In this Skills Assessment (SA) you will create a small network. You must connect the network devices and configure those devices to support various WAN protocols. This will require that you reload the routers before starting your configuration of the next
BRIGHT MIND PROF
Lab13-CSIS430Weeks1-4.docx
CCNA: Connecting Networks SA Exam
Lab 13 CCNA: Connecting Networks
CSIS 430 – Weeks 1 - 4
Hands-On Skills Assessment
Topology
Complete the assessment in Packet Tracer and document and fill in the blanks. Submit this file and the pka file in Week 8 Lab 13, Points will not be given for incomplete Steps.
Assessment Objectives
Part 1: Initialize Devices (2 points, 5 minutes)
Part 2: Configure Device Basic Settings (8 points, 20 minutes)
Part 3: Configure PPP Connections (7 points, 20 minutes)
Part 4: Configure NAT (4 points, 15 minutes)
Part 5: Monitor the Network (6 points, 15 minutes)
Part 6: Configure Frame Relay (7 points, 20 minutes)
Part 7: Configure a GRE VPN Tunnel (6 points, 20 minutes)
Scenario
In this Skills Assessment (SA) you will create a small network. You must connect the network devices and configure those devices to support various WAN protocols. This will require that you reload the routers before starting your configuration of the next WAN protocol. The assessment has you save your basic device configurations to flash prior to implementing a WAN protocol to allow you to restore these basic configurations after each reload.
The first WAN protocol you will configure is Point-to-Point Protocol (PPP) with CHAP authentication. You will also configure Network Address Translation (NAT), and network monitoring protocols during this phase of the assessment. After your instructor has signed off on this phase, you will reload the routers and configure Frame Relay. After the Frame Relay part is complete, and has been signed off by your instructor, you will reload the routers and configure a GRE VPN tunnel. Network configurations and connectivity will be verified throughout the assessment by using common CLI commands.
Required Resources
3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
3 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term.
Console cable to configure the Cisco IOS devices via the console ports
Ethernet and Serial cables as shown in the topology
Initialize Devices
Total points: 2
Time: 5 minutes
Initialize and reload routers.
Erase the startup configurations and reload the devices.
|
Task |
IOS Command |
Points |
|
Erase the startup-config file on all routers. |
erase startup-config |
(1 point) |
|
Reload all routers. |
reload |
(1 point) |
Points: __________ of 2
Configure Device Basic Settings
Total points: 8
Time: 20 minutes
Configure PCs.
Assign static IPv4 address information (IP address, subnet mask, default gateway) to the three PCs in the topology. Refer to the Topology diagram to obtain the IP address information.
|
Configuration Item or Task |
Specification |
Points |
|
Configure static IPv4 address information on PC-A. |
IP Address: 192.168.11.3 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.11.1 |
1 |
|
Configure static IPv4 address information on PC-B. |
IP Address: 192.168.22.3 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.22.1 |
|
|
Configure static IPv4 address information on PC-C. |
IP Address: 1-.10.33.3 Subnet Mask: 255.255.255.0 Default Gateway: 10.10.33.1 |
|
Configure R1.
Configuration tasks for R1 include the following:
|
Configuration Item or Task |
Specification |
Points |
|
Disable DNS lookup |
no ip domain-lookup |
2 |
|
Router name |
hostname R1 |
|
|
Encrypted privileged EXEC password |
enable secret class |
|
|
Console access password |
Line console 0 Password cisco login |
|
|
Telnet access password |
Line vty 0 15 Password cisco login |
|
|
Encrypt the plain text passwords |
Service password-encryption |
|
|
MOTD banner |
Banner motd #Unauthorized Access is Prohibited!# |
|
|
Configure G0/0 |
Interface g0/0 Description Connection to 192.168.11.0 LAN Ip address 192.168.11.1 255.255.255.0 No shutdown |
|
Configure R2.
Configuration tasks for R2 include the following:
|
Configuration Item or Task |
Specification |
Points |
|
Disable DNS lookup |
No ip domain-lookup |
2 |
|
Router name |
Hostname R2 |
|
|
Encrypted privileged EXEC password |
Enable secret class |
|
|
Console access password |
Line console 0 Password cisco login |
|
|
Telnet access password |
Line vty 0 15 Password cisco login |
|
|
Encrypt the plain text passwords |
Service password-encryption |
|
|
MOTD banner |
Banner motd #Unauthorized Access is Prohibited!# |
|
|
Configure G0/0 |
Interface g0/0 Description Connection to 192.168.22.0 LAN Ip address 192.168.22.1 255.255.255.0 No shutdown |
|
Configure R3.
Configuration tasks for R3 include the following:
|
Configuration Item or Task |
Specification |
Points |
|
Disable DNS lookup |
No ip domain-lookup |
2 |
|
Router name |
Hostname R3 |
|
|
Encrypted privileged EXEC password |
Enable secret class |
|
|
Console access password |
Line console 1 Password class login |
|
|
Telnet access password |
Line vty 0 15 Password cisco login |
|
|
Encrypt the plain text passwords |
Service password-encryption |
|
|
MOTD banner |
Banner motd #Unauthorized Access is Prohibited!# |
|
|
Configure G0/0 |
Interface g0/0 Description Connection to 10.10.33.0 LAN Ip address 10.10.33.1 255.255.255.0 No shutdown |
|
Save device configurations to Flash.
Use the copy running-config BasicConfig command to save the running configuration to flash on each router. You will need this configuration file later in the assessment to restore the routers back to their basic configuration.
|
Configuration Item or Task |
Specification |
Points |
|
Copy the running-config on R1 to flash. Name the file BasicConfig. |
R1# copy running-config BasicConfig |
1 |
|
Copy the running-config on R2 to flash. Name the file BasicConfig. |
R2# copy running-config BasicConfig |
|
|
Copy the running-config on R3 to flash. Name the file BasicConfig. |
R3# copy running-config BasicConfig |
|
Points: _________ of 8
Configure PPP Connections
Total points: 7
Time: 20 minutes
Figure 1: PPP Topology
Use Figure 1 to obtain the IP information needed for this part of the student assessment.
Configure R1.
Configuration tasks for R1 include the following:
|
Task |
Specification |
Points |
|
Configure S0/0/0. |
Set the description. Set the Layer 3 IPv4 address. Refer to Figure 1 at the top of Part 3 for IP address information. Set encapsulation to PPP. Set the clocking rate to 128000. Activate the interface. |
2 |
|
Configure CHAP authentication on S0/0/0. |
|
|
|
Create a local database entry for CHAP authentication. |
Username: R2 Password: cisco |
|
|
Set a static default route out S0/0/0. |
|
|
Configure R2.
Configuration tasks for R2 include the following:
|
Task |
Specification |
Points |
|
Configure S0/0/0. |
Interface s0/0/0 Description PPP connection t0 R2 Ip address 172.27.12.1 255.255.255.252 Encapsulation ppp Clock rate 128000 No shutdown |
3 |
|
Configure CHAP authentication on S0/0/0. |
Interface s0/0/0 ppp authentication chap |
|
|
Create a local database entry for CHAP authentication. |
Username R1 password cisco |
|
|
Configure S0/0/1. |
Interface s0/0/0 Description PPP connection t0 R2 Ip address 172.27.12.1 255.255.255.252 Encapsulation ppp Clock rate 128000 No shutdown |
|
|
Set a static default route out S0/0/1. |
Ip route 0.0.0.0 0.0.0.0 s0/0/1 |
|
|
Set a static route for R1 LAN traffic out S0/0/0. |
Ip route 192.168.11.0 255.255.255.0 s0/0/0 |
|
Configure R3.
Configuration tasks for R3 include the following:
|
Task |
Specification |
Points |
|
Configure S0/0/1. |
interface s0/0/1 description PPP connection to ISP ip address 209.165.200.225 255.255.255.248 encapsulation ppp clock rate 128000 no shutdown |
1 |
Verify network connectivity.
Verify connectivity using the ping command.
|
From |
Command |
To |
Expected Results |
Points |
|
PC-A |
ping |
PC-B |
Ping should be successful. |
1 |
|
PC-C |
ping |
R3 G0/1 |
Ping should be successful. |
|
|
PC-C |
ping |
R2 S0/0/1 |
Ping should be successful. |
|
|
PC-A |
ping |
PC-C |
Ping should not be successful. |
|
|
PC-B |
ping |
PC-C |
Ping should not be successful. |
|
|
PC-C |
ping |
PC-B |
Ping should not be successful. |
|
Points: _________ of 7
Configure NAT
Total points: 4
Time: 15 minutes
Configure R2.
Configuration tasks for R2 include the following:
|
Task |
Specification |
Points |
|
Assign a static NAT to map the inside local IP address for PC-B to a Inside Global address. |
Ip nat inside source static 192.168.22.3 209.165.200.226 |
2 |
|
Define an access control list to permit the R1 LAN for dynamic NAT. |
access-list 1 permit 192.168.11.0 0.0.0.255 |
|
|
Define the dynamic NAT pool for the R1 LAN. |
ip nat pool R1-LAN 209.165.200.227 209.165.200.227 netmask 255.255.255.248 |
|
|
Define the NAT from the inside source to the outside pool. Make sure to allow multiple PCs access to this single Inside Global address. |
ip nat inside source list 1 pool R1-LAN overload |
|
|
Define an access control list to permit the R2 LAN for dynamic NAT. |
access-list 2 permit 192.168.22.0 0.0.0.255 |
|
|
Define the dynamic NAT pool for the R2 LAN. |
ip nat pool R2-LAN 209.165.200.228 209.165.200.228 netmask 255.255.255.248 |
|
|
Define the NAT from the inside source to the outside pool. Make sure to allow multiple PCs access to this single Inside Global address. |
ip nat inside source list 2 pool R2-LAN overload |
|
|
Assign the outside NAT interface. |
interface s0/0/1 ip nat outside |
|
|
Assign the inside NAT interface for the R1 LAN. |
interface s0/0/0 ip nat inside |
|
|
Assign the inside NAT interface for the R2 LAN. |
interface g0/0 ip nat inside |
|
Verify network connectivity.
Verify connectivity using the ping command.
|
From |
Command |
To |
Expected Results |
Points |
|
PC-A |
ping |
PC-C |
Ping should be successful. |
1 |
|
PC-C |
ping |
Inside Global address for PC-B (209.165.200.226). |
Ping should be successful. |
|
Note: It may be necessary to disable the PC firewall for pings to be successful.
Verify NAT Configuration on R2.
Enter the appropriate CLI command needed to display the following:
|
Command Description |
Student Input (command) |
Points |
|
Display configured access lists. |
show access-lists |
1 |
|
Display the current active NAT translations. |
show ip nat translations |
|
|
Display detailed information about NAT including interface, access list, and pool assignments. |
show ip nat statistics |
|
Points: _________ of 14
Monitor the Network
Total points: 6
Time: 15 minutes
Configure NTP.
Configuration tasks include the following:
|
Task |
Specification |
Points |
|
Set the clock on R2 to a date and time specified for NTP testing. |
clock set 9:00:00 25 August 2013 |
1 |
|
Configure R2 as the NTP Master. |
ntp master 5 |
|
|
Configure R1 so that it uses R2 as its NTP Server. |
ntp server 172.27.12.2 |
|
Configure Syslog messaging.
Configuration tasks include the following:
|
Task |
Specification |
Points |
|
Enable the timestamp service on R1 and R2 for system logging purposes. |
service timestamps log datetime msec |
1 |
|
Enable logging of messages on R1 and R2. |
logging host 192.168.11.3 |
|
|
Change message trapping level on R1 and R2. |
logging trap debugging |
|
Configure SNMP on R1.
Configuration tasks include the following:
|
Task |
Specification |
Points |
|
Create a standard access list to permit the SNMP management station (PC-A) to retrieve SNMP information from R1. |
ip access-list standard SNMP-ACCESS permit 192.168.11.3 |
2 |
|
Enable SNMP community access to the SNMP-ACCESS access list. |
snmp-server community SA-LAB ro SNMP-ACCESS |
|
|
Set the SNMP notification host. |
snmp-server host 192.168.11.3 version 2c SA-LAB |
|
|
Enable all SNMP traps. |
snmp-server enable traps |
|
Collect NetFlow data on R2.
Configuration tasks include the following:
|
Task |
Specification |
Points |
|
Configure NetFlow data capture on both serial interfaces. Capture ingress and egress data packets. |
interface s0/0/0 ip flow ingress ip flow egress interface s0/0/1 ip flow ingress ip flow egress |
1 |
|
Configure NetFlow data export. |
ip flow-export destination 192.168.22.3 9996 |
|
|
Configure the NetFlow export version. |
ip flow-export version 9 |
|
Verify monitoring configurations.
Enter the appropriate CLI command needed to display the following:
|
Command Description |
Student Input (command) |
Points |
|
Display the date and time. |
show clock |
1 |
|
Display the contents of logging buffers. |
show logging |
|
|
Display information about the SNMP communities. |
show snmp community |
|
|
Display the protocol using the highest volume of traffic. |
show ip cache flow |
|
Points: _________ of 6
Configure Frame Relay
Total points: 7
Time: 20 minutes
Figure 2: Frame Relay Topology
Use Figure 2 to obtain the IP information needed for this part of the student assessment.
Reload routers and restore the BasicConfig to memory.
Erase the startup configurations and reload the devices.
For each router, issue the copy flash:BasicConfig running-config command to reload the basic configuration that you saved at the end of Part 2.
Issue the no shutdown command for the G0/0 interface on R1 and R3.
Configure R2 as a Frame Relay Switch.
Copy and paste the following configuration lines into R2. This will configure R2 as a Frame Relay switch and allow you to complete Part 6.
frame-relay switching
int s0/0/0
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 123 interface s0/0/1 321
frame-relay lmi-type ansi
no shutdown
int s0/0/1
clock rate 128000
encapsulation frame-relay ietf
frame-relay intf-type dce
frame-relay route 321 interface s0/0/0 123
no shutdown
Configure R1.
Configure Frame Relay on S0/0/0 on R1. Configuration tasks for R1 include the following:
|
Task |
Specification |
Points |
|
Configure S0/0/0. |
interface s0/0/0 description Frame Relay connection to R3. ip address 172.27.13.1 255.255.255.252 encapsulation frame-relay clock rate 128000 no shutdown |
2 |
|
Disable Inverse ARP on S0/0/0. |
no frame-relay inverse-arp |
|
|
Map the IP local address to the DLCI. |
frame-relay map ip 172.27.13.1 123. |
|
|
Map the remote IP address to the DLCI. Allow for multicast or broadcast traffic. |
frame-relay map ip 172.27.13.2 123 broadcast |
|
|
Change the LMI type to the ANSI standard. |
frame-relay lmi-type ansi |
|
|
Activate the interface. |
no shutdown |
|
|
Create a default route to the IP address on the other side of the Frame Relay link. |
ip route 0.0.0.0 0.0.0.0 172.27.13.2 |
|
Configure R3.
Configure Frame Relay on a subinterface of S0/0/1 on R3. Configuration tasks for R3 include the following:
|
Task |
Specification |
Points |
|
Configure S0/0/1. |
interface s0/0/1 encapsulation frame-relay ietf no shutdown |
2 |
|
Create a point-to-point subinterface on S0/0/1. |
interface s0/0/1.321 point-to-point description Frame Relay connection to R1 |
|
|
Set the Layer 3 IPv4 address on the subinterface. |
ip address 172.27.13.2 255.255.255.252 |
|
|
Disable Inverse ARP on the subinterface. |
no frame-relay inverse-arp |
|
|
Map the subinterface to the DLCI. |
frame-relay interface-dlci 321 |
|
|
Create a default route to the IP address on the other side of the Frame Relay link. |
ip route 0.0.0.0 0.0.0.0 172.27.13.1 |
|
Verify network connectivity.
Verify connectivity using the ping command.
|
From |
Command |
To |
Expected Results |
Points |
|
PC-A |
ping |
Default gateway |
Ping should be successful. |
2 |
|
PC-C |
ping |
Default gateway |
Ping should be successful. |
|
|
PC-A |
ping |
172.27.13.2 |
Ping should be successful. |
|
|
PC-C |
ping |
172.27.13.1 |
Ping should be successful. |
|
|
PC-A |
ping |
PC-C |
Ping should be successful. |
|
Note: It may be necessary to disable the PC firewall for pings to be successful.
Verify Frame Relay configuration.
Enter the appropriate CLI command needed to display the following:
|
Command Description |
Student Input (command) |
Points |
|
Display Frame Relay LMI statistics. |
show frame-relay lmi |
1 |
|
Display the input and output packet count totals on a Frame Relay permanent virtual circuit (PVC). |
Show frame-relay pvc |
|
|
Display the Frame Relay maps between DLCIs and IP addresses. |
show frame-relay map |
|
Points: _________ of 7
Configure a GRE VPN Tunnel
Total points: 6
Time: 20 minutes
Figure 3: GRE VPN Topology
Use Figure 3 to obtain the IP information needed for this part of the student assessment.
Reload routers and restore the BasicConfig to memory.
Erase the startup configurations and reload the devices.
For each router, issue the copy flash:BasicConfig running-config command to reload the basic configuration that you saved at the end of Part 2.
Issue the no shutdown command for the G0/0 interface on R1 and R3.
Configure Serial Interfaces.
Configuration tasks for R1 include the following:
|
Task |
Specification |
Points |
|
Configure S0/0/0. |
interface s0/0/0 description HDLC connection to ISP ip address 172.27.12.1 255.255.255.252 encapsulation hdlc clock rate 128000 no shutdown |
.5 |
Configuration tasks for R2 include the following:
|
Task |
Specification |
Points |
|
Configure S0/0/0. |
interface s0/0/0 description HDLC connection to R1 ip address 172.27.12.2 255.255.255.252 encapsulation hdlc no shutdown |
1 |
|
Configure S0/0/1. |
interface s0/0/1 description HDLC connection to R3. ip address 172.27.23.2 255.255.255.252 encapsulation hdlc clock rate 128000 no shutdown |
|
Configuration tasks for R3 include the following:
|
Task |
Specification |
Points |
|
Configure S0/0/1. |
interface s0/0/1 description HDLC connection to ISP. ip address 172.27.23.1 255.255.255.252 encapsulation hdlc no shutdown |
.5 |
Configure the GRE VPN tunnel and EIGRP on R1.
Configuration tasks for R1 include the following:
|
Task |
Specification |
Points |
|
Create a GRE tunnel interface. |
interface tunnel 0 description GRE VPN tunnel to R3 ip address 172.27.13.1 255.255.255.252 |
1 |
|
Use S0/0/0 as the tunnel source. |
tunnel source s0/0/0 |
|
|
Set the tunnel destination with the IP address of the R3 S0/0/1 interface. |
tunnel destination 172.27.23.1 |
|
|
Create a default route out S0/0/0. |
ip route 0.0.0.0 0.0.0.0 s0/0/0 |
|
|
Configure EIGRP on R1 |
router eigrp 1 |
|
|
Advertise the LAN and Tunnel subnets in EIGRP. Set the LAN interface to passive. |
network 192.168.11.0 0.0.0.255 network 172.27.13.0 0.0.0.3 passive-interface g0/0. |
|
Configure the GRE VPN tunnel and EIGRP on R3.
Configuration tasks for R3 include the following:
|
Task |
Specification |
Points |
|
Create a GRE tunnel interface. |
interface tunnel 0 description GRE VPN tunnel to R1 ip address 172.27.13.2 255.255.255.252 |
1 |
|
Use S0/0/1 as the tunnel source. |
tunnel source s0/0/1 |
|
|
Set the tunnel destination with the IP address of the R1 S0/0/0 interface. |
tunnel destination 172.27.12.1 |
|
|
Create a default route out S0/0/1. |
ip route 0.0.0.0 0.0.0.0 s0/0/1 |
|
|
Configure EIGRP on R3 |
router eigrp 1 |
|
|
Advertise the LAN and Tunnel subnets in EIGRP. Set the LAN interface to passive. |
network 10.10.33.0 0.0.0.255 network 172.27.13.0 0.0.0.3 passive-interface g0/0. |
|
Verify network connectivity.
Verify connectivity using the following commands.
|
From |
Command |
To |
Expected Results |
Points |
|
PC-A |
ping |
Default gateway |
Ping should be successful. |
1.5 |
|
PC-C |
ping |
Default gateway |
Ping should be successful. |
|
|
PC-A |
ping |
PC-C |
Ping should be successful. |
|
|
R1 |
traceroute |
172.27.23.1 |
R2 should show up in the traceroute. |
|
|
R1 |
traceroute |
172.27.13.2 |
R2 should be absent from traceroute. |
|
Note: It may be necessary to disable the PC firewall for pings to be successful.
Verify GRE VPN configuration.
Enter the appropriate CLI command needed to display the following:
|
Command Description |
Student Input (command) |
Points |
|
Display detail information about the GRE tunnel interface. |
show interfaces tunnel 0 |
.5 |
Points: _________ of 6
.
Router Interface Summary Table
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 16
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 16
