Sie sind auf Seite 1von 6

DCompNtwk Frame Relay/EIGRP PT Practice SBA

A few things to keep in mind while completing this activity:

1. Do not use the browser Back button or close or reload any exam windows during the exam. 2. Do not close Packet Tracer when you are done. It will close automatically. 3. Click the Submit Assessment button to submit your work.

Introduction
In this practice Packet Tracer Skills Based Assessment, you will do the following: finish designing the IP addressing scheme implement the addressing in the network to meet the requirements configure Frame Relay and EIGRP to enable communication with the rest of the network configure a backup link in case the Frame Relay network becomes unavailable implement a security policy by using access control lists to filter traffic

Addressing Table
Device Interface Address Subnet Mask Default Gateway

Fa0/0.1 Fa0/0.10 BR2 Fa0/0.20 Fa0/1 S0/0/0.101 Fa0/0 Edge3 Fa0/1 S0/0/0.201 ISP S1 S2 S3 H1 H2 Server Fa0/0 Fa0/1 VLAN1 VLAN1 VLAN1 NIC NIC NIC

172.16.1.225 172.16.1.129 172.16.1.193


10.10.10.2 172.31.1.1 172.17.1.1 10.10.10.6 172.31.1.2 10.10.10.1 10.10.10.5

255.255.255.248

n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a

255.255.255.1 92 255.255.255.22 4
255.255.255.252 255.255.255.252 255.255.255.248 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.248

172.16.1.226
172.16.1.227 172.17.1.2

172.16.1.225
172.17.1.1

255.255.255.248

172.16.1.190
172.16.1.222 172.17.1.6

255.255.255.19 2
255.255.255.248

172.16.1.193
172.17.1.1

NOTE: To aid in configuring, verifying, and troubleshooting the devices, use a printed version of these instructions to fill in the missing address information in the table during Step 2.

Step 1: Finish the IP Addressing Scheme.


Design an addressing scheme and fill in the Addressing Table based on the following requirements: a. Subnet the address space 172.16.1.128/25 to provide 50 host addresses for the BR2 VLAN 10 while wasting the least amount of address space. b. Assign the first available subnet to the BR2 VLAN 10. c. Assign the first (lowest) address in this subnet to the Fa0/0.10 subinterface on BR2. d. Assign the last (highest) address in this subnet to H1. e. Subnet the remaining address space to provide 30 host addresses for the BR2 VLAN 20 while wasting the least amount of space. f. Assign the first available subnet to the BR2 VLAN 20. g. Assign the first (lowest) address in this subnet to the Fa0/0.20 subinterface on BR2. h. Subnet the remaining address space to provide 6 host addresses for the BR2 VLAN 1 while wasting the least amount of space. i. j. Assign the first available subnet to the BR2 VLAN 1. Assign the first (lowest) address in this subnet to the Fa0/0.1 subinterface on BR2.

k. Assign the second address in this subnet to the VLAN 1 interface on S1.

Step 2: Configure BR2 with IP Addressing and Inter-VLAN Routing.


NOTE: The user EXEC mode password is cisco and the privileged EXEC mode password is classfor BR2 and S1.

Finish the basic configuration of BR2 by addressing the interfaces according to your IP addressing scheme completed in Step 1. For each Fast Ethernet subinterface, the VLAN number matches the subinterface number. Wait to configure the serial subinterface IP addressing until Step 5.

Step 3: Configure S1 with IP Address, VLANs and as the STP Root Bridge.
NOTE: S2 is already configured. You do not have access to S2. On S1, you will receive a Domain Mismatch message every 30 seconds until S1 is correctly configured. a. Configure the S1 VLAN 1 interface with the correct IP addressing as determined in Step 1 b. Configure the default gateway. c. Establish an 802.1q trunk with BR2 and with S2. After STP converges, S1 should be able to ping both BR2 and S2. d. S1 should be configured as a VTP server for the discovery domain. Set the VTP password to cisco. S2 is already configured as a client for this domain. e. Create and name two VLANs on the VTP server. Names are case-sensitive: VLAN 10, Name: Staff VLAN 20, Name: Guest

f. Assign VLAN 10 to the Fa0/10 interface for H1 access. g. Use a priority of 4096 to set S1 as the STP root for all VLANs.

Step 4: Configure and Verify Host Addressing.


NOTE: H2 is already configured. You cannot access it directly. However, you can use the Add Simple PDU tool to test connectivity from H2 to other devices. a. Configure H1 with IP addressing according to your design in Step 1. b. Verify that H1 can ping the default gateway and H2.

Step 5: Configure and Verify Frame Relay.


a. Configure BR2 to use a point-to-point Frame Relay link through the SP-FR cloud to Edge3. Configure IP addressing according to the Addressing Table. Assume Inverse ARP is disabled and configure DLCI 101.

b. Verify that Frame Relay is operational between BR2 and Edge3. c. BR2 should be able to ping the directly-connected interface of Edge3.

Step 6: Configure EIGRP Routing on BR2.


a. Configure BR2 for EIGRP routing and use the following requirements: Use AS 100. Configure the classful network addresses without wildcards. Do not advertise the network that is shared with the ISP.

b. Verify that BR2 is now a neighbor with Edge3. c. H1 should be able to ping Discovery Server. d. Use the Add Simple PDU tool to verify that H2 can ping Discovery Server.

Step 7: Configure and Verify a Backup Link to Edge3.


a. The link to ISP is used as a backup link in case the Frame Relay network goes down. Configure a floating static route on BR2 to the Edge3 LAN subnet. Use the outbound interface argument in your configuration. Use an administrative distance of 100.

Ip summary-address eigrp 172.16.1.128 255.255.255.192 100 b. Verify that the backup link is operational by temporarily shutting down the Serial 0/0/0 interface.

c. H1 and H2 should still be able to ping Discovery Server after the network converges. d. Restore the Serial 0/0/0 interface and verify that the Frame Relay network is operational again.

Step 8: Configure Access Control Lists.


a. Configure and apply an access control list with the case-sensitive name VLAN20 based on the following security policy: VLAN 20 should not be able to access VLAN 10. VLAN 20 should not be able to access the Edge3 LAN using HTTP (port 80) or HTTPS (port 443). All other traffic is allowed.

b. Verify that the access control list satisfies the security policy.

Switch 1
Int vlan 1 Ip add 172.16.1.226 255.255.255.248 No shut Exit Ip default-gateway 172.16.1.225 Conf t Int fa 0/2 Switchport mode access Switchport mode trunk Exit Int fa 0/1 Switchport mode access Switchport mode trunk end conf t Vtp domain discovery Vtp password cisco Vtp mode server Vlan 10 Name Staff Exit Vlan 20 Name Guest Exit Int fa0/10 Switchport mode access

Switchport access vlan 10 Exit Conf t Spanning-tree vlan 1 priority 4096 Spanning-tree vlan 10 priority 4096 Spanning-tree vlan 20 priority 4096 Exit

Copy run start BR2(router)


Int fa0/0 No shut Int fa0/0.1 encapsulation dot1Q 1 Ip add 172.16.1.225 255.255.255.248 Exit Int fa0/0.10 encapsulation dot1Q 10 Ip add 172.16.1.129 255.255.255.192 Exit int fa0/0.20 encapsulation dot1Q 20 Ip add 172.16.1.193 255.255.255.224 exit interface serial 0/0/0 encapsulation frame-relay no shutdown exit interface serial 0/0/0.101 point-to-point ip address 172.31.1.1 255.255.255.252 frame-relay interface-dlci 101 exit Conf t Router eigrp 100 network 172.16.1.224 network 172.16.1.128

network 172.16.1.192 network 172.31.1.0 exit Int fa0/0 ip summary-address eigrp 100 172.16.1.128 255.255.255.192 150 exit Int fa0/1 ip summary-address eigrp 100 172.16.1.128 255.255.255.192 150 exit Int s0/0/0 ip summary-address eigrp 100 172.16.1.128 255.255.255.192 150 exit Conf t Ip route 172.17.1.0 255.255.255.248 fa0/1 100 Ip access-list extended VLAN20 deny ip 172.16.1.193 0.0.0.31 172.16.1.129 0.0.0.63 deny tcp 172.16.1.193 0.0.0.31 172.17.1.0 0.0.0.7 eq 80 deny tcp 172.16.1.193 0.0.0.31 172.17.1.0 0.0.0.7 eq 443 permit ip any any Int fa0/0.20 Ip access-group VLAN20 in end

Copy run start Pc


172.16.1.190
255.255.255.192

172.16.1.193 172.17.1.6 Exam by Shynggys