Professional Documents
Culture Documents
CCNA4 Ewan PT Practice Sba 95
CCNA4 Ewan PT Practice Sba 95
In this practice Packet Tracer Skills Exam, you are expected to:
Addressing Table
Device
R1
Interface
Fa0/0
S0/0/0
S0/0/1.101
Address
Subnet Mask
Default Gateway
172.30.1.1
10.10.10.1
255.255.255.252
255.255.255.252
n/a
n/a
R2
S0/0/0
S0/0/1.201
S0/1/0
172.30.1.6
10.10.10.2
209.165.201.2
255.255.255.252
255.255.255.252
255.255.255.252
n/a
n/a
n/a
R3
Fa0/0
S0/0/0
S0/0/1
172.30.1.2
172.30.1.5
255.255.255.252
255.255.255.252
n/a
n/a
n/a
DHCP Assigned
DHCP Assigned
DHCP Assigned
PC1
NIC
PC3
NIC
NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is
class.
c.
Assign the first (lowest) address in this subnet to the Fa0/0 interface on R3.
d.
Subnet the remaining address space to provide 30 host addresses for the R1 LAN while
wasting the fewest addresses.
e.
f.
g.
h.
Configure PC1 with IP addressing. PC3 will get its address from the DHCP server on R3 in
the next step.
b.
Verify that PC3 now has full IP addressing. It may be necessary to toggle between Static
and DHCP on the IP Configuration screen for PC3 before PC3 will send a DHCP request. PC3
should be able to ping the default gateway.
b.
Configure R2 with a default route using the outbound interface argument. Use one command
to propagate the default route into the EIGRP routing process.
c.
Verify PC1 and PC3 can ping each other as well as R1, R2 and R3. You will not be able to
ping Internet hosts yet.
b.
Verify that PC1 and PC3 can ping the Internet hosts.
Configure and apply an ACL with the number 50 that implements the following policy:
Deny any host from the R3 LAN from accessing hosts on the R1 LAN.
b.
c.
Configure and apply a named ACL with the case-sensitive name FIREWALL that
implements the following policy:
d.
SOLUTION
IP pool received 172.16.1.128 /25
172.16.1.192 /27
172.16.1.193 255.255.255.224
172.16.1.222 255.255.255.224
net 172.16.1.192
passive-interface fa0/0
Step 4: Configure R2 with a NAT
R2:
exit
access-list 1 permit 172.16.1.128 0.0.0.127
ip nat inside source list 1 interface s0/1/0
inter s0/0/0
ip nat inside
inter s0/0/1.201
ip nat inside
inter s0/1/0
ip nat outside
Step 5: Configure Access Control Lists to Satisfy a Security Policy.
A)
R1:
exit
access-list 50 deny 172.16.1.128 0.0.0.63
access-list 50 permit any
inter fa0/0
ip access-group 50 out
C)
R2:
exit
ip access-list extended FIREWALL
deny icmp any any echo
deny tcp any any eq telnet
deny tcp any any eq www
permit ip any any
exit
inter s0/1/0
ip access-group FIREWALL in
end