Questions and suggestions are welcome.
Task 1: Apply Basic Configurations
Step 1. Configure R1, R2, and R3 with the basic global configuration.
Hostname as listed in the addressing table
Console line for login with password cisco
vtys 0–4 for login with password cisco
Secret password class
Banner of “AUTHORIZED ACCESS ONLY!”
Only the hostname and banner are graded.
R1
Router>en
Router#conf t
Router(config)#Hostname R1
R1(config)#line con 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#enable secret class
R1(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R1(config)#
R2
Router>en
Router#conf t
Router(config)#hostname R2
R2(config)#line con 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#enable secret class
R2(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R2(config)#
R3
Router>en
Router#conf t
Router(config)#hostname R3
R3(config)#line con 0
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#line vty 0 4
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#exit
R3(config)#enable secret class
R3(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R3(config)#
Step 2. Configure the interfaces on R1, R2, and R3.
Use the addressing table to determine the interface addresses. Use the topology diagram to determine which interfaces are DCE interfaces. Configure the DCE interfaces for a clock rate of 64000.
R1
R1(config)#int f0/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int f0/1
R1(config-if)#ip address 192.168.11.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int s0/0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#
R2
R2(config)#int f0/0
R2(config-if)#ip address 192.168.20.1 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int s0/0/0
R2(config-if)#ip address 10.1.1.2 255.255.255.252
R2(config-if)#no sh
R2(config-if)#int s0/0/1
R2(config-if)#ip address 10.2.2.1 255.255.255.252
R2(config-if)#clock rate 64000
R2(config-if)#no sh
R2(config-if)#int s0/1/0
R2(config-if)#ip address 209.165.200.225 255.255.255.224
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#
R3
R3(config)#int f0/0
R3(config-if)#ip address 192.168.30.1 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int s0/0/1
R3(config-if)#ip address 10.2.2.2 255.255.255.252
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#
Task 2: Configure PPP Encapsulation with CHAP
Step 1. Configure the link between R1 and R2 to use PPP encapsulation with CHAP authentication.
The password for CHAP authentication is cisco123.
R1
R1(config)#int s0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#exit
R1(config)#username R2 password cisco123
R1(config)#
R2
R2(config)#int s0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
R2(config)#username R1 password cisco123
R2(config)#
Step 2. Configure the link between R2 and R3 to use PPP encapsulation with CHAP authentication.
The password for CHAP authentication is cisco123.
R2
R2(config)#int s0/0/1
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
R2(config)#username R3 password cisco123
R2(config)#
R3
R3(config)#int s0/0/1
R3(config-if)#encapsulation ppp
R3(config-if)#ppp authentication chap
R3(config-if)#exit
R3(config)#username R2 password cisco123
R3(config)#
Step 3. Verify that connectivity is restored between the routers.
R2 should be able to ping both R1 and R3. The interfaces may take a few minutes to come back up. You can switch back and forth between Realtime and Simulation modes to speed up the process. Another possible workaround to this Packet Tracer behavior is to use the shutdown and no shutdown commands on the interfaces.
R2
R2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms
R2#ping 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms
Task 3: Configure Dynamic and Default Routing
Step 1. Configure R1, R2, and R3 to use the OSPF routing protocol.
Use a process ID of 1 when configuring OSPF on the routers.
Advertise all networks connected to R1 and R3, but do not send routing updates out the LAN interfaces.
On R2, do not advertise the 209.165.200.224 network, and do not send routing updates out the Fa0/0 or the Serial0/1/0 interfaces.
R1
R1(config)#router ospf 1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
R1(config-router)#network 192.168.11.0 0.0.0.255 area 0
R1(config-router)#passive-interface f0/0
R1(config-router)#passive-interface f0/1
R1(config-router)#exit
R1(config)#
R2
R2(config)#router ospf 1
R2(config-router)#network 10.1.1.0 0.0.0.3 area 0
R2(config-router)#network 10.2.2.0 0.0.0.3 area 0
R2(config-router)#network 192.168.20.0 0.0.0.255 area 0
R2(config-router)#passive-interface f0/0
R2(config-router)#passive-interface s0/1/0
R2(config-router)#exit
R2(config)#
R3
R3(config)#router ospf 1
R3(config-router)#network 10.2.2.0 0.0.0.3 area 0
R3(config-router)#network 192.168.30.0 0.0.0.255 area 0
R3(config-router)#passive-interface f0/0
R3(config-router)#exit
R3(config)#
Step 2. Configure a default route on R2.
Configure a default route to ISP, specifying the outgoing interface on R2 as the next-hop address.
ISP(config)#ip route 209.165.202.128 255.255.255.224 s0/0/0
Step 3. Configure OSPF to advertise the default route.
On R2, enter the command to advertise the default route to R1 and R3 via OSPF.
R2
R2(config)#router ospf 1
R2(config-router)#default-information originate
R2(config-router)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0
R2(config)#
Task 4: Configure Routers with Easy IP
Step 1. Configure R1 to act as a DHCP server for the 192.168.10.0 and 192.68.11.0 networks.
- Name the DHCP pool for the 192.168.10.0 network R1LAN1. For the 192.168.11.0 network, use the name R1LAN2.
- Exclude the first nine addresses on each network from dynamic assignment.
- In addition to the IP address and subnet mask, assign the default gateway and DNS server addresses.
R1(config)#ip dhcp pool R1LAN1
R1(dhcp-config)#network 192.168.10.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.10.1
R1(dhcp-config)#dns-server 192.168.20.254
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.9
R1(config)#ip dhcp excluded-address 192.168.11.1 192.168.11.9
R1(config)#ip dhcp pool R1LAN2
R1(dhcp-config)#network 192.168.11.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.11.1
R1(dhcp-config)#dns-server 192.168.20.254
R1(dhcp-config)#exit
R1(config)#
Step 2. Configure R3 to act as a DHCP server for the 192.168.30.0 network.
Name the DHCP pool for the 192.168.30.0 network R3LAN.
Exclude the first nine addresses on each network from dynamic assignment.
In addition to the IP address and subnet mask, assign the default gateway and DNS server addresses.
R3(config)#ip dhcp pool R3LAN
R3(dhcp-config)#network 192.168.30.0 255.255.255.0
R3(dhcp-config)#default-router 192.168.30.1
R3(dhcp-config)#dns-server 192.168.20.254
R3(dhcp-config)#exit
R3(config)#ip dhcp excluded-address 192.168.30.1 192.168.30.9
R3(config)#
Task 5: Verify that PCs Are Automatically Configured with Addressing Details
Step 1. Configure PC1, PC2, and PC3 for automatic IP configuration using DHCP.
Go to each PC and in config > global select DHCP
Step 2. Verify that each PC has an address assigned from the correct DHCP pool.
Check the IP
Task 6: Configure a DNS Server with DNS Entries
Step 1. Configure the DNS server.
To configure DNS on the Inside Server, click the DNS button in the Config tab.
Make sure that DNS is turned on, and enter the following DNS entry:
www.cisco.com 209.165.201.30
Go to Inside Server
Config > DNS
name: www.cisco.com
Address: 209.165.201.30
Click Add
Task 7: Configure an ACL to Permit NAT
Step 1. Create a standard named ACL.
Create the standard named ACL, R2NAT, which permits all the internal networks to be mapped by NAT.
Note: For Packet Tracer to grade this task correctly, you must enter the permitted networks in the following order:
192.168.10.0
192.168.20.0
192.168.30.0
192.168.11.0
R2(config)#ip access-list standard R2NAT
R2(config-std-nacl)#permit 192.168.10.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.20.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.30.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.11.0 0.0.0.255
R2(config-std-nacl)#exit
R2(config)#int fa0/0
R2(config-if)#ip access-group R2NAT in
R2(config-if)#exit
R2(config)#
Task 8: Configure Static NAT
Step 1. Configure static NAT for an inside web server.
Configure static NAT to map the local IP address and global IP addresses for Inside Server. Use the addresses listed in the addressing table.
R2(config)#ip nat inside source static 192.168.20.254 209.165.202.131
Task 9: Configure Dynamic NAT with Overload
Step 1. Configure the dynamic NAT pool.
Configure a dynamic NAT address pool using the Nat Pool specified in the topology diagram. Name the address pool R2POOL.
R2(config)#ip nat pool R2POOL 209.165.202.129 209.165.202.130 netmask 255.255.255.252
Step 2. Configure the dynamic NAT mapping.
Map the addresses in R2POOL to the networks defined above in R2NAT.
R2(config)#ip nat inside source list R2NAT pool R2POOL overload
Step 3. Apply NAT to the internal and external interfaces of R2.
R2(config)#int fa0/0
R2(config-if)#ip nat inside
R2(config-if)#int s0/0/0
R2(config-if)#ip nat inside
R2(config-if)#int s0/0/1
R2(config-if)#ip nat inside
R2(config-if)#int s0/1/0
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#
Task 10: Configure the ISP Router with a Static Route
Step 1. Configure a static route to the global IP addresses of R2.
This is the 209.165.202.128/27 network. Use the serial interface of ISP as the next-hop address.
ISP(config)#ip route 209.165.202.128 255.255.255.224 s0/0/0
Task 11: Test Connectivity
Inside hosts should be able to ping Outside Host.
PC3
PC>ping 209.165.201.14
Pinging 209.165.201.14 with 32 bytes of data:
Reply from 209.165.201.14: bytes=32 time=100ms TTL=125
Reply from 209.165.201.14: bytes=32 time=72ms TTL=125
Reply from 209.165.201.14: bytes=32 time=90ms TTL=125
Reply from 209.165.201.14: bytes=32 time=100ms TTL=125
Ping statistics for 209.165.201.14:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 72ms, Maximum = 100ms, Average = 90ms
PC>
Inside hosts should be able to ping www.cisco.com.
PC3
PC>ping www.cisco.com
Pinging 209.165.201.30 with 32 bytes of data:
Reply from 209.165.201.30: bytes=32 time=90ms TTL=125
Reply from 209.165.201.30: bytes=32 time=80ms TTL=125
Reply from 209.165.201.30: bytes=32 time=92ms TTL=125
Reply from 209.165.201.30: bytes=32 time=92ms TTL=125
Ping statistics for 209.165.201.30:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 80ms, Maximum = 92ms, Average = 88ms
PC>
Outside Host should be able to ping Inside Server by its global IP address.
PC-PT
PC>ping 209.165.202.131
Pinging 209.165.202.131 with 32 bytes of data:
Reply from 209.165.202.131: bytes=32 time=50ms TTL=126
Reply from 209.165.202.131: bytes=32 time=40ms TTL=126
Reply from 209.165.202.131: bytes=32 time=60ms TTL=126
Reply from 209.165.202.131: bytes=32 time=60ms TTL=126
Ping statistics for 209.165.202.131:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 60ms, Average = 52ms
PC>
This post is also available in: Italian
Hello Sir
I have just tested this one and it seams to have a problem with the
ip nat pool R2POOL 209.165.202.129 209.165.202.130 netmask 255.255.255.252
you might need to change 209.165.202.129 to 209.165.202.128 instead
L3ol3o you are right sir if we are using /30 mask, i was having the same doubt thx for the aclaration sir!
I have lost my pka file
Could you help me sending me the pka by email?