EWAN NAT/ACL PT Practice SBA

A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done, it will close automatically. 3. Click the Submit Assessment button to submit your work.

Introduction
In this practice Packet Tracer Skills Exam, you are expected to: • • • • • • • Finish designing the IP addressing scheme. Implement the addressing in the network to meet the stated requirements. Configure and verify a DHCP server implementation. Configure and verify WAN technologies. Configure EIGRP to enable communication with the rest of the network. Configure NAT to translate addresses for traffic destined to the Internet. Implement access control lists as part of a security policy.

255. Subnet the address space 172. Finish the IP addressing configuration: Configure R1 and R3 LAN interfaces with IP addressing.255.6 10.255.201.1.192 255.255.255.129 172.255.1 172. NOTE: The password for user EXEC mode is cisco.255. Design an addressing scheme and fill in the Addressing Table based on the following requirements: a.10.255. f.255. c.1.252 172.30.10.255.16. h. The password for privileged EXEC mode isclass.252 255.1. d.30. PC3 will get its address from the DHCP server on R3 in the next .255.1.193 DHCP Assigned NOTE:Use a printed version of these instructions to fill in the missing address information in the table during Step 1 to aid in configuring.16.16.201 S0/1/0 R3 Fa0/0 S0/0/0 S0/0/1 PC1 PC3 NIC NIC Address Subnet Mask Default Gateway n/a n/a n/a n/a n/a n/a n/a n/a n/a 172.255. Assign the last (highest) host address in this subnet to PC1.1.128/25 to provide 50 host addresses for the R3 LAN while wasting the fewest addresses.Addressing Table Device R1 Interface Fa0/0 S0/0/0 S0/0/1.10. Subnet the remaining address space to provide 30 host addresses for the R1 LAN while wasting the fewest addresses.255. g. Step 1: Finish the IP Addressing Design and Implementation.1 10.255. b.252 255.101 R2 S0/0/0 S0/0/1. verifying and troubleshooting the devices.5 255.30.10.255.1.252 255.255.252 255. Assign the first (lowest) address in this subnet to the Fa0/0 interface on R1. Assign the first (lowest) address in this subnet to the Fa0/0 interface on R3.16. • • step.2 255.1.224 255.193 172.252 255.255.224 DHCP Assigned 172. Assign the first available subnet to the R3 LAN.16.252 172. e.2 172.255.222 DHCP Assigned 255.165.30.255. Assign the next available subnet to the R1 LAN. Configure PC1 with IP addressing.1.255.2 209.1.

128/25 address space will be translated. a. The link between R3 and R1 uses HDLC.16. It may be necessary to toggle between “Static” and “DHCP” on the IP Configuration screen for PC3 before PC3 will send a DHCP request.Step 2: Configure and Verify R3 as the DHCP Server. R2 and R3. and R3. Verify that R3 and R2 can ping each other. Use the number 1 for the access list. Use one command to propagate the default route into the EIGRP routing process. Do not use the wildcard mask argument. Configure R2 with a default route using the outbound interface argument. Step 6: Configure Access Control Lists to Satisfy a Security Policy. Configure PAT on the R2 S0/1/0 interface. The link between R1 and R2 uses point-to-point Frame Relay subinterfaces. a. • • • b. a. a. Verify that R1 and R2 can ping each other. • • b. Verify that PC3 now has full IP addressing. Do not advertise the network between R2 and the Internet. Configure R3 as the DHCP server for the LAN attached to Fa0/0 using the following guidelines: Use the case-sensitive DHCP pool name of R3_LAN. PC3 should be able to ping the default gateway. Verify that PC1 and PC3 can ping the Internet hosts. a. Use AS number 100. c. Step 5: Configure R2 with a NAT.1. Step 3: Configure WAN Technologies. You will not be able to ping Internet hosts yet. c. R3 should be able to ping the other side of the link. Verify that R3 and R1 can ping each other. Configure and apply an ACL with the number 50 that implements the following policy: . Verify PC1 and PC3 can ping each other as well as R1. R2. • • • b. The link between R3 and R2 uses PPP with CHAP. Configure EIGRP routing on R1. b. Exclude the first three host addresses in the subnet. Configure NAT on R2 using the following guidelines: Only addresses in the 172. Step 4: Configure and Verify EIGRP Routing. The password is ciscochap.

0.1.0 Created in Packet Tracer 5.255.255. Allow all other traffic.1 255.0 . Inc.30.30.2009 Cisco Systems. R1 hostname R1 no ip domain-lookup enable secret cisco banner motd ^ *********************************** !!!Unauthorized access strictly prohibited and prosecuted to the full extent of the law!!! *********************************** ^ int fa0/0 ip add 172.1.252 frame-relay interface-dlci 101 no shut router eigrp 100 passive-interface FastEthernet0/0 network 172.0 network 172.0.• • b.224 ip access-group 50 out no shut int s0/0/0 ip add 172. c.1 and Marvel 1.10. Version 1.101 point-to-point ip address 10. Verify that ACL 50 is operating as intended.10. All rights reserved.16. Verify the FIREWALL ACL is operating as intended.255.193 255. Configure and apply a named ACL with the case-sensitive name FIREWALL that implements the following policy: Deny ping requests sourced from the Internet.255.2.1 255. Hosts on the R3 LAN should be able to ping any other destination.0. Deny any host from the R3 LAN from accessing hosts on the R1 LAN.255.255. Deny Telnet and HTTP traffic sourced from the Internet. • • • d.16.1 All contents are Copyright © 1992 .252 clock rate 2000000 no shut interface Serial0/0/1 no ip address no shut encapsulation frame-relay interface Serial0/0/1. This document is Cisco Public Information.

255.63 access-list 50 permit any logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar end write me R2 hostname R2 no ip domain-lookup enable secret cisco username R3 password 0 ciscochap banner motd ^ *********************************** !!!Unauthorized access strictly prohibited and prosecuted to the full extent of the law!!! *********************************** ^ int s0/0/0 ip add 172.0.6 255.2 255.128 0.0.0.10.252 frame-relay interface-dlci 201 ip nat inside no shut .255.30.network 10.252 encapsulation ppp ppp authentication chap ip nat inside no shut interface Serial0/0/1 no ip address no shut encapsulation frame-relay interface Serial0/0/1.201 point-to-point ip address 10.1.10.255.1.16.0.255.0 no auto-summary access-list 50 deny 172.

255.1.0.0.1.1.0.16.127 ip access-list extended FIREWALL deny icmp any any echo deny tcp any any eq telnet deny tcp any any eq www permit ip any any logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar end write me R3 hostname R3 no ip domain-lookup enable secret cisco username R2 password 0 ciscochap ip dhcp excluded-address 172.0 network 10.0 0.129 172.201.16.1.192 default-router 172.165.0 Serial0/1/0 access-list 1 permit 172.255.129 .128 255.131 ip dhcp pool R3_LAN network 172.0.0.252 ip access-group FIREWALL in ip nat outside no shut router eigrp 100 redistribute static passive-interface Serial0/1/0 network 172.interface Serial0/1/0 ip address 209.30.1.255.0.0 no auto-summary default-information originate ip nat inside source list 1 interface Serial0/1/0 overload ip route 0.16.0.0.0.255.2 255.16.128 0.16.

30.255.255.banner motd ^ *********************************** !!!Unauthorized access strictly prohibited and prosecuted to the full extent of the law!!! *********************************** ^ int fa 0/0 ip add 172.1.255.1.30.16.255.0.252 no shut int s0/0/1 ip add 172.0 network 172.129 255.0.1.30.0 no auto-summary logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar end write me .252 encapsulation ppp ppp authentication chap clock rate 2000000 no shut router eigrp 100 passive-interface FastEthernet0/0 network 172.192 no shut int s0/0/0 ip add 172.255.16.255.5 255.2 255.

Sign up to vote on this title
UsefulNot useful