CCNA Exploration: Accessing the WAN Student Skills Based

Assessment Lab (Answer Key)

Topology Diagram

Addressing Table
Device
R1

R2
R3

Interface

IP Address

Subnet Mask

Default Gateway

Fa0/1

10.0.0.1

255.255.255.128

N/A

S0/0/0

172.16.0.1

255.255.255.252

N/A

S0/0/1

172.16.0.9

255.255.255.252

N/A

Lo0

209.165.200.161

255.255.255.224

N/A

S0/0/0

172.16.0.2

255.255.255.252

N/A

S0/0/1

172.16.0.5

255.255.255.252

N/A

Fa0/1
S0/0/0

10.0.0.129
172.16.0.10

255.255.255.128
255.255.255.252

N/A
N/A

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Device

Student Skills Based Assessment Answer Key

Interface

IP Address

Subnet Mask

Default Gateway

S0/0/1

172.16.0.6

255.255.255.252

N/A

PC1

NIC

10.0.0.10

255.255.255.128

10.0.0.1

PC3

NIC

10.0.0.139

255.255.255.128

10.0.0.129

Learning Objectives
To complete this lab:

Cable a network according to the topology diagram

Erase the startup configuration and reload a router to the default state

Perform basic configuration tasks on a router

Configure and activate interfaces

Configure and activate serial interfaces (PPP with CHAP, HDLC, and Frame Relay)

Configure RIP on all the routers

Configure basic router security

Configure ACLs

Configure basic NAT

Scenario
This lab tests you on the skills and knowledge that you learned in Exploration 4. Use cisco for all
passwords in this lab, except for the enable secret password, which is class.

Task 1: Prepare the Network

Step 1: Cable a network that is similar to the one in the topology diagram.
Step 2: Clear any existing configurations on the routers.

Task 2: Perform Basic Device Configurations

Configure the R1, R2, and R3 routers according to the following guidelines:

Configure the router hostname.

Disable DNS lookup.

Configure an EXEC mode password.

Configure a message-of-the-day banner.

Configure a password for console connections.

Configure synchronous logging.

Configure a password for vty connections.

enable
configure terminal
no ip domain-lookup

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

enable secret class

banner motd ^CUnauthorized access strictly prohibited and prosecuted
to the full extent of the law^C
!
!
line con 0
exec-timeout 0 0
logging synchronous
password cisco
login
!
line vty 0 4
password cisco
login
end
copy running-config starting-config

Task 3: Configure and Activate Serial and Ethernet Addresses

Step 1: Configure interfaces on R1, R2, and R3.
R1:
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.128
no shutdown
!
interface Serial0/0/0
ip address 172.16.0.1 255.255.255.252
clockrate 125000
no shutdown
!
interface Serial0/0/1
ip address 172.16.0.9 255.255.255.252
no shutdown
!
R2:
interface Loopback0
ip address 209.165.200.161 255.255.255.224
!
interface Serial0/0/0
ip address 172.16.0.2 255.255.255.252
no shutdown
!
interface Serial0/0/1
ip address 172.16.0.5 255.255.255.252
clockrate 125000
no shutdown
!
R3:
interface FastEthernet0/1
ip address 10.0.0.129 255.255.255.128
no shutdown
!

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

interface Serial0/0/0
ip address 172.16.0.10 255.255.255.252
clockrate 125000
no shutdown
!
interface Serial0/0/1
ip address 172.16.0.6 255.255.255.252
no shutdown
!
Step 2: Verify IP addressing and interfaces.
R1:
R1#show ip interface brief
Interface
IP-Address
Protocol
FastEthernet0/0
unassigned
FastEthernet0/1
10.0.0.1
Serial0/0/0
172.16.0.1
Serial0/0/1
172.16.0.9
Serial0/1/0
unassigned
Serial0/1/1
unassigned
R2:
R2#show ip interface brief
Interface
IP-Address
Protocol
FastEthernet0/0
unassigned
FastEthernet0/1
unassigned
Serial0/0/0
172.16.0.2
Serial0/0/1
172.16.0.5
Serial0/1/0
unassigned
Serial0/1/1
unassigned
Loopback0
209.165.200.161
R3:
R3#show ip interface brief
Interface
IP-Address
Protocol
FastEthernet0/0
unassigned
FastEthernet0/1
10.0.0.129
Serial0/0/0
172.16.0.10
Serial0/0/1
172.16.0.6

OK? Method Status

YES
YES
YES
YES
YES
YES

unset
manual
manual
manual
unset
unset

administratively down down

up
up
up
up
up
up
administratively down down
administratively down down

OK? Method Status

YES
YES
YES
YES
YES
YES
YES

unset
unset
manual
manual
unset
unset
manual

administratively
administratively
up
up
administratively
administratively
up

down down
down down
up
up
down down
down down
up

OK? Method Status

YES
YES
YES
YES

unset
manual
manual
manual

administratively down down

up
up
up
up
up
up

Step 3: Configure the PC1 and PC3 Ethernet interfaces.

Step 4: Test connectivity between the PCs and routers.

Task 4: Configure Serial Interfaces

Step 1: Configure and verify PPP encapsulation with CHAP authentication between R1 and R2.
The password is cisco.
R1:
username R2 password cisco
!

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 4 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

interface Serial0/0/0
encapsulation ppp
ppp authentication chap
!
R2:
username R1 password 0 cisco
interface Serial0/0/0
encapsulation ppp
ppp authentication chap
!
R1:
R1#show interfaces S0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 172.16.0.1/30
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Listen: CDPCP
Open: IPCP, loopback not set
Keepalive set (10 sec)
<output omitted>
R2:
R2#show interfaces S0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 172.16.0.2/30
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, loopback not set
Keepalive set (10 sec)
<output omitted>
Step 2: Configure and verify HDLC encapsulation between R2 and R3.
!no extra configuration is needed, The default encapsulation is HDLC
R2:
R2#show interfaces S0/0/1
Serial0/0/1 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 172.16.0.5/30
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
<output omitted>
R3:
R3#show interfaces S0/0/1
Serial0/0/1 is up, line protocol is up
Hardware is GT96K Serial

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 5 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

Internet address is 172.16.0.6/30

MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
<output omitted>
Step 3: Configure Frame Relay between R1 and R3.
R1:
interface Serial0/0/1
encapsulation frame-relay
frame-relay map ip 172.16.0.9 103
frame-relay map ip 172.16.0.10 103 broadcast
!
R3:
frame-relay switching
interface Serial0/0/0
encapsulation frame-relay
clockrate 125000
frame-relay map ip 172.16.0.9 103 broadcast
frame-relay map ip 172.16.0.10 103
frame-relay intf-type dce
!
R1:
R1#show interfaces S0/0/1
Serial0/0/1 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 172.16.0.9/30
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, loopback not set
Keepalive set (10 sec)
<output omitted>
!
R3:
R3#show interfaces S0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 172.16.0.10/30
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, loopback not set
Keepalive set (10 sec)
<output omitted>
!

Task 5: Configure RIP

Step 1: Configure RIP on R1, R2, and R3.
RIP updates should only be sent on the serial links between the routers. Prevent all other RIP updates on
all networks.

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 6 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

R1:
router rip
version 2
passive-interface default
no passive-interface Serial0/0/0
no passive-interface Serial0/0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
R2:
router rip
passive-interface default
no passive-interface Serial0/0/0
no passive-interface Serial0/0/1
network 172.16.0.0
network 209.165.200.0
no auto-summary
!
R3:
router rip
version 2
passive-interface default
no passive-interface Serial0/0/0
no passive-interface Serial0/0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
Step 2: Test connectivity with the ping command.
R1:
R1#ping 10.0.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1#ping 10.0.0.129
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.129, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R1#ping 10.0.0.139
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.139, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R1#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 7 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R1#ping 172.16.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/24 ms
R1#ping 172.16.0.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R1#ping 172.16.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
R2:
R2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R2#ping 10.0.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R2#ping 10.0.0.129
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.139, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R2#ping 10.0.0.139
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.139, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R2#ping 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms
R2#ping 172.16.0.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 8 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms

R2#ping 172.16.0.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
R2#ping 172.16.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R3:
R3#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms
R3#ping 10.0.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R3#ping 10.0.0.139
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.139, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R3#ping 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
R3#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/24 ms
R3#ping 172.16.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms
R3#ping 172.16.0.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 9 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

Step 3: Verify the routing table with the appropriate command.

R1:
R1#show ip route
<output omitted>
Gateway of last resort is not set
C
R
C
C
C
R

172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

172.16.0.8/30 is directly connected, Serial0/0/1
172.16.0.4/30 [120/1] via 172.16.0.10, 00:00:08, Serial0/0/1
172.16.0.0/30 is directly connected, Serial0/0/0
172.16.0.2/32 is directly connected, Serial0/0/0
10.0.0.0/25 is subnetted, 2 subnets
10.0.0.0 is directly connected, FastEthernet0/1
10.0.0.128 [120/1] via 172.16.0.10, 00:00:08, Serial0/0/1

R2:
R2#show ip route
<output omitted>
Gateway of last resort is not set
R
C
C
C
C
R
R

172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

172.16.0.8/30 [120/1] via 172.16.0.6, 00:00:27, Serial0/0/1
[120/1] via 172.16.0.1, 00:00:25, Serial0/0/0
172.16.0.4/30 is directly connected, Serial0/0/1
172.16.0.0/30 is directly connected, Serial0/0/0
172.16.0.1/32 is directly connected, Serial0/0/0
209.165.200.0/27 is subnetted, 1 subnets
209.165.200.160 is directly connected, Loopback0
10.0.0.0/25 is subnetted, 2 subnets
10.0.0.0 [120/1] via 172.16.0.1, 00:00:25, Serial0/0/0
10.0.0.128 [120/1] via 172.16.0.6, 00:00:27, Serial0/0/1

R3:
R3#show ip route
<output omitted>
Gateway of last resort is not set
C
C
R
R
R
C

172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

172.16.0.8/30 is directly connected, Serial0/0/0
172.16.0.4/30 is directly connected, Serial0/0/1
172.16.0.0/30 [120/1] via 172.16.0.9, 00:00:03, Serial0/0/0
172.16.0.2/32 [120/1] via 172.16.0.9, 00:00:03, Serial0/0/0
10.0.0.0/25 is subnetted, 2 subnets
10.0.0.0 [120/1] via 172.16.0.9, 00:00:03, Serial0/0/0
10.0.0.128 is directly connected, FastEthernet0/1

Task 6: Configure Basic Router Security

Step 1: Enable a secure Telnet login using a local database on R2.
aaa new-model
!
aaa authentication login Auth_Local local
!
line con 0

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 10 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

login authentication Auth_Local

logging synchronous
line vty 0 4
login authentication Auth_Local
Step 2: Disable unused services and interfaces on R2.
no service pad
no service finger
no service tcp-small-server
no service udp-small-server
no ip http server
no ip bootp server
no ip finger
no ip source-route
no ip gratuitous-arps
interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
shutdown
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
shutdown
!
interface Serial0/0/0
no ip redirects
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
!
interface Serial0/0/1
no ip redirects
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
!
Step 3: Confirm that R2 is secured.
R1#telnet 172.16.0.2
Trying 172.16.0.2 ... Open
User Access Verification
Username: R1
Password: cisco
% Authentication failed

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 11 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

Username: R1
Password: cisco
R2#

Task 7: Configure Access Control Lists

Step 1: Allow telnet to R1 and R3 from R2 only.
R1:
ip access-list standard telnet
permit 172.16.0.5
permit 172.16.0.1
permit 172.16.0.2
!
line vty 0 4
access-class telnet in
!
R3:
ip access-list standard telnet
permit 172.16.0.5
permit 172.16.0.1
permit 172.16.0.2
!
line vty 0 4
access-class telnet in
!
Step 2: Do not allow HTTP, Telnet, and FTP traffic from the Internet to PC1.
!Students should recognize that an extended access list is needed and that it
should be placed on the Internet facing interface.
R2:
ip access-list extended PC1-in
deny
tcp any host 10.0.0.10
deny
tcp any host 10.0.0.10
deny
tcp any host 10.0.0.10
deny
tcp any host 10.0.0.10
permit ip any any
!
interface Loopback0
ip access-group PC1-in in
!

eq
eq
eq
eq

ftp
ftp-data
telnet
www

Step 3: Do not allow PC1 to receive traffic from the 10.0.0.128 /25 network.
R1:
ip access-list extended pc3-out
deny
ip 10.0.0.128 0.0.0.127 any
permit ip any any
!
interface FastEthernet0/1
ip access-group pc3-out out
!

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 12 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

Step 4: Verify that PC3 cannot ping PC1, but can ping 10.0.0.1.
C:\ >ping 10.0.0.10
Pinging 10.10.10.1 with 32 bytes of data:
Request
Request
Request
Request

timed
timed
timed
timed

out.
out.
out.
out.

Ping statistics for 10.10.10.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\ >ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.0.1:
10.0.0.1:
10.0.0.1:
10.0.0.1:

bytes=32
bytes=32
bytes=32
bytes=32

time=1ms
time=2ms
time=1ms
time=1ms

TTL=255
TTL=255
TTL=255
TTL=255

Ping statistics for 10.0.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

Task 8: Configure NAT.

Step 1: Configure NAT to allow PC3 to ping PC1.
R3:
ip nat inside source list NAT interface Serial0/0/1 overload
!
ip access-list standard NAT
permit 10.0.0.128 0.0.0.127
!
interface FastEthernet0/1
ip nat inside
interface Serial0/0/0
ip nat outside
!
interface Serial0/0/1
ip nat outside
!
Step 2: Verify that PC3 can reach PC1.
C:\ >ping 10.0.0.10
Pinging 10.0.0.10 with 32 bytes of data:
Reply from 10.0.0.10: bytes=32 time=1ms TTL=255
Reply from 10.0.0.10: bytes=32 time=2ms TTL=255
Reply from 10.0.0.10: bytes=32 time=1ms TTL=255

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 13 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

Reply from 10.0.0.10: bytes=32 time=1ms TTL=255

Ping statistics for 10.0.0.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

Task 9: Document the Router Configurations

R1:
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret class
!
ip cef
!
no ip domain lookup
!
username R2 password 0 cisco
!
interface FastEthernet0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.128
ip access-group PC3-out out
!
interface Serial0/0/0
ip address 172.16.0.1 255.255.255.252
encapsulation ppp
clockrate 125000
ppp authentication chap
!
interface Serial0/0/1
ip address 172.16.0.9 255.255.255.252
encapsulation frame-relay
frame-relay map ip 172.16.0.9 103
frame-relay map ip 172.16.0.10 103 broadcast
!
router rip
version 2
passive-interface default
no passive-interface Serial0/0/0
no passive-interface Serial0/0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip access-list standard telnet
permit 172.16.0.5

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 14 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

permit 172.16.0.2
!
ip access-list extended pc3-out
deny
ip 10.0.0.128 0.0.0.127 any
permit ip any any
!
line con 0
exec-timeout 5 0
password cisco
logging synchronous
line aux 0
line vty 0 4
access-class telnet in
password cisco
!
end
R2:
no service pad
service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable secret class
!
aaa new-model
!
!
aaa authentication login Auth_Local local
!
aaa session-id common
!
no ip source-route
no ip gratuitous-arps
ip cef
!
no ip bootp server
no ip domain lookup
!
username R1 password 0 cisco
username ccna password 0 cisco
!
interface Loopback0
ip address 209.165.200.161 255.255.255.224
ip access-group PC1-in in
!
interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
shutdown

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 15 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
shutdown
!
interface Serial0/0/0
ip address 172.16.0.2 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
encapsulation ppp
ppp authentication chap
!
interface Serial0/0/1
ip address 172.16.0.5 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
no ip directed-broadcast
clockrate 125000
!
router rip
passive-interface default
no passive-interface Serial0/0/0
no passive-interface Serial0/0/1
network 172.16.0.0
network 209.165.200.0
no auto-summary
!
no ip http server
!
ip access-list extended PC1-in
deny
tcp any host 10.0.0.10 eq ftp
deny
tcp any host 10.0.0.10 eq ftp-data
deny
tcp any host 10.0.0.10 eq telnet
deny
tcp any host 10.0.0.10 eq www
permit ip any any
!
no cdp run
!
line con 0
exec-timeout 5 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 5 0
login authentication Auth_Local
!
end
R3:

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 16 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

hostname R3
!
no ip domain lookup
frame-relay switching
!
interface FastEthernet0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 10.0.0.129 255.255.255.128
ip nat inside
!
interface Serial0/0/0
ip address 172.16.0.10 255.255.255.252
ip nat outside
encapsulation frame-relay
clockrate 125000
frame-relay map ip 172.16.0.9 103 broadcast
frame-relay map ip 172.16.0.10 103
no frame-relay inverse-arp
frame-relay intf-type dce
!
interface Serial0/0/1
ip address 172.16.0.6 255.255.255.252
ip nat outside
!
router rip
version 2
passive-interface default
no passive-interface Serial0/0/0
no passive-interface Serial0/0/1
network 10.0.0.0
network 172.16.0.0
no auto-summary
!
ip nat inside source list NAT interface Serial0/0/1 overload
!
ip access-list standard NAT
permit 10.0.0.128 0.0.0.127
ip access-list standard telnet
permit 172.16.0.5
permit 172.16.0.2
!
line con 0
exec-timeout 5 0
password cisco
logging synchronous
line aux 0
line vty 0 4
access-class telnet in
password cisco
!
end

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 17 of 18

CCNA Exploration
Accessing the WAN: Skills Based Assessment

Student Skills Based Assessment Answer Key

Task 10: Clean Up

Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are
normally connected to other networks, such as the school LAN or to the Internet, reconnect the
appropriate cabling and restore the TCP/IP settings.

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 18 of 18