EWAN NAT/ACL PT Practice SBA

In this practice Packet Tracer Skills Exam, you are expected to: · · · · · · · Finish designing the IP addressing scheme. Implement the addressing in the network to meet the stated requirements. Configure and verify a DHCP server implementation. Configure and verify WAN technologies. Configure EIGRP to enable communication with the rest of the network. Configure NAT to translate addresses for traffic destined to the Internet. Implement access control lists as part of a security policy.

Addressing Table
Device R1 Interface Fa0/0 S0/0/0 S0/0/1.101 S0/0/0 S0/0/1.201 S0/1/0 Fa0/0 S0/0/0 S0/0/1 NIC NIC DHCP Assigned DHCP Assigned DHCP Assigned Address 172.30.1.1 10.10.10.1 172.30.1.6 10.10.10.2 209.165.201.2 Subnet Mask 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252 Default Gateway n/a n/a n/a n/a n/a n/a n/a n/a

R2

R3

172.30.1.2 172.30.1.5

255.255.255.252 255.255.255.252

PC1 PC3

NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.

Step 1: Finish the IP Addressing Design and Implementation. Assign the first (lowest) address in this subnet to the Fa0/0 interface on R1. Exclude the first three host addresses in the subnet. Verify that R3 and R2 can ping each other. R3 should be able to ping the other side of the link. Verify that PC3 now has full IP addressing. Subnet the address space 172. The link between R3 and R1 uses HDLC.1. Step 4: Configure and Verify EIGRP Routing. The link between R3 and R2 uses PPP with CHAP. PC3 should be able to ping the default gateway. h. Verify that R3 and R1 can ping each other. Use AS number 100. a. Assign the first (lowest) address in this subnet to the Fa0/0 interface on R3. a. · Assign the next available subnet to the R1 LAN. b. Configure R3 as the DHCP server for the LAN attached to Fa0/0 using the following guidelines: · · Use the case-sensitive DHCP pool name of R3_LAN. Step 3: Configure WAN Technologies. b. f. Subnet the remaining address space to provide 30 host addresses for the R1 LAN while wasting the fewest addresses. Assign the last (highest) host address in this subnet to PC1. c. . and R3. It may be necessary to toggle between “Static” and “DHCP” on the IP Configuration screen for PC3 before PC3 will send a DHCP request. e. b. The password is ciscochap. PC3 will get its address from the DHCP server on R3 in the next step. R2.16. Step 2: Configure and Verify R3 as the DHCP Server. · Configure EIGRP routing on R1. a. The link between R1 and R2 uses point-to-point Frame Relay subinterfaces. Verify that R1 and R2 can ping each other. d. Assign the first available subnet to the R3 LAN. Finish the IP addressing configuration: Configure R1 and R3 LAN interfaces with IP addressing.128/25 to provide 50 host addresses for the R3 LAN while wasting the fewest addresses. g. Design an addressing scheme and fill in the Addressing Table based on the following requirements: a. · Configure PC1 with IP addressing. c.

Verify that PC1 and PC3 can ping the Internet hosts.222 255.255. · · b.1. Use the number 1 for the access list. Allow all other traffic.192 /27 172.128/25 address space will be translated. c.128 /26 FA00 172. a.16.16. R2 and R3.16. Step 5: Configure R2 with a NAT. c. Verify the FIREWALL ACL is operating as intended.1.224 172. SOLUTION IP pool received 172.16. Configure and apply a named ACL with the case-sensitive name FIREWALL that implements the following policy: · · · d. Use one command to propagate the default route into the EIGRP routing process.1.1.192 Address calculation for R1 Network FA00 PC1 172. Verify PC1 and PC3 can ping each other as well as R1. Verify that ACL 50 is operating as intended. Hosts on the R3 LAN should be able to ping any other destination. You will not be able to ping Internet hosts yet.255.255.193 255.255.1.1.16.· · Do not use the wildcard mask argument.224 .16.255.255. Step 6: Configure Access Control Lists to Satisfy a Security Policy. · · · b. Configure R2 with a default route using the outbound interface argument.128 /25 Address calculation for R3 Network 172. Configure NAT on R2 using the following guidelines: Only addresses in the 172.129 255. a. b. Do not advertise the network between R2 and the Internet. Configure PAT on the R2 S0/1/0 interface.16. Configure and apply an ACL with the number 50 that implements the following policy: Deny any host from the R3 LAN from accessing hosts on the R1 LAN. Deny Telnet and HTTP traffic sourced from the Internet.1. Deny ping requests sourced from the Internet.

4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R1 ! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.255.0.R1#sh run Building configuration.0.10.10.255.255.255.252 clock rate 2000000 ! interface Serial0/0/1 no ip address encapsulation frame-relay ! interface Serial0/0/1.16.193 255.1 255.252 frame-relay interface-dlci 101 .30.ZeCi1 ! ! ! ! ! ! ! ! ! ! ip ssh version 1 ip name-server 0.1..1 255. Current configuration : 1309 bytes ! version 12.0 ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.255.1.101 point-to-point ip address 10..255.224 ip access-group 50 out duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.

16.0 network 10.128 0..0 no auto-summary ! ip classless ! ! access-list 50 deny 172.0.63 access-list 50 permit any ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! end R2#sh run Building configuration.0.0.0.0.1.30.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R2 .! interface Vlan1 no ip address shutdown ! router eigrp 100 passive-interface FastEthernet0/0 network 172.0 network 172.0..16. Current configuration : 1718 bytes ! version 12.

1.255.0.252 ip access-group FIREWALL in ip nat outside ! interface Serial0/1/1 .252 encapsulation ppp ppp authentication chap ip nat inside ! interface Serial0/0/1 no ip address encapsulation frame-relay ! interface Serial0/0/1.255.255.! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.10.255.2 255.255.255.6 255.0.0 ! ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.201.2 255.10.165.ZeCi1 ! ! ! ! ! ! username R3 password 0 ciscochap ! ! ! ! ! ip ssh version 1 ip name-server 0.201 point-to-point ip address 10.252 frame-relay interface-dlci 201 ip nat inside ! interface Serial0/1/0 ip address 209.30.

.127 ip access-list extended FIREWALL deny icmp any any echo deny tcp any any eq telnet deny tcp any any eq www permit ip any any ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! End R3#sh run Building configuration.1.0 0.0.30.0.0.0.0 network 10.no ip address shutdown ! interface Vlan1 no ip address shutdown ! router eigrp 100 redistribute static passive-interface Serial0/1/0 network 172.0..16.0.0 Serial0/1/0 ! ! access-list 1 permit 172.128 0. .0.0 no auto-summary ! ip nat inside source list 1 interface Serial0/1/0 overload ip classless ip route 0.0.0.

4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R3 ! ! ! enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.0.129 172.255.5 255.1.1.129 255.255.252 encapsulation ppp ppp authentication chap clock rate 2000000 ! .30.255.129 ! ! ! username R2 password 0 ciscochap ! ! ! ! ! ip ssh version 1 ip name-server 0.255.16.128 255.0 ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.192 default-router 172.255.131 ! ip dhcp pool R3_LAN network 172.192 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 172.1.0.30.1.1.252 ! interface Serial0/0/1 ip address 172.1.255.16.255.ZeCi1 ! ! ip dhcp excluded-address 172.Current configuration : 1299 bytes ! version 12.255.16.16.1.16.2 255.

0.0.0 no auto-summary ! ip classless ! ! ! banner motd ^CAuthorized Access Only!^C ! ! ! ! logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ! ! ntp update-calendar ! end .30.0 network 172.interface Vlan1 no ip address shutdown ! router eigrp 100 passive-interface FastEthernet0/0 network 172.16.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.