CCNA Exploration: Accessing The WAN Demo Practical Exam Topology Diagram

CCNA Exploration: Accessing the WAN Demo Practical Exam
Topology Diagram
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
Fa0/1 10.0.0.1 255.255.255.128 N/A
R1 S0/0/0 172.16.0.1 255.255.255.252 N/A
S0/0/1 172.16.0.9 255.255.255.252 N/A
Lo0 209.165.200.161 255.255.255.224 N/A
R2 S0/0/0 172.16.0.2 255.255.255.252 N/A
S0/0/1 172.16.0.5 255.255.255.252 N/A
Fa0/1 10.0.0.129 255.255.255.128 N/A
R3 S0/0/0 172.16.0.10 255.255.255.252 N/A
S0/0/1 172.16.0.6 255.255.255.252 N/A
PC1 NIC 10.0.0.10 255.255.255.128 10.0.0.1
PC3 NIC 10.0.0.139 255.255.255.128 10.0.0.129
Scenario
This lab tests you on the skills and knowledge that you learned in Exploration 4. Use cisco for all
passwords in this lab, except for the enable secret password, which is class.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 16
Task 1: Prepare the Network
Step 1: Cable a network that is similar to the one in the topology diagram.
Step 2: Clear any existing configurations on the routers.
Task 2: Perform Basic Device Configurations
Configure the R1, R2, and R3 routers according to the following guidelines:
Configure the router hostname.
Disable DNS lookup.
Configure an EXEC mode password.
Configure a message-of-the-day banner.
Configure a password for console connections.
Configure synchronous logging.
Configure a password for vty connections.
R1
ho R1
no ip domain-lookup
enable secret class
banner motd #R1#
!
!
line con 0
exec-timeout 0 0
logging synchronous
password cisco
login
!
line vty 0 4
password cisco
login
R2
ho R2
no ip domain-lookup
enable secret class
banner motd #R2#
!
!
line con 0
exec-timeout 0 0
logging synchronous
password cisco
login
!
line vty 0 4
password cisco
login
R3
ho R3
no ip domain-lookup
enable secret class
banner motd #R3#
!
!
line con 0
exec-timeout 0 0
logging synchronous
password cisco
login
!
line vty 0 4
password cisco
login
Task 3: Configure and Activate Serial and Ethernet Addresses

Step 1: Configure interfaces on R1, R2, and R3.
Step 2: Verify IP addressing and interfaces.
Step 3: Configure the PC1 and PC3 Ethernet interfaces.
Step 4: Test connectivity between the PCs and routers.
R1
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.128
no shutdown
!
interface Serial0/0/0
ip address 172.16.0.1 255.255.255.252
no shutdown
clock rate 64000
!
ip address 172.16.0.9 255.255.255.252
no shutdown
R2
!
interface Loopback0
ip address 209.165.200.161 255.255.255.224
!
!
ip address 172.16.0.2 255.255.255.252
no shutdown
!
ip address 172.16.0.5 255.255.255.252
clock rate 64000
no shutdown
R3
!
ip address 10.0.0.129 255.255.255.128
no shutdown
!
ip address 172.16.0.6 255.255.255.252
no shutdown
!
ip address 172.16.0.10 255.255.255.252
no shutdown
clock rate 64000
Task 4: Configure Serial Interfaces

Step 1: Configure PPP encapsulation with CHAP between R1 and R2
R1
username R2 password cisco
interface serial0/0/0
encapsulation ppp
ppp authentication chap
R2
username R1 password cisco
interface serial0/0/0
encapsulation ppp
Step 2: Configure and verify HDLC encapsulation between R2 and R3.
R2
encapsulation hdlc
R3
encapsulation hdlc
Step 3: Configure Frame Relay between R1 and R3.
R1
encapsulation frame-relay
frame-relay map ip 172.16.0.9 101 broadcast
frame-relay interface-dlci 101
no keepalive
R3
no keepalive
Task 5: Configure RIP
Step 1: Configure RIP on R1, R2, and R3.
Step 2: Test connectivity with the ping command.
Step 3: Verify the routing table with the appropriate command.
R1
router rip
version 2
passive-interface FastEthernet0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
R2
router rip
version 2
network 10.0.0.0
network 172.16.0.0
network 209.165.200.0
passive-interface Lo0
no auto-summary
!
R3
router rip
version 2
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
Task 6: Configure Basic Router Security

Step 1: Enable a secure Telnet login using a local database on R2.
Step 2: Disable unused services and interfaces on R2.
Step 3: Confirm that R2 is secured.
R2
username cisco password cisco
aaa new-model
aaa authentication login LOCAL_AUTH local
line vty 0 4
login authentication LOCAL_AUTH
transport input ssh
sau
aaa new-model
username cisco password 0 cisco
line vty 0 4
transport input SSH
sau o fi SSH simplu????
Task 7: Configure Access Control Lists

Step 1: Allow telnet to R1 and R3 from R2 only.
R1
access-list 101 permit tcp 172.16.0.2 0.0.0.3 172.16.0.1 0.0.0.3 eq telnet
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
!
ip access-group 101 in
!
R3
R3(config)#access-list 101 permit tcp 172.16.0.5 0.0.0.3 172.16.0.6 0.0.0.3 eq telnet
R3(config)#access-list 101 deny tcp any any eq telnet
R3(config)#access-list 101 permit ip any any
!
!
!
Step 2: Do not allow HTTP, Telnet, and FTP traffic from the Internet to PC1.
FTP port 20 si 21
Telnet port 23
R1
access-list 102 deny tcp any eq 80 host 10.0.0.10
interface fa0/1
ip access-group 102 out
Step 3: Do not allow PC1 to receive traffic from the 10.0.0.128 /25 network.
R3
access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10
interface fa0/1
Step 4: Verify that PC3 cannot ping PC1, but can ping 10.0.0.1.
Task 8: Configure NAT.
Step 1: Configure NAT to allow PC3 to ping PC1.
Step 2: Verify that PC3 can reach PC1.
R3
ip nat pool ping 10.0.0.129 10.0.0.254 netmask 255.255.255.128
access-list 110 permit icmp any any
ip nat inside source list 110 pool ping overload
interface fa0/1
ip nat inside
interface s0/0/0
ip nat outside
interface s0/0/1
ip nat outside

!
hostname R1
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
!
!
!
username R2 password 0 cisco
!
!
!
!
!
no ip domain-lookup
!
!
!
!
!
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 10.0.0.1 255.255.255.128
ip access-group 102 out
duplex auto
speed auto
!
ip address 172.16.0.1 255.255.255.252
encapsulation ppp
clock rate 64000
!
ip address 172.16.0.9 255.255.255.252
no keepalive
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip classless
!
!
access-list 102 deny tcp any eq www host 10.0.0.10
access-list 102 deny tcp any eq telnet host 10.0.0.10
access-list 102 deny tcp any eq ftp host 10.0.0.10
!
banner motd ^CR1^C
!
!
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
!
!
!
end
!
hostname R2
!
!
aaa new-model
!
aaa authentication login LOCAL_AUTH local
!
username R1 password 0 cisco
username cisco password 0 cisco
!
no ip domain-lookup
!
interface Loopback0
ip address 209.165.200.161 255.255.255.224
!
no ip address
duplex auto
speed auto
shutdown
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 172.16.0.2 255.255.255.252
encapsulation ppp
!
ip address 172.16.0.5 255.255.255.252
clock rate 64000
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip classless
!
banner motd #R2#
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
line vty 0 4
password cisco
transport input ssh
!
!
!
end
!
hostname R3
!
!
no ip domain-lookup
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 10.0.0.129 255.255.255.128
duplex auto
speed auto
!
ip address 172.16.0.10 255.255.255.252
no keepalive
clock rate 64000
!
ip address 172.16.0.6 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip classless
!
banner motd #R3#
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
!
!
!
end
!
hostname R3
!
!
no ip domain-lookup
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 10.0.0.129 255.255.255.128
ip nat inside
duplex auto
speed auto
!
ip address 172.16.0.10 255.255.255.252
no keepalive
ip nat outside
clock rate 64000
!
ip address 172.16.0.6 255.255.255.252
ip nat outside
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip nat pool ping 10.0.0.129 10.0.0.254 netmask 255.255.255.128
ip nat inside source list 110 pool ping overload
ip classless
!
!
access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10
access-list 110 permit icmp any any
!
banner motd #R3#
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
!
end

CCNA Exploration: Accessing The WAN Demo Practical Exam Topology Diagram

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CCNA Exploration: Accessing The WAN Demo Practical Exam Topology Diagram

Transféré par

Droits d'auteur :

Formats disponibles

CCNA Exploration: Accessing the WAN Demo Practical Exam

Task 3: Configure and Activate Serial and Ethernet Addresses

Task 4: Configure Serial Interfaces

Step 2: Configure and verify HDLC encapsulation between R2 and R3.

Step 3: Configure Frame Relay between R1 and R3.

Task 6: Configure Basic Router Security

Task 7: Configure Access Control Lists

Vous aimerez peut-être aussi