Professional Documents
Culture Documents
Ccna 4 Sba Test
Ccna 4 Sba Test
A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done, it will close automatically. 3. Click the Submit Assessment button to submit your work.
Introduction
In this practice Packet Tracer Skills Exam, you are expected to: Finish designing the IP addressing scheme. Implement the addressing in the network to meet the stated requirements. Configure and verify a DHCP server implementation. Configure and verify WAN technologies. Configure EIGRP to enable communication with the rest of the network. Configure NAT to translate addresses for traffic destined to the Internet. Implement access control lists as part of a security policy.
Addressing Table
Device R1 Interface Fa0/0 S0/0/0 S0/0/1.101 R2 S0/0/0 S0/0/1.201 S0/1/0 R3 Fa0/0 S0/0/0 S0/0/1 PC1 PC3 NIC NIC Address Subnet Mask Default Gateway n/a n/a n/a n/a n/a n/a n/a n/a n/a
172.16.1.129
172.30.1.1 10.10.10.1 172.30.1.6 10.10.10.2 209.165.201.2
255.255.255.192
255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252
172.16.1.193
172.30.1.2 172.30.1.5
255.255.255.224
255.255.255.252 255.255.255.252
172.16.1.222
DHCP Assigned
255.255.255.224
DHCP Assigned
172.16.1.193
DHCP Assigned
NOTE:Use a printed version of these instructions to fill in the missing address information in the table during Step 1 to aid in configuring, verifying and troubleshooting the devices. NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode isclass.
b. c. d.
Deny any host from the R3 LAN from accessing hosts on the R1 LAN. Hosts on the R3 LAN should be able to ping any other destination. Verify that ACL 50 is operating as intended. Configure and apply a named ACL with the case-sensitive name FIREWALL that implements the following policy: Deny ping requests sourced from the Internet. Deny Telnet and HTTP traffic sourced from the Internet. Allow all other traffic. Verify the FIREWALL ACL is operating as intended.
Version 1.0 Created in Packet Tracer 5.2.1 and Marvel 1.0.1 All contents are Copyright 1992 - 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
R1 hostname R1 no ip domain-lookup enable secret cisco banner motd ^ *********************************** !!!Unauthorized access strictly prohibited and prosecuted to the full extent of the law!!! *********************************** ^ int fa0/0 ip add 172.16.1.193 255.255.255.224 ip access-group 50 out no shut int s0/0/0 ip add 172.30.1.1 255.255.255.252 clock rate 2000000 no shut interface Serial0/0/1 no ip address no shut encapsulation frame-relay interface Serial0/0/1.101 point-to-point ip address 10.10.10.1 255.255.255.252 frame-relay interface-dlci 101 no shut router eigrp 100 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.30.0.0
network 10.0.0.0 no auto-summary access-list 50 deny 172.16.1.128 0.0.0.63 access-list 50 permit any logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar end write me R2 hostname R2 no ip domain-lookup enable secret cisco username R3 password 0 ciscochap banner motd ^ *********************************** !!!Unauthorized access strictly prohibited and prosecuted to the full extent of the law!!! *********************************** ^ int s0/0/0 ip add 172.30.1.6 255.255.255.252 encapsulation ppp ppp authentication chap ip nat inside no shut interface Serial0/0/1 no ip address no shut encapsulation frame-relay interface Serial0/0/1.201 point-to-point ip address 10.10.10.2 255.255.255.252 frame-relay interface-dlci 201 ip nat inside no shut
interface Serial0/1/0 ip address 209.165.201.2 255.255.255.252 ip access-group FIREWALL in ip nat outside no shut router eigrp 100 redistribute static passive-interface Serial0/1/0 network 172.30.0.0 network 10.0.0.0 no auto-summary default-information originate ip nat inside source list 1 interface Serial0/1/0 overload ip route 0.0.0.0 0.0.0.0 Serial0/1/0 access-list 1 permit 172.16.1.128 0.0.0.127 ip access-list extended FIREWALL deny icmp any any echo deny tcp any any eq telnet deny tcp any any eq www permit ip any any logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar end write me R3 hostname R3 no ip domain-lookup enable secret cisco username R2 password 0 ciscochap ip dhcp excluded-address 172.16.1.129 172.16.1.131 ip dhcp pool R3_LAN network 172.16.1.128 255.255.255.192 default-router 172.16.1.129
banner motd ^ *********************************** !!!Unauthorized access strictly prohibited and prosecuted to the full extent of the law!!! *********************************** ^ int fa 0/0 ip add 172.16.1.129 255.255.255.192 no shut int s0/0/0 ip add 172.30.1.2 255.255.255.252 no shut int s0/0/1 ip add 172.30.1.5 255.255.255.252 encapsulation ppp ppp authentication chap clock rate 2000000 no shut router eigrp 100 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.30.0.0 no auto-summary logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar end write me