EWAN NAT/ACL PT Practice SBA

A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any exam windows during the exam. 2. Do not close Packet Tracer when you are done, it will close automatically. 3. Click the Submit Assessment button to submit your work.

Introduction
In this Packet Tracer Practice Skills Based Assessment, you are expected to do as follows: • • • • • • Implement the addressing in the network to meet the stated requirements. Configure and verify a DHCP server implementation. Configure and verify WAN technologies. Configure EIGRP to enable communication with the rest of the network. Configure NAT to translate addresses for traffic that is destined to the Internet. Implement access control lists as part of a security policy.

Addressing Table
Device Interface Fa0/0 EAST S0/0/0 10.255.1.1 255.255.255.252 n/a Address 10.10.10.97 Subnet Mask 255.255.255.240 Default Gateway n/a

252 255. • • • Use AS number 50.65 10. S-PC1 should be able to ping the default gateway.255. Step 3: Configure and Verify EIGRP Routing. b. Verify that SOUTH and NORTH can ping each other.255.224 255.10.255.1. The password for privileged EXEC mode is class.252 255.240 DHCP Assigned n/a n/a n/a n/a n/a n/a n/a 10.255.255.252 255. NORTH.10.25 S0/0/0 NORTH S0/0/1.1 10.10.S0/0/1.2 10. It may be necessary to toggle between “Static” and “DHCP” on the IP Configuration screen for S-PC1 before S-PC1 will send a DHCP request. NORTH and SOUTH.255. Step 1: Configure and Verify SOUTH as the DHCP Server.2 10.255. b.133. a.219. c. Verify that S-PC1 now has full IP addressing. Configure SOUTH as the DHCP server for the LAN attached to Fa0/0 using the following guidelines: • • Use the case-sensitive DHCP pool name of SOUTH_DHCP. Configure NAT on NORTH using the following guidelines: • Only addresses in the 10. Use one command to propagate the default route into the EIGRP routing process.255.252 255. Step 4: Configure NORTH with a NAT.5 10.255.20.10. SOUTH should be able to ping the other side of the link.255. c. and SOUTH. a.255.255.255. Step 2: Configure WAN Technologies. Verify that EAST and NORTH can ping each other.255. Do not use the wildcard mask argument.252 255.255.110 DHCP Assigned 255.255. The password is NSchap.168.1.20.10.64/26 address space will be translated. Configure NORTH with a default route using the outbound interface argument.252 255.1. Do not advertise the network between NORTH and the Internet. b. Verify that SOUTH and EAST can ping each other.97 DHCP Assigned NOTE: The password for user EXEC mode is cisco.255. .6 192.10.35 S0/1/0 Fa0/0 SOUTH S0/0/0 S0/0/1 E-PC1 S-PC1 NIC NIC 192. You will not be able to ping Internet hosts yet. The link between SOUTH and NORTH uses PPP with CHAP.255. a.2 198. Verify E-PC1 and S-PC1 can ping each other as well as EAST. Exclude the first five host addresses in the subnet.168.10. a. The link between EAST and NORTH uses point-to-point Frame Relay subinterfaces.10.255. The link between SOUTH and EAST uses HDLC. Configure EIGRP routing on EAST.

c.• • Use the number 5 for the access list. Allow all other traffic. Configure and apply an ACL with the number 60 that implements the following policy: • Prevent all hosts from the SOUTH LAN from accessing hosts on the EAST LAN. Deny Telnet and HTTP traffic sourced from the Internet. . Verify that the FILTER-IN ACL is operating as intended. b. Verify that ACL 60 is operating as intended. Configure PAT on the NORTH S0/1/0 interface. b. Step 5: Configure Access Control Lists to Satisfy a Security Policy. a. Verify that E-PC1 and S-PC1 can ping the Internet hosts. Configure and apply a named ACL with the case-sensitive name FILTER-IN that implements the following policy: • • • Deny ping requests sourced from the Internet. d.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.