Ospf Acl Pt Practice Sba 100%(CCND discovery 3 and 4)

DRSEnt OSPF/ACL PT Practice SBA

A few things to keep in mind while completing this activity:

1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done. It will close automatically. 3. Click the Submit Assessment button to submit your work.

Introduction In this practice Packet Tracer Skills Exam, you will:

• finish the configuration of a partially configured network

• establish connectivity within the enterprise and to the Internet

• implement access control lists based on a set of security policies

Addressing Table

Device Interface Address Subnet Mask Default Gateway

HQ

Fa0/0 172.16.100.97 255.255.255.240 n/a

S0/0/0 172.16.100.121 255.255.255.252 n/a

S0/1/0 172.16.100.125 255.255.255.252 n/a

S0/0/1 209.165.201.2 255.255.255.252 n/a

Lo0 10.0.0.3 255.255.255.255 n/a

R1

Fa0/0 172.16.100.65 255.255.255.224 n/a

Fa0/1 172.16.100.113 255.255.255.248 n/a

S0/0/0 172.16.100.122 255.255.255.252 n/a

Lo0 10.0.0.1 255.255.255.255 n/a

R2

Fa0/0 172.16.100.1 255.255.255.192 n/a

Fa0/1 n/a

S0/0/0 172.16.100.126 255.255.255.252 n/a

Lo0 10.0.0.2 255.255.255.255 n/a

H1 NIC 172.16.100.4 255.255.255.192 172.16.100.1

H2 NIC 172.16.100.5 255.255.255.192 172.16.100.1

H3 NIC

Web Server NIC 172.16.100.100 128.107.0.10 255.255.255.240 172.16.100.97

NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.

Step 1: Connect the Devices. a. Connect R2 Fa0/0 to S1 Fa0/1.

b. Connect R2 Fa0/1 to S4.

c. Connect R2 S0/0/0 to HQ S0/1/0. HQ is the DCE side of the link.

Step 2: Configure the Device Basics. Use the IP addresses in the Addressing Table and your subnetting skills to determine the missing IP addresses according to the following guidelines:

a. Configure addressing on R2.

• Configure the necessary interfaces according to the addressing table.

• Configure Fa0/1 with the highest host IP address in the subnet.

b. Configure H3 with the highest host IP address in the subnet

c. Verify connectivity.

Step 3: Configure OSPF. a. Use the following requirements to configure OSPF on HQ, R1, and R2.

• Use the process ID 1.

• Advertise each subnet individually in area 0 with its corresponding wildcard mask. (HQ should not advertise the link to the Internet.)

• Verify OSPF convergence.

b. Configure OSPF Authentication.

• Encrypt the updates using MD5 authentication. Authentication should be enabled for the entire area 0.

• On the appropriate interfaces, use a key ID of 5 and the password itsasecret.

• Verify OSPF convergence.

c. Modify the OSPF Configuration.

• Modify both sides of the link between HQ and R2 to reflect the actual bandwidth of 384 Kb/s.

• Change the priority on R1 so that it is the preferred DR for the LAN it shares with R2.

d. Propagate a default route in the OSPF updates.

• Configure a default route on HQ and point it to the Internet. Use the outbound interface argument.

• Configure OSPF to advertise the default route to neighbors.

e. Verify connectivity.

Step 4: Configure Access Control Lists. a. Filter inbound traffic from the Internet. Configure and apply a single ACL numbered 100 on

the correct router that will implement the following policy in order:

• Allow only regular HTTP access to the Inside Web Server at its public address 128.107.0.10.

• Allow all established TCP connections.

• Allow all ICMP replies and unreachable messages.

b. Verify that the policy is successfully implemented.

c. Filter traffic from the R&D LAN that is attached to R1. Configure and apply a single standard named ACL on the correct router that will implement the following policy:

• Use the name NO_INTERNET (case-sensitive).

• Prevent hosts from the R&D LAN on R1 from accessing the Internet and the inside web server LAN.

• All traffic to all other inside destinations is allowed.

d. Verify that the policy is successfully implemented.

e. Filter traffic from the R2 LAN. Configure and apply a single ACL numbered 115 on the router that will limit network traffic and will implement the following policy:

• Hosts from the LAN connected to the Fa0/0 interface of R2 are blocked from accessing hosts on the R1 R&D LAN.

• All other traffic is allowed anywhere.

f. Verify that the policy is successfully implemented.

Step 5: Verify Connectivity. a. Although these are not scored, the following connectivity tests should be successful:

• H1 and H2 can ping the Outside Web Server.

• The Outside Host can access the HTTP server on the Inside Web Server.

• H1 and H2 can ping the Inside Web Server at 172.16.100.100.

b. Although these are not scored, the following connectivity tests should fail:

• The Outside Host cannot ping the Inside Web Server.

• H3 cannot ping the Inside Web Server, the Outside Host, or Outside Web Server.

• H1 and H2 cannot ping H3.

Just copy configuration to a notepad and paste to the right place.

ANSWER

!Configuration on Router 1

!

!Configure OSPF

configure terminal

router ospf 1

!declare the directly connected (Write the network IP, wild card bits, area Nb):

network 172.16.100.64 0.0.0.31 area 0

network 172.16.100.112 0.0.0.7 area 0

network 172.16.100.120 0.0.0.3 area 0

log-adjacency-changes

!

area 0 authentication message-digest

exit

!

interface Lo0

ip address 10.0.0.1 255.255.255.255

no shut

exit

!

interface s0/0/0

ip ospf message-digest-key 5 md5 itsasecret

exit

!

interface Fa0/0


exit

!

!

interface Fa0/1

ip ospf priority 50


exit

!

!

end

!To save your configuration in the router, write:

copy running-config startup-config

!

!End of Router1 configuration

==========================================================================

==========================================================================

!Configuration on Router 2

!

configure terminal

interface Fa0/1

ip address 172.16.100.118 255.255.255.248

no shutdown

exit

!

interface Lo0

ip address 10.0.0.2 255.255.255.255

no shutdown

exit

!

interface Fa0/0

ip address 172.16.100.1 255.255.255.192

no shutdown

exit

!

!

interface S0/0/0

ip address 172.16.100.126 255.255.255.252

no shutdown

exit

!

!

!Configure OSPF

router ospf 1


network 172.16.100.0 0.0.0.63 area 0

network 172.16.100.112 0.0.0.7 area 0

network 172.16.100.124 0.0.0.3 area 0

network 172.16.100.120 0.0.0.3 area 0


!


exit

!

interface s0/0/0

bandwidth 384


exit

!

interface Fa0/0


exit

!

!

interface Fa0/1

ip ospf priority 25


exit

!

Access-list 115 deny ip 172.16.100.0 0.0.0.63 172.16.100.64 0.0.0.31

Access-list 115 permit ip any any

!

interface Fa0/0

ip access-group 115 in

end

!



!

!End of Router2 configuration

==========================================================================

==========================================================================

!Configuration on Router HQ

!

!Configure OSPF

configure terminal

router ospf 1


network 172.16.100.96 0.0.0.15 area 0

network 209.165.201.0 0.0.0.3 area 0

network 172.16.100.120 0.0.0.3 area 0

network 172.16.100.124 0.0.0.3 area 0

network 172.16.100.120 0.0.0.3 area 0


!


exit

!

interface s0/0/0


exit

!

interface Lo0

ip address 10.0.0.3 255.255.255.255

no shutdown

exit

!

interface s0/0/1


exit

!

!

interface s0/1/0

bandwidth 384


exit

!

interface Fa0/1


exit

!

!

configure terminal

ip route 0.0.0.0 0.0.0.0 s0/0/1

!

router ospf 1

default-information originate

exit

!

!

access-list 100 permit tcp any host 128.107.0.10 eq 80

access-list 100 permit tcp any any established

access-list 100 permit icmp any any unreachable

access-list 100 permit icmp any any echo-reply

!

interface s0/0/1

ip access-group 100 in

exit

!

ip access-list standard NO_INTERNET

deny 172.16.100.64 0.0.0.31

permit any

!

interface s0/1/0

ip access-group NO_INTERNET in

exit

!

interface s0/0/0

ip access-group NO_INTERNET in

end

!

!

!



!

!End of Router HQ configuration

Don’t forget to leave a comment, I got 100% for this lab.

Documents

Ospf Acl Pt Practice Sba 100%(CCND discovery 3 and 4)