Tag: default route

Soluzione PT Activity 7.6.1: Packet Tracer Skills Integration Challenge

Task 1: Configure and Verify Basic Device Configurations
Step 1. Configure basic commands.

Configure each switch with the following basic commands. Packet Tracer only grades the hostnames and default gateways.
Hostnames
Banner
Enable secret password
Line configurations
Service encryption
Switch default gateways

S1
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#banner motd #Welcome Authorized Users Unauthorized access prohibited!#
S1(config)#enable secret class
S1(config)#line vty 0 4
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
S1(config)#service password-encryption
S1(config)#ip default-gateway 172.17.99.1
S1(config)#

S2
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#banner motd #Welcome Authorized Users Unauthorized access prohibited!#
S2(config)#enable secret class
S2(config)#line vty 0 4
S2(config-line)#password cisco
S2(config-line)#login
S2(config-line)#exit
S2(config)#service password-encryption
S2(config)#ip default-gateway 172.17.99.1
S2(config)#

S3
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname S3
S3(config)#banner motd #Welcome Authorized Users Unauthorized access prohibited!#
S3(config)#enable secret class
S3(config)#line vty 0 4
S3(config-line)#password cisco
S3(config-line)#login
S3(config-line)#exit
S3(config)#service password-encryption
S3(config)#ip default-gateway 172.17.99.1
S3(config)#

Step 2. Configure the management VLAN interface on S1, S2, and S3.
Create and enable interface VLAN 99 on each switch. Use the addressing table for address configuration.

S1
S1(config)#int vlan 99
S1(config-if)#ip address 172.17.99.31 255.255.255.0
S1(config-if)#exit
S1(config)#

S2
S2(config)#int vlan 99
S2(config-if)#ip address 172.17.99.32 255.255.255.0
S2(config-if)#exit
S2(config)#

S3
S3(config)#int vlan 99
S3(config-if)#ip address 172.17.99.33 255.255.255.0
S3(config-if)#exit
S3(config)#

Step 3. Check results.
Your completion percentage should be 13%. If not, click Check Results to see which required components are not yet completed.

Task 2: Configure VTP
Step 1. Configure the VTP mode on all three switches.

Configure S1 as the server. Configure S2 and S3 as clients.

S1
S1(config)#vtp mode server
Setting device to VTP SERVER mode.
S1(config)#

S2
S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#

S3
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#

Step 2. Configure the VTP domain name on all three switches.
Use CCNA as the VTP domain name.

S1
S1(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
S1(config)#

S2
S2(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
S2(config)#

S3
S3(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
S3(config)#

Step 3. Configure the VTP domain password on all three switches.
Use cisco as the VTP domain password.

S1
S1(config)#vtp password cisco
Setting device VLAN database password to cisco
S1(config)#

S2
S2(config)#vtp password cisco
Setting device VLAN database password to cisco
S2(config)#

S3
S3(config)#vtp password cisco
Setting device VLAN database password to cisco
S3(config)#

Step 4. Check results.
Your completion percentage should be 21%. If not, click Check Results to see which required components are not yet completed.

Task 3: Configure Trunking
Step 1. Configure trunking on S1, S2, and S3.

Configure the appropriate interfaces as trunks and assign VLAN 99 as the native VLAN.

S1
S1(config)#interface range f0/1 - f0/5
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 99
S1(config-if-range)#no sh
S1(config-if-range)#exit

S2
S2(config)#interface range f0/1 - f0/4
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#switchport trunk native vlan 99
S2(config-if-range)#no sh
S2(config-if-range)#exit
S2(config)#

S3
S3(config)#interface range f0/1 - f0/4
S3(config-if-range)#switchport mode trunk
S3(config-if-range)#switchport trunk native vlan 99
S3(config-if-range)#no sh
S3(config-if-range)#exit
S3(config)#

Step 2. Check results.
Your completion percentage should be 44%. If not, click Check Results to see which required components are not yet completed.

Task 4: Configure VLANs
Step 1. Create the VLANs on S1.

Create and name the following VLANs on S1 only. VTP advertises the new VLANs to S2 and S3.
VLAN 10 Faculty/Staff
VLAN 20 Students
VLAN 88 Wireless(Guest)
VLAN 99 Management&Default

S1
S1(config)#vlan 10
S1(config-vlan)#name Faculty/Staff
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Students
S1(config-vlan)#exit
S1(config)#vlan 88
S1(config-vlan)#name Wireless(Guest)
S1(config-vlan)#exit
S1(config)#vlan 99
S1(config-vlan)#name Management&Default
S1(config-vlan)#exit
S1(config)#

Step 2. Verify that VLANs have been sent to S2 and S3.
Use the appropriate commands to verify that S2 and S3 now have the VLANs you created on S1. It may take a few minutes for Packet

Tracer to simulate the VTP advertisements.

S2
S2#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig1/1, Gig1/2
10   Faculty/Staff                    active    
20   Students                         active    
88   Wireless(Guest)                  active    
99   Management&Default               active    
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

S3
S3#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig1/1, Gig1/2
10   Faculty/Staff                    active    
20   Students                         active    
88   Wireless(Guest)                  active    
99   Management&Default               active    
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Step 3. Check results.
Your completion percentage should be 54%. If not, click Check Results to see which required components are not yet completed.

Task 5: Assign VLANs to Ports
Step 1. Assign VLANs to access ports on S2 and S3.

Assign the PC access ports to VLANs:
VLAN 10: PC1
VLAN 20: PC2
Assign the wireless router access ports to VLAN 88.

S2
S2(config)#int fa 0/11
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 10
S2(config-if)#int fa 0/18
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 20
S2(config-if)#int fa 0/7
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 88
S2(config-if)#exit
S2(config)#

S3
S3(config)#int fa 0/7
S3(config-if)#switchport mode access
S3(config-if)#switchport access vlan 88
S3(config-if)#exit
S3(config)#

Step 2. Verify VLAN Implementation.
Use the appropriate commands to verify your VLAN implementation.

S2#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/19
                                                Fa0/20, Fa0/21, Fa0/22, Fa0/23
                                                Fa0/24, Gig1/1, Gig1/2
10   Faculty/Staff                    active    Fa0/11
20   Students                         active    Fa0/18
88   Wireless(Guest)                  active    Fa0/7
99   Management&Default               active    
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

S3#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24, Gig1/1
                                                Gig1/2
10   Faculty/Staff                    active    
20   Students                         active    
88   Wireless(Guest)                  active    Fa0/7
99   Management&Default               active    
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Step 3. Check results.
Your completion percentage should be 61%. If not, click Check Results to see which required components are not yet completed.

Task 6: Configure STP
Step 1. Ensure that S1 is the root bridge for all spanning tree instances.
Use 4096 priority.

S1
S1(config)#spanning-tree vlan 1,10,20,88,99 priority 4096

Step 2. Verify that S1 is the root bridge.

S1#sh spanning-tree
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    4097
             Address     0040.0B60.D3DB
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4097  (priority 4096 sys-id-ext 1)
             Address     0040.0B60.D3DB
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/3            Desg FWD 19        128.3    P2p
Fa0/4            Desg FWD 19        128.4    P2p
Fa0/5            Desg FWD 19        128.5    P2p

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    4106
             Address     0040.0B60.D3DB
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4106  (priority 4096 sys-id-ext 10)
             Address     0040.0B60.D3DB
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/3            Desg FWD 19        128.3    P2p
Fa0/4            Desg FWD 19        128.4    P2p
Fa0/5            Desg FWD 19        128.5    P2p

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    4116
             Address     0040.0B60.D3DB
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4116  (priority 4096 sys-id-ext 20)
             Address     0040.0B60.D3DB
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/3            Desg FWD 19        128.3    P2p
Fa0/4            Desg FWD 19        128.4    P2p
Fa0/5            Desg FWD 19        128.5    P2p

VLAN0088
  Spanning tree enabled protocol ieee
  Root ID    Priority    4184
             Address     0040.0B60.D3DB
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4184  (priority 4096 sys-id-ext 88)
             Address     0040.0B60.D3DB
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/3            Desg FWD 19        128.3    P2p
Fa0/4            Desg FWD 19        128.4    P2p
Fa0/5            Desg FWD 19        128.5    P2p

VLAN0099
  Spanning tree enabled protocol ieee
  Root ID    Priority    4195
             Address     0040.0B60.D3DB
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4195  (priority 4096 sys-id-ext 99)
             Address     0040.0B60.D3DB
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/3            Desg FWD 19        128.3    P2p
Fa0/4            Desg FWD 19        128.4    P2p
Fa0/5            Desg FWD 19        128.5    P2p

Step 3. Check results.
Your completion percentage should be 66%. If not, click Check Results to see which required components are not yet completed.

Task 7: Configure Router-on-a-Stick Inter-VLAN Routing
Step 1. Configure subinterfaces.

Configure the Fa0/1 subinterfaces on R1 using the information from the addressing table.

R1
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#interface fa 0/1.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 172.17.10.1 255.255.255.0
R1(config-subif)#exit
R1(config)#interface fa 0/1.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 172.17.20.1 255.255.255.0
R1(config-subif)#exit
R1(config)#interface fa0/1.88
R1(config-subif)#encapsulation dot1Q 88
R1(config-subif)#ip address 172.17.88.1 255.255.255.0
R1(config-subif)#exit
R1(config)#interface fa0/1.99
R1(config-subif)#encapsulation dot1Q 99 native
R1(config-subif)#ip address 172.17.99.1 255.255.255.0
R1(config-subif)#exit

Step 2. Check results.
Your completion percentage should be 79%. If not, click Check Results to see which required components are not yet completed.

Task 8: Configure Wireless Connectivity
Step 1. Configure IP Addressing for WRS2 and WRS3.

Configure LAN settings and then static addressing on the Internet interfaces for both WRS2 and WRS3 using the addresses from the topology.

Note: A bug in Packet Tracer may prevent you from assigning the static IP address first. A workaround for this issue is to configure the LAN settings first under Network Setup. Save the settings. Then configure the static IP information under Internet Connection Type and save settings again.

Step 2. Configure wireless network settings.
The SSIDs for the routers are WRS2_LAN and WRS3_LAN, respectively.
The WEP for both is 12345ABCDE.

Step 3. Configure the wireless routers for remote access.
Configure the administration password as cisco123.
Enable remote management.

Step 4. Configure PC3 and PC4 to access the network using DHCP.
PC3 connects to the WRS2_LAN, and PC4 connects to the WRS3_LAN.

Soluzione PT Activity 8.6.1: Packet Tracer Skills Integration Challenge

Considerazioni:
1) Task 3: Il pool name non è specificato ma deve essere impostato come NAT_LIST altrimenti non sarà possibile avere il 100%
2) Task 7: Il  VTP domain isi chiama XYZCORP (tutto maiuscolo) ma il corretto è xyzcorp (tutto minuscolo)
3) Task 11 firewall ACL: Il server xyzcorp è 209.165.200.246 e per permettere l'accesso web il codice è "permit tcp any host 209.165.200.246 eq www" tuttavia per avere il 100% il codice deve essere "permit tcp any host 209.165.200.244 eq www" ma è completamente sbagliato e quindi non è possibile avere accesso al web server.

1: Configure Frame Relay in a Hub-and-Spoke Topology
Step 1. Configure the Frame Relay core.
Use the addressing tables and the following requirements.
HQ is the hub router. B1, B2, and B3 are the spokes.
HQ uses a point-to-point subinterface for each of the Branch routers.
B3 must be manually configured to use IETF encapsulation.
The LMI type must be manually configured as q933a for HQ, B1, and B2. B3 uses ANSI.

HQ
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname HQ
HQ(config)#int s0/0/0
HQ(config-if)#encapsulation frame-relay
HQ(config-if)#frame-relay lmi-type q933a
HQ(config-if)#no sh
HQ(config-if)#int s0/0/0.41 point-to-point
HQ(config-subif)#ip address 10.255.255.1 255.255.255.252
HQ(config-subif)#frame-relay interface-dlci 41
HQ(config-subif)#int s0/0/0.42 point-to-point
HQ(config-subif)#ip address 10.255.255.5 255.255.255.252
HQ(config-subif)#frame-relay interface-dlci 42
HQ(config-subif)#int s0/0/0.43 point-to-point
HQ(config-subif)#ip address 10.255.255.9 255.255.255.252
HQ(config-subif)#frame-relay interface-dlci 43
HQ(config-subif)#exit
HQ(config)#

B1
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname B1
B1(config)#int s0/0/0
B1(config-if)#ip address 10.255.255.2 255.255.255.252
B1(config-if)#no sh
B1(config-if)#encapsulation frame-relay
B1(config-if)#frame-relay lmi-type q933a
B1(config-if)#exit
B1(config)#

B2
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname B2
B2(config)#int s0/0/0
B2(config-if)#ip address 10.255.255.6 255.255.255.252
B2(config-if)#no sh
B2(config-if)#encapsulation frame-relay
B2(config-if)#frame-relay lmi-type q933a
B2(config-if)#exit
B2(config)#

B3
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname B3
B3(config)#int s0/0/0
B3(config-if)#ip address 10.255.255.10 255.255.255.252
B3(config-if)#no sh
B3(config-if)#encapsulation frame
B3(config-if)#encapsulation frame-relay ietf
B3(config-if)#frame-relay lmi-type ansi
B3(config-if)#exit
B3(config)#

Step 2. Configure the LAN interface on HQ.

HQ
HQ(config)#int f0/0
HQ(config-if)#ip address 10.0.1.1 255.255.255.0
HQ(config-if)#no sh
HQ(config-if)#exit
HQ(config)#

Step 3. Verify that HQ can ping each of the Branch routers.

HQ#ping 10.255.255.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.255.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/9 ms

HQ#ping 10.255.255.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.255.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/10 ms

HQ#ping 10.255.255.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.255.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/11 ms

Task 2: Configure PPP with CHAP and PAP Authentication
Step 1. Configure the WAN link from HQ to ISP using PPP encapsulation and CHAP authentication.
The CHAP password is ciscochap.

HQ
HQ(config)#username ISP password ciscochap
HQ(config)#int s0/1/0
HQ(config-if)#ip address 209.165.201.1 255.255.255.252
HQ(config-if)#encapsulation ppp
HQ(config-if)#pp authentication chap
HQ(config-if)#no sh
HQ(config-if)#exit
HQ(config)#

Step 2. Configure the WAN link from HQ to NewB using PPP encapsulation and PAP authentication.
You need to connect a cable to the correct interfaces. HQ is the DCE side of the link. You choose the clock rate. The PAP password is ciscopap.

HQ
HQ(config)#username NewB password ciscopap
HQ(config)#int s0/0/1
HQ(config-if)#clock rate 64000
HQ(config-if)#ip address 10.255.255.253 255.255.255.252
HQ(config-if)#encapsulation ppp
HQ(config-if)#pp authentication pap
HQ(config-if)#no sh
HQ(config-if)#ppp pap sent-username HQ password ciscopap
HQ(config-if)#exit
HQ(config)#

Step 3. Verify that HQ can ping ISP and NewB.

HQ#ping 209.165.201.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/6 ms

HQ#ping 10.255.255.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.255.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/6 ms

Task 3: Configure Static and Dynamic NAT on HQ
Step 1. Configure NAT.

Use the following requirements:
Allow all addresses for the 10.0.0.0/8 address space to be translated.
XYZ Corporation owns the 209.165.200.240/29 address space. The pool, XYZCORP, uses addresses .241 through .245 with a /29 mask.
The www.xyzcorp.com website at 10.0.1.2 is registered with the public DNS system at IP address 209.165.200.246.

HQ
HQ(config)#int s0/1/0
HQ(config-if)#ip nat out
HQ(config-if)#int f0/0
HQ(config-if)#ip nat in
HQ(config-if)#int s0/0/1
HQ(config-if)#ip nat in
HQ(config-if)#int s0/0/0.41
HQ(config-subif)#ip nat in
HQ(config-subif)#int s0/0/0.42
HQ(config-subif)#ip nat in
HQ(config-subif)#int s0/0/0.43
HQ(config-subif)#ip nat in
HQ(config-subif)#exit
HQ(config)#
HQ(config)#ip access-list standard NAT_LIST
HQ(config-std-nacl)#permit 10.0.0.0 0.255.255.255
HQ(config-std-nacl)#exit
HQ(config)#ip nat pool XYZCORP 209.165.200.241 209.165.200.245 net 255.255.255.248
HQ(config)#ip nat inside source list NAT_LIST pool XYZCORP overload
HQ(config)#ip nat inside source static 10.0.1.2 209.165.200.246
HQ(config)#

Step 2. Verify NAT is operating by using extended ping.
From HQ, ping the serial 0/0/0 interface on ISP using the HQ LAN interface as the source address. This ping should succeed.
Verify that NAT translated the ping with the show ip nat translations command.

HQ#ping
Protocol [ip]:
Target IP address: 209.165.201.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: fastethernet0/0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms

HQ#sh ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
icmp 209.165.200.241:7110.0.1.1:71        209.165.201.2:71   209.165.201.2:71
icmp 209.165.200.241:7210.0.1.1:72        209.165.201.2:72   209.165.201.2:72
icmp 209.165.200.241:7310.0.1.1:73        209.165.201.2:73   209.165.201.2:73
icmp 209.165.200.241:7410.0.1.1:74        209.165.201.2:74   209.165.201.2:74
icmp 209.165.200.241:7510.0.1.1:75        209.165.201.2:75   209.165.201.2:75
—  209.165.200.246   10.0.1.2           —                —

Task 4: Configure Static and Default Routing
Step 1. Configure HQ with a default route to ISP and a static route to the NewB LAN.
Use the exit interface as an argument.

HQ(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0
HQ(config)#ip route 10.4.5.0 255.255.255.0 s0/0/1

Step 2. Configure the Branch routers with a default route to HQ.
Use the next-hop IP address as an argument.

B1
B1(config)#ip route 0.0.0.0 0.0.0.0 10.255.255.1

B2
B2(config)#ip route 0.0.0.0 0.0.0.0 10.255.255.5

B3
B3(config)#ip route 0.0.0.0 0.0.0.0 10.255.255.9

Step 3. Verify connectivity beyond ISP.
All three NewB PCs and the NetAdmin PC should be able to ping the www.cisco.com web server.

NewB-PC1>ping www.cisco.com

Pinging 209.165.202.134 with 32 bytes of data:

Request timed out.
Reply from 209.165.202.134: bytes=32 time=20ms TTL=125
Reply from 209.165.202.134: bytes=32 time=21ms TTL=125
Reply from 209.165.202.134: bytes=32 time=17ms TTL=125

NewB-PC2>ping www.cisco.com

Pinging 209.165.202.134 with 32 bytes of data:

Reply from 209.165.202.134: bytes=32 time=20ms TTL=125
Reply from 209.165.202.134: bytes=32 time=19ms TTL=125
Reply from 209.165.202.134: bytes=32 time=17ms TTL=125
Reply from 209.165.202.134: bytes=32 time=22ms TTL=125

NewB-PC3>ping www.cisco.com

Pinging 209.165.202.134 with 32 bytes of data:

Reply from 209.165.202.134: bytes=32 time=20ms TTL=125
Reply from 209.165.202.134: bytes=32 time=19ms TTL=125
Reply from 209.165.202.134: bytes=32 time=17ms TTL=125
Reply from 209.165.202.134: bytes=32 time=22ms TTL=125

NetAdmin-PC>ping www.cisco.com

Pinging 209.165.202.134 with 32 bytes of data:

Reply from 209.165.202.134: bytes=32 time=20ms TTL=125
Reply from 209.165.202.134: bytes=32 time=19ms TTL=125
Reply from 209.165.202.134: bytes=32 time=17ms TTL=125
Reply from 209.165.202.134: bytes=32 time=22ms TTL=125

Task 5: Configure Inter-VLAN Routing
Step 1. Configure each Branch router for inter-VLAN routing.
Using the addressing table for Branch routers, configure and activate the LAN interface for inter-VLAN routing. VLAN 99 is the native VLAN.

B1(config)#interface f0/0
B1(config-if)#no sh
B1(config-if)#exit
B1(config)#int f0/0.10
B1(config-subif)#encapsulation dot1Q 10
B1(config-subif)#ip address 10.1.10.1 255.255.255.0
B1(config-subif)#int f0/0.20
B1(config-subif)#encapsulation dot1Q 20
B1(config-subif)#ip address 10.1.20.1 255.255.255.0
B1(config-subif)#int f0/0.30
B1(config-subif)#encapsulation dot1Q 30
B1(config-subif)#ip address 10.1.30.1 255.255.255.0
B1(config-subif)#int f0/0.88
B1(config-subif)#encapsulation dot1Q 88
B1(config-subif)#ip address 10.1.88.1 255.255.255.0
B1(config-subif)#int f0/0.99
B1(config-subif)#encapsulation dot1Q 99 native
B1(config-subif)#ip address 10.1.99.1 255.255.255.0
B1(config-subif)#exit
B1(config)#

B2(config)#interface f0/0
B2(config-if)#no sh
B2(config-if)#exit
B2(config)#int f0/0.10
B2(config-subif)#encapsulation dot1Q 10
B2(config-subif)#ip address 10.2.10.1 255.255.255.0
B2(config-subif)#int f0/0.20
B2(config-subif)#encapsulation dot1Q 20
B2(config-subif)#ip address 10.2.20.1 255.255.255.0
B2(config-subif)#int f0/0.30
B2(config-subif)#encapsulation dot1Q 30
B2(config-subif)#ip address 10.2.30.1 255.255.255.0
B2(config-subif)#int f0/0.88
B2(config-subif)#encapsulation dot1Q 88
B2(config-subif)#ip address 10.2.88.1 255.255.255.0
B2(config-subif)#int f0/0.99
B2(config-subif)#encapsulation dot1Q 99 native
B2(config-subif)#ip address 10.2.99.1 255.255.255.0
B2(config-subif)#exit
B2(config)#

B3(config)#interface f0/0
B3(config-if)#no sh
B3(config-if)#exit
B3(config)#int f0/0.10
B3(config-subif)#encapsulation dot1Q 10
B3(config-subif)#ip address 10.3.10.1 255.255.255.0
B3(config-subif)#int f0/0.20
B3(config-subif)#encapsulation dot1Q 20
B3(config-subif)#ip address 10.3.20.1 255.255.255.0
B3(config-subif)#int f0/0.30
B3(config-subif)#encapsulation dot1Q 30
B3(config-subif)#ip address 10.3.30.1 255.255.255.0
B3(config-subif)#int f0/0.88
B3(config-subif)#encapsulation dot1Q 88
B3(config-subif)#ip address 10.3.88.1 255.255.255.0
B3(config-subif)#int f0/0.99
B3(config-subif)#encapsulation dot1Q 99 native
B3(config-subif)#ip address 10.3.99.1 255.255.255.0
B3(config-subif)#exit
B3(config)#

Step 2. Verify routing tables.
Each Branch router should now have six directly connected networks and one static default route.

B1#sh ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
       E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
       i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area
       * – candidate default, U – per-user static route, o – ODR
       P – periodic downloaded static route

Gateway of last resort is 10.255.255.1 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C       10.1.10.0/24 is directly connected, FastEthernet0/0.10
C       10.1.20.0/24 is directly connected, FastEthernet0/0.20
C       10.1.30.0/24 is directly connected, FastEthernet0/0.30
C       10.1.88.0/24 is directly connected, FastEthernet0/0.88
C       10.1.99.0/24 is directly connected, FastEthernet0/0.99
C       10.255.255.0/30 is directly connected, Serial0/0/0
S*   0.0.0.0/0 [1/0] via 10.255.255.1
B1#

Task 6: Configure and Optimize EIGRP Routing
Step 1. Configure HQ, B1, B2, and B3 with EIGRP.
Use AS 100.
Disable EIGRP updates on appropriate interfaces.
Manually summarize EIGRP routes so that each Branch router only advertises the 10.X.0.0/16 address space to HQ.
Note: Packet Tracer does not accurately simulate the benefit of EIGRP summary routes. Routing tables will still show all subnets, even though you correctly configured the manual summary.

HQ
HQ(config)#router eigrp 100
HQ(config-router)#passive-interface s0/1/0
HQ(config-router)#passive-interface s0/0/1
HQ(config-router)#passive-interface fa0/0
HQ(config-router)#network 10.0.0.0
HQ(config-router)# no auto-summary

B1
B1(config)#router eigrp 100
B2(config-router)#passive-interface fa0/0.10
B2(config-router)#passive-interface fa0/0.20
B2(config-router)#passive-interface fa0/0.30
B2(config-router)#passive-interface fa0/0.99
B1(config-router)#network 10.0.0.0
B1(config-router)# no auto-summary
B1(config-router)#int s0/0/0
B1(config-if)#ip summary-address eigrp 100 10.1.0.0 255.255.0.0

B2
B2(config)#router eigrp 100
B2(config-router)#passive-interface fa0/0.10
B2(config-router)#passive-interface fa0/0.20
B2(config-router)#passive-interface fa0/0.30
B2(config-router)#passive-interface fa0/0.99
B2(config-router)#network 10.0.0.0
B2(config-router)#no auto-summary
B2(config-router)#int s0/0/0
B2(config-if)#ip summary-address eigrp 100 10.2.0.0 255.255.0.0

B3
B3(config)#router eigrp 100
B3(config-router)#passive-interface fa0/0.10
B3(config-router)#passive-interface fa0/0.20
B3(config-router)#passive-interface fa0/0.30
B3(config-router)#passive-interface fa0/0.99
B3(config-router)#network 10.0.0.0
B3(config-router)#no auto-summary
B3(config-router)#int s0/0/0
B3(config-if)#ip summary-address eigrp 100 10.3.0.0 255.255.0.0

Step 2. Verify routing tables and connectivity.
HQ and the Branch routers should now have complete routing tables.
The NetAdmin PC should now be able to ping each VLAN subinterface on each Branch router.

B1#sh ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
       E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
       i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area
       * – candidate default, U – per-user static route, o – ODR
       P – periodic downloaded static route

Gateway of last resort is 10.255.255.1 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 14 subnets, 3 masks
D       10.0.1.0/24 [90/2172416] via 10.255.255.1, 00:09:20, Serial0/0/0
D       10.1.0.0/16 is a summary, 00:09:24, Null0
C       10.1.10.0/24 is directly connected, FastEthernet0/0.10
C       10.1.20.0/24 is directly connected, FastEthernet0/0.20
C       10.1.30.0/24 is directly connected, FastEthernet0/0.30
C       10.1.88.0/24 is directly connected, FastEthernet0/0.88
C       10.1.99.0/24 is directly connected, FastEthernet0/0.99
D       10.2.0.0/16 [90/2684416] via 10.255.255.1, 00:09:20, Serial0/0/0
D       10.3.0.0/16 [90/2684416] via 10.255.255.1, 00:09:20, Serial0/0/0
D       10.4.5.0/24 [90/2681856] via 10.255.255.1, 00:09:20, Serial0/0/0
C       10.255.255.0/30 is directly connected, Serial0/0/0
D       10.255.255.4/30 [90/2681856] via 10.255.255.1, 00:09:20, Serial0/0/0
D       10.255.255.8/30 [90/2681856] via 10.255.255.1, 00:09:20, Serial0/0/0
D       10.255.255.252/30 [90/2681856] via 10.255.255.1, 00:09:20, Serial0/0/0
S*   0.0.0.0/0 [1/0] via 10.255.255.1
B1#

NetAdmin-PC>ping 10.3.10.1

Pinging 10.3.10.1 with 32 bytes of data:

Reply from 10.3.10.1: bytes=32 time=18ms TTL=254
Reply from 10.3.10.1: bytes=32 time=17ms TTL=254
Reply from 10.3.10.1: bytes=32 time=18ms TTL=254
Reply from 10.3.10.1: bytes=32 time=17ms TTL=254

Ping statistics for 10.3.10.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 18ms, Average = 17ms

NetAdmin-PC>ping 10.3.20.1

Pinging 10.3.20.1 with 32 bytes of data:

Reply from 10.3.20.1: bytes=32 time=15ms TTL=254
Reply from 10.3.20.1: bytes=32 time=15ms TTL=254
Reply from 10.3.20.1: bytes=32 time=18ms TTL=254
Reply from 10.3.20.1: bytes=32 time=16ms TTL=254

Ping statistics for 10.3.20.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 18ms, Average = 16ms

NetAdmin-PC>ping 10.3.30.1

Pinging 10.3.30.1 with 32 bytes of data:

Reply from 10.3.30.1: bytes=32 time=18ms TTL=254
Reply from 10.3.30.1: bytes=32 time=17ms TTL=254
Reply from 10.3.30.1: bytes=32 time=17ms TTL=254
Reply from 10.3.30.1: bytes=32 time=18ms TTL=254

Ping statistics for 10.3.30.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 18ms, Average = 17ms

NetAdmin-PC>ping 10.3.88.1

Pinging 10.3.88.1 with 32 bytes of data:

Reply from 10.3.88.1: bytes=32 time=20ms TTL=254
Reply from 10.3.88.1: bytes=32 time=17ms TTL=254
Reply from 10.3.88.1: bytes=32 time=16ms TTL=254
Reply from 10.3.88.1: bytes=32 time=20ms TTL=254

Ping statistics for 10.3.88.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 20ms, Average = 18ms

NetAdmin-PC>ping 10.3.99.1

Pinging 10.3.99.1 with 32 bytes of data:

Reply from 10.3.99.1: bytes=32 time=14ms TTL=254
Reply from 10.3.99.1: bytes=32 time=14ms TTL=254
Reply from 10.3.99.1: bytes=32 time=14ms TTL=254
Reply from 10.3.99.1: bytes=32 time=16ms TTL=254

Ping statistics for 10.3.99.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 16ms, Average = 14ms

Task 7: Configure VTP, Trunking, the VLAN Interface, and VLANs
The following requirements apply to all three Branches. Configure one set of three switches. Then use the scripts for those switches on the other two sets of switches.
Step 1. Configure Branch switches with VTP.
BX-S1 is the VTP server. BX-S2 and BX-S3 are VTP clients.
The domain name is XYZCORP.  <– mistake all is lower character xyzcorp
The password is xyzvtp.

B1-S1
Switch>en
Switch#conf t
Switch(config)#hostname B1-S1
B1-S1(config)#vtp mode server
Device mode already VTP SERVER.
B1-S1(config)#vtp domain xyzcorp
Changing VTP domain name from xyzcorp<br> to xyzcorp
B1-S1(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B1-S1(config)#

B1-S2
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname B1-S2
B1-S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
B1-S2(config)#vtp domain xyzcorp
Changing VTP domain name from NULL to xyzcorp
B1-S2(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B1-S2(config)#

B1-S3
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname B1-S3
B1-S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
B1-S3(config)#vtp domain xyzcorp
Changing VTP domain name from NULL to xyzcorp
B1-S3(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B1-S3(config)#

B2-S1
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname B2-S1
B2-S1(config)#vtp mode server
Device mode already VTP SERVER.
B2-S1(config)#vtp domain xyzcorp
Changing VTP domain name from NULL to xyzcorp
B2-S1(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B2-S1(config)#

B2-S2
Switch>en
Switch#conf t
Switch(config)#hostname B2-S2
B2-S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
B2-S2(config)#vtp domain xyzcorp
Changing VTP domain name from xyzcorp<br> to xyzcorp
B2-S2(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B2-S2(config)#

B2-S3
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname B2-S3
B2-S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
B2-S3(config)#vtp domain xyzcorp
Changing VTP domain name from NULL to xyzcorp
B2-S3(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B2-S3(config)#

B3-S1
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname B3-S1
B3-S1(config)#vtp mode server
Device mode already VTP SERVER.
B3-S1(config)#vtp domain xyzcorp
Changing VTP domain name from NULL to xyzcorp
B3-S1(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B3-S1(config)#

B3-S2
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname B3-S2
B3-S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
B3-S2(config)#vtp domain xyzcorp
Changing VTP domain name from NULL to xyzcorp
B3-S2(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B3-S2(config)#

B3-S3
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname B3-S3
B3-S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
B3-S3(config)#vtp domain xyzcorp
Changing VTP domain name from NULL to xyzcorp
B3-S3(config)#vtp password xyzvtp
Setting device VLAN database password to xyzvtp
B3-S3(config)#

Step 2. Configure trunking on BX-S1, BX-S2, and BX-S3.
Configure the appropriate interfaces in trunking mode and assign VLAN 99 as the native VLAN.

B1-S1
B1-S1(config)#int range fa0/1-5
B1-S1(config-if-range)#switchport trunk native vlan 99
B1-S1(config-if-range)#switchport mode trunk

B1-S2
B1-S2(config)#int range fa0/1-4
B1-S2(config-if-range)#switchport trunk native vlan 99
B1-S2(config-if-range)#switchport mode trunk

B1-S3
B1-S3(config)#int range fa0/1-4
B1-S3(config-if-range)#switchport trunk native vlan 99
B1-S3(config-if-range)#switchport mode trunk

B2-S1
B2-S1(config)#int range fa0/1-5
B2-S1(config-if-range)#switchport trunk native vlan 99
B2-S1(config-if-range)#switchport mode trunk

B2-S2
B2-S2(config)#int range fa0/1-4
B2-S2(config-if-range)#switchport trunk native vlan 99
B2-S2(config-if-range)#switchport mode trunk

B2-S3
B2-S3(config)#int range fa0/1-4
B2-S3(config-if-range)#switchport trunk native vlan 99
B2-S3(config-if-range)#switchport mode trunk

B3-S1
B3-S1(config)#int range fa0/1-5
B3-S1(config-if-range)#switchport trunk native vlan 99
B3-S1(config-if-range)#switchport mode trunk

B3-S2
B3-S2(config)#int range fa0/1-4
B3-S2(config-if-range)#switchport trunk native vlan 99
B3-S2(config-if-range)#switchport mode trunk

B3-S3
B3-S3(config)#int range fa0/1-4
B3-S3(config-if-range)#switchport trunk native vlan 99
B3-S3(config-if-range)#switchport mode trunk

Step 3. Configure the VLAN interface and default gateway on BX-S1, BX-S2, and BX-S3.

B1-S1(config)#ip default-gateway 10.1.99.1
B1-S2(config)#ip default-gateway 10.1.99.1
B1-S3(config)#ip default-gateway 10.1.99.1
B2-S1(config)#ip default-gateway 10.2.99.1
B2-S2(config)#ip default-gateway 10.2.99.1
B2-S3(config)#ip default-gateway 10.2.99.1
B3-S1(config)#ip default-gateway 10.3.99.1
B3-S2(config)#ip default-gateway 10.3.99.1
B3-S3(config)#ip default-gateway 10.3.99.1

B1-S1
B1-S1(config)#int vlan 99
B1-S1(config-if)#ip addr 10.1.99.21 255.255.255.0
B1-S1(config-if)#no shutdown

B1-S2
B1-S2(config)#int vlan 99
B1-S2(config-if)#ip addr 10.1.99.22 255.255.255.0
B1-S2(config-if)#no shutdown

B1-S3
B1-S3(config)#int vlan 99
B1-S3(config-if)#ip addr 10.1.99.23 255.255.255.0
B1-S3(config-if)#no shutdown

B2-S1
B2-S1(config)#int vlan 99
B2-S1(config-if)#ip addr 10.2.99.21 255.255.255.0
B2-S1(config-if)#no shutdown

B2-S2
B2-S2(config)#int vlan 99
B2-S2(config-if)#ip addr 10.2.99.22 255.255.255.0
B2-S2(config-if)#no shutdown

B2-S3
B2-S3(config)#int vlan 99
B2-S3(config-if)#ip addr 10.2.99.23 255.255.255.0
B2-S3(config-if)#no shutdown

B3-S1
B3-S1(config)#int vlan 99
B3-S1(config-if)#ip addr 10.3.99.21 255.255.255.0
B3-S1(config-if)#no shutdown

B3-S2
B3-S2(config)#int vlan 99
B3-S2(config-if)#ip addr 10.3.99.22 255.255.255.0
B3-S2(config-if)#no shutdown

B3-S3
B3-S3(config)#int vlan 99
B3-S3(config-if)#ip addr 10.3.99.23 255.255.255.0
B3-S3(config-if)#no shutdown

Step 4. Create the VLANs on BX-S1.
Create and name the VLANs listed in the VLAN Configuration and Port Mappings table on BX-S1 only. VTP advertises the new VLANs to BX-S1 and BX-S2.

B1-S1
B1-S1(config)#vlan 10
B1-S1(config-vlan)#name Admin
B1-S1(config-vlan)#vlan 20
B1-S1(config-vlan)#name Sales
B1-S1(config-vlan)#vlan 30
B1-S1(config-vlan)#name Production
B1-S1(config-vlan)#vlan 88
B1-S1(config-vlan)#name Wireless
B1-S1(config-vlan)#vlan 99
B1-S1(config-vlan)#name Mgmt&Native
B1-S1(config-vlan)#exit
B1-S1(config)#

B2-S1
B2-S1(config)#vlan 10
B2-S1(config-vlan)#name Admin
B2-S1(config-vlan)#vlan 20
B2-S1(config-vlan)#name Sales
B2-S1(config-vlan)#vlan 30
B2-S1(config-vlan)#name Production
B2-S1(config-vlan)#vlan 88
B2-S1(config-vlan)#name Wireless
B2-S1(config-vlan)#vlan 99
B2-S1(config-vlan)#name Mgmt&Native
B2-S1(config-vlan)#exit
B2-S1(config)#

B3-S1
B3-S1(config)#vlan 10
B3-S1(config-vlan)#name Admin
B3-S1(config-vlan)#vlan 20
B3-S1(config-vlan)#name Sales
B3-S1(config-vlan)#vlan 30
B3-S1(config-vlan)#name Production
B3-S1(config-vlan)#vlan 88
B3-S1(config-vlan)#name Wireless
B3-S1(config-vlan)#vlan 99
B3-S1(config-vlan)#name Mg&Native
B3-S1(config-vlan)#exit
B3-S1(config)#

Step 5. Verify that VLANs have been sent to BX-S2 and BX-S3.
Use the appropriate commands to verify that S2 and S3 now have the VLANs you created on S1. It may take a few minutes for Packet Tracer to simulate the VTP advertisements. A quick way to force the sending of VTP advertisements is to change one of the client switches to transparent mode and then back to client mode.

B1-S2#sh vtp passw
VTP Password: xyzvtp

B1-S2#sh vtp status
VTP Version                     : 2
Configuration Revision          : 10
Maximum VLANs supported locally : 255
Number of existing VLANs        : 10
VTP Operating Mode              : Client
VTP Domain Name                 : xyzcorp
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xE1 0xB3 0x4C 0x9C 0x8E 0×80 0x7E 0×28
Configuration last modified by 10.1.99.21 at 3-1-93 05:47:41

B1-S2#sh vlan

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig1/1, Gig1/2
10   Admin                            active    
20   Sales                            active    
30   Production                       active    
88   Wireless                         active    
99   Mgmt&Native                      active    
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

B1-S2# sh interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      99
Fa0/2       on           802.1q         trunking      99
Fa0/3       on           802.1q         trunking      99
Fa0/4       on           802.1q         trunking      99

Port        Vlans allowed on trunk
Fa0/1       1-1005
Fa0/2       1-1005
Fa0/3       1-1005
Fa0/4       1-1005

Port        Vlans allowed and active in management domain
Fa0/1       1,10,20,30,88,99
Fa0/2       1,10,20,30,88,99
Fa0/3       1,10,20,30,88,99
Fa0/4       1,10,20,30,88,99

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       1,10,20,30,88,99
Fa0/2       1,10,20,30,88,99
Fa0/3       1,10,20,30,88,99
Fa0/4       1,10,20,30,88,99
B1-S2#

NetAdmin-PC>ping 10.3.99.23

Pinging 10.3.99.23 with 32 bytes of data:

Request timed out.
Request timed out.
Reply from 10.3.99.23: bytes=32 time=23ms TTL=253
Reply from 10.3.99.23: bytes=32 time=21ms TTL=253

Task 8: Assign VLANs and Configure Port Security

Step 1. Assign VLANs to access ports.
Use the VLAN Configuration and Port Mappings table to complete the following requirements:
Configure access ports
Assign VLANs to the access ports

B1-S2
B1-S2(config)#int f0/6
B1-S2(config-if)#switchport mode access
B1-S2(config-if)#switchport access vlan 10
B1-S2(config-if)#int fa0/11
B1-S2(config-if)#switchport mode access
B1-S2(config-if)#switchport access vlan 20
B1-S2(config-if)#int fa 0/16
B1-S2(config-if)#switchport mode access
B1-S2(config-if)#switchport access vlan 30

B2-S2
B2-S2(config)#int f0/6
B2-S2(config-if)#switchport mode access
B2-S2(config-if)#switchport access vlan 10
B2-S2(config-if)#int fa0/11
B2-S2(config-if)#switchport mode access
B2-S2(config-if)#switchport access vlan 20
B2-S2(config-if)#int fa 0/16
B2-S2(config-if)#switchport mode access
B2-S2(config-if)#switchport access vlan 30
B2-S2(config-if)#

B3-S2
B3-S2(config)#int f0/6
B3-S2(config-if)#switchport mode access
B3-S2(config-if)#switchport access vlan 10
B3-S2(config-if)#int fa0/11
B3-S2(config-if)#switchport mode access
B3-S2(config-if)#switchport access vlan 20
B3-S2(config-if)#int fa 0/16
B3-S2(config-if)#switchport mode access
B3-S2(config-if)#switchport access vlan 30

B1-S3
B1-S3(config)#int fa 0/7
B1-S3(config-if)#switchport mode access
B1-S3(config-if)#switchport access vlan 88

B2-S3
B2-S3(config)#int fa 0/7
B2-S3(config-if)#switchport mode access
B2-S3(config-if)#switchport access vlan 88

B3-S3
B3-S3(config)#int fa 0/7
B3-S3(config-if)#switchport mode access
B3-S3(config-if)#switchport access vlan 88

Step 2. Configure port security.
Use the following policy to establish port security on the BX-S2 access ports:
Allow only one MAC address
Configure the first learned MAC address to "stick" to the configuration
Set the port to shut down if there is a security violation

B1-S2
B1-S2(config)#int fa0/6
B1-S2(config-if)#switchport access vlan 10
B1-S2(config-if)#switchport mode access
B1-S2(config-if)#switchport port-security
B1-S2(config-if)#switchport port-security maximum 1
B1-S2(config-if)#switchport port-security mac-address sticky
B1-S2(config-if)#switchport port-security violation shutdown
B1-S2(config-if)#int fa0/11
B1-S2(config-if)#switchport access vlan 20
B1-S2(config-if)#switchport mode access
B1-S2(config-if)#switchport port-security
B1-S2(config-if)#switchport port-security maximum 1
B1-S2(config-if)#switchport port-security mac-address sticky
B1-S2(config-if)#switchport port-security violation shutdown
B1-S2(config-if)#int fa0/16
B1-S2(config-if)#switchport access vlan 30
B1-S2(config-if)#switchport mode access
B1-S2(config-if)#switchport port-security
B1-S2(config-if)#switchport port-security maximum 1
B1-S2(config-if)#switchport port-security mac-address sticky
B1-S2(config-if)#switchport port-security violation shutdown

B2-S2
B2-S2(config)#int fa0/6
B2-S2(config-if)#switchport access vlan 10
B2-S2(config-if)#switchport mode access
B2-S2(config-if)#switchport port-security
B2-S2(config-if)#switchport port-security maximum 1
B2-S2(config-if)#switchport port-security mac-address sticky
B2-S2(config-if)#switchport port-security violation shutdown
B2-S2(config-if)#int fa0/11
B2-S2(config-if)#switchport access vlan 20
B2-S2(config-if)#switchport mode access
B2-S2(config-if)#switchport port-security
B2-S2(config-if)#switchport port-security maximum 1
B2-S2(config-if)#switchport port-security mac-address sticky
B2-S2(config-if)#switchport port-security violation shutdown
B2-S2(config-if)#int fa0/16
B2-S2(config-if)#switchport access vlan 30
B2-S2(config-if)#switchport mode access
B2-S2(config-if)#switchport port-security
B2-S2(config-if)#switchport port-security maximum 1
B2-S2(config-if)#switchport port-security mac-address sticky
B2-S2(config-if)#switchport port-security violation shutdown

B3-S2
B3-S2(config)#int fa0/6
B3-S2(config-if)#switchport access vlan 10
B3-S2(config-if)#switchport mode access
B3-S2(config-if)#switchport port-security
B3-S2(config-if)#switchport port-security maximum 1
B3-S2(config-if)#switchport port-security mac-address sticky
B3-S2(config-if)#switchport port-security violation shutdown
B3-S2(config-if)#int fa0/11
B3-S2(config-if)#switchport access vlan 20
B3-S2(config-if)#switchport mode access
B3-S2(config-if)#switchport port-security
B3-S2(config-if)#switchport port-security maximum 1
B3-S2(config-if)#switchport port-security mac-address sticky
B3-S2(config-if)#switchport port-security violation shutdown
B3-S2(config-if)#int fa0/16
B3-S2(config-if)#switchport access vlan 30
B3-S2(config-if)#switchport mode access
B3-S2(config-if)#switchport port-security
B3-S2(config-if)#switchport port-security maximum 1
B3-S2(config-if)#switchport port-security mac-address sticky
B3-S2(config-if)#switchport port-security violation shutdown

Step 3. Verify VLAN assignments and port security.
Use the appropriate commands to verify that access VLANs are correctly assigned and that the port security policy has been enabled.

B1-S2#show port-security interface f0/6
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0

Task 9: Configure STP
Step 1. Configure BX-S1 as the root bridge.
Set the priority level to 4096 on BX-S1 so that these switches are always the root bridge for all VLANs.

B1-S1(config)#spanning-tree vlan 1-1001 priority 4096
B2-S1(config)#spanning-tree vlan 1-1001 priority 4096
B3-S1(config)#spanning-tree vlan 1-1001 priority 4096

Step 2. Configure BX-S3 as the backup root bridge.
Set the priority level to 8192 on BX-S3 so that these switches are always the backup root bridge for all VLANs.

B1-S3(config)#spanning-tree vlan 1-1001 priority 8192
B2-S3(config)#spanning-tree vlan 1-1001 priority 8192
B3-S3(config)#spanning-tree vlan 1-1001 priority 8192

Step 3. Verify that BX-S1 is the root bridge.

B1-S1#sh spanning-tree
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    4097
             Address     00D0.BA3D.2C94
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4097  (priority 4096 sys-id-ext 1)
             Address     00D0.BA3D.2C94
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/3            Desg FWD 19        128.3    P2p
Fa0/4            Desg FWD 19        128.4    P2p
Fa0/5            Desg FWD 19        128.5    P2p

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    4106
             Address     00D0.BA3D.2C94
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    4116
             Address     00D0.BA3D.2C94
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

VLAN0030
  Spanning tree enabled protocol ieee
  Root ID    Priority    4126
             Address     00D0.BA3D.2C94
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

VLAN0088
  Spanning tree enabled protocol ieee
  Root ID    Priority    4184
             Address     00D0.BA3D.2C94
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

VLAN0099
  Spanning tree enabled protocol ieee
  Root ID    Priority    4195
             Address     00D0.BA3D.2C94
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

Task 10: Configure DHCP
Step 1. Configure DHCP pools for each VLAN.
On the Branch routers, configure DHCP pools for each VLAN using the following requirements:
Exclude the first 10 IP addresses in each pool for the LANs.
Exclude the first 24 IP addresses in each pool for the wireless LANs.
The pool name is BX_VLAN## where X is the router number and ## is the VLAN number.
Include the DNS server attached to the HQ server farm as part of the DHCP configuration.

B1
B1(config)#ip dhcp excluded-address 10.1.10.1 10.1.10.10
B1(config)#ip dhcp excluded-address 10.1.20.1 10.1.20.10
B1(config)#ip dhcp excluded-address 10.1.30.1 10.1.30.10
B1(config)#ip dhcp excluded-address 10.1.88.1 10.1.88.24

B2
B2(config)#ip dhcp excluded-address 10.2.10.1 10.2.10.10
B2(config)#ip dhcp excluded-address 10.2.20.1 10.2.20.10
B2(config)#ip dhcp excluded-address 10.2.30.1 10.2.30.10
B2(config)#ip dhcp excluded-address 10.2.88.1 10.2.88.24

B3
B3(config)#ip dhcp excluded-address 10.3.10.1 10.3.10.10
B3(config)#ip dhcp excluded-address 10.3.20.1 10.3.20.10
B3(config)#ip dhcp excluded-address 10.3.30.1 10.3.30.10
B3(config)#ip dhcp excluded-address 10.3.88.1 10.3.88.24

B1
B1(config)#ip dhcp pool B1_VLAN10
B1(dhcp-config)#network 10.1.10.0 255.255.255.0
B1(dhcp-config)#default-router 10.1.10.1
B1(dhcp-config)#dns-server 10.0.1.4
B1(dhcp-config)#exit
B1(config)#ip dhcp pool B1_VLAN20
B1(dhcp-config)#network 10.1.20.0 255.255.255.0
B1(dhcp-config)#default-router 10.1.20.1
B1(dhcp-config)#dns-server 10.0.1.4
B1(dhcp-config)#exit
B1(config)#ip dhcp pool B1_VLAN30
B1(dhcp-config)#network 10.1.30.0 255.255.255.0
B1(dhcp-config)#default-router 10.1.30.1
B1(dhcp-config)#dns-server 10.0.1.4
B1(dhcp-config)#exit
B1(config)#ip dhcp pool B1_VLAN88
B1(dhcp-config)#network 10.1.88.0 255.255.255.0
B1(dhcp-config)#default-router 10.1.88.1
B1(dhcp-config)#dns-server 10.0.1.4
B1(dhcp-config)#exit
B1(config)#

B2
B2(config)#ip dhcp pool B2_VLAN10
B2(dhcp-config)#network 10.2.10.0 255.255.255.0
B2(dhcp-config)#default-router 10.2.10.1
B2(dhcp-config)#dns-server 10.0.1.4
B2(dhcp-config)#exit
B2(config)#ip dhcp pool B2_VLAN20
B2(dhcp-config)#network 10.2.20.0 255.255.255.0
B2(dhcp-config)#default-router 10.2.20.1
B2(dhcp-config)#dns-server 10.0.1.4
B2(dhcp-config)#exit
B2(config)#ip dhcp pool B2_VLAN30
B2(dhcp-config)#network 10.2.30.0 255.255.255.0
B2(dhcp-config)#default-router 10.2.30.1
B2(dhcp-config)#dns-server 10.0.1.4
B2(dhcp-config)#exit
B2(config)#ip dhcp pool B2_VLAN88
B2(dhcp-config)#network 10.2.88.0 255.255.255.0
B2(dhcp-config)#default-router 10.2.88.1
B2(dhcp-config)#dns-server 10.0.1.4
B2(dhcp-config)#exit
B2(config)#

B3
B3(config)#ip dhcp pool B3_VLAN10
B3(dhcp-config)#network 10.3.10.0 255.255.255.0
B3(dhcp-config)#default-router 10.3.10.1
B3(dhcp-config)#dns-server 10.0.1.4
B3(dhcp-config)#exit
B3(config)#ip dhcp pool B3_VLAN20
B3(dhcp-config)#network 10.3.20.0 255.255.255.0
B3(dhcp-config)#default-router 10.3.20.1
B3(dhcp-config)#dns-server 10.0.1.4
B3(dhcp-config)#exit
B3(config)#ip dhcp pool B3_VLAN30
B3(dhcp-config)#network 10.3.30.0 255.255.255.0
B3(dhcp-config)#default-router 10.3.30.1
B3(dhcp-config)#dns-server 10.0.1.4
B3(dhcp-config)#exit
B3(config)#ip dhcp pool B3_VLAN88
B3(dhcp-config)#network 10.3.88.0 255.255.255.0
B3(dhcp-config)#default-router 10.3.88.1
B3(dhcp-config)#dns-server 10.0.1.4
B3(dhcp-config)#exit
B3(config)#

Step 2. Configure the PCs to use DHCP.
Currently, the PCs are configured to use static IP addresses. Change this configuration to DHCP.

Step 3. Verify that the PCs and wireless routers have an IP address.
Step 4. Verify connectivity.
All PCs physically attached to the network should be able to ping the www.cisco.com web server.

B3-PC1>ping www.cisco.com

Pinging 209.165.202.134 with 32 bytes of data:

Request timed out.
Reply from 209.165.202.134: bytes=32 time=29ms TTL=125
Reply from 209.165.202.134: bytes=32 time=31ms TTL=125
Reply from 209.165.202.134: bytes=32 time=23ms TTL=125

Task 11: Configure a Firewall ACL
Step 1. Verify connectivity from Outside Host.
The Outside Host PC should be able to ping the server at www.xyzcorp.com.

Outside host PC>ping www.cisco.com

Pinging 209.165.202.134 with 32 bytes of data:

Reply from 209.165.202.134: bytes=32 time=9ms TTL=127
Reply from 209.165.202.134: bytes=32 time=7ms TTL=127
Reply from 209.165.202.134: bytes=32 time=6ms TTL=127
Reply from 209.165.202.134: bytes=32 time=8ms TTL=127

Step 2. Implement a basic firewall ACL.
Because ISP represents connectivity to the Internet, configure a named ACL called FIREWALL in the following order:
Allow inbound HTTP requests to the www.xyzcorp.com server.
Allow only established TCP sessions from ISP and any source beyond ISP.
Allow only inbound ping replies from ISP and any source beyond ISP.
Explicitly block all other inbound access from ISP and any source beyond ISP.

HQ
HQ(config)#ip access-list extended FIREWALL
HQ(config-ext-nacl)#permit tcp any host 209.165.200.244 eq www
HQ(config-ext-nacl)#permit tcp any any established
HQ(config-ext-nacl)#permit icmp any any echo-reply
HQ(config-ext-nacl)#deny ip any any
HQ(config-ext-nacl)#exit
HQ(config)#int s0/1/0
HQ(config-if)#ip access-group FIREWALL in
HQ(config-if)#exit
HQ(config)#

Outside host PC>ping www.xyzcorp.com

Pinging 209.165.200.246 with 32 bytes of data:

Reply from 209.165.201.1: Destination host unreachable.
Reply from 209.165.201.1: Destination host unreachable.
Reply from 209.165.201.1: Destination host unreachable.
Reply from 209.165.201.1: Destination host unreachable.

Task 12: Configure Wireless Connectivity
Step 1. Verify the DHCP configuration.
Each BX-WRS router should already have IP addressing from the DHCP of the BX router for VLAN 88.

B1-WRS ip address 10.1.40.1 (click save settings)
B2-WRS ip address 10.2.40.1 (click save settings)
B2-WRS ip address 10.3.40.1 (click save settings)

Step 3. Configure the wireless network settings.
The SSIDs for the routers are BX-WRS_LAN where the X is the Branch router number.
The WEP key is 12345ABCDE

Wireless > Wireless security > security mode: WEP and key1: 12345ABCDE for all 3 routers
(click save settings)

Step 4. Configure the wireless routers for remote access.
Configure the administration password as cisco123 and enable remote management.

Step 5. Configure the BX-PC4 PCs to access the wireless network using DHCP.

Step 6. Verify connectivity and remote management capability.
Each wireless PC should be able to access the www.cisco.com web server.
Verify remote management capability by accessing the wireless router through the web browser.

From NetAdmin open Browser
access: http://10.1.88.25/
user: admin
password: cisco123

Soluzione PT Activity 7.5.1: Packet Tracer Skills Integration Challenge

Domande e commenti sono graditi.

Task 1: Apply Basic Configurations
Step 1. Configure R1, R2, and R3 with the basic global configuration.

Hostname as listed in the addressing table
Console line for login with password cisco
vtys 0–4 for login with password cisco
Secret password class
Banner of “AUTHORIZED ACCESS ONLY!”
Only the hostname and banner are graded.

R1
Router>en
Router#conf t
Router(config)#Hostname R1
R1(config)#line con 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#enable secret class
R1(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R1(config)#

R2
Router>en
Router#conf t
Router(config)#hostname R2
R2(config)#line con 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#enable secret class
R2(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R2(config)#

R3
Router>en
Router#conf t
Router(config)#hostname R3
R3(config)#line con 0
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#line vty 0 4
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#exit
R3(config)#enable secret class
R3(config)#banner motd "AUTHORIZED ACCESS ONLY!"
R3(config)#

Step 2. Configure the interfaces on R1, R2, and R3.
Use the addressing table to determine the interface addresses. Use the topology diagram to determine which interfaces are DCE interfaces. Configure the DCE interfaces for a clock rate of 64000.

R1
R1(config)#int f0/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int f0/1
R1(config-if)#ip address 192.168.11.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int s0/0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#

R2
R2(config)#int f0/0
R2(config-if)#ip address 192.168.20.1 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int s0/0/0
R2(config-if)#ip address 10.1.1.2 255.255.255.252
R2(config-if)#no sh
R2(config-if)#int s0/0/1
R2(config-if)#ip address 10.2.2.1 255.255.255.252
R2(config-if)#clock rate 64000
R2(config-if)#no sh
R2(config-if)#int s0/1/0
R2(config-if)#ip address 209.165.200.225 255.255.255.224
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#

R3
R3(config)#int f0/0
R3(config-if)#ip address 192.168.30.1 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int s0/0/1
R3(config-if)#ip address 10.2.2.2 255.255.255.252
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#

Task 2: Configure PPP Encapsulation with CHAP
Step 1. Configure the link between R1 and R2 to use PPP encapsulation with CHAP authentication.

The password for CHAP authentication is cisco123.

R1
R1(config)#int s0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#exit
R1(config)#username R2 password cisco123
R1(config)#

R2
R2(config)#int s0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
R2(config)#username R1 password cisco123
R2(config)#

Step 2. Configure the link between R2 and R3 to use PPP encapsulation with CHAP authentication.
The password for CHAP authentication is cisco123.

R2
R2(config)#int s0/0/1
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
R2(config)#username R3 password cisco123
R2(config)#

R3
R3(config)#int s0/0/1
R3(config-if)#encapsulation ppp
R3(config-if)#ppp authentication chap
R3(config-if)#exit
R3(config)#username R2 password cisco123
R3(config)#

Step 3. Verify that connectivity is restored between the routers.
R2 should be able to ping both R1 and R3. The interfaces may take a few minutes to come back up. You can switch back and forth between Realtime and Simulation modes to speed up the process. Another possible workaround to this Packet Tracer behavior is to use the shutdown and no shutdown commands on the interfaces.

R2
R2#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms

R2#ping 10.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms

Task 3: Configure Dynamic and Default Routing
Step 1. Configure R1, R2, and R3 to use the OSPF routing protocol.

Use a process ID of 1 when configuring OSPF on the routers.
Advertise all networks connected to R1 and R3, but do not send routing updates out the LAN interfaces.
On R2, do not advertise the 209.165.200.224 network, and do not send routing updates out the Fa0/0 or the Serial0/1/0 interfaces.

R1
R1(config)#router ospf 1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
R1(config-router)#network 192.168.11.0 0.0.0.255 area 0
R1(config-router)#passive-interface f0/0
R1(config-router)#passive-interface f0/1
R1(config-router)#exit
R1(config)#

R2
R2(config)#router ospf 1
R2(config-router)#network 10.1.1.0 0.0.0.3 area 0
R2(config-router)#network 10.2.2.0 0.0.0.3 area 0
R2(config-router)#network 192.168.20.0 0.0.0.255 area 0
R2(config-router)#passive-interface f0/0
R2(config-router)#passive-interface s0/1/0
R2(config-router)#exit
R2(config)#

R3
R3(config)#router ospf 1
R3(config-router)#network 10.2.2.0 0.0.0.3 area 0
R3(config-router)#network 192.168.30.0 0.0.0.255 area 0
R3(config-router)#passive-interface f0/0
R3(config-router)#exit
R3(config)#

Step 2. Configure a default route on R2.
Configure a default route to ISP, specifying the outgoing interface on R2 as the next-hop address.

ISP(config)#ip route 209.165.202.128 255.255.255.224 s0/0/0

Step 3. Configure OSPF to advertise the default route.
On R2, enter the command to advertise the default route to R1 and R3 via OSPF.

R2
R2(config)#router ospf 1
R2(config-router)#default-information originate
R2(config-router)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0
R2(config)#

Task 4: Configure Routers with Easy IP
Step 1. Configure R1 to act as a DHCP server for the 192.168.10.0 and 192.68.11.0 networks.

- Name the DHCP pool for the 192.168.10.0 network R1LAN1. For the 192.168.11.0 network, use the name R1LAN2.
- Exclude the first nine addresses on each network from dynamic assignment.
- In addition to the IP address and subnet mask, assign the default gateway and DNS server addresses.

R1(config)#ip dhcp pool R1LAN1
R1(dhcp-config)#network 192.168.10.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.10.1
R1(dhcp-config)#dns-server 192.168.20.254
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.9
R1(config)#ip dhcp excluded-address 192.168.11.1 192.168.11.9
R1(config)#ip dhcp pool R1LAN2
R1(dhcp-config)#network 192.168.11.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.11.1
R1(dhcp-config)#dns-server 192.168.20.254
R1(dhcp-config)#exit
R1(config)#

Step 2. Configure R3 to act as a DHCP server for the 192.168.30.0 network.
Name the DHCP pool for the 192.168.30.0 network R3LAN.
Exclude the first nine addresses on each network from dynamic assignment.
In addition to the IP address and subnet mask, assign the default gateway and DNS server addresses.

R3(config)#ip dhcp pool R3LAN
R3(dhcp-config)#network 192.168.30.0 255.255.255.0
R3(dhcp-config)#default-router 192.168.30.1
R3(dhcp-config)#dns-server 192.168.20.254
R3(dhcp-config)#exit
R3(config)#ip dhcp excluded-address 192.168.30.1 192.168.30.9
R3(config)#

Task 5: Verify that PCs Are Automatically Configured with Addressing Details
Step 1. Configure PC1, PC2, and PC3 for automatic IP configuration using DHCP.

Andare su ognuno dei pc e in config > global selezionare DHCP

Step 2. Verify that each PC has an address assigned from the correct DHCP pool.
controllare gli IP

Task 6: Configure a DNS Server with DNS Entries
Step 1. Configure the DNS server.

To configure DNS on the Inside Server, click the DNS button in the Config tab.
Make sure that DNS is turned on, and enter the following DNS entry:
www.cisco.com     209.165.201.30

Andare su Inside server
Config > DNS
name: www.cisco.com
Address: 209.165.201.30
Cliccare Add

Task 7: Configure an ACL to Permit NAT
Step 1. Create a standard named ACL.

Create the standard named ACL, R2NAT, which permits all the internal networks to be mapped by NAT.
Note: For Packet Tracer to grade this task correctly, you must enter the permitted networks in the following order:
192.168.10.0
192.168.20.0
192.168.30.0
192.168.11.0

R2(config)#ip access-list standard R2NAT
R2(config-std-nacl)#permit 192.168.10.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.20.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.30.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.11.0 0.0.0.255
R2(config-std-nacl)#exit
R2(config)#int fa0/0
R2(config-if)#ip access-group R2NAT in
R2(config-if)#exit
R2(config)#

Task 8: Configure Static NAT
Step 1. Configure static NAT for an inside web server.

Configure static NAT to map the local IP address and global IP addresses for Inside Server. Use the addresses listed in the addressing table.

R2(config)#ip nat inside source static 192.168.20.254 209.165.202.131

Task 9: Configure Dynamic NAT with Overload
Step 1. Configure the dynamic NAT pool.

Configure a dynamic NAT address pool using the Nat Pool specified in the topology diagram. Name the address pool R2POOL.

R2(config)#ip nat pool R2POOL 209.165.202.129 209.165.202.130 netmask 255.255.255.252

Step 2. Configure the dynamic NAT mapping.
Map the addresses in R2POOL to the networks defined above in R2NAT.

R2(config)#ip nat inside source list R2NAT pool R2POOL overload

Step 3. Apply NAT to the internal and external interfaces of R2.

R2(config)#int fa0/0
R2(config-if)#ip nat inside
R2(config-if)#int s0/0/0
R2(config-if)#ip nat inside
R2(config-if)#int s0/0/1
R2(config-if)#ip nat inside
R2(config-if)#int s0/1/0
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#

Task 10: Configure the ISP Router with a Static Route
Step 1. Configure a static route to the global IP addresses of R2.

This is the 209.165.202.128/27 network. Use the serial interface of ISP as the next-hop address.

ISP(config)#ip route 209.165.202.128 255.255.255.224 s0/0/0


Task 11: Test Connectivity
Inside hosts should be able to ping Outside Host.
PC3
PC>ping 209.165.201.14

Pinging 209.165.201.14 with 32 bytes of data:

Reply from 209.165.201.14: bytes=32 time=100ms TTL=125
Reply from 209.165.201.14: bytes=32 time=72ms TTL=125
Reply from 209.165.201.14: bytes=32 time=90ms TTL=125
Reply from 209.165.201.14: bytes=32 time=100ms TTL=125

Ping statistics for 209.165.201.14:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 72ms, Maximum = 100ms, Average = 90ms

PC>

Inside hosts should be able to ping www.cisco.com.
PC3
PC>ping www.cisco.com

Pinging 209.165.201.30 with 32 bytes of data:

Reply from 209.165.201.30: bytes=32 time=90ms TTL=125
Reply from 209.165.201.30: bytes=32 time=80ms TTL=125
Reply from 209.165.201.30: bytes=32 time=92ms TTL=125
Reply from 209.165.201.30: bytes=32 time=92ms TTL=125

Ping statistics for 209.165.201.30:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 80ms, Maximum = 92ms, Average = 88ms

PC>

Outside Host should be able to ping Inside Server by its global IP address.
PC-PT
PC>ping 209.165.202.131

Pinging 209.165.202.131 with 32 bytes of data:

Reply from 209.165.202.131: bytes=32 time=50ms TTL=126
Reply from 209.165.202.131: bytes=32 time=40ms TTL=126
Reply from 209.165.202.131: bytes=32 time=60ms TTL=126
Reply from 209.165.202.131: bytes=32 time=60ms TTL=126

Ping statistics for 209.165.202.131:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 60ms, Average = 52ms

PC>

Soluzione PT Activity 6.4.1: Packet Tracer Skills Integration Challenge

Domande e suggerimenti sono graditi.

Task 1: Apply Basic Router Configurations
Step 1: Configure basic commands.

Using the information in the topology diagram and addressing table, configure the basic device configurations on R1, R2, and R3. Hostnames are configured for you.

R1
R1>en
R1#conf t
R1(config)#line con 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#banner motd "Access to Router R1"
R1(config)#no ip domain-lookup
R1(config)#int s0/0/0
R1(config-if)#description line to cloud-PT
R1(config-if)#exit
R1(config)#int f0/0
R1(config-if)#desc
R1(config-if)#description fastethernet LAN
R1(config-if)#exit
R1(config-if)#

R2
R2>en
R2#conf t
R2(config)#line con 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#banner motd "Access to Router R2"
R2(config)#no ip domain-lookup
R2(config)#int s0/0/0
R2(config-if)#description line to cloud-PT
R2(config-if)#exit
R2(config)#int s0/1/0
R2(config-if)#description line to ISP
R2(config-if)#exit
R2(config)#int f0/0
R2(config-if)#description line to LAN
R2(config-if)#exit
R2(config)#

R3
R3>en
R3#conf t
R3(config)#line con 0
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#exit
R3(config)#line vty 0 4
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#exit
R3(config)#banner motd "Access to Router R3"
R3(config)#no ip domain-lookup
R3(config)#int s0/0/0
R3(config-if)#description line to cloud-PT
R3(config-if)#exit
R3(config)#int f0/0
R3(config-if)#description line to LAN
R3(config-if)#exit
R3(config)#

Task 2: Configure Dynamic and Default Routing
Step 1. Configure default routing.

R2 needs a default route. Use the exit-interface argument in the default route configuration.

R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0

Step 2. Configure dynamic routing.
Configure RIPv2 on R1, R2, and R3 for all available networks. R2 needs to pass its default network configuration to the other routers. Also, be sure to use the passive-interface command on all active interfaces not used for routing.

R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 10.1.1.0
R1(config-router)#network 192.168.10.0
R1(config-router)#passive-interface f0/1
R1(config-router)#no auto-summary
R1(config-router)#exit
R1(config)#

R2
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 10.1.1.0
R2(config-router)#network 192.168.20.0
R2(config-router)#default-information originate
R2(config-router)#passive-interface s0/1/0
R2(config-router)#passive-interface f0/1
R2(config-router)#no auto-summary
R2(config-router)#exit
R2(config)#

R3
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 10.1.1.0
R3(config-router)#network 192.168.30.0
R3(config-router)#passive-interface f0/1
R3(config-router)#no auto-summary
R3(config-router)#exit
R3(config)#

Task 5: Apply ACL Policies
Step 1. Create and apply security policy number 1.

Implement the following ACL rules using ACL number 101:
Allow hosts on the 192.168.30.0/24 network web access to any destination.
Allow hosts on the 192.168.30.0/24 network ping access to any destination.
Deny any other access originating from the network.

R3
R3(config)#access-list 101 permit tcp 192.168.30.0 0.0.0.255 any eq www
R3(config)#access-list 101 permit icmp 192.168.30.0 0.0.0.255 any
R3(config)#access-list 101 deny ip any any
R3(config)#int fa0/1
R3(config-if)#ip access-group 101 in
R3(config-if)#exit
R3(config)#

Step 2. Create and apply security policy number 2.
Because ISP represents connectivity to the Internet, configure a named ACL called FIREWALL in the following order:
Allow TW-DSL web access to the Intranet server.
Allow TW-Cable web access to the Intranet server.
Allow only inbound ping replies from ISP and any source beyond ISP.
Allow only established TCP sessions from ISP and any source beyond ISP.
Explicitly block all other inbound access from ISP and any source beyond ISP.

R2
R2(config)#ip access-list extended FIREWALL
R2(config-ext-nacl)#permit tcp host 192.168.1.10 host 192.168.20.254 eq www
R2(config-ext-nacl)#permit tcp host 192.168.2.10 host 192.168.20.254 eq www
R2(config-ext-nacl)#permit icmp any any echo-reply
R2(config-ext-nacl)#permit tcp any any established
R2(config-ext-nacl)#deny ip any any
R2(config-ext-nacl)#int s0/1/0
R2(config-if)#ip access-group FIREWALL in
R2(config-if)#exit
R2(config)#