Beruflich Dokumente
Kultur Dokumente
Exam Overview
This skills-based assessment is the final practical exam for the course CCNA Discovery Introducing Routing and Switching in the Enterprise. The exam is divided into two parts, and Part 1 must be completed before Part 2. In Part 1, you develop an IP subnet scheme and document the device interfaces. In Part 2, you cable the network and configure customer routers and switches using Cisco IOS CLI commands. The remote office router routes between the local network and the headquarters router. The headquarters router is configured to provide access to the ISP router. The OSPF routing protocol is used between the remote office and headquarters router. Static routing is used between the headquarters router and the ISP. The instructor will preconfigure the ISP router and erase the startup configuration in the headquarters router and the remote office router prior to starting the exam. When you have completed Part 1, give it to the instructor to check before starting on Part 2. You have 50 minutes to complete Part 1. The instructor will inform you of how Part 2 will be conducted and the time allotted,
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 14
Objectives
Part 1 Create an IP addressing plan and document the network device interfaces. Part 2 Connect and configure the network equipment and verify network connectivity.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 14
b. To optimally allocate addresses from the /24 address assigned, sort the block sizes from largest to smallest. Use the table below to order the network areas by the VLSM block size. List the blocks starting with the largest to the smallest.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 14
Network Area / VLAN R2 VLAN 12 (Dept 2) R2 VLAN 11 (Dept 1) HQ Local network (simulated with Lo0) R2 VLAN 1 (Default/Mgmt) R2 HQ Wan link Unused IP addresses c.
Subnet Mask
Have the instructor verify that your addressing scheme is accurate and assigns address space efficiently. You should not have any overlapping subnets and should have unused contiguous blocks of addresses that can be used for future growth.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 14
Device
HQ-X
Interface
Serial 0/0/0 Serial 0/0/1 (Use the next address compatible with the ISP serial interface address of AnyCompanyX) Loopback0
IP Address
Subnet Mask
R2
Serial 0/0/0 Fast Ethernet 0/0 Subint Fa0/0.1 Subint Fa0/0.11 Subint Fa0/0.12
ISP ISP
Serial 0/0/0 (pre-configured) Serial 0/0/1 (pre-configured) Fa0/0 (pre-configured default gateway for Discovery Server. Optional if ISP loopback is used.)
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 14
Step 6: Check your work with the instructor before going on to Part 2.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 14
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 14
Step 4: Configure OSPF routing for Area 0 on HQ. Step 5: Configure a default route to the ISP on HQ and propagate this route to R2 using OSPF. Step 6: Configure overloaded NAT (PAT) on HQ.
a. Use the IP address on the serial port that connects to the ISP as the overloaded address. b. Specify the inside and outside NAT interfaces. c. Permit the entire 192.168.X.0/24 address space to be translated (where X is the number assigned to AnyCompany).
Step 5: Configure switch port Fa0/2 as an 802.1Q trunk to carry VLAN information. Step 6: Configure switch port security.
Configure port security for port Fa0/15 on switch S2. When port security is configured, connecting any other host disables the port.
Command Used
Check
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 14
Command Used
Check
d. Telnet from host H2 in VLAN 12 to the HQ router using its S0/0/0 IP address. You should not be able to telnet from a host in VLAN 12. Have the instructor verify. _______ Telnet from host H1 in VLAN 11 to the HQ router using its S0/0/0 IP address. You should be able to telnet from any host in VLAN 11. Have the instructor verify. _______
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 14
e. Use the show access-lists command to verify that the ACL is working. You should see counts on several ACL statements. Have the instructor verify. _______
Step 2: Create and apply a standard ACL to control vty access to the HQ router.
The ACL should deny vty access for all hosts from any network or interface to the HQ router, except for host H1 on VLAN 11. a. Add an explicit deny statement to the end of the ACL so that statistics can be collected on the number of packets denied. Apply the ACL to vty lines 0 through 4 on the HQ router. Have the instructor verify the ACL statements and placement. __________ b. Telnet from host H1 c. Change the IP address of H1 to another address that is on VLAN 11, and telnet again from host H1 in VLAN 11 to the HQ router using its S0/0/0 IP address. Have the instructor verify. _______
Use the show access-lists command to verify that the ACL is working. You should see counts on several ACL statements. Have the instructor verify. _______
Step 3: On R2 and HQ, save the router running configuration to NVRAM. Step 4: Save the running configurations for each networking device to a file.
Save the output from HQ-X, R2, S1, and S2 to a single text file on your desktop and name it XXX-D3-SBAConfigs.txt (where XXX are your initials). Show it to the instructor. _________
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 14
1.152 1.160 1.160 1.160 1.168 1.176 1.176 1.184 1.192 1.192 1.192 1.192 1.200 1.208 1.216 1.224 1.224 1.224 1.232 1.240 1.240 1.248
1.152 1.156 1.160 1.164 1.168 1.172 1.176 1.180 1.184 1.188 1.192 1.196 1.200 1.204 1.208 1.212 1.216 1.220 1.224 1.228 1.232 1.236 1.240 1.244 1.248 1.252
Possible Solution Color code Area / VLAN R2 VLAN 12 R2 VLAN 11 HQ Network R2 VLAN 1 R2/HQ WAN link Unused addresses Total Block size 128 64 32 8 4 20 256 Subnet / Prefix 192.168.1.0/25 192.168.1.128/26 192.168.1.192/27 192.168.1.224/27 192.168.1.232/27
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 14