CCNA Exploration: Accessing the WAN Student Skills Based Assessment Lab Answer Key

Topology Diagram

Addressing Table Device Interface

Fa0/1 R1 S0/0/0 S0/0/1 Lo0 R2 S0/0/0 S0/0/1 Fa0/1 R3 S0/0/0 S0/0/1

IP Address
10.0.0.1 172.16.0.1 172.16.0.9 209.165.200.161 172.16.0.2 172.16.0.5 10.0.0.129 172.16.0.10 172.16.0.6

Subnet Mask
255.255.255.128 255.255.255.252 255.255.255.252 255.255.255.224 255.255.255.252 255.255.255.252 255.255.255.128 255.255.255.252 255.255.255.252

Default Gateway
N/A N/A N/A N/A N/A N/A N/A N/A N/A

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 9

CCNA Exploration Accessing the WAN: Skills Based Assessment

Student Skills based Assessment Lab

Device
PC1 PC3

Interface
NIC NIC

IP Address
10.0.0.10 10.0.0.139

Subnet Mask
255.255.255.128 255.255.255.128

Default Gateway
10.0.0.1 10.0.0.129

Learning Objectives
To complete this lab: Cable a network according to the topology diagram Erase the startup configuration and reload a router to the default state Perform basic configuration tasks on a router Configure and activate interfaces Configure and activate serial interfaces (PPP with CHAP, HDLC, and Frame Relay) Configure RIP on all the routers Configure basic router security Configure ACLs Configure basic NAT

Scenario
This lab tests you on the skills and knowledge that you learned in Exploration 4. Use cisco for all passwords in this lab, except for the enable secret password, which is class.

Task 1: Prepare the Network

Step 1: Cable a network that is similar to the one in the topology diagram. Step 2: Clear any existing configurations on the routers.

Task 2: Perform Basic Device Configurations

Configure the R1, R2, and R3 routers according to the following guidelines: Configure the router hostname. Disable DNS lookup. Configure an EXEC mode password. Configure a message-of-the-day banner. Configure a password for console connections. Configure synchronous logging. Configure a password for vty connections.

R1:
Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#banner motd #R1# R1(config)#no ip domain-lookup R1(config)#enable secret class

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 9

CCNA Exploration Accessing the WAN: Skills Based Assessment

Student Skills based Assessment Lab

R1(config)#line console 0 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#logging synchronous R1(config-line)#exec-timeout 5 R1(config-line)#exit R1(config)#line vty 0 4 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#logging synchronous R1(config-line)#exec-timeout 5 R1(config-line)#exit

R2:
Router>enable Router#configure terminal Router(config)#hostname R2 R2(config)#banner motd #R2# R2(config)#no ip domain-lookup R2(config)#enable secret class R2(config)#line console 0 R2(config-line)#password cisco R2(config-line)#login R2(config-line)#logging synchronous R2(config-line)#exec-timeout 5 R2(config-line)#exit R2(config)#line vty 0 4 R2(config-line)#password cisco R2(config-line)#login R2(config-line)#logging synchronous R2(config-line)#exec-timeout 5 R2(config-line)#exit

R3:
Router>enable Router#configure terminal Router(config)#hostname R3 R3(config)#banner motd #R3# R3(config)#no ip domain-lookup R3(config)#enable secret class R3(config)#line console 0 R3(config-line)#password cisco R3(config-line)#login R3(config-line)#logging synchronous R3(config-line)#exec-timeout 5 R3(config-line)#exit
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 9

CCNA Exploration Accessing the WAN: Skills Based Assessment

Student Skills based Assessment Lab

R3(config)#line vty 0 4 R3(config-line)#password cisco R3(config-line)#login R3(config-line)#logging synchronous R3(config-line)#exec-timeout 5 R3(config-line)#exit

Task 3: Configure and Activate Serial and Ethernet Addresses

Step 1: Configure interfaces on R1, R2, and R3. Step 2: Verify IP addressing and interfaces. Step 3: Configure the PC1 and PC3 Ethernet interfaces. Step 4: Test connectivity between the PCs and routers.

R1:
R1(config)#interface fastEthernet0/1 R1(config-if)#ip address 10.0.0.1 255.255.255.128 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface Serial0/0/0 R1(config-if)#ip address 172.16.0.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface Serial0/0/1 R1(config-if)#ip address 172.16.0.9 255.255.255.252 R1(config-if)#no shutdown R1(config-if)#end R1#show ip interface brief

R2:
R2(config)#interface Serial0/0/0 R2(config-if)#ip address 172.16.0.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface Serial0/0/1 R2(config-if)#ip address 172.16.0.5 255.255.255.252 R1(config-if)#clock rate 64000 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface Loopback0 R2(config-if)#ip address 209.165.200.161 255.255.255.224 R2(config-if)#no shutdown R2(config-if)#end R2#show ip interface brief

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 4 of 9

CCNA Exploration Accessing the WAN: Skills Based Assessment

Student Skills based Assessment Lab

R3:
R3(config)#interface fastEthernet0/1 R3(config-if)#ip address 10.0.0.129 255.255.255.128 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#interface Serial0/0/0 R3(config-if)#ip address 172.16.0.10 255.255.255.252 R3(config-if)#clock rate 64000 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#interface Serial0/0/1 R3(config-if)#ip address 172.16.0.6 255.255.255.252 R3(config-if)#no shutdown R3(config-if)#end R3#show ip interface brief

Task 4: Configure Serial Interfaces

Step 1: Configure and verify PPP encapsulation with CHAP authentication between R1 and R2. The password is cisco. Step 2: Configure and verify HDLC encapsulation between R2 and R3. Step 3: Configure Frame Relay between R1 and R3.

R1:
R1#configure terminal R1(config)#username R2 password cisco R1(config)#interface Serial0/0/0 R1(config-if)#encapsulation ppp R1(config-if)#ppp authentication chap R1(config-if)#exit R1(config)#interface Serial0/0/1 R1(config-if)#encapsulation frame-relay R1(config-if)#frame-relay map ip 172.16.0.9 101 broadcast R1(config-if)#frame-relay map ip 172.16.0.10 101 broadcast R1(config-if)#frame-relay interface-dlci 101 R1(config-if)#no keepalive R1(config-if)#end R1#show R1#show R3#show R3#show interface Serial0/0/0 interface Serial0/0/1 frame-relay pvc frame-relay map

R2:
R2#configure terminal R2(config)#username R1 password cisco R2(config)#interface Serial0/0/0 R2(config-if)#encapsulation ppp
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 9

CCNA Exploration Accessing the WAN: Skills Based Assessment

Student Skills based Assessment Lab

R2(config-if)#ppp authentication chap R2(config-if)#exit R2(config)#interface Serial0/0/1 R2(config-if)#encapsulation hdlc R2(config-if)#end R2#show interface Serial0/0/0 R2#show interface Serial0/0/1

R3:
R3#configure terminal R3(config)#interface Serial0/0/0 R3(config-if)#encapsulation frame-relay R3(config-if)#frame-relay map ip 172.16.0.10 101 broadcast R3(config-if)#frame-relay map ip 172.16.0.9 101 broadcast R3(config-if)#frame-relay interface-dlci 101 R3(config-if)#no keepalive R3(config-if)#exit R3(config)#interface Serial0/0/1 R3(config-if)#encapsulation hdlc R3(config-if)#end R3#show R3#show R3#show R3#show interface Serial0/0/0 interface Serial0/0/1 frame-relay pvc frame-relay map

Task 5: Configure RIP

Step 1: Configure RIP on R1, R2, and R3. RIP updates should only be sent on the serial links between the routers. Prevent all other RIP updates on all networks. Step 2: Test connectivity with the ping command. Step 3: Verify the routing table with the appropriate command.

R1:
R1#configure terminal R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 10.0.0.0 R1(config-router)#network 172.16.0.0 R1(config-router)#passive-interface fastEthernet0/1 R1(config-router)#no auto-summary R1(config-router)#end R1#show ip protocols R1#show ip route

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 6 of 9

CCNA Exploration Accessing the WAN: Skills Based Assessment

Student Skills based Assessment Lab

R2:
R2#configure terminal R2(config)#ip route 0.0.0.0 0.0.0.0 Loopback0 R2(config)#router rip R2(config-router)#version 2 R2(config-router)#network 172.16.0.0 R2(config-router)#no auto-summary R2(config-router)#redistribute static R2(config-router)#end R2#show ip protocols R2#show ip route

R3:
R3#configure terminal R3(config)#router rip R1(config-router)#version 2 R3(config-router)#network 10.0.0.0 R3(config-router)#network 172.16.0.0 R3(config-router)#passive-interface fastEthernet0/1 R3(config-router)#no auto-summary R3(config-router)#end R3#show ip protocols R3#show ip route

Task 6: Configure Basic Router Security

Step 1: Enable a secure Telnet login using a local database on R2. Step 2: Disable unused services and interfaces on R2. Step 3: Confirm that R2 is secured.

R2:
R2#configure terminal R2(config)#username cisco password cisco R2(config)#aaa new-model R2(config)#aaa authentication login LOCAL_AUTH local R2(config)#line vty 0 4 R2(config-line)#login authentication LOCAL_AUTH R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no R2(config)#no service pad service finger service udp-small-server service tcp-small-server ip bootp server ip http server ip finger ip source-route ip gratuitous-arps
Page 7 of 9

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

CCNA Exploration Accessing the WAN: Skills Based Assessment

Student Skills based Assessment Lab

R2(config)#no cdp run

Task 7: Configure Access Control Lists

Step 1: Allow telnet to R1 and R3 from R2 only. Step 2: Do not allow HTTP, Telnet, and FTP traffic from the Internet to PC1. Step 3: Do not allow PC1 to receive traffic from the 10.0.0.128 /25 network. Step 4: Verify that PC3 cannot ping PC1, but can ping 10.0.0.1.

R1:
R1#configure terminal R1(config)#access-list R1(config)#access-list R1(config)#access-list R1(config)#access-list 101 101 101 101 permit tcp host 172.16.0.2 any eq 23 permit tcp host 172.16.0.5 any eq 23 deny tcp any any eq 23 permit ip any any

R1(config)#line vty 0 4 R1(config-line)#access-class 101 in R1(config-line)#end R1#show ip access-lists

R2:
R2#configure terminal R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list 102 102 102 102 102 deny tcp any host deny tcp any host deny tcp any host deny tcp any host permit ip any any 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.10 eq eq eq eq 80 23 21 20

R2(config)#interface Loopback0 R2(config-if)#ip access-group 102 in R2(config-if)#end R2#show ip access-lists

R3:
R3#configure terminal R3(config)#access-list R3(config)#access-list R3(config)#access-list R3(config)#access-list 101 101 101 101 permit tcp host 172.16.0.2 any eq 23 permit tcp host 172.16.0.5 any eq 23 deny tcp any any eq 23 permit ip any any

R3(config)#line vty 0 4 R3(config-line)#access-class 101 in R3(config-line)#end R3(config)#access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10 R3(config)#access-list 103 permit ip any any

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 8 of 9

CCNA Exploration Accessing the WAN: Skills Based Assessment

Student Skills based Assessment Lab

R3(config)#interface Serial0/0/0 R3(config-if)#ip access-group 103 out R3(config-if)#exit R3(config)#interface Serial0/0/1 R3(config-if)#ip access-group 103 out R3(config-if)#end R3#show ip access-lists

Task 8: Configure NAT.

Step 1: Configure NAT to allow PC3 to ping PC1. Step 2: Verify that PC3 can reach PC1.

R3:
R3#configure terminal R3(config)#access-list 104 permit ip 10.0.0.128 0.0.0.127 any R3(config)#ip nat inside source list 104 interface Serial0/0/0 overload R3(config)#interface fastEthernet0/1 R3(config-if)#ip access-group 104 in R3(config-if)#ip nat inside R3(config-if)#exit R3(config)#interface Serial0/0/0 R3(config-if)#ip nat outside R3(config-if)#exit R3(config)#interface Serial0/0/1 R3(config-if)#ip nat outside R3(config-if)#end R3#show ip access-lists

Task 9: Document the Router Configurations Task 10: Clean Up

Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are normally connected to other networks, such as the school LAN or to the Internet, reconnect the appropriate cabling and restore the TCP/IP settings.

All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 9 of 9