Task 1: Configure Frame Relay in a Hub and Spoke Topology

Step 1: Configure the Frame Relay core.

Use the Table on Packet Tracer topology and the following requirements:
1. HQ is the hub router. B1, B2 and B3 are the spokes.
2. HQ uses a point-to-point sub-interface for each of the Branch routers.
3. B3 must be manually configured to use IETF encapsulation.
4. The LMI type must be manually configured as q933a for HQ, B1 and B2. B3 uses ANSI.
Step 2: Configure the LAN interface on HQ.
Step 3: Verify that HQ can pint each of the Branch routers.

Task 2: Configure PPP with CHAP

Step 1: Configure the WAN link from HQ to ISP using PPP encapsulation and CHAP authentication.
1. The CHAP password is ciscochap
2. The ISP’s user name is ISP
Step 2: Verify that HQ can ping ISP.

Task 3: Configure Static and Dynamic NAT on HQ

Step 1: Configure NAT.
Use the following requirements:
1. Allow all addresses for the 10.0.0.0/8 address space to be translated.
2. XYZ Corporation owns the 209.165.200.240/29 address space
3. The NAT Pool, XYZCORP, uses addresses .241 thorough .245 with a /29 mask
4. The www.xyzcorp.com website at 10.0.1.2 is registered with the Public DNS system at IP address
209.165.200.246
Step 2: Verify that NAT is operating by using extended ping.
From HQ, ping the serial 0/0/0 interface on ISP using the HQ LAN interface as the source address.
Step 3: Verify that NAT translated the ping with the show ip nat translation command.

Task 4: Configure Default Routing

Step 1: Configure HQ with a default route to ISP.
1. Use the exit interface as an argument.
Step 2: Verify connectivity beyond ISP.
1. The NetAdmin PC should be able to ping the www.cisco.com web server.

Task 5: Configure Inter-VLAN Routing

Step 1: Configure B1 for inter-VLAN routing.
1. Using the addressing table for B1, configure and activate the LAN interface for inter-VLAN routing.
Step 2: Verify routing tables.
1. B1 should now have 6 directly connected networks and 1 static default route.

Task 6: Configure and Optimize EIGRP Routing

Step 1: Configure HQ, B1, B2, and B3 with EIGRP.
1. Use AS 100
2. HQ should redistribute its default route to the branch routers
3. Manually summarize EIGRP routes so that B1 advertises the 10.1.0.0/16 address space only to HQ.
Step 2: Verify routing tables and connectivity.
1. HQ and the branch routers should now have complete routing tables.
2. The NetAdmin PC should now be able to ping each LAN interface and the VLAN sub-interfaces on B1.

Task 7: Configure VTP, Trunking, VLAN Interfaces and VLANs

Step 1: Configure the B1 switches (B1-S1 to B1-S3) with VTP.
1. B1-S1 is the VTP server; B1-S2 and B1-S3 are VTP Clients.
2. The domain name is XYZCORP
3. The password is xyzvtp
Step 2: Configure trunking.
1. Configure the appropriate interfaces in trunking mode.
Step 3: Configure the VLAN interface and default gateway on B1-S1, B1-S2 and B1-S3.
Step 4: Create the VLANs on B1-S1.
 1. Create and name the VLANs listed in the table on B1-S1 only. VTP advertises the new VLANs to B1-S2 and B1-S3.
Step 5: Verify that the VLANs have been sent to B1-S2 and B1-S3.

Task 8: Assign VLANs and Configure Port Security

Step 1: Assign the VLANs to the access ports on B1-S2.
Use the table provided to complete the following requirements.
1. Configure access ports.
2. Assign VLANs to all the access ports
Step 2: Configure Port Security.
Use the following policy to establish port security on the B1-S2 access ports:
1. Allow only 1 MAC address
2. Configure the first learned MAC address to “stick” to the configuration.
3. Set the port to shut down if a security violation occurs.
Step 3: Verify VLAN assignments and port security.
1. Use the appropriate command to verify that access VLANs are correctly assigned and that the port security policy has
been enabled.

Task 9: Configure STP

Step 1: Configure B1-S1 as the root bridge.
1. Set the priority level to 4096 on B1-S1 so that the switch is always the root bridge for all VLANs.
Step 2: Configure B1-S3 as the backup root bridge.
1. Set the priority level to 8192 on B1-S3 so that the switch is always the backup root bridge for all VLANs.
Step 3: Verify that B1-S1 is the root bridge.
Step 4: Verify that B1-S3 is the backup root bridge.

Task 10: Configure DHCP

Step 1: Configure DHCP pools for each VLAN.
On B1, configure DHCP pools for each VLAN using the following requirements:
1. Exclude the first 10 IP addresses in each pool in the LANs.
2. The pool name is B1_VLAN## where ## is the VLAN number.
3. Include the DNS server attached to the HQ server farm as part of the DHCP configuration.
Step 2: Verify that the PC’s have and IP address, Subnet Mask, Gateway and DNS entry.
Step 3: Verify connectivity.
1. All PC’s physically attached to the network should be able to ping the www.cisco.com web server.

Task 11: Configure a Firewall ACL

Step 1: Verify connectivity from Outside Host.
1. The Outside Host PC should be able to ping the www.xyzcorp.com web server.
Step 2: Implement a basic firewall ACL.
Because ISP represents connectivity to the Internet, configure a named ACL called FIREWALL in the following order:
1. Allow inbound HTTP requests to the www.xyzcorp.com server
2. Allow only established TCP sessions from ISP and any source beyond ISP.
3. Allow only inbound ping replies from ISP and any source beyond ISP
4. Explicitly block all other inbound access from ISP and any source beyond ISP
Step 3: Verify connectivity from Outside Host.
1. The Outside Host PC should not be able to ping the www.xyzcorp.com web server, however the Outside Host PC should
be able to view the webpage at www.xyzcorp.com

Task 12: Configure the wireless network

Step 1: We will work on this as a group.

Task 13: Attach the cisco phone to VLAN30

Step 1: We will work on this as a group.

Task 14: Harden all devices using Cisco’s best practices

Step 1: We will work on this as a group.