Final Case Module C2: CCNA

Instructions
Implement the XYZ Foundation network shown in the topology diagram and using the information and the instructions in the scenario. Implement the design on the set of routers. Verify that all configurations are operational and functioning according to the guidelines. This should be implemented using only the IOS command-line interface (CLI). Refer to the table below and guidelines for layer-3 addressing.

Topology Diagram

Host Name ISP

Interface, IP/Subnet Mask Serial0/0/0, 200.0.0.0/30 Serial0/3/0, 200.0.0.2/30 Serial0/0/0, 10.255.255.0/30

Interface Type DCE DTE DCE DCE N/A N/A N/A N/A N/A N/A N/A N/A

Clock rate 2Mbps N/A 2Mbps 2Mbps N/A N/A N/A N/A N/A N/A N/A N/A

Vlan ID N/A N/A N/A N/A N/A N/A N/A 99 100 101 102 103

Name N/A N/A N/A N/A N/A N/A N/A MGMT DATA1-HQ DATA2-HQ DATA3-HQ DATA4-HQ

STP N/A N/A N/A N/A N/A N/A N/A Primary Primary Primary Secondary Secondary

HQ_R1

Serial0/0/1, 10.255.255.4/30 Fa0/0, 172.16.12.232/30 Fa0/1, 172.16.12.236/30 Fa0/24, 172.16.12.232/30 Int vlan99, 172.16.12.0/29 Int vlan100, 172.16.0.0/24 Int vlan101, 172.16.1.0/24 Int vlan102, 172.16.2.0/24 Int vlan103, 172.16.3.0/24

HQ_DLS1

Fa0/24, 172.16.12.236/30 Int vlan99, 172.16.12.0/29 HQ_DLS2 Int vlan100, 172.16.0.0/24 Int vlan101, 172.16.1.0/24 Int vlan102, 172.16.2.0/24 Int vlan103, 172.16.3.0/24 HQ_ALSx Int vlan99, 172.16.12.0/29 Serial0/0/0, 10.255.255.0/30 BR1_R1 Serial0/0/1, 10.255.255.8/30 Fa0/0, 172.16.12.240/30 Fa0/1, 172.16.12.244/30 Fa0/24, 172.16.12.240/30 Int vlan99, 172.16.12.8/29 BR1_DLS1 Int vlan104, 172.16.4.0/24 Int vlan105, 172.16.5.0/24 Int vlan106, 172.16.6.0/24 Int vlan107, 172.16.7.0/24 Fa0/24, 172.16.12.244/30 Int vlan99, 172.16.12.8/29 BR1_DLS2 Int vlan104, 172.16.4.0/24 Int vlan105, 172.16.5.0/24 Int vlan106, 172.16.6.0/24 Int vlan107, 172.16.7.0/24 BR1_ALSx Int vlan99, 172.16.12.8/29 Serial0/0/0, 10.255.255.4/30 BR2_R1 Serial0/0/1, 10.255.255.8/30 Fa0/0, 172.16.12.248/30 Fa0/1, 172.16.12.252/30 Fa0/24, 172.16.12.248/30 Int vlan99, 172.16.12.16/29 BR2_DLS1 Int vlan108, 172.16.8.0/24 Int vlan109, 172.16.9.0/24 Int vlan110, 172.16.10.0/24 Int vlan111, 172.16.11.0/24 Fa0/24, 172.16.12.252/30 Int vlan99, 172.16.12.16/29 BR2_DLS2 Int vlan108, 172.16.8.0/24 Int vlan109, 172.16.9.0/24 Int vlan110, 172.16.10.0/24 Int vlan111, 172.16.11.0/24 BR1_ALSx Int vlan99, 172.16.12.16/29

N/A N/A N/A N/A N/A N/A N/A DTE DCE N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A DTE DTE N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

N/A N/A N/A N/A N/A N/A N/A N/A 2Mbps N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

N/A 99 100 101 102 103 99 N/A N/A N/A N/A N/A 99 104 105 106 107 N/A 99 104 105 106 107 99 N/A N/A N/A N/A N/A 99 108 109 110 111 N/A 99 108 109 110 111 99

N/A MGMT DATA1-HQ DATA2-HQ DATA3-HQ DATA4-HQ MGMT N/A N/A N/A N/A N/A MGMT DATA1-BR1 DATA2-BR1 DATA3-BR1 DATA4-BR1 N/A MGMT DATA1-BR1 DATA2-BR1 DATA3-BR1 DATA4-BR1 MGMT N/A N/A N/A N/A N/A MGMT DATA1-BR2 DATA2-BR2 DATA3-BR2 DATA4-BR2 N/A MGMT DATA1-BR2 DATA2-BR2 DATA3-BR2 DATA4-BR2 MGMT

N/A Secondary Secondary Secondary Primary Primary N/A N/A N/A N/A N/A N/A Primary Primary Primary Secondary Secondary N/A Primary Secondary Secondary Primary Primary N/A N/A N/A N/A N/A N/A Primary Primary Primary Secondary Secondary N/A Primary Secondary Secondary Primary Primary N/A

Instructions
General
ISP should not completely be configured using general rules. Its only for testing connectivity with LAN clients. Dont modify the configuration. Activate password encryption for unencrypted passwords on all devices. Configure on each device a privileged encrypted password of Cisco123. On each device create two users: Login: admin, password: Cisco321 Login: user, password: cisco321 Admin should have highest privilege level, while the user should have the lowest privilege level. Enable AAA with only a default login authentication method using local and enable password as a backup method. Assign this to the VTY and console ports. Create a login banner on each device to warn for unauthorized access. Enable telnet access on L2 switches and SSH on all other devices. Allow VTY access on all devices only from VLAN99 and physical private layer three interfaces. Deny explicitly all other subnets. Idle timeout for console and VTY access should be limited to 5 minutes. For SSH configure the crypto key with a key-length of 1024 bits. Configure on all devices the IP domain-name XYZ.local. Disable DNS lookups on each device. Configure all interfaces using the subnetting scheme provided in the table. Configure all serial links with encapsulation PPP and CHAP authentication (password: cisco). All serial links should have a configured bandwidth of 2 Mbps. Define a clear description on each physical L3 interfaces and trunks. On layer three devices configure EIGRP with autonomous system 65535. Disable automatic summarization and use passive interface default. Configure L2 switches as VTP clients and multilayer switches as VTP servers within VTP domain LAB_CCNA using VTP password cisco. Unused switch ports be disabled and placed within VLAN10. Configure VLAN 10 with the name UNUSED. On each access port enable port security to allow only three MAC addresses to be dynamically learned. Port security violation should be in shutdown mode. Assign VLAN 99 on port fa0/24 for all access switches. Trunk links should be configured for dot1q trunking protocol using vlan 1000 as native vlan. Configure VLAN 1000 with the name NATIVE. Disable Dynamic Trunking Protocol on all trunk connections. Only the VLANs at each branch should be allowed on their respective trunks.

Create an access list to deny second data vlan on each branch to ping ISPs loopback address.

HQ edge router
HQ_R1 will be the DHCP server for ALL VLANs within the topology. Except for VLAN99: Do NOT create a DHCP pool for that vlan. For each DHCP pool use first usable IP address as default gateway. Exclude all configured IP addresses for each created DHCP pool. Enable Port Address Translation (PAT) on the serial interface s0/3/0 connected to the ISP. Use a NAT POOL with following addresses 200.0.0.5/30 and 200.0.0.6/30. Configure all layer three interfaces with the first usable IP address from assigned subnet found in provided table. Redistribute default route to EIGRP neighbors.

HQ multilayer switch
Summarize subnets of VLAN 100,101,103 and 104 for the EIGRP updates send via fa0/24. Configure interface Fa0/24 as a Layer three port using last usable IP address of subnet found in provided table. For SVI 100 and 101 use first usable IP address on HQ_DLS1 and the last usable IP address on HQ_DLS2. For SVI 102 and 103 use last usable IP address on HQ_DLS1 and the first usable IP address on HQ_DLS2. For SVI 99 use first usable IP address on HQ_DLS1 and last usable IP address on HQ_DLS2.

HQ access layer switch

Assign vlan 100 to port range fa0/1- 6 on HQ_ALS1 and HQ_ALS2. Assign vlan 101 to port range fa0/7- 12 on HQ_ALS1 and HQ_ALS2. Assign vlan 102 to port range fa0/13- 18 on HQ_ALS1 and HQ_ALS2. Assign vlan 103 to port range fa0/19- 23 on HQ_ALS1 and HQ_ALS2. For SVI 99 use second usable IP address on HQ_ALS1 and second last usable IP address on HQ_ALS2. Configure access port globally as such that they go immediately into forwarding state.

BR1 multilayer switch

Summarize subnets of VLAN 104,105,106 and 107 for the EIGRP updates send via fa0/24. Configure interface Fa0/24 as a Layer three port using last usable IP address of subnet found in provided table. For SVI 104 and 105 use first usable IP address on BR1_DLS1 and the last usable IP address on BR1_DLS2. For SVI 107 and 107 use last usable IP address on BR1_DLS1 and the first usable IP address on BR2_DLS2. For SVI 99 use first usable IP address on BR1_DLS1 and last usable IP address on BR1_DLS2.

BR1 access layer switch

Assign vlan 104 to port range fa0/1- 6 on BR1_ALS1 and BR1_ALS2. Assign vlan 105 to port range fa0/7- 12 on BR1_ALS1 and BR1_ALS2. Assign vlan 106 to port range fa0/13- 18 on BR1_ALS1 and BR1_ALS2. Assign vlan 107 to port range fa0/19- 23 on BR1_ALS1 and BR1_ALS2. For SVI 99 use second usable IP address on BR1_ALS1 and second last usable IP address on BR1_ALS2. Configure access port globally as such that they go immediately into forwarding state.

BR2 multilayer switch

Summarize subnets of VLAN 108,109,110 and 111 for the EIGRP updates send via fa0/24. Configure interface Fa0/24 as a Layer three port using last usable IP address of subnet found in provided table. For SVI 108 and 109 use first usable IP address on BR2_DLS1 and the last usable IP address on BR2_DLS2. For SVI 110 and 111 use last usable IP address on BR2_DLS1 and the first usable IP address on BR2_DLS2. For SVI 99 use first usable IP address on BR2_DLS1 and last usable IP address on BR2_DLS2.

BR2 access layer switch

Assign vlan 108 to port range fa0/1- 6 on BR2_ALS1 and BR2_ALS2. Assign vlan 109 to port range fa0/7- 12 on BR2_ALS1 and BR2_ALS2. Assign vlan 110 to port range fa0/13- 18 on BR2_ALS1 and BR2_ALS2. Assign vlan 111 to port range fa0/19- 23 on BR2_ALS1 and BR2_ALS2. For SVI 99 use second usable IP address on BR2_ALS1 and second last usable IP address on BR2_ALS2. Configure access port globally as such that they go immediately into forwarding state.

Permanente Evaluatie

EXAMEN Total

Chapter Tests Final Lab Final Test 50 Bechoux Danielle Elyagoubi Alfred Tordeurs Kenny Ozdivrik Huseyin Ali Akbar Shahriari Garaei Eyup Vannieuwendaele Walter 250 300 600 100