Upload
ranga-sanjeewa
View
12.193
Download
0
Embed Size (px)
DESCRIPTION
Leave a comment
Citation preview
DRSEnt OSPF/ACL PT Practice SBA
A few things to keep in mind while completing this activity:
1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done. It will close automatically. 3. Click the Submit Assessment button to submit your work.
Introduction In this practice Packet Tracer Skills Exam, you will:
• finish the configuration of a partially configured network
• establish connectivity within the enterprise and to the Internet
• implement access control lists based on a set of security policies
Addressing Table
Device Interface Address Subnet Mask Default Gateway
HQ
Fa0/0 172.16.100.97 255.255.255.240 n/a
S0/0/0 172.16.100.121 255.255.255.252 n/a
S0/1/0 172.16.100.125 255.255.255.252 n/a
S0/0/1 209.165.201.2 255.255.255.252 n/a
Lo0 10.0.0.3 255.255.255.255 n/a
R1
Fa0/0 172.16.100.65 255.255.255.224 n/a
Fa0/1 172.16.100.113 255.255.255.248 n/a
S0/0/0 172.16.100.122 255.255.255.252 n/a
Lo0 10.0.0.1 255.255.255.255 n/a
R2
Fa0/0 172.16.100.1 255.255.255.192 n/a
Fa0/1 n/a
S0/0/0 172.16.100.126 255.255.255.252 n/a
Lo0 10.0.0.2 255.255.255.255 n/a
H1 NIC 172.16.100.4 255.255.255.192 172.16.100.1
H2 NIC 172.16.100.5 255.255.255.192 172.16.100.1
H3 NIC
Web Server NIC 172.16.100.100 128.107.0.10 255.255.255.240 172.16.100.97
NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.
Step 1: Connect the Devices. a. Connect R2 Fa0/0 to S1 Fa0/1.
b. Connect R2 Fa0/1 to S4.
c. Connect R2 S0/0/0 to HQ S0/1/0. HQ is the DCE side of the link.
Step 2: Configure the Device Basics. Use the IP addresses in the Addressing Table and your subnetting skills to determine the missing IP addresses according to the following guidelines:
a. Configure addressing on R2.
• Configure the necessary interfaces according to the addressing table.
• Configure Fa0/1 with the highest host IP address in the subnet.
b. Configure H3 with the highest host IP address in the subnet
c. Verify connectivity.
Step 3: Configure OSPF. a. Use the following requirements to configure OSPF on HQ, R1, and R2.
• Use the process ID 1.
• Advertise each subnet individually in area 0 with its corresponding wildcard mask. (HQ should not advertise the link to the Internet.)
• Verify OSPF convergence.
b. Configure OSPF Authentication.
• Encrypt the updates using MD5 authentication. Authentication should be enabled for the entire area 0.
• On the appropriate interfaces, use a key ID of 5 and the password itsasecret.
• Verify OSPF convergence.
c. Modify the OSPF Configuration.
• Modify both sides of the link between HQ and R2 to reflect the actual bandwidth of 384 Kb/s.
• Change the priority on R1 so that it is the preferred DR for the LAN it shares with R2.
d. Propagate a default route in the OSPF updates.
• Configure a default route on HQ and point it to the Internet. Use the outbound interface argument.
• Configure OSPF to advertise the default route to neighbors.
e. Verify connectivity.
Step 4: Configure Access Control Lists. a. Filter inbound traffic from the Internet. Configure and apply a single ACL numbered 100 on
the correct router that will implement the following policy in order:
• Allow only regular HTTP access to the Inside Web Server at its public address 128.107.0.10.
• Allow all established TCP connections.
• Allow all ICMP replies and unreachable messages.
b. Verify that the policy is successfully implemented.
c. Filter traffic from the R&D LAN that is attached to R1. Configure and apply a single standard named ACL on the correct router that will implement the following policy:
• Use the name NO_INTERNET (case-sensitive).
• Prevent hosts from the R&D LAN on R1 from accessing the Internet and the inside web server LAN.
• All traffic to all other inside destinations is allowed.
d. Verify that the policy is successfully implemented.
e. Filter traffic from the R2 LAN. Configure and apply a single ACL numbered 115 on the router that will limit network traffic and will implement the following policy:
• Hosts from the LAN connected to the Fa0/0 interface of R2 are blocked from accessing hosts on the R1 R&D LAN.
• All other traffic is allowed anywhere.
f. Verify that the policy is successfully implemented.
Step 5: Verify Connectivity. a. Although these are not scored, the following connectivity tests should be successful:
• H1 and H2 can ping the Outside Web Server.
• The Outside Host can access the HTTP server on the Inside Web Server.
• H1 and H2 can ping the Inside Web Server at 172.16.100.100.
b. Although these are not scored, the following connectivity tests should fail:
• The Outside Host cannot ping the Inside Web Server.
• H3 cannot ping the Inside Web Server, the Outside Host, or Outside Web Server.
• H1 and H2 cannot ping H3.
Just copy configuration to a notepad and paste to the right place.
ANSWER
!Configuration on Router 1
!
!Configure OSPF
configure terminal
router ospf 1
!declare the directly connected (Write the network IP, wild card bits, area Nb):
network 172.16.100.64 0.0.0.31 area 0
network 172.16.100.112 0.0.0.7 area 0
network 172.16.100.120 0.0.0.3 area 0
log-adjacency-changes
!
area 0 authentication message-digest
exit
!
interface Lo0
ip address 10.0.0.1 255.255.255.255
no shut
exit
!
interface s0/0/0
ip ospf message-digest-key 5 md5 itsasecret
exit
!
interface Fa0/0
ip ospf message-digest-key 5 md5 itsasecret
exit
!
!
interface Fa0/1
ip ospf priority 50
ip ospf message-digest-key 5 md5 itsasecret
exit
!
!
end
!To save your configuration in the router, write:
copy running-config startup-config
!
!End of Router1 configuration
==========================================================================
==========================================================================
!Configuration on Router 2
!
configure terminal
interface Fa0/1
ip address 172.16.100.118 255.255.255.248
no shutdown
exit
!
interface Lo0
ip address 10.0.0.2 255.255.255.255
no shutdown
exit
!
interface Fa0/0
ip address 172.16.100.1 255.255.255.192
no shutdown
exit
!
!
interface S0/0/0
ip address 172.16.100.126 255.255.255.252
no shutdown
exit
!
!
!Configure OSPF
router ospf 1
!declare the directly connected (Write the network IP, wild card bits, area Nb):
network 172.16.100.0 0.0.0.63 area 0
network 172.16.100.112 0.0.0.7 area 0
network 172.16.100.124 0.0.0.3 area 0
network 172.16.100.120 0.0.0.3 area 0
log-adjacency-changes
!
area 0 authentication message-digest
exit
!
interface s0/0/0
bandwidth 384
ip ospf message-digest-key 5 md5 itsasecret
exit
!
interface Fa0/0
ip ospf message-digest-key 5 md5 itsasecret
exit
!
!
interface Fa0/1
ip ospf priority 25
ip ospf message-digest-key 5 md5 itsasecret
exit
!
Access-list 115 deny ip 172.16.100.0 0.0.0.63 172.16.100.64 0.0.0.31
Access-list 115 permit ip any any
!
interface Fa0/0
ip access-group 115 in
end
!
!To save your configuration in the router, write:
copy running-config startup-config
!
!End of Router2 configuration
==========================================================================
==========================================================================
!Configuration on Router HQ
!
!Configure OSPF
configure terminal
router ospf 1
!declare the directly connected (Write the network IP, wild card bits, area Nb):
network 172.16.100.96 0.0.0.15 area 0
network 209.165.201.0 0.0.0.3 area 0
network 172.16.100.120 0.0.0.3 area 0
network 172.16.100.124 0.0.0.3 area 0
network 172.16.100.120 0.0.0.3 area 0
log-adjacency-changes
!
area 0 authentication message-digest
exit
!
interface s0/0/0
ip ospf message-digest-key 5 md5 itsasecret
exit
!
interface Lo0
ip address 10.0.0.3 255.255.255.255
no shutdown
exit
!
interface s0/0/1
ip ospf message-digest-key 5 md5 itsasecret
exit
!
!
interface s0/1/0
bandwidth 384
ip ospf message-digest-key 5 md5 itsasecret
exit
!
interface Fa0/1
ip ospf message-digest-key 5 md5 itsasecret
exit
!
!
configure terminal
ip route 0.0.0.0 0.0.0.0 s0/0/1
!
router ospf 1
default-information originate
exit
!
!
access-list 100 permit tcp any host 128.107.0.10 eq 80
access-list 100 permit tcp any any established
access-list 100 permit icmp any any unreachable
access-list 100 permit icmp any any echo-reply
!
interface s0/0/1
ip access-group 100 in
exit
!
ip access-list standard NO_INTERNET
deny 172.16.100.64 0.0.0.31
permit any
!
interface s0/1/0
ip access-group NO_INTERNET in
exit
!
interface s0/0/0
ip access-group NO_INTERNET in
end
!
!
!
!To save your configuration in the router, write:
copy running-config startup-config
!
!End of Router HQ configuration
Don’t forget to leave a comment, I got 100% for this lab.