Sie sind auf Seite 1von 6

CompNtwk Frame Relay/EIGRP PT Practice SBA

A few things to keep in mind while completing this activity:

1. Do not use the browser Back button or close or reload any exam windows during the exam. 2. Do not close Packet Tracer when you are done. It will close automatically. 3. Click the Submit Assessment button to submit your work.

Introduction
In this Packet Tracer Practice Skills Based Assessment, you will do the following: finish designing the IP addressing scheme implement the addressing in the network to meet the requirements configure Frame Relay and EIGRP to enable communication with the rest of the network configure a backup link in case the Frame Relay network becomes unavailable implement a security policy by using access control lists to filter traffic

Addressing Table
Device Interface Fa0/0.1 Fa0/0.15 Branch Fa0/0.25 Fa0/1 S0/0/0.55 Address 10.10.10.177 10.10.10.129 10.10.10.161 172.16.1.2 10.255.1.1 Subnet Mask 255.255.255.248 255.255.255.224 255.255.255.240 255.255.255.252 255.255.255.252 Default Gateway n/a n/a n/a n/a n/a

Fa0/0 HQ Fa0/1 S0/0/0.65 Internet BR-S1 BR-S2 HQ-S1 PC1 Admin Web Server Fa0/0 Fa0/1 VLAN1 VLAN1 VLAN1 NIC NIC NIC

10.10.20.1 172.16.1.6 10.255.1.2 172.16.1.1 172.16.1.5 10.10.10.178 10.10.10.179 10.10.20.2 10.10.10.174 10.10.10.158 10.10.20.6

255.255.255.248 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.248

n/a n/a n/a n/a n/a 10.10.10.177

255.255.255.248 255.255.255.240

10.10.20.1 10.10.10.161

255.255.255.248

10.10.20.1

NOTE: To aid in configuring, verifying and troubleshooting the devices, use a printed version of these instructions to fill in the missing address information in the table during Step 1.

Step 1: Finish the IP Addressing Scheme.


Design an addressing scheme and fill in the Addressing Table based on the following requirements: a. Subnet the address space 10.10.10.128/25 to provide 30 host addresses for the Branch VLAN 15 while wasting the least amount of address space. b. Assign the first available subnet to the Branch VLAN 15. c. Assign the first (lowest) address in this subnet to the Fa0/0.15 subinterface on Branch. d. Subnet the remaining address space to provide 10 host addresses for the Branch VLAN 25 while wasting the least amount of space. e. Assign the first available subnet to the Branch VLAN 25. f. Assign the first (lowest) address in this subnet to the Fa0/0.25 subinterface on Branch. g. Assign the last (highest) address in this subnet to PC1. h. Subnet the remaining address space to provide 6 host addresses for the Branch VLAN 1 while wasting the least amount of space. i. j. Assign the first available subnet to the Branch VLAN 1. Assign the first (lowest) address in this subnet to the Fa0/0.1 subinterface on Branch.

k. Assign the second address in this subnet to the VLAN 1 interface on BR-S1.

Step 2: Configure Branch with IP Addressing and Inter-VLAN Routing.


NOTE: The user EXEC mode password is cisco and the privileged EXEC mode password is class for Branch and BR-S1. Finish the basic configuration of Branch by addressing the interfaces according to your IP addressing scheme completed in Step 1. For each Fast Ethernet subinterface, the VLAN number matches the subinterface number. Wait to configure the serial subinterface IP addressing until Step 5.

Step 3: Configure BR-S1 with IP Address, VLANs and as the STP Root Bridge.
NOTE: BR-S2 is already configured. You do not have access to BR-S2. On BR-S1, you will receive a Domain Mismatch message every 30 seconds until BR-S1 is correctly configured. a. Configure the BR-S1 VLAN 1 interface with the correct IP addressing as determined in Step 1 b. Configure the default gateway. c. Establish an 802.1q trunk with Branch and with BR-S2. After STP converges, BR-S1 should be able to ping both Branch and BR-S2.

switch BR-S1 Int vlan 1 Ip add 10.10.10.178 255.255.255.248 No shut Ip default-gateway 10.10.10.177 Conf t Int fa 0/1 Switchport mode access Switchport mode trunk Exit Int fa 0/2 Switchport mode access Switchport mode trunk exit d. BR-S1 should be configured as a VTP server for the branch domain. Set the VTP password tovtpbranch. BR-S2 is already configured as a client for this domain. switch BR-S1 Conf t Vtp domain branch Vtp password vtpbranch Vtp mode server e. Create and name two VLANs on the VTP server. Names are case-sensitive: VLAN 15, Name: Administration switch BR-S1 Vlan 15 Name Administration exit VLAN 25, Name: Employee Vlan 25 Name Employee Exit

f. Assign VLAN 15 to the Fa0/10 interface for Admin access. switch BR-S1 Conf t Int fa0/10

Switchport mode access Switchport access vlan 15 exit g. Use a priority of 8192 to set BR-S1 as the STP root for all VLANs. switch BR-S1 Conf t Spanning-tree vlan 1 priority 8192 Spanning-tree vlan 15 priority 8192 Spanning-tree vlan 25 priority 8192 Exit

Copy run start


Step 4: Configure and Verify Host Addressing.
NOTE: Admin is already configured. You cannot access it directly. However, you can use the Add Simple PDU tool to test connectivity from Admin to other devices. a. Configure PC1 with IP addressing according to your design in Step 1. b. Verify that PC1 can ping the default gateway and Admin.

Step 5: Configure and Verify Frame Relay.


a. Configure Branch to use a point-to-point Frame Relay link through the Frame Relay cloud to HQ. Configure IP addressing according to the Addressing Table. Assume inverse ARP is disabled and configure DLCI 55. Branch Int fa0/0.1 encapsulation dot1Q 1 Ip add 10.10.10.117 255.255.255.248 Int fa0/0.15 encapsulation dot1Q 15 Ip add 10.10.10.129 255.255.255.224 int fa0/0.25 encapsulation dot1Q 25 Ip add 10.10.10.161 255.255.255.240 Exit int fa0/0 No shut

router Branch Conf t interface serial 0/0/0 encapsulation frame-relay no shutdown exit interface serial 0/0/0.55 point-to-point ip address 10.255.1.1 255.255.255.252 frame-relay interface-dlci 55 b. Verify that Frame Relay is operational between Branch and HQ. c. Branch should be able to ping the directly-connected interface of HQ.

Step 6: Configure EIGRP Routing on Branch.


a. Configure Branch for EIGRP routing and use the following requirements: Use AS 50. router Branch Conf t Router eigrp 50 network 10.255.1.0 network 10.10.10.176 network 10.10.10.128 network 10.10.10.160 Configure the classful network addresses without wildcards. Do not advertise the network that is shared with the Internet.

b. Verify that Branch is now a neighbor with HQ. c. Admin should be able to ping the Web Server. d. Use the Add Simple PDU tool to verify that PC1 can ping the Web Server.

Step 7: Configure and Verify a Backup Link to HQ.


a. The link to the Internet is used as a backup link in case the Frame Relay network goes down. Configure a floating static route on Branch to the HQ LAN subnet. Use the outbound interface argument in your configuration. Use an administrative distance of 150.

router Branch

Int fa0/0 ip summary-address eigrp 50 10.10.10.128 255.255.255.192 150 exit Int fa0/1 ip summary-address eigrp 50 10.10.10.128 255.255.255.192 150 exit Int s0/0/0 ip summary-address eigrp 50 10.10.10.128 255.255.255.192 150 exit

Ip route 10.10.20.0 255.255.255.248 FastEthernet0/1 150


b. Verify that the backup link is operational by temporarily shutting down the Serial 0/0/0 interface. c. Admin and PC1 should still be able to ping the Web Server after the network converges. d. Restore the Serial 0/0/0 interface and verify that the Frame Relay network is operational again.

Step 8: Configure Access Control Lists.


a. Configure and apply an access control list with the case-sensitive name VLAN25 based on the following security policy: VLAN 25 should not be able to access VLAN 15. router Branch Ip access-list extended VLAN25 deny ip 10.10.10.161 0.0.0.15 10.10.10.129 0.0.0.31 VLAN 25 should not be able to access the HQ LAN using HTTP (port 80) or HTTPS (port 443). deny tcp 10.10.10.161 0.0.0.15 10.10.20.0 0.0.0.7 eq 80 deny tcp 10.10.10.161 0.0.0.15 10.10.20.0 0.0.0.7 eq 443 All other traffic is allowed. permit ip any any b. Verify the access control list satisfies the security policy. router Branch Int fa0/0.25 Ip access-group VLAN25 in

Copy run start


PC1
10.10.10.174 255.255.255.240 10.10.10.161 10.10.20.6 Exam by Shynggys