You are on page 1of 7

PT Activity 8.6.

1: CCNA Skills Integration Challenge
Topology Diagram

All contents are Copyright © 2007-2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 7

10 Fa0/0.255.1 Subnet Mask 255.X.X.255.255.255. Fa0/16 BX-S3.255.30 Fa0/0.88.1 10.1 10.1: CCNA Skills Integration Challenge Addressing Table for HQ Dvice Interface Fa0/0 S0/0/0.X.99 S0/0/0 BX-S1 BX-S2 BX-S3 BX-WRS • • • VLAN 99 VLAN 99 VLAN 99 VLAN 1 IP Address 10.255.88 Fa0/0. B2.255.99.255.255.255.255.255.99. The WRT300N routers get the Internet address through DHCP from the Branch router. Fa0/11 BX-S2.X.30.5 10.88.X.252 255.1 10.0 255.0/24 10.255.255.252 DLCI Mappings N/A DLCI 41 to B1 DLCI 42 to B2 DLCI 43 to B3 N/A N/A Addressing Table for Branch Routers Device Interface Fa0/0.X.0/24 10.255.252 255.1 10.1 Subnet Mask 255.255. Page 2 of 7 .252 255.255.41 HQ S0/0/0.255.0/24 VLAN Name Admin Sales Production Wireless Mgmt&Native Port Mappings BX-S2.165.255. VLAN Configuration and Port Mappings VLAN Number 10 20 30 88 99 Network Address 10.X. Fa0/7 All trunks All contents are Copyright © 2007-2008 Cisco Systems.30.255.255. This document is Cisco Public Information.255.0 255.0/24 10.10.42 S0/0/0.252 255.255.255.255.1 10.0 255.X.X.40.X.X. or B3).255.0 255.23 10.255. All rights reserved.1.255.0/24 10.6.0 255. HQ is using the first address.0 Replace “X” with the Branch router number (B1.1 2nd address 10.0.255.9 10.255.43 S0/0/1 S0/1/0 IP Address 10.99.255.20 BX Fa0/0.253 209.255.255. Fa0/6 BX-S2. The point-to-point PVCs with HQ use the second address in the subnet.1 0.255.X.X.0 255.20.21 10.0 255.22 10.99.20.CCNA Exploration Accessing the WAN: Network Troubleshooting PT Activity 8.255.255.255.255.201.255.252 255. Inc.99.0 255.10.0 255.X.255.

at any time you can click Check Results to see if a particular component is graded and if you configured it correctly. None of the basic configurations like hostname. Introduction yrftdhfg hgfhgf Routers and switches under your administration have no configuration. Instead. B1-S2. you will not be given a specific percentage that should be complete at the end of each task. and B2. Because the Branch routers (B1. This document is Cisco Public Information. and B3) and switches are designed with scalability in mind. B2. and B1-S3 can be directly applied to the B2 devices with only minor adjustments. your configurations for B1. Page 3 of 7 . B1. The LMI type must be manually configured as q933a for HQ. Configure static and default routing. Configure static and dynamic NAT. • • • HQ uses a point-to-point subinterface for each of the Branch routers. Configure the Frame Relay core. B1. B2.CCNA Exploration Accessing the WAN: Network Troubleshooting PT Activity 8. B1-S1. HQ is the hub router. Task 1: Configure Frame Relay in a Hub-and-Spoke Topology Step 1. banners. Inc. However. you use connectivity tests to verify each task’s configurations. passwords. Use the addressing tables and the following requirements.6. you can reuse scripts. and other general maintenance commands are graded by Packet Tracer and will not be part of the task specification. you will not necessarily see your completion percentage increase each time you enter a command. and B3 are the spokes. All rights reserved. All contents are Copyright © 2007-2008 Cisco Systems. For example. B3 uses ANSI. and your instructor may choose to grade these commands. Because this activity uses such a large network with close to 500 required components under the assessment items. you are expected to configure them. However. In addition. B3 must be manually configured to use IETF encapsulation.1: CCNA Skills Integration Challenge Learning Objectives • • • • Configure Frame Relay in a hub-and-spoke topology. Configure PPP with CHAP and PAP authentication. Note: This CCNA Skills Integration Challenge is also available in an open-ended version where you can choose the addressing scheme and technologies that you want to implement. You verify your configuration by testing end-to-end connectivity.

XYZ Corporation owns the 209. Use the following requirements: • • • Allow all addresses for the 10.1: CCNA Skills Integration Challenge Step 2. Configure the LAN interface on HQ. You choose the clock rate. This document is Cisco Public Information.com web server. Verify that NAT translated the ping with the show ip nat translations command. Step 2. Step 3.com website at 10. Step 2.246. Using the addressing table for Branch routers. The www. Use the exit interface as an argument. uses addresses . Configure the WAN link from HQ to NewB using PPP encapsulation and PAP authentication.240/29 address space. You need to connect a cable to the correct interfaces. Configure the Branch routers with a default route to HQ. Configure NAT. Configure each Branch router for inter-VLAN routing.xyzcorp.241 through . Configure the WAN link from HQ to ISP using PPP encapsulation and CHAP authentication.6. Step 3. The CHAP password is ciscochap. Step 3.165. Verify connectivity beyond ISP. Verify NAT is operating by using extended ping.2 is registered with the public DNS system at IP address 209. VLAN 99 is the native VLAN.0. Step 2. The PAP password is ciscopap. Task 3: Configure Static and Dynamic NAT on HQ Step 1.CCNA Exploration Accessing the WAN: Network Troubleshooting PT Activity 8. HQ is the DCE side of the link. XYZCORP. All rights reserved.0.1. Verify that HQ can ping ISP and NewB.200.0/8 address space to be translated. Use the next-hop IP address as an argument. Task 2: Configure PPP with CHAP and PAP Authentication Step 1. Inc. Configure HQ with a default route to ISP and a static route to the NewB LAN. Task 4: Configure Static and Default Routing Step 1. All contents are Copyright © 2007-2008 Cisco Systems.165. From HQ.0.cisco. The pool. ping the serial 0/0/0 interface on ISP using the HQ LAN interface as the source address. Verify that HQ can ping each of the Branch routers.200. Page 4 of 7 . configure and activate the LAN interface for inter-VLAN routing.245 with a /29 mask. All three NewB PCs and the NetAdmin PC should be able to ping the www. This ping should succeed. Task 5: Configure Inter-VLAN Routing Step 1.

BX-S2 and BX-S3 are VTP clients. and VLANs The following requirements apply to all three Branches. Step 1. Configure one set of three switches. • • • Use AS 100. B1. Disable EIGRP updates on appropriate interfaces. Create the VLANs on BX-S1. Configure the VLAN interface and default gateway on BX-S1. Configure the appropriate interfaces in trunking mode and assign VLAN 99 as the native VLAN. • • • BX-S1 is the VTP server. Step 4.0/16 address space to HQ. Use the appropriate commands to verify that S2 and S3 now have the VLANs you created on S1. BX-S2. A quick way to force the sending of VTP advertisements is to change one of the client switches to transparent mode and then back to client mode. Step 2.0. It may take a few minutes for Packet Tracer to simulate the VTP advertisements. Use the VLAN Configuration and Port Mappings table to complete the following requirements: • • Configure access ports Assign VLANs to the access ports All contents are Copyright © 2007-2008 Cisco Systems. Each Branch router should now have six directly connected networks and one static default route. B2. Configure Branch switches with VTP. All rights reserved. Manually summarize EIGRP routes so that each Branch router only advertises the 10. This document is Cisco Public Information. Create and name the VLANs listed in the VLAN Configuration and Port Mappings table on BX-S1 only. Task 8: Assign VLANs and Configure Port Security Step 1. Trunking.1: CCNA Skills Integration Challenge Step 2. Step 5. and B3 with EIGRP.6. Step 2. BX-S2. Verify routing tables. and BX-S3. Verify that VLANs have been sent to BX-S2 and BX-S3.CCNA Exploration Accessing the WAN: Network Troubleshooting PT Activity 8. Task 7: Configure VTP. Then use the scripts for those switches on the other two sets of switches. Inc. Step 3. Routing tables will still show all subnets. Assign VLANs to access ports. HQ and the Branch routers should now have complete routing tables. Configure HQ. Page 5 of 7 . the VLAN Interface.X. The domain name is xyzcorp. Note: Packet Tracer does not accurately simulate the benefit of EIGRP summary routes. Configure trunking on BX-S1. The NetAdmin PC should now be able to ping each VLAN subinterface on each Branch router. Verify routing tables and connectivity. VTP advertises the new VLANs to BX-S1 and BX-S2. and BX-S3. even though you correctly configured the manual summary. The password is xyzvtp. Task 6: Configure and Optimize EIGRP Routing Step 1.

configure DHCP pools for each VLAN using the following requirements: • • • • Exclude the first 10 IP addresses in each pool for the LANs. Step 3.com server. Use the following policy to establish port security on the BX-S2 access ports: • • • Allow only one MAC address Configure the first learned MAC address to “stick” to the configuration Set the port to shut down if there is a security violation Step 3. Implement a basic firewall ACL. Task 9: Configure STP Step 1.cisco. All contents are Copyright © 2007-2008 Cisco Systems. Task 10: Configure DHCP Step 1. Step 4. configure a named ACL called FIREWALL in the following order: 1. This document is Cisco Public Information. Verify connectivity. Configure BX-S3 as the backup root bridge. Step 2.1: CCNA Skills Integration Challenge Step 2. All rights reserved.CCNA Exploration Accessing the WAN: Network Troubleshooting PT Activity 8. Configure the PCs to use DHCP. Inc.xyzcorp. Verify connectivity from Outside Host. Task 11: Configure a Firewall ACL Step 1. Configure BX-S1 as the root bridge. Allow inbound HTTP requests to the www. Configure port security.com. Use the appropriate commands to verify that access VLANs are correctly assigned and that the port security policy has been enabled.6. Step 2. Exclude the first 24 IP addresses in each pool for the wireless LANs. Verify that BX-S1 is the root bridge.xyzcorp. The Outside Host PC should be able to ping the server at www. Change this configuration to DHCP. Set the priority level to 4096 on BX-S1 so that these switches are always the root bridge for all VLANs. Step 2. Verify VLAN assignments and port security. The pool name is BX_VLAN## where X is the router number and ## is the VLAN number. Verify that the PCs and wireless routers have an IP address. Currently. the PCs are configured to use static IP addresses. Step 3. All PCs physically attached to the network should be able to ping the www.com web server. On the Branch routers. Set the priority level to 8192 on BX-S3 so that these switches are always the backup root bridge for all VLANs. Include the DNS server attached to the HQ server farm as part of the DHCP configuration. Because ISP represents connectivity to the Internet. Configure DHCP pools for each VLAN. Page 6 of 7 .

Allow only inbound ping replies from ISP and any source beyond ISP.CCNA Exploration Accessing the WAN: Network Troubleshooting PT Activity 8.com. The student returns and uses troubleshooting techniques to isolate and solve the problem.6. Verify connectivity from Outside Host. Step 2. Break the network again. Explicitly block all other inbound access from ISP and any source beyond ISP. Verify the DHCP configuration. Configure the administration password as cisco123 and enable remote management. Step 2.1: CCNA Skills Integration Challenge 2. Task 12: Configure Wireless Connectivity Step 1.X.40. Break the network. The “Router IP” on the Status page in the GUI tab should be the first IP of the 10. Verify remote management capability by accessing the wireless router through the web browser. Troubleshoot the problem. Each BX-WRS router should already have IP addressing from the DHCP of the BX router for VLAN 88. Page 7 of 7 . Step 6. Step 3. All rights reserved. the Outside Host PC should be able to request a web page.com web server. The SSIDs for the routers are BX-WRS_LAN where the X is the Branch router number. The students switch roles and repeat steps 1 and 2. Task 13: Network Troubleshooting Step 1. Step 3. This document is Cisco Public Information. while another student breaks the configuration. 3. Step 5.cisco. Configure the Network Setup/LAN settings.0 /24 subnet. if necessary. 4. Configure the wireless routers for remote access. Allow only established TCP sessions from ISP and any source beyond ISP. Verify connectivity and remote management capability. One student leaves the room. Each wireless PC should be able to access the www. Step 3. Leave all other settings at the default. Inc. Configure the wireless network settings.xyzcorp. Configure the BX-PC4 PCs to access the wireless network using DHCP. The Outside Host PC should not be able to ping the server at www. All contents are Copyright © 2007-2008 Cisco Systems. However. The WEP key is 12345ABCDE Step 4.