A few things to keep in mind while completing this activity

:


1. Do not use the browser Back button or close or reload any Exam windows during the exam.
2. Do not close Packet Tracer when you are done. It will close automatically.
3. Click the Submit Assessment button to submit your work.
Introduction


In this practice Packet Tracer Skills Assessment, you will:

· finish the configuration of a partially configured network

· establish connectivity within the enterprise and to the Internet

· implement a VLAN policy including inter-VLAN routing

NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.

Step 1: Configure PPP on HQ.

The link between HQ and ISP uses PPP with CHAP. The password is ciscochap. ISP is not accessible and
is already configured.

HQ>en
HQ#config t
HQ(config)#interface serial 0/0/1
HQ(config-if)#encapsulation ppp
HQ(config-if)#ppp authentication chap
HQ(config-if)#exit
HQ(config)#username ISP password ciscochap

Step 2: Configure Default Routing.

a.Configure HQ with a default route using the exit interface argument.

HQ(config)#ip route 0.0.0.0 0.0.0.0 se0/0/1,0/0/0,0/1/0

b. Verify default routing.

HQ(config)#do show ip route

Step 3: Configure EIGRP Routing.

a. Configure EIGRP routing on HQ, R1, and R2 using the following parameters:

· Use AS number 100.

· Do not use the wildcard mask argument.

· Do not advertise the network between HQ and ISP.

HQ(config)#router eigrp 100
HQ(config-router)#network 10.10.10.128
HQ(config-router)#network 10.10.10.248
HQ(config-router)#network 10.10.10.252
R1(config)#router eigrp 100
R1(config-router)#network 10.10.10.120
R1(config-router)#network 10.10.10.112
R1(config-router)#network 10.10.10.248
R1(config-router)#no auto-summery
R2(config)#router eigrp 100
R2(config-router)#network 10.10.10.112
R2(config-router)#network 10.10.10.252
R2(config-router)#no auto-summary

· On HQ, enter the command redistribute static to propagate the default route to R1 and R2.

HQ(config-router)#redistribute static metric 10000 1 255 1 1500

b. Configure the link between HQ and R2 so that the bandwidth of 128 is used in EIGRP calculations.

R2(config)#interface serial 0/0/0
R2(config-if)#bandwidth 128
HQ(config)#interface serial 0/1/0
HQ(config-if)#bandwidth 128

c. Configure R1 and R2 to summarize the following subnets into one advertised route to be sent to HQ.

R1(config)#interface serial 0/0/0
R1(config-if)#ip summary-address eigrp 100 10.10.10.0 255.255.255.128
R2(config)#interface serial 0/0/0
R2(config-if)#ip summary-address eigrp 100 10.10.10.0 255.255.255.128

R1 and R2 Subnets

10.10.10.0/26
10.10.10.64/27
10.10.10.96/28
10.10.10.112/29
10.10.10.120/29

Step 4: Configure HQ with NAT.

a. Configure a static NAT mapping for the Inside Web Server so that the inside IP address is translated
to the outside IP address when packets are routed to the Internet. Use the addresses in the Addressing
Table.

HQ(config)#interface fastEthernet 0/0
HQ(config-if)#ipnat inside
HQ(config)#ipnat inside source static 10.10.10.132 128.107.0.10
HQ(config)#interface serial 0/0/1
HQ(config-if)#ipnat outside

b. Configure dynamic NAT on HQ using the following guidelines:

· Only addresses in the 10.10.10.0/24 address space will be translated.

· Use the number 1 for the access list.

· Use PUBLIC as the NAT pool name and translate all inside addresses to the 128.107.0.4/30 address
space.

· Configure PAT.

HQ(config)#ipnat pool PUBLIC 128.107.0.5 128.107.0.6 netmask 255.255.255.252
HQ(config)#access-list 1 permit 10.10.10.0 0.0.0.255
HQ(config)#ipnat inside source list 1 pool public
HQ(config)#ipnat inside source list 1 pool public overload

b. Verify that NAT is working.

HQ#showipnat translations

Step 5: Configure Trunking.

Note: S2 is already configured with trunking. You only have user EXEC mode access to S2.

On S1, manually configure the necessary links for trunking mode.

S2(config)#interface gigabitEthernet1/2
S2(config-if)#switchport mode trunk

Step 6

Note: S2 is already configured as a VTP client and will receive VLAN information from S1. You only have
user EXEC mode access to S2.

a. Configure S1 with the following VTP parameters:

· VTP server.

· VTP domain name: CCNA

· VTP password: ciscovtp

S1(config)#vtp domain CCNA
S1(config)#vtp mode server
S1(config)#vtp password ciscovtp

b. Create and name the following VLANs on S1:

· VLAN 10: Student

· VLAN 20: Faculty

S1(config)#vlan 10
S1(config-vlan)#name Student
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Faculty

c. Verify that S2 received VLAN information from S1.

S2#show vlan

Step 7

Note: The VLAN interface on S2 is already configured.

a. Configure S1 for remote management access.

S1(config)#interface vlan 1
S1(config-if)#ip address 10.10.10.98 255.255.255.240
S1(config-if)#no shut
S1(config-if)#exit
S1(config)#ip default-gateway 10.10.10.97
S1(config)#do write
S1(config)#line vty 0 3
S1(config-line)#password 123
S1(config-line)#login

b. Configure S1 interface Fa0/4 for access mode and assign it to VLAN 10.

S1(config)#interface fastEthernet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10

Step 8

S2 is the current STP root bridge. Using a priority of 4096, configure S1 as the root bridge for all
VLANs.

S1(config)#spanning-tree vlan 1-20 priority 4096

Step 9

Note: Best practice requires port security on all access ports. However, for this practice exercise you will
only configure one port with security.

a. Configure S1 with port security on FastEthernet 0/4:

· No more than 2 MAC addresses are allowed.

· Once learned, MAC addresses should be automatically added to the running configuration.

· If this policy is violated, the port should automatically shutdown.

S1(config)#interface fastEthernet 0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation shutdown

b. Verify that port security is implemented.

S1#show port-security interface fastEthernet 0/4

Step 10: Configure Inter-VLAN Routing.

a. Use the information in the Addressing Table to configure R2 for inter-VLAN routing.

R2(config)#interface fastEthernet 0/0
R2(config-if)#no ip address
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#interface fastEthernet 0/0.1
R2(config-subif)#encapsulation dot1q 1
R2(config-subif)#ip address 10.10.10.97 255.255.255.240
R2(config-subif)#no shut
R2(config-subif)#exit
R2(config)#interface fastEthernet 0/0.10
R2(config-subif)#encapsulation dot1Q 10
R2(config-subif)#ip address 10.10.10.1 255.255.255.192
R2(config-subif)#no shut
R2(config-subif)#exit
R2(config)#interface fastEthernet 0/0.20
R2(config-subif)#encapsulation dot1Q 20
R2(config-subif)#ip address 10.10.10.65 255.255.255.224
R2(config-subif)#no shut
R2(config-subif)#exit

b. Verify inter-VLAN routing.

Step 11

Although these are not scored, the following connectivity tests should be successful.


 H3 can ping H1 and H2.
 H3 can ping the Inside Web Server at both addresses.
 H1, H2, and H3 can ping the Outside Web Server.
 H1 can ping S1.