Skip to content
April 15, 2011 / ccnav4

CCNA 4 Skill 2011 – CCNA Exploration: Accessing the WAN Student Skills Based Assessment Lab

CCNA Exploration: Accessing the WAN Student Skills Based Assessment Lab (CCNA 4 Skill 2011)
Topology Diagram

Addressing Table

Learning Objectives
To complete this lab:

  • •    Cable a network according to the topology diagram
  • •    Erase the startup configuration and reload a router to the default state
  • •    Perform basic configuration tasks on a router
  • •    Configure and activate interfaces
  • •    Configure and activate serial interfaces (PPP with CHAP, HDLC, and Frame Relay)
  • •    Configure RIP on all the routers
  • •    Configure basic router security
  • •    Configure ACLs
  • •    Configure basic NAT

Scenario
This lab tests you on the skills and knowledge that you learned in Exploration 4. Use cisco for all passwords in this lab, except for the enable secret password, which is class.
Task 1: Prepare the Network

  • Step 1: Cable a network that is similar to the one in the topology diagram.
  • Step 2: Clear any existing configurations on the routers.

Task 2: Perform Basic Device Configurations
Configure the R1, R2, and R3 routers according to the following guidelines:

  • •    Configure the router hostname.
  • •    Disable DNS lookup.
  • •    Configure an EXEC mode password.
  • •    Configure a message-of-the-day banner.
  • •    Configure a password for console connections.
  • •    Configure synchronous logging.
  • •    Configure a password for vty connections.

Task 3: Configure and Activate Serial and Ethernet Addresses

  • Step 1: Configure interfaces on R1, R2, and R3.
  • Step 2: Verify IP addressing and interfaces.
  • Step 3: Configure the PC1 and PC3 Ethernet interfaces.
  • Step 4: Test connectivity between the PCs and routers.

Task 4: Configure Serial Interfaces

  • Step 1: Configure and verify PPP encapsulation with CHAP authentication between R1 and R2. The password is “cisco”.
  • Step 2: Configure and verify HDLC encapsulation between R2 and R3.
  • Step 3: Configure Frame Relay between R1 and R3.

Task 5: Configure RIP

  • Step 1: Configure RIP on R1, R2, and R3.
  • RIP updates should only be sent on the serial links between the routers. Prevent all other RIP updates on all networks.
  • Step 2: Test connectivity with the ping command.
  • Step 3: Verify the routing table with the appropriate command.

Task 6: Configure Basic Router Security

  • Step 1: Enable a secure Telnet login using a local database on R2.
  • Step 2: Disable unused services and interfaces on R2.
  • Step 3: Confirm that R2 is secured.

Task 7: Configure Access Control Lists

  • Step 1: Allow telnet to R1 and R3 from R2 only.
  • Step 2: Do not allowlHTTP, Telnet, and FTP traffic from the Internet to PC1.
  • Step 3: Do not allow PC1 to receive traffic from the 10.0.0.128 /25 network.
  • Step 4: Verify that PC3 cannot ping PC1, but can ping 10.0.0.1.

Task 8: Configure NAT.

  • Step 1: Configure NAT to allow PC3 to ping PC1.
  • Step 2: Verify that PC3 can reach PC1.

Task 9: Document the Router Configurations
Task 10: Clean Up

Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are normally connected to other networks, such as the school LAN or to the Internet, reconnect the appropriate cabling and restore the TCP/IP settings.

Thanks

About these ads

19 Comments

Leave a Comment
  1. Anonymous / Apr 15 2011 2:57 pm

    Where is the lab answers

  2. Julius S / Apr 15 2011 4:04 pm

    here's configuration for Router R1:
    hostname R1
    !
    enable secret class
    !
    no ip domain-lookup
    !
    enable password cisco
    !
    username R2 password 0 cisco
    username R3 password 0 cisco
    !
    interface FastEthernet0/0
    duplex auto
    speed auto
    shutdown
    !
    interface FastEthernet0/1
    ip address 10.0.0.1 255.255.255.128
    duplex auto
    speed auto
    no shutdown
    !
    interface Serial0/0/0
    ip address 172.16.0.1 255.255.255.252
    clock rate 64000
    encapsulation ppp
    ppp authentication chap
    no shutdown
    !
    interface Serial0/0/1
    ip address 172.16.0.9 255.255.255.252
    encapsulation ppp
    ppp authentication chap
    no shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    router ospf 1
    log-adjacency-changes
    network 10.0.0.0 0.0.0.127 area 0
    passive-interface fa0/1
    network 172.16.0.0 0.0.0.3 area 0
    network 172.16.0.8 0.0.0.3 area 0
    !
    ip classless
    !
    banner motd ^C Unauthorized access strictly prohibited and prosecuted to the full extent of the law ^^C
    !
    line con 0
    password cisco
    login
    line vty 0 4
    password cisco
    login
    !
    exit
    !
    end

  3. Julius S / Apr 15 2011 4:05 pm

    Here's the configuration for Router R2:
    hostname R2
    !
    no ip domain-lookup
    !
    username R1 password 0 cisco
    username R3 password 0 class
    !
    interface Loopback0
    ip address 209.165.200.161 255.255.255.224
    no shutdown
    !
    enable secret class
    !
    enable password cisco
    !
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    shutdown
    !
    interface FastEthernet0/1
    duplex auto
    speed auto
    shutdown
    !
    interface Serial0/0/0
    ip address 172.16.0.2 255.255.255.252
    encapsulation ppp
    ppp authentication chap
    no shut
    !
    interface Serial0/0/1
    ip address 172.16.0.5 255.255.255.252
    encapsulation ppp
    clock rate 64000
    ppp authentication chap
    no shut
    !
    interface Vlan1
    no ip address
    shutdown
    !
    router ospf 1
    log-adjacency-changes
    network 172.16.0.0 0.0.0.3 area 0
    network 172.16.0.4 0.0.0.3 area 0
    network 209.165.200.160 0.0.0.31 area 0
    !
    ip classless
    !
    banner motd ^C Unauthorized access strictly prohibited and prosecuted to the full extent of the law ^^C
    !
    line con 0
    password cisco
    login
    line vty 0 4
    password cisco
    login
    !
    exit
    !
    exit
    !
    copy run start
    !
    end

  4. Julius S / Apr 15 2011 4:07 pm

    Configuration for Router R3:

    hostname R3
    !
    enable secret class
    enable password cisco
    !
    username R1 password 0 cisco
    username R3 password 0 cisco
    !
    no ip domain-lookup
    !
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    shutdown
    !
    interface FastEthernet0/1
    ip address 10.0.0.129 255.255.255.128
    duplex auto
    speed auto
    no shutdown
    !
    interface Serial0/0/0
    ip address 172.16.0.10 255.255.255.252
    clock rate 64000
    encapsulation ppp
    ppp authentication chap
    no shutdown
    !
    interface Serial0/0/1
    ip address 172.16.0.6 255.255.255.252
    encapsulation ppp
    ppp authentication chap
    no shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    router ospf 1
    log-adjacency-changes
    network 10.0.0.128 0.0.0.127 area 0
    passive-interface fa0/1
    network 172.16.0.4 0.0.0.3 area 0
    network 192.16.0.8 0.0.0.3 area 0
    !
    ip classless
    !
    banner motd ^C Unauthorized access strictly prohibited and prosecuted to the full extent of the law ^^C
    !
    line con 0
    password cisco
    login
    line vty 0 4
    password cisco
    login
    !
    end

  5. Anonymous / Apr 15 2011 10:23 pm

    where is the answers ?

  6. Anonymous / Apr 18 2011 10:00 pm

    This answer doesn't set up frame relay or NAT, it does PPP on all routers

  7. Anonymous / Apr 20 2011 6:22 am

    the answer plz

  8. Anonymous / Apr 21 2011 7:19 pm

    yup. it's missing nat

  9. Anonymous / Apr 22 2011 8:59 pm

    please list the full nat config as well as any other colfig or a link to A compleated packet tracer file

  10. Anonymous / Apr 23 2011 12:57 pm

    Razzy
    Hi, I would love to have the correct answers to the topology you have here. my email is charlie_chaplin05@yahoo.com

  11. Anonymous / Apr 24 2011 5:26 pm

    can you post a full answer, with-out any missing configs

  12. Anonymous / Apr 27 2011 10:06 am

    Maybe this one

    hostname R1
    !
    enable secret class
    !
    username R2 password 0 cisco
    !
    no ip domain-lookup
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    !
    interface FastEthernet0/1
    ip address 10.0.0.1 255.255.255.128
    !
    interface Serial0/0/0
    ip address 172.16.0.1 255.255.255.252
    encapsulation ppp
    ppp authentication chap
    ip access-group 102 in
    clock rate 64000
    !
    interface Serial0/0/1
    ip address 172.16.0.9 255.255.255.252
    encapsulation frame-relay
    frame-relay map ip 172.16.0.9 101 broadcast
    frame-relay map ip 172.16.0.10 101 broadcast
    frame-relay interface-dlci 101
    no keepalive
    ip access-group 102 in
    !
    interface Vlan1
    no ip address
    shutdown
    !
    router rip
    version 2
    passive-interface FastEthernet0/1
    network 10.0.0.0
    network 172.16.0.0
    no auto-summary
    !
    ip classless
    !
    access-list 102 permit tcp 172.16.0.0 0.0.0.3 172.16.0.0 0.0.0.3 eq telnet
    access-list 102 deny tcp any any eq telnet
    access-list 102 permit ip any any
    !
    banner motd #R1#
    !!
    line con 0
    password cisco
    logging synchronous
    login
    line vty 0 4
    password cisco
    login
    !
    !
    !
    end

  13. Anonymous / Apr 27 2011 10:07 am

    hostname R2
    !
    enable secret class
    !
    username R1 password 0 cisco
    !
    no ip domain-lookup
    !
    interface Loopback0
    ip address 209.165.200.161 255.255.255.224
    ip access-group 103 in
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    !
    interface Serial0/0/0
    ip address 172.16.0.2 255.255.255.252
    encapsulation ppp
    ppp authentication chap
    ip access-group 103 out
    !
    interface Serial0/0/1
    ip address 172.16.0.6 255.255.255.252
    ip access-group 103 out
    clock rate 64000
    router rip
    version 2
    network 10.0.0.0
    network 172.16.0.0
    no auto-summary
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Loopback0
    !
    access-list 103 deny tcp 209.165.200.160 0.0.0.31 host 10.0.0.10 eq www
    access-list 103 deny tcp 209.165.200.160 0.0.0.31 host 10.0.0.10 eq telnet
    access-list 103 deny tcp 209.165.200.160 0.0.0.31 host 10.0.0.10 eq ftp
    access-list 103 permit ip any any
    !
    banner motd #R2#
    !
    line con 0
    password cisco
    logging synchronous
    login
    line vty 0 4
    password cisco
    login
    !
    !
    !
    end

  14. Anonymous / Apr 27 2011 10:08 am

    !
    hostname R3
    !
    enable secret class
    !
    no ip domain-lookup
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    !
    interface FastEthernet0/1
    ip address 10.0.0.129 255.255.255.128
    ip nat inside
    !
    interface Serial0/0/0
    ip address 172.16.0.10 255.255.255.252
    encapsulation frame-relay
    frame-relay map ip 172.16.0.10 101 broadcast
    frame-relay map ip 172.16.0.9 101 broadcast
    frame-relay interface-dlci 101
    no keepalive
    ip access-group 102 in
    ip access-group 103 out
    ip nat outside
    clock rate 64000
    !
    interface Serial0/0/1
    ip address 172.16.0.6 255.255.255.252
    ip access-group 102 in
    !
    interface Vlan1
    no ip address
    shutdown
    !
    router rip
    version 2
    passive-interface FastEthernet0/1
    network 10.0.0.0
    network 172.16.0.0
    no auto-summary
    !
    ip nat inside source list 1 interface Serial0/0/0 overload
    ip classless
    !
    access-list 102 permit tcp 172.16.0.4 0.0.0.3 172.16.0.4 0.0.0.3 eq telnet
    access-list 102 permit tcp any any eq telnet
    access-list 102 permit ip any any
    access-list 103 deny ip 10.0.0.128 0.0.0.127 host 10.0.0.10
    access-list 103 permit ip any any
    access-list 1 permit 10.0.0.128 0.0.0.127
    !
    banner motd #R3#
    !
    line con 0
    password cisco
    logging synchronous
    login
    line vty 0 4
    password cisco
    login
    !
    !
    !
    end

  15. Anonymous / Apr 27 2011 10:56 am

    “This answer doesn't set up frame relay or NAT, it does PPP on all routers”

    can you post the missing command. thanks

  16. LaMa / Apr 28 2011 4:47 am

    http://www.mediafire.com/?db87f3ufrccho69
    without “Enable a secure Telnet login using a local database on R2.”

  17. LaMa / Apr 29 2011 5:50 am
  18. Wataru$ / May 2 2011 8:58 pm

    thank u so much, LaMa.

    Can you explain to me about commands to configure Frame Relay in your Lab, please ?

  19. Anonymous / May 3 2011 3:49 pm

    hi, can you please send me the complete answers to papo09@live.com
    Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: