Part 01: Cable a network as shown in the topology diagram:

192.160. ID.192/26
Net-02

Net-01 Net-03
192.160. ID.0/25 192.160. ID.128/26
DNS-Server

Part 02: Configure Devices according to the addresses table: ID= [last 2 digits of your ID]
Device Interface IP Address Default Gateway
G0/0 192.160.ID.1 /25
R-FName N/A
G0/1 10.10.10.1/30
G0/0 192.160.ID.129 /26
R-LName G0/1 10.10.10.2/30 N/A
G0/2 192.160.ID.193/26
HTTP-Server N/C 192.160.ID.190 /26 192.160.ID.129
DNS-Server N/C 192.160.ID.189 /26 192.160.ID.129
RADIUS N/C 192.160.ID.200/26 192.160.ID.193
TACACS N/C 192.160.ID.210/26 192.160.ID.193
PC-01 N/C 192.160.ID.10/25 192.160.ID.1
PC-02 N/C 192.160.ID.25/25 192.160.ID.1
PC-03 N/C 192.160.ID.40/25 192.160.ID.1
PC-04 N/C 192.160.ID.100/25 192.160.ID.1
PC-05 N/C 192.160.ID.140 /26 192.160.ID.129
PC-06 N/C 192.160.ID.162/26 192.160.ID.129
PC-07 N/C 192.160.ID.189/26 192.160.ID.129

- Troubleshooting Network connectivity.

Part 03: Create a standard Numbered ACLs [ID] to:

- Deny Net-03 from accessing to Net-01.

- Deny PC3 and the 4th 3 hosts from accessing to Net-03.

Part 04: Create an Extended Named ACLs [FName-ACL] to:

- Deny PC7 from TCP connection to Net-01.

- Deny the last 8 hosts in Net-03 from Ping Service to Net-02.

- Deny PC-03 and PC-07 from browsing web and DNS Service.

- Deny PC-4 from ping service to any host in Net-03 Except HTTP Server.

- Deny PC-02 from all TCP services except FTP Service to Net-03.

Part 05: Configure a Security Policy in R-FName as: Ex: [ID]=2216XXXX

Parameter Description
Enable Pass IT-[ Last 4 digits of your ID ]
Console Password [Last 4 digits of your ID], Secret

VTY 6 Sessions as a maximum, secret [ID]

The minimum length of all passwords 6 Characters, all passwords must be

Password
encrypted.

Name: [FName-Last 2 digits of your ID], Password: [ID], Privilege: 15

Users
Name: [IT], Secret: [ID], Privilege: 8

Exec-Timeout Console :45 Seconds, VTY: 50 Seconds

Login-Block After 5 failed login attempts within 40 Second, Block user for 200 Seconds.

Part 06: Configure Local AAA on R-FName

- Turn on AAA feature.

- Configure login authentication [FName] for console using enable password.

 - Configure login authentication [LName] for VTY using local database, case sensitive

for username letter-case.

Part 07: Configure Server-Based AAA on R-LName

- Turn on AAA feature.

- Configure RADIUS server with key [ID].

- Configure TACACS+ server with key [LName].

- Configure login authentication [default] for enable using RADIUS or Local DB as an

alternative.

- Configure login authentication [IT] for console using TACACS+ server.

- Configure login authentication [FName] for aux using radius server or enable

password as an alternative.

Part 08: On (R-FName) Grant privileges to users with privileges level 3 the following

privileges:

- Power up for any giga ethernet interface.

- Add new users.

Part 9: On (R-LName) Revoke privileges to users with privileges level 15 the following

privileges:

- Change password for console line.

- Change Router's Name.

All The Best Wishes