SlideShare a Scribd company logo

cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf

A
AsgarAlam6

bbbbbbbbbb

Technology
1 of 9
Download to read offline
EWAN NAT/ACL PT Practice SBA In this practice Packet Tracer Skills Exam, you are expected to: · Finish designing the IP addressing scheme. · Implement the addressing in the network to meet the stated requirements. · Configure and verify a DHCP server implementation. · Configure and verify WAN technologies. · Configure EIGRP to enable communication with the rest of the network. · Configure NAT to translate addresses for traffic destined to the Internet. · Implement access control lists as part of a security policy. Addressing Table Device Interface Address Subnet Mask Default Gateway R1 Fa0/0 S0/0/0 172.30.1.1 255.255.255.252 n/a S0/0/1.101 10.10.10.1 255.255.255.252 n/a R2 S0/0/0 172.30.1.6 255.255.255.252 n/a S0/0/1.201 10.10.10.2 255.255.255.252 n/a S0/1/0 209.165.201.2 255.255.255.252 n/a R3 Fa0/0 n/a S0/0/0 172.30.1.2 255.255.255.252 n/a S0/0/1 172.30.1.5 255.255.255.252 n/a PC1 NIC PC3 NIC DHCP Assigned DHCP Assigned DHCP Assigned NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.
Step 1: Finish the IP Addressing Design and Implementation. Design an addressing scheme and fill in the Addressing Table based on the following requirements: a. Subnet the address space 172.16.1.128/25 to provide 50 host addresses for the R3 LAN while wasting the fewest addresses. b. Assign the first available subnet to the R3 LAN. c. Assign the first (lowest) address in this subnet to the Fa0/0 interface on R3. d. Subnet the remaining address space to provide 30 host addresses for the R1 LAN while wasting the fewest addresses. e. Assign the next available subnet to the R1 LAN. f. Assign the first (lowest) address in this subnet to the Fa0/0 interface on R1. g. Assign the last (highest) host address in this subnet to PC1. h. Finish the IP addressing configuration: · Configure R1 and R3 LAN interfaces with IP addressing. · Configure PC1 with IP addressing. PC3 will get its address from the DHCP server on R3 in the next step. Step 2: Configure and Verify R3 as the DHCP Server. a. Configure R3 as the DHCP server for the LAN attached to Fa0/0 using the following guidelines: · Use the case-sensitive DHCP pool name of R3_LAN. · Exclude the first three host addresses in the subnet. b. Verify that PC3 now has full IP addressing. It may be necessary to toggle between “Static” and “DHCP” on the IP Configuration screen for PC3 before PC3 will send a DHCP request. PC3 should be able to ping the default gateway. Step 3: Configure WAN Technologies. a. The link between R3 and R2 uses PPP with CHAP. The password is ciscochap. Verify that R3 and R2 can ping each other. b. The link between R3 and R1 uses HDLC. R3 should be able to ping the other side of the link. Verify that R3 and R1 can ping each other. c. The link between R1 and R2 uses point-to-point Frame Relay subinterfaces. Verify that R1 and R2 can ping each other. Step 4: Configure and Verify EIGRP Routing. a. Configure EIGRP routing on R1, R2, and R3. · Use AS number 100.
· Do not use the wildcard mask argument. · Do not advertise the network between R2 and the Internet. b. Configure R2 with a default route using the outbound interface argument. Use one command to propagate the default route into the EIGRP routing process. c. Verify PC1 and PC3 can ping each other as well as R1, R2 and R3. You will not be able to ping Internet hosts yet. Step 5: Configure R2 with a NAT. a. Configure NAT on R2 using the following guidelines: · Only addresses in the 172.16.1.128/25 address space will be translated. · Use the number 1 for the access list. · Configure PAT on the R2 S0/1/0 interface. b. Verify that PC1 and PC3 can ping the Internet hosts. Step 6: Configure Access Control Lists to Satisfy a Security Policy. a. Configure and apply an ACL with the number 50 that implements the following policy: · Deny any host from the R3 LAN from accessing hosts on the R1 LAN. · Hosts on the R3 LAN should be able to ping any other destination. b. Verify that ACL 50 is operating as intended. c. Configure and apply a named ACL with the case-sensitive name FIREWALL that implements the following policy: · Deny ping requests sourced from the Internet. · Deny Telnet and HTTP traffic sourced from the Internet. · Allow all other traffic. d. Verify the FIREWALL ACL is operating as intended. SOLUTION IP pool received 172.16.1.128 /25 Address calculation for R3 Network 172.16.1.128 /26 FA00 172.16.1.129 255.255.255.192 Address calculation for R1 Network 172.16.1.192 /27 FA00 172.16.1.193 255.255.255.224 PC1 172.16.1.222 255.255.255.224
R1#sh run Building configuration... Current configuration : 1309 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R1 ! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ! ! ! ! ! ! ! ! ! ! ip ssh version 1 ip name-server 0.0.0.0 ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.16.1.193 255.255.255.224 ip access-group 50 out duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.30.1.1 255.255.255.252 clock rate 2000000 ! interface Serial0/0/1 no ip address encapsulation frame-relay ! interface Serial0/0/1.101 point-to-point ip address 10.10.10.1 255.255.255.252 frame-relay interface-dlci 101
! interface Vlan1 no ip address shutdown ! router eigrp 100 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.30.0.0 network 10.0.0.0 no auto-summary ! ip classless ! ! access-list 50 deny 172.16.1.128 0.0.0.63 access-list 50 permit any ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! end R2#sh run Building configuration... Current configuration : 1718 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R2
! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ! ! ! ! ! ! username R3 password 0 ciscochap ! ! ! ! ! ip ssh version 1 ip name-server 0.0.0.0 ! ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.30.1.6 255.255.255.252 encapsulation ppp ppp authentication chap ip nat inside ! interface Serial0/0/1 no ip address encapsulation frame-relay ! interface Serial0/0/1.201 point-to-point ip address 10.10.10.2 255.255.255.252 frame-relay interface-dlci 201 ip nat inside ! interface Serial0/1/0 ip address 209.165.201.2 255.255.255.252 ip access-group FIREWALL in ip nat outside ! interface Serial0/1/1
no ip address shutdown ! interface Vlan1 no ip address shutdown ! router eigrp 100 redistribute static passive-interface Serial0/1/0 network 172.30.0.0 network 10.0.0.0 no auto-summary ! ip nat inside source list 1 interface Serial0/1/0 overload ip classless ip route 0.0.0.0 0.0.0.0 Serial0/1/0 ! ! access-list 1 permit 172.16.1.128 0.0.0.127 ip access-list extended FIREWALL deny icmp any any echo deny tcp any any eq telnet deny tcp any any eq www permit ip any any ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! End R3#sh run Building configuration...
Current configuration : 1299 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R3 ! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ! ! ip dhcp excluded-address 172.16.1.129 172.16.1.131 ! ip dhcp pool R3_LAN network 172.16.1.128 255.255.255.192 default-router 172.16.1.129 ! ! ! username R2 password 0 ciscochap ! ! ! ! ! ip ssh version 1 ip name-server 0.0.0.0 ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.16.1.129 255.255.255.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.30.1.2 255.255.255.252 ! interface Serial0/0/1 ip address 172.30.1.5 255.255.255.252 encapsulation ppp ppp authentication chap clock rate 2000000 !
interface Vlan1 no ip address shutdown ! router eigrp 100 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.30.0.0 no auto-summary ! ip classless ! ! ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! end

Recommended

BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLSPeťko Z Chochoľova
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxketurahhazelhurst
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2Kris Mofu
 
CCNA 1 Final v5.0 2014
CCNA 1 Final v5.0 2014CCNA 1 Final v5.0 2014
CCNA 1 Final v5.0 2014Đồng Quốc Vương
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxgalerussel59292
 
Lab practice 1 configuring basic routing and switching (with answer)
Lab practice 1 configuring basic routing and switching (with answer) Lab practice 1 configuring basic routing and switching (with answer)
Lab practice 1 configuring basic routing and switching (with answer) Arz Sy
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMHamesKellor
 

Recommended

BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLSPeťko Z Chochoľova
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxketurahhazelhurst
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2Kris Mofu
 
CCNA 1 Final v5.0 2014
CCNA 1 Final v5.0 2014CCNA 1 Final v5.0 2014
CCNA 1 Final v5.0 2014Đồng Quốc Vương
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxgalerussel59292
 
Lab practice 1 configuring basic routing and switching (with answer)
Lab practice 1 configuring basic routing and switching (with answer) Lab practice 1 configuring basic routing and switching (with answer)
Lab practice 1 configuring basic routing and switching (with answer) Arz Sy
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMHamesKellor
 
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02Abhilash Kuniyil
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdfssuserf7cd2b
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1mps125
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cliNetwax Lab
 
119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tutnicolelemmimg
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp ukJohnsmith5188
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...rediani
 
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docx
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docxCCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docx
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docxketurahhazelhurst
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
 
Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011Dân Chơi
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration3Anetwork com
 
Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Đồng Quốc Vương
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCCNA4Answers
 
Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5friv4schoolgames
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructurePrince Gautam
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configurationsamreenghauri786
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNetwax Lab
 
Lab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdfLab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdfNesibusami
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제Munkyeonggu
 
Lab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayLab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayManuel Garcia Meza
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

More Related Content

Similar to cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf

Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02Abhilash Kuniyil
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdfssuserf7cd2b
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1mps125
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cliNetwax Lab
 
119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tutnicolelemmimg
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp ukJohnsmith5188
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...rediani
 
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docx
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docxCCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docx
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docxketurahhazelhurst
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
 
Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011Dân Chơi
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration3Anetwork com
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCCNA4Answers
 
Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5friv4schoolgames
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructurePrince Gautam
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configurationsamreenghauri786
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNetwax Lab
 
Lab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdfLab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdfNesibusami
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제Munkyeonggu
 

Similar to cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf (20)

Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cli
 
119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
 
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docx
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docxCCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docx
CCNA Scaling NetworksSA Exam CCNA Scaling NetworksSkills .docx
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
 
Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011Ccna 4 chapter 3 v4.0 answers 2011
Ccna 4 chapter 3 v4.0 answers 2011
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration
 
Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5Ccna 2 chapter 11 2014 v5
Ccna 2 chapter 11 2014 v5
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 Answers
 
Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructure
 
Detailed explanation of Basic router configuration
Detailed explanation of Basic router configurationDetailed explanation of Basic router configuration
Detailed explanation of Basic router configuration
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asa
 
Lab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdfLab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdf
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제
 
Lab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayLab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relay
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf

  • 1. EWAN NAT/ACL PT Practice SBA In this practice Packet Tracer Skills Exam, you are expected to: · Finish designing the IP addressing scheme. · Implement the addressing in the network to meet the stated requirements. · Configure and verify a DHCP server implementation. · Configure and verify WAN technologies. · Configure EIGRP to enable communication with the rest of the network. · Configure NAT to translate addresses for traffic destined to the Internet. · Implement access control lists as part of a security policy. Addressing Table Device Interface Address Subnet Mask Default Gateway R1 Fa0/0 S0/0/0 172.30.1.1 255.255.255.252 n/a S0/0/1.101 10.10.10.1 255.255.255.252 n/a R2 S0/0/0 172.30.1.6 255.255.255.252 n/a S0/0/1.201 10.10.10.2 255.255.255.252 n/a S0/1/0 209.165.201.2 255.255.255.252 n/a R3 Fa0/0 n/a S0/0/0 172.30.1.2 255.255.255.252 n/a S0/0/1 172.30.1.5 255.255.255.252 n/a PC1 NIC PC3 NIC DHCP Assigned DHCP Assigned DHCP Assigned NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.
  • 2. Step 1: Finish the IP Addressing Design and Implementation. Design an addressing scheme and fill in the Addressing Table based on the following requirements: a. Subnet the address space 172.16.1.128/25 to provide 50 host addresses for the R3 LAN while wasting the fewest addresses. b. Assign the first available subnet to the R3 LAN. c. Assign the first (lowest) address in this subnet to the Fa0/0 interface on R3. d. Subnet the remaining address space to provide 30 host addresses for the R1 LAN while wasting the fewest addresses. e. Assign the next available subnet to the R1 LAN. f. Assign the first (lowest) address in this subnet to the Fa0/0 interface on R1. g. Assign the last (highest) host address in this subnet to PC1. h. Finish the IP addressing configuration: · Configure R1 and R3 LAN interfaces with IP addressing. · Configure PC1 with IP addressing. PC3 will get its address from the DHCP server on R3 in the next step. Step 2: Configure and Verify R3 as the DHCP Server. a. Configure R3 as the DHCP server for the LAN attached to Fa0/0 using the following guidelines: · Use the case-sensitive DHCP pool name of R3_LAN. · Exclude the first three host addresses in the subnet. b. Verify that PC3 now has full IP addressing. It may be necessary to toggle between “Static” and “DHCP” on the IP Configuration screen for PC3 before PC3 will send a DHCP request. PC3 should be able to ping the default gateway. Step 3: Configure WAN Technologies. a. The link between R3 and R2 uses PPP with CHAP. The password is ciscochap. Verify that R3 and R2 can ping each other. b. The link between R3 and R1 uses HDLC. R3 should be able to ping the other side of the link. Verify that R3 and R1 can ping each other. c. The link between R1 and R2 uses point-to-point Frame Relay subinterfaces. Verify that R1 and R2 can ping each other. Step 4: Configure and Verify EIGRP Routing. a. Configure EIGRP routing on R1, R2, and R3. · Use AS number 100.
  • 3. · Do not use the wildcard mask argument. · Do not advertise the network between R2 and the Internet. b. Configure R2 with a default route using the outbound interface argument. Use one command to propagate the default route into the EIGRP routing process. c. Verify PC1 and PC3 can ping each other as well as R1, R2 and R3. You will not be able to ping Internet hosts yet. Step 5: Configure R2 with a NAT. a. Configure NAT on R2 using the following guidelines: · Only addresses in the 172.16.1.128/25 address space will be translated. · Use the number 1 for the access list. · Configure PAT on the R2 S0/1/0 interface. b. Verify that PC1 and PC3 can ping the Internet hosts. Step 6: Configure Access Control Lists to Satisfy a Security Policy. a. Configure and apply an ACL with the number 50 that implements the following policy: · Deny any host from the R3 LAN from accessing hosts on the R1 LAN. · Hosts on the R3 LAN should be able to ping any other destination. b. Verify that ACL 50 is operating as intended. c. Configure and apply a named ACL with the case-sensitive name FIREWALL that implements the following policy: · Deny ping requests sourced from the Internet. · Deny Telnet and HTTP traffic sourced from the Internet. · Allow all other traffic. d. Verify the FIREWALL ACL is operating as intended. SOLUTION IP pool received 172.16.1.128 /25 Address calculation for R3 Network 172.16.1.128 /26 FA00 172.16.1.129 255.255.255.192 Address calculation for R1 Network 172.16.1.192 /27 FA00 172.16.1.193 255.255.255.224 PC1 172.16.1.222 255.255.255.224
  • 4. R1#sh run Building configuration... Current configuration : 1309 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R1 ! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ! ! ! ! ! ! ! ! ! ! ip ssh version 1 ip name-server 0.0.0.0 ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.16.1.193 255.255.255.224 ip access-group 50 out duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.30.1.1 255.255.255.252 clock rate 2000000 ! interface Serial0/0/1 no ip address encapsulation frame-relay ! interface Serial0/0/1.101 point-to-point ip address 10.10.10.1 255.255.255.252 frame-relay interface-dlci 101
  • 5. ! interface Vlan1 no ip address shutdown ! router eigrp 100 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.30.0.0 network 10.0.0.0 no auto-summary ! ip classless ! ! access-list 50 deny 172.16.1.128 0.0.0.63 access-list 50 permit any ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! end R2#sh run Building configuration... Current configuration : 1718 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R2
  • 6. ! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ! ! ! ! ! ! username R3 password 0 ciscochap ! ! ! ! ! ip ssh version 1 ip name-server 0.0.0.0 ! ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.30.1.6 255.255.255.252 encapsulation ppp ppp authentication chap ip nat inside ! interface Serial0/0/1 no ip address encapsulation frame-relay ! interface Serial0/0/1.201 point-to-point ip address 10.10.10.2 255.255.255.252 frame-relay interface-dlci 201 ip nat inside ! interface Serial0/1/0 ip address 209.165.201.2 255.255.255.252 ip access-group FIREWALL in ip nat outside ! interface Serial0/1/1
  • 7. no ip address shutdown ! interface Vlan1 no ip address shutdown ! router eigrp 100 redistribute static passive-interface Serial0/1/0 network 172.30.0.0 network 10.0.0.0 no auto-summary ! ip nat inside source list 1 interface Serial0/1/0 overload ip classless ip route 0.0.0.0 0.0.0.0 Serial0/1/0 ! ! access-list 1 permit 172.16.1.128 0.0.0.127 ip access-list extended FIREWALL deny icmp any any echo deny tcp any any eq telnet deny tcp any any eq www permit ip any any ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! End R3#sh run Building configuration...
  • 8. Current configuration : 1299 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R3 ! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ! ! ip dhcp excluded-address 172.16.1.129 172.16.1.131 ! ip dhcp pool R3_LAN network 172.16.1.128 255.255.255.192 default-router 172.16.1.129 ! ! ! username R2 password 0 ciscochap ! ! ! ! ! ip ssh version 1 ip name-server 0.0.0.0 ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.16.1.129 255.255.255.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.30.1.2 255.255.255.252 ! interface Serial0/0/1 ip address 172.30.1.5 255.255.255.252 encapsulation ppp ppp authentication chap clock rate 2000000 !
  • 9. interface Vlan1 no ip address shutdown ! router eigrp 100 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.30.0.0 no auto-summary ! ip classless ! ! ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! end