You are on page 1of 6

A few things to keep in mind while completing this activity


1. Do not use the browser Back button or close or reload any Exam windows during the exam.
2. Do not close Packet Tracer when you are done. It will close automatically.
3. Click the Submit Assessment button to submit your work.

In this practice Packet Tracer Skills Assessment, you will:

· finish the configuration of a partially configured network

· establish connectivity within the enterprise and to the Internet

· implement a VLAN policy including inter-VLAN routing

NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.

Step 1: Configure PPP on HQ.

The link between HQ and ISP uses PPP with CHAP. The password is ciscochap. ISP is not accessible and
is already configured.

HQ#config t
HQ(config)#interface serial 0/0/1
HQ(config-if)#encapsulation ppp
HQ(config-if)#ppp authentication chap
HQ(config)#username ISP password ciscochap

Step 2: Configure Default Routing.

a.Configure HQ with a default route using the exit interface argument.

HQ(config)#ip route se0/0/1,0/0/0,0/1/0

b. Verify default routing.

HQ(config)#do show ip route

Step 3: Configure EIGRP Routing.

a. Configure EIGRP routing on HQ, R1, and R2 using the following parameters:

· Use AS number 100.

· Do not use the wildcard mask argument.

· Do not advertise the network between HQ and ISP.

HQ(config)#router eigrp 100
R1(config)#router eigrp 100
R1(config-router)#no auto-summery
R2(config)#router eigrp 100
R2(config-router)#no auto-summary

· On HQ, enter the command redistribute static to propagate the default route to R1 and R2.

HQ(config-router)#redistribute static metric 10000 1 255 1 1500

b. Configure the link between HQ and R2 so that the bandwidth of 128 is used in EIGRP calculations.

R2(config)#interface serial 0/0/0
R2(config-if)#bandwidth 128
HQ(config)#interface serial 0/1/0
HQ(config-if)#bandwidth 128

c. Configure R1 and R2 to summarize the following subnets into one advertised route to be sent to HQ.

R1(config)#interface serial 0/0/0
R1(config-if)#ip summary-address eigrp 100
R2(config)#interface serial 0/0/0
R2(config-if)#ip summary-address eigrp 100

R1 and R2 Subnets

Step 4: Configure HQ with NAT.

a. Configure a static NAT mapping for the Inside Web Server so that the inside IP address is translated
to the outside IP address when packets are routed to the Internet. Use the addresses in the Addressing

HQ(config)#interface fastEthernet 0/0
HQ(config-if)#ipnat inside
HQ(config)#ipnat inside source static
HQ(config)#interface serial 0/0/1
HQ(config-if)#ipnat outside

b. Configure dynamic NAT on HQ using the following guidelines:

· Only addresses in the address space will be translated.

· Use the number 1 for the access list.

· Use PUBLIC as the NAT pool name and translate all inside addresses to the address

· Configure PAT.

HQ(config)#ipnat pool PUBLIC netmask
HQ(config)#access-list 1 permit
HQ(config)#ipnat inside source list 1 pool public
HQ(config)#ipnat inside source list 1 pool public overload

b. Verify that NAT is working.

HQ#showipnat translations

Step 5: Configure Trunking.

Note: S2 is already configured with trunking. You only have user EXEC mode access to S2.

On S1, manually configure the necessary links for trunking mode.

S2(config)#interface gigabitEthernet1/2
S2(config-if)#switchport mode trunk

Step 6

Note: S2 is already configured as a VTP client and will receive VLAN information from S1. You only have
user EXEC mode access to S2.

a. Configure S1 with the following VTP parameters:

· VTP server.

· VTP domain name: CCNA

· VTP password: ciscovtp

S1(config)#vtp domain CCNA
S1(config)#vtp mode server
S1(config)#vtp password ciscovtp

b. Create and name the following VLANs on S1:

· VLAN 10: Student

· VLAN 20: Faculty

S1(config)#vlan 10
S1(config-vlan)#name Student
S1(config)#vlan 20
S1(config-vlan)#name Faculty

c. Verify that S2 received VLAN information from S1.

S2#show vlan

Step 7

Note: The VLAN interface on S2 is already configured.

a. Configure S1 for remote management access.

S1(config)#interface vlan 1
S1(config-if)#ip address
S1(config-if)#no shut
S1(config)#ip default-gateway
S1(config)#do write
S1(config)#line vty 0 3
S1(config-line)#password 123

b. Configure S1 interface Fa0/4 for access mode and assign it to VLAN 10.

S1(config)#interface fastEthernet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10

Step 8

S2 is the current STP root bridge. Using a priority of 4096, configure S1 as the root bridge for all

S1(config)#spanning-tree vlan 1-20 priority 4096

Step 9

Note: Best practice requires port security on all access ports. However, for this practice exercise you will
only configure one port with security.

a. Configure S1 with port security on FastEthernet 0/4:

· No more than 2 MAC addresses are allowed.

· Once learned, MAC addresses should be automatically added to the running configuration.

· If this policy is violated, the port should automatically shutdown.

S1(config)#interface fastEthernet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation shutdown

b. Verify that port security is implemented.

S1#show port-security interface fastEthernet 0/4

Step 10: Configure Inter-VLAN Routing.

a. Use the information in the Addressing Table to configure R2 for inter-VLAN routing.

R2(config)#interface fastEthernet 0/0
R2(config-if)#no ip address
R2(config-if)#no shut
R2(config)#interface fastEthernet 0/0.1
R2(config-subif)#encapsulation dot1q 1
R2(config-subif)#ip address
R2(config-subif)#no shut
R2(config)#interface fastEthernet 0/0.10
R2(config-subif)#encapsulation dot1Q 10
R2(config-subif)#ip address
R2(config-subif)#no shut
R2(config)#interface fastEthernet 0/0.20
R2(config-subif)#encapsulation dot1Q 20
R2(config-subif)#ip address
R2(config-subif)#no shut

b. Verify inter-VLAN routing.

Step 11

Although these are not scored, the following connectivity tests should be successful.

 H3 can ping H1 and H2.
 H3 can ping the Inside Web Server at both addresses.
 H1, H2, and H3 can ping the Outside Web Server.
 H1 can ping S1.