Professional Documents
Culture Documents
Scaling Networks
EIGRP Practice Skills Assessment Packet Tracer
A few things to keep in mind while completing this activity:
1. Do not use the browser Back button or close or reload any exam windows
during the exam.
2. Do not close Packet Tracer when you are done. It will close automatically.
3. Click the Submit Assessment button in the browser window to submit your
work.
Introduction
In Part I of this practice skills assessment, you will configure routing and ACLs. You
will configure dynamic routing with EIGRP for IPv4 and static and default routes. In
addition, you will configure two access control lists.
In Part II of this practice skills assessment, you will configure the Medical Company
network with RPVST+, port security, EtherChannel, DHCP, VLANs and trunking, and
routing between VLANs. In addition you will perform an initial configuration on a
switch, secure unused switch ports and secure SVIs. You will also control access to the
switch management network with an access control list.
All IOS device configurations should be completed from a direct terminal
connection to the device console from an available host.
Some values that are required to complete the configurations have not been given
to you. In those cases, create the values that you need to complete the
requirements. These values may include certain IP addresses, passwords, interface
descriptions, banner text, and other values.
For the sake of time, many repetitive but important configuration tasks have been
omitted from this activity. Many of these tasks, especially those related to device
security, are essential elements of a network configuration. The intent of this activity is
not to diminish the importance of full device configurations.
You will practice and be assessed on the following skills:
Configuration of RPVST+
Configuration of EtherChannel
Central:
West:
Bldg1:
Configure EtherChannel.
Configure trunking.
Bldg2:
Configure EtherChannel.
Configure trunking.
Activate RPVST+.
Bldg3:
Configure EtherChannel.
Configure trunking.
Internal PC hosts:
Tables
Note: You are provided with the networks that interfaces should be configured on.
Unless you are told to do differently in the detailed instructions below, you are free to
choose the host addresses to assign.
Addressing Table:
Device
Interface
Network
Configuration Details
S0/0/0
192.168.100.20/30
S0/0/1
192.168.100.28/30
G0/0
192.168.8.0/24
G0/1
192.168.9.0/24
S0/0/0
192.168.100.20/30
S0/0/1
192.168.100.36/30
S0/1/0
203.0.113.16/29
(The first address in this network is already in use on the ISP router. Any other address in the
network can be assigned to this interface.)
S0/0/0
192.168.100.28/30
East
Central
West
S0/0/1
192.168.100.36/30
G0/1.2
10.10.2.0/24
G0/1.4
10.10.4.0/24
G0/1.8
10.10.8.0/24
G0/1.15
10.10.15.0/24
G0/1.25
10.10.25.0/24
Bldg1
SVI
10.10.25.0/24
Bldg2
SVI
10.10.25.0/24
Bldg3
SVI
10.10.25.0/24
Host 1
NIC
192.168.8.0/24
Host 2
NIC
192.168.9.0/24
NetAdmin 1
NIC
10.10.15.0/24
NetAdmin 2
NIC
10.10.15.0/24
VLA
N
Name
Devic
Network
e
Switc
h
Ports
Bldg3 Fa0/7
15
Bldg1
Fa0/1
0
Bldg3
Fa0/1
0
Bldg1
Fa0/1
5
Bldg3
Fa0/1
5
Bldg1
Fa0/2
4
Bldg3
Fa0/2
4
LAB-B 10.10.4.0/24
LAB-C 10.10.8.0/24
NetAdmi 10.10.15.0/2
n
4
Bldg1 SVI
25
SW- 10.10.25.0/2
Bldg2 SVI
Admin
4
Bldg3 SVI
99
spare
N/A
all
unuse
Bldg1
d
ports
Channel Device
Interfaces
Bldg1
Fa0/1, Fa0/2
Bldg3
Fa0/1, Fa0/2
Bldg1
Fa0/3, Fa0/4
Bldg2
Fa0/3, Fa0/4
Bldg2
Fa0/5, Fa0/6
Bldg3
Fa0/5, Fa0/6
Instructions
Configure the router host name: East. This value must be entered exactly as it
appears here.
Hostname East
No ip domain look up
Enable secret class
Line console 0
Password cisco
Logging sinchronus
Login
Line vty 0 4
Password cisco
login
Banner motd Authorized Access Only
Service password-encryption
Configure IP addressing.
Configure EIGRP for IPv4 to route between the internal networks. Use
ASN 100.
Use the precise wild card masks for all network statements.
You are not required to route the SW-Admin VLAN network over EIGRP.
Prevent routing updates from being sent on the LAN networks. Do not
use the default keyword version of the command to do so.
Prevent EIGRP for IPv4 from performing automatic route summarization on all
routers.
Configure a default route to the Internet. Use the exit interface argument.
Configure EIGRP for IPv4 to distribute the default route to the other routers.
Set the bandwidth of the link between East and Central to 128 kb/s.
Create a summary route for the LANs connected to Bldg3. It should include all
networks from 10.10.0.0 to 10.10.15.0.
Configure EIGRP for IPv4 with the route summary so that it will be sent to the
other routers. Be sure to configure the summary on all of the appropriate
interfaces.
Create a named standard ACL using the name TELNET-BLOCK. Be sure that
you enter this name exactly as it appears in this instruction.
No other Internet hosts (including hosts not visible in the topology) should be
able to access the vty lines of Central.
Allow only Test PC to ping addresses within the Medical Company network.
Only echo messages should be permitted.
Prevent all other Internet hosts (not only the Internet hosts visible in the
topology) from pinging addresses inside the Medical Company network. Block
echo messages only.
Your ACL should be placed in the most efficient location as possible to conserve
network bandwidth and device processing resources.
c. Control access to the management interfaces (SVI) of the three switches attached
to West as follows:
Hosts on the NetAdmin VLAN network should be able to reach all other
destinations.
The VLAN names that you configure must match the values in the table exactly.
Each switch should be configured with all of the VLANs shown in the table.
All switch ports that you assign to VLANs should be configured to static access
mode.
hosts on other networks. Full connectivity will be established after routing between
VLANs has been configured later in this assessment.
Step 4: Configure Trunking and EtherChannel.
a. Use the information in the Port-Channel Groups table to configure EtherChannel as
follows:
Use LACP.
The switch ports on both sides of Channels 1 and 2 should initiate negotiations
for channel establishment.
The switch ports on the Bldg2 side of the Channel 3 should initiate negotiations
with the switch ports on Bldg3.
The switch ports on the Bldg3 side of Channel 3 should not initiate negotiations
with the switch ports on the other side of the channel.
All channels should be ready to forward data after they have been configured.
Bldg1 should be configured as root primary for VLAN 2 and VLAN 4 using the
default primary priority values.
Bldg1 should be configured as root secondary for VLAN 8 and VLAN 15 using
the default secondary priority values.
Bldg3 should be configured as root primary for VLAN 8 and VLAN 15 using
the default primary priority values.
Bldg3 should be configured as root secondary for VLAN 2 and VLAN 4 using
the default secondary priority values.
b. Activate PortFast and BPDU Guard on the active Bldg3 switch access ports.
Activate BPDU Guard on all access ports that are connected to hosts.
Ensure that all unused switch ports have been assigned to VLAN 99.
Each switch port should accept only two MAC addresses before a security
action occurs.
If a security violation occurs, the switch ports should provide notification that a
violation has occurred but not place the interface in an err-disabled state.
c. On Bldg2, configure the virtual terminal lines to accept only SSH connections.
Configure user-based authentication for the SSH connections with a user name
of netadmin and a secret password of SSH_secret9. The user name and
password must match the values provided here exactly in case, punctuation, and
spelling.
Step 7: Configure West as a DHCP server for the hosts attached to the Bldg1 and
Bldg2 switches.
Configure three DHCP pools as follows:
Create a DHCP pool for hosts on VLAN 2 using the pool name vlan2pool.
Create a DHCP pool for hosts on VLAN 4 using the pool name vlan4pool.
Create a DHCP pool for hosts on VLAN 8 using the pool name vlan8pool.
All VLAN pool names must match the provided values exactly.
Hosts on the LANs attached to East should be statically assigned addressing that
enables them to communicate with hosts on other networks.
Configuration
Theese Configurations ate Created By Asitha Indunil Meegama From Srilanka.
Student of Srilanka Institiute of Infromation Technology and Curtin University of
Technology Australia.
I have scored 98% for this and i have corrected my mistake also here.
You can score 100%
1. Before begin please read the whole assesment.
2. And change the host name of Esat or Site 1 router accordingly.
3. To apply theese commands in each device go to global Configuration mode
{ (config)# } and paste them all there without changing.
Thanks !!!
***BLDG1*** or ***SW-A***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.254 255.255.255.0
no shutdown
interface fa0/5
switchport mode acces
switchport acces vlan 2
interface fa0/10
switchport mode acces
switchport acces vlan 4
interface fa0/15
switchport mode acces
switchport acces vlan 8
interface fa0/24
SECURITY
interface fa0/5
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky
interface fa0/10
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky
interface fa0/15
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky
interface fa0/24
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky
***BLDG2*** or ***SW-B***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.253 255.255.255.0
no shutdown
interface gi 1/1
switchport mode trunk
ETHERCHANNEL
interface range fa0/3-4
channel-group 2 mode active
interface port-channel 2
switchport mode trunk
interface range fa0/5-6
channel-group 3 mode active
interface port-channel 3
switchport mode trunk
PVST+
spanning-tree mode rapid-pvst
SSH
hostname SW-B
ip ssh version 2
ip domain-name ccnaPTSA.com
crypto key generate rsa
1024
username netadmin password SSH_secret9
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
***BLDG3*** or ***SW-C***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.252 255.255.255.0
no shutdown
interface fa0/7
switchport mode acces
switchport acces vlan 2
interface fa0/10
switchport mode acces
switchport acces vlan 4
interface fa0/15
switchport mode acces
switchport acces vlan 8
interface fa0/24
switchport mode acces
switchport acces vlan 15
ETHERCHANNEL
interface range fa0/1-2
channel-group 1 mode active
no shutdown
interface port-channel 1
switchport mode trunk
***Central*** or ***HQ***
ip route 0.0.0.0 0.0.0.0 s0/1/0
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.22 255.255.255.252
description SITE
no shutdown
interface serial 0/0/1
bandwidth 128
ip address 192.168.100.37 255.255.255.252
description SITE
clock rate 128000
no shutdown
interface serial 0/1/0
bandwidth 128
ip address 203.0.113.18 255.255.255.248
description INTERNET
no shutdown
EIGRP
router eigrp 100
redistribute static
network 192.168.100.20 0.0.0.3
network 192.168.100.36 0.0.0.3
no auto-summary
ACCESS LIST
ip access-list standard TELNET-BLOCK
permit host 198.51.100.5
access-list 101 permit icmp 198.51.100.5 0.0.0.0 any echo
access-list 101 deny icmp any any echo
access-list 101 permit ip any any
line vty 0 4
access-class TELNET-BLOCK in
interface serial 0/1/0
ip access-group 101 in
***East*** or ***Site1***
hostname Site-1
no ip domain-lookup
enable secret cisco
line console 0
logging synchronous
password cisco
login
line vty 0 4
password cisco
login
service password-encryption
banner motd * Authorized acces only *
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.21 255.255.255.252
description HQ
clock rate 128000
no shutdown
interface serial 0/0/1
bandwidth 128
ip address 192.168.100.29 255.255.255.252
description HQ
no shutdown
interface gi 0/0
ip address 192.168.8.1 255.255.255.0
description SITE
no shutdown
interface gi 0/1
ip address 192.168.9.1 255.255.255.0
no shutdown
EIGRP
router eigrp 100
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
network 192.168.100.20 0.0.0.3
network 192.168.100.28 0.0.0.3
network 192.168.8.0 0.0.0.255
network 192.168.9.0 0.0.0.255
no auto-summary
***West*** or ***Site2***
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.30 255.255.255.252
description SITE
no shutdown
interface serial 0/0/1
bandwidth 128
ip address 192.168.100.38 255.255.255.252
description SITE
no shutdown
interface gig 0/1
description SITE
no shutdown
interface gi 0/1.2
encapsulation dot1q 2
ip address 10.10.2.1 255.255.255.0
interface gi 0/1.4
encapsulation dot1q 4
ip address 10.10.4.1 255.255.255.0
interface gi 0/1.8
encapsulation dot1q 8
ip address 10.10.8.1 255.255.255.0
interface gi 0/1.15
encapsulation dot1q 15
ip address 10.10.15.1 255.255.255.0
interface gi 0/1.25
encapsulation dot1q 25
ip address 10.10.25.1 255.255.255.0
EIGRP
router eigrp 100
passive-interface GigabitEthernet0/1
***HOSTS***