DRSEnt EIGRP/NAT/VLAN PT Practice SBA

A few things to keep in mind while completing this activity:

1. Do not use the browser Back button or close or reload any Exam windows during the exam.
2. Do not close Packet Tracer when you are done. It will close automatically.
3. Click the Submit Assessment button to submit your work.

Introduction
In this practice Packet Tracer Skills Assessment, you will:

finish the configuration of a partially configured network

establish connectivity within the enterprise and to the Internet

implement a VLAN policy including inter-VLAN routing

Addressing Table
Interfac
e

Address

Subnet Mask

Default
Gateway

Fa0/0

10.10.10.129

255.255.255.24
8

n/a

S0/0/0

10.10.10.249

255.255.255.25
2

n/a

S0/1/0

10.10.10.253

255.255.255.25
2

n/a

S0/0/1

209.165.201.2

255.255.255.25
2

n/a

Fa0/0

10.10.10.121

255.255.255.24
8

n/a

Fa0/1

10.10.10.113

255.255.255.24
8

n/a

S0/0/0

10.10.10.250

255.255.255.25
2

n/a

Fa0/0.1

10.10.10.97

255.255.255.24
0

n/a

Fa0/0.10

10.10.10.1

255.255.255.19
2

n/a

Fa0/0.20

10.10.10.65

255.255.255.22
4

n/a

Fa0/1

10.10.10.114

255.255.255.24
8

n/a

S0/0/0

10.10.10.254

255.255.255.25
2

n/a

S1

VLAN 1

10.10.10.98

255.255.255.24
0

10.10.10.97

S2

VLAN 1

10.10.10.99

255.255.255.24
0

10.10.10.97

Device

HQ

R1

R2

H1

NIC

10.10.10.10

255.255.255.19
2

10.10.10.1

H2

NIC

10.10.10.70

255.255.255.22
4

10.10.10.65

H3

NIC

10.10.10.125

255.255.255.24
8

10.10.10.121

Inside Web Server

NIC

Inside: 10.10.10.132
Outside: 128.107.0.10

255.255.255.24
8

10.10.10.129

NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode
is class.

Step 1: Configure PPP on HQ.

The link between HQ and ISP uses PPP with CHAP. The password is ciscochap. ISP is not
accessible and is already configured.
HQ(config)#int s0/0/1
HQ(config-if)#encapsulation ppp
HQ(config-if)#ppp authentication chap
HQ(config-if)#exit
HQ(config-if)#

Step 2: Configure Default Routing.

a. Configure HQ with a default route using the exit interface argument.
HQ(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1
b. Verify default routing.

Step 3: Configure EIGRP Routing.

a. Configure EIGRP routing on HQ, R1, and R2 using the following parameters:

Use AS number 100.

Do not use the wildcard mask argument.

Do not advertise the network between HQ and ISP.

On HQ, enter the command redistribute static to propagate the default route to R1
and R2.

HQ(config)#router eigrp 100

HQ(config-router)#network 10.0.0.0
HQ(config-router)#no auto-summary
HQ(config-router)#redistribute static
R1(config)#router eigrp 100
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary

R2(config)#router eigrp 100

R2(config-router)#network 10.0.0.0
R2(config-router)#no auto-summary
b. Configure the link between HQ and R2 so that the bandwidth of 128 is used in EIGRP
calculations.
HQ(config)#int s0/1/0
HQ(config-if)#bandwidth 128

R2(config)#int s0/0/0
R2(config-if)#bandwidth 128

c. Configure R1 and R2 to summarize the following subnets into one advertised route to be sent
to HQ.
R1 and R2
Subnets
10.10.10.0/26
10.10.10.64/27
10.10.10.96/28
10.10.10.112/29
10.10.10.120/29

R1(config)#int s0/0/0
R1(config-if)#ip summary-address eigrp 100 10.10.10.0 255.255.255.128 5
R2(config)#int s0/0/0
R2(config-if)#ip summary-address eigrp 100 10.10.10.0 255.255.255.128 5

Step 4: Configure HQ with NAT.

a. Configure a static NAT mapping for the Inside Web Server so that the inside IP address is
translated to the outside IP address when packets are routed to the Internet. Use the
addresses in the Addressing Table.
HQ(config)#ip nat inside source static 10.10.10.132 128.107.0.10
HQ(config)#access-list 1 permit 10.10.10.0 0.0.0.255
HQ(config)#ip nat pool PUBLIC 128.107.0.4 128.107.0.7 netmask 255.255.255.252
HQ(config)#ip nat inside source list 1 pool PUBLIC overload

HQ(config)#int s0/0/1
HQ(config-if)#ip nat outside
HQ(config-if)#exit

HQ(config)#int s0/0/0
HQ(config-if)#ip nat inside
HQ(config-if)#exit

HQ(config)#int s0/1/0
HQ(config-if)#ip nat inside
HQ(config-if)#exit

HQ(config)#int fa0/0
HQ(config-if)#ip nat inside
HQ(config-if)#exit
b. Configure dynamic NAT on HQ using the following guidelines:

Only addresses in the 10.10.10.0/24 address space will be translated.

Use the number 1 for the access list.

Use PUBLIC as the NAT pool name and translate all inside addresses to the
128.107.0.4/30 address space.

Configure PAT.

c. Verify that NAT is working.

Step 5: Configure Trunking.

Note: S2 is already configured with trunking. You only have user EXEC mode access to S2.
On S1, manually configure the necessary links for trunking mode.
S1(config)#int fa0/1
S1(config-if)#switchport mode trunk
S1(config-if)#exit
S1(config)#int gig1/1
S1(config-if)#switchport mode trunk
S1(config-if)#exit
S1(config)#int gig1/2

S1(config-if)#switchport mode trunk

S1(config-if)#exit

Step 6: Configure VTP and VLANs.

Note: S2 is already configured as a VTP client and will receive VLAN information from S1. You only
have user EXEC mode access to S2.
a. Configure S1 with the following VTP parameters:
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
S1(config)#vtp password ciscovtp
Setting device VLAN database password to ciscovtp

VTP server.

VTP domain name: CCNA

VTP password: ciscovtp

b. Create and name the following VLANs on S1:

S1(config)#vlan 10
S1(config-vlan)#name Student
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Faculty
S1(config-vlan)#exit

VLAN 10: Student

VLAN 20: Faculty

c. Verify that S2 received VLAN information from S1.

Step 7: Configure the VLAN Interface and VLAN Access.

Note: The VLAN interface on S2 is already configured.
a. Configure S1 for remote management access.
S1(config)#int vlan 1
S1(config-if)#ip address 10.10.10.98 255.255.255.240
S1(config-if)#no shut
S1(config-if)#ip default-gateway 10.10.10.97

b. Configure S1 interface Fa0/4 for access mode and assign it to VLAN 10.
S1(config)#int fa0/4
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10

Step 8: Configure Spanning Tree.

S2 is the current STP root bridge. Using a priority of 4096, configure S1 as the root bridge for all
VLANs.
S1(config)#spanning-tree vlan 1,10,20 priority 4096

Step 9: Configure Port Security.

Note: Best practice requires port security on all access ports. However, for this practice exercise you
will only configure one port with security.
a. Configure S1 with port security on FastEthernet 0/4:
S1(config)#int fa0/4
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky

No more than 2 MAC addresses are allowed.

Once learned, MAC addresses should be automatically added to the running

configuration.

If this policy is violated, the port should automatically shutdown.

b. Verify that port security is implemented.

Step 10: Configure Inter-VLAN Routing.

a. Use the information in the Addressing Table to configure R2 for inter-VLAN routing.
b. Verify inter-VLAN routing.
R2(config)#int fa 0/0
R2(config-if)#no shut
R2(config)#int fa0/0.1
R2(config-subif)#encapsulation dot1Q 1
R2(config-subif)#ip address 10.10.10.97 255.255.255.240
R2(config-subif)#exit
R2(config)#int fa0/0.10
R2(config-subif)#encapsulation dot1Q 10
R2(config-subif)#ip address 10.10.10.1 255.255.255.192

R2(config-subif)#exit
R2(config)#int fa0/0.20
R2(config-subif)#encapsulation dot1Q 20
R2(config-subif)#ip address 10.10.10.65 255.255.255.224
R2(config-subif)#exit

Step 11: Verify Connectivity.

Although these are not scored, the following connectivity tests should be successful.

H3 can ping H1 and H2.

H3 can ping the Inside Web Server at both addresses.

H1, H2, and H3 can ping the Outside Web Server.

H1 can ping S1.

Version 1.0
Created in Packet Tracer 5.3.1.0044 and Marvel 1.0.1
All contents are Copyright 1992 - 2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.