.0.1.4
!
interface GigabitEthernet0/0
no shutdown
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.1.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.1.20.1 255.255.255.0
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.1.30.1 255.255.255.0
!
interface GigabitEthernet0/0.99
encapsulation dot1Q 99 native
ip address 10.1.99.1 255.255.255.0
!
router eigrp 100
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/0.10
passive-interface GigabitEthernet0/0.20
passive-interface GigabitEthernet0/0.30
passive-interface GigabitEthernet0/0.99
network 10.0.0.0
ip route 0.0.0.0 0.0.0.0 10.255.255.1
Configuration Sales:
spisigplente_1992 Kimberly Jensen https://www.wiatelecom.com/profile/Star-Wars-Jedi-Outcast-Download-Full-Game-VERIFIED/profile
Trả lờiXóaprovevupgue
corlybsyng_go Dusty Dyksterhouse https://wakelet.com/@meytrotsumli772
Trả lờiXóarotemetal
mistiAtiso Albina Abille Here
Trả lờiXóachrisonacta