Академический Документы
Профессиональный Документы
Культура Документы
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6
Packet Tracer – CCNA Skills Integration Challenge
Scenario
In this comprehensive CCNA skills activity, the XYZ Corporation uses a combination of eBGP and PPP for
WAN connections. Other technologies include NAT, DHCP, static and default routing, EIGRP for IPv4, inter-
VLAN routing, and VLAN configurations. Security configurations include SSH, port security, switch security,
and ACLs.
Note: Only HQ, B1, B1-S2, and the PCs are accessible. The user EXEC password is cisco and the
privileged EXEC password is class.
Requirements
PPP
Configure the WAN link from HQ to the Internet using PPP encapsulation and CHAP authentication.
o Create a user ISP with the password of cisco.
Configure the WAN link from HQ to NewB using PPP encapsulation and PAP authentication.
o Create a user NewB with the password of cisco.
Note: The ppp pap sent-username is not graded by Packet Tracer. However, it must be configured
before the link will come up between HQ and NewB.
HQ(config)# interface s0/1/0
HQ(config-if)# encapsulation ppp
HQ(config-if)# ppp authentication chap
HQ(config-if)# exit
HQ(config)# username ISP password cisco
HQ(config)# interface s0/0/1
HQ(config-if)# encapsulation ppp
HQ(config-if)# ppp authentication pap
HQ(config-if)# ppp pap sent-username HQ password cisco
HQ(config-if)# exit
HQ(config)# username NewB password cisco
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 6
Packet Tracer – CCNA Skills Integration Challenge
eBGP
Configure eBGP between HQ and the Internet.
o HQ belongs to AS 65000.
o The IP address for the BGP router in the Internet cloud is 209.165.201.2.
o Advertise the 192.0.2.0/24 network to the Internet.
HQ(config)# router bgp 65000
HQ(config-router)# neighbor 209.165.201.2 remote-as 65001
HQ(config-router)# network 192.0.2.0 mask 255.255.255.0
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 6
Packet Tracer – CCNA Skills Integration Challenge
NAT
Configure dynamic NAT on HQ
o Allow all addresses for the 10.0.0.0/8 address space to be translated using a standard access list
named NAT.
o XYZ Corporation owns the 209.165.200.240/29 address space. The pool, HQ, uses addresses .241
to .245 with a /29 mask. Bind the NAT ACL to the pool HQ. Configure PAT.
o The connections to the Internet and HQ-DataCenter are outside XYZ Corporation.
HQ(config)# ip access-list standard NAT
HQ(config-std-nacl)# permit 10.0.0.0 0.255.255.255
HQ(config-std-nacl)# exit
HQ(config)# ip nat pool HQ 209.165.200.241 209.165.200.245 netmask
255.255.255.248
HQ(config)# ip nat inside source list NAT pool HQ overload
HQ(config)# interface s0/1/0
HQ(config-if)# ip nat outside
HQ(config-if)# interface g0/1
HQ(config-if)# ip nat outside
HQ(config-if)# interface s0/0/0
HQ(config-if)# ip nat inside
HQ(config-if)# interface s0/0/1
HQ(config-if)# ip nat inside
HQ(config-if)# interface g0/0
HQ(config-if)# ip nat inside
Inter-VLAN Routing
Configure B1 for inter-VLAN routing.
o Using the addressing table for branch routers, configure and activate the LAN interface for inter-VLAN
routing. VLAN 99 is the native VLAN.
B1(config)# interface g0/0
B1(config-if)# no shutdown
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 6
Packet Tracer – CCNA Skills Integration Challenge
B1(config-if)# interface g0/0.10
B1(config-subif)# encapsulation dot1q 10
B1(config-subif)# ip address 10.1.10.1 255.255.255.0
B1(config-subif)# interface g0/0.20
B1(config-subif)# encapsulation dot1q 20
B1(config-subif)# ip address 10.1.20.1 255.255.255.0
B1(config-subif)# interface g0/0.30
B1(config-subif)# encapsulation dot1q 30
B1(config-subif)# ip address 10.1.30.1 255.255.255.0
B1(config-subif)# interface g0/0.99
B1(config-subif)# encapsulation dot1q 99 native
B1(config-subif)# ip address 10.1.99.1 255.255.255.0
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 6
Packet Tracer – CCNA Skills Integration Challenge
EIGRP Routing
Configure and optimize HQ and B1 with EIGRP routing.
o Use autonomous system 100.
o Disable EIGRP updates on appropriate interfaces.
HQ(config)# router eigrp 100
HQ(config-router)# network 10.0.0.0
HQ(config-router)# passive-interface g0/0
HQ(config-router)# passive-interface s0/0/1
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 6
Packet Tracer – CCNA Skills Integration Challenge
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 6
Packet Tracer – CCNA Skills Integration Challenge
B1-S2(config-if-range)# exit
B1-S2(config)# interface f0/6
B1-S2(config-if)# switchport mode access
B1-S2(config-if)# switchport access vlan 10
B1-S2(config-if)# interface f0/11
B1-S2(config-if)# switchport mode access
B1-S2(config-if)# switchport access vlan 20
B1-S2(config-if)# interface f0/16
B1-S2(config-if)# switchport mode access
B1-S2(config-if)# switchport access vlan 30
B1-S2(config-if)# exit
B1-S2(config)# interface range f0/5, f0/7-10, f0/12-15, f0/17-24, g0/1-2
B1-S2(config-if-range)# switchport access vlan 999
B1-S2(config-if-range)# shutdown
Port Security
Use the following policy to establish port security on the B1-S2 access ports:
o Allow two MAC addresses to be learned on the port.
o Configure the learned MAC addresses to be added to the configuration.
o Set the port to send a message if there is a security violation. Traffic is still allowed from the first two
MAC addresses learned.
B1-S2(config)# interface range f0/6, f0/11, f0/16
B1-S2(config-if-range)# switchport port-security
B1-S2(config-if-range)# switchport port-security maximum 2
B1-S2(config-if-range)# switchport port-security mac-address sticky
B1-S2(config-if-range)# switchport port-security violation restrict
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 6
Packet Tracer – CCNA Skills Integration Challenge
SSH
Configure HQ to use SSH for remote access.
o Set the modulus to 2048. The domain name is CCNASkills.com.
o The username is admin and the password is adminonly.
o Only SSH should be allowed on VTY lines.
o Modify the SSH defaults: version 2; 60-second timeout; two retries.
HQ(config)# ip domain-name CCNASkills.com
HQ(config)# crypto key generate rsa
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 6
Packet Tracer – CCNA Skills Integration Challenge
DHCP
On B1, configure a DHCP pool for the Sales VLAN 20 using the following requirements:
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of
6
Packet Tracer – CCNA Skills Integration Challenge
Connectivity
Verify full connectivity from each PC to WWW.pka and www.cisco.pka.
The Outside Host should be able to access the webpage at WWW.pka.
All the test in Scenario 0 should be successful.
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of
6
Packet Tracer – CCNA Skills Integration Challenge
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of
6
Packet Tracer – CCNA Skills Integration Challenge
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of
6