EWAN NAT/ACL PT Practice SBA

A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any exam windows during the exam. 2. Do not close Packet Tracer when you are done, it will close automatically. 3. Click the Submit Assessment button to submit your work.

Introduction
In this practice Packet Tracer Skills Exam, you are expected to do as follows: Implement the addressing in the network to meet the stated requirements. Configure and verify a DHCP server implementation. Configure and verify WAN technologies. Configure EIGRP to enable communication with the rest of the network. Configure NAT to translate addresses for traffic that is destined to the Internet. Implement access control lists as part of a security policy.

Addressing Table
Device Interface Fa0/0 R1 S0/0/0 S0/0/1.101 S0/0/0 R2 S0/0/1.201 S0/1/0 Fa0/0 R3 S0/0/0 S0/0/1 PC1 PC3 NIC NIC Address 172.16.1.193 172.30.1.1 10.10.10.1 172.30.1.6 10.10.10.2 209.165.201.2 172.16.1.129 172.30.1.2 172.30.1.5 172.16.1.222 DHCP Assigned Subnet Mask 255.255.255.224 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.192 255.255.255.252 255.255.255.252 255.255.255.224 DHCP Assigned Default Gateway n/a n/a n/a n/a n/a n/a n/a n/a n/a 172.16.1.193 DHCP Assigned

NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.

Step 1: Configure and Verify R3 as the DHCP Server.

a. Configure R3 as the DHCP server for the LAN attached to Fa0/0 using the following guidelines: Use the case-sensitive DHCP pool name of R3_LAN. Exclude the first three host addresses in the subnet.

b. Verify that PC3 now has full IP addressing. It may be necessary to toggle between Static and DHCP on the IP Configuration screen for PC3 before PC3 will send a DHCP request. PC3 should be able to ping the default gateway.

Step 2: Configure WAN Technologies.

a. The link between R3 and R2 uses PPP with CHAP. The password is ciscochap. Verify that R3 and R2 can ping each other. b. The link between R3 and R1 uses HDLC. R3 should be able to ping the other side of the link. Verify that R3 and R1 can ping each other. c. The link between R1 and R2 uses point-to-point Frame Relay subinterfaces. Verify that R1 and R2 can ping each other.

Step 3: Configure and Verify EIGRP Routing.

a. Configure EIGRP routing on R1, R2, and R3. Use AS number 100. Do not use the wildcard mask argument. Do not advertise the network between R2 and the Internet.

b. Configure R2 with a default route using the outbound interface argument. Use one command to propagate the default route into the EIGRP routing process. c. Verify PC1 and PC3 can ping each other as well as R1, R2 and R3. You will not be able to ping Internet hosts yet.

Step 4: Configure R2 with a NAT.

a. Configure NAT on R2 using the following guidelines: Only addresses in the 172.16.1.128/25 address space will be translated. Use the number 1 for the access list. Configure PAT on the R2 S0/1/0 interface.

b. Verify that PC1 and PC3 can ping the Internet hosts.

Step 5: Configure Access Control Lists to Satisfy a Security Policy.

a. Configure and apply an ACL with the number 50 that implements the following policy: Prevent all hosts from the R3 LAN from accessing hosts on the R1 LAN.

b. Verify that ACL 50 is operating as intended. c. Configure and apply a named ACL with the case-sensitive name FIREWALL that implements the following policy: Deny ping requests sourced from the Internet. Deny Telnet and HTTP traffic sourced from the Internet. Allow all other traffic.

d. Verify that the FIREWALL ACL is operating as intended.

Version 2.0 Created in Packet Tracer 5.3.2.0027 and Marvel 1.0.1 All contents are Copyright 1992 - 2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

SOLUCION ESTA CON 96% R1

R1#show run Building configuration...

Current configuration : 1353 bytes version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption hostname R1 enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ip ssh version 1 ip name-server 0.0.0.0 spanning-tree mode pvst interface FastEthernet0/0 ip address 172.16.1.193 255.255.255.224 ip access-group 50 out duplex auto speed auto interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 ip address 172.30.1.1 255.255.255.252

clock rate 2000000 interface Serial0/0/1 no ip address encapsulation frame-relay interface Serial0/0/1.101 point-to-point ip address 10.10.10.1 255.255.255.252 frame-relay interface-dlci 101 clock rate 2000000 interface Vlan1 no ip address shutdown router eigrp 100 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.30.0.0 network 10.0.0.0 no auto-summary ip classless access-list 50 deny 172.16.1.128 0.0.0.63 access-list 50 permit any banner motd ^CAuthorized Access Only!^C logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login

line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar End

R2
R2#show run Building configuration... Current configuration : 1762 bytes version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption hostname R2 enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 username R3 password 0 ciscochap ip ssh version 1 ip name-server 0.0.0.0 spanning-tree mode pvst interface FastEthernet0/0 no ip address duplex auto speed auto shutdown interface FastEthernet0/1 no ip address duplex auto speed auto shutdown interface Serial0/0/0 ip address 172.30.1.6 255.255.255.252

encapsulation ppp ppp authentication chap ip nat inside interface Serial0/0/1 no ip address encapsulation frame-relay interface Serial0/0/1.201 point-to-point ip address 10.10.10.2 255.255.255.252 frame-relay interface-dlci 201 ip nat inside clock rate 2000000 interface Serial0/1/0 ip address 209.165.201.2 255.255.255.252 ip access-group FIREWALL in ip nat outside interface Serial0/1/1 no ip address shutdown interface Vlan1 no ip address shutdown router eigrp 100 redistribute static passive-interface Serial0/1/0 network 172.30.0.0 network 10.0.0.0 no auto-summary

ip nat inside source list 1 interface Serial0/1/0 overload ip classless ip route 0.0.0.0 0.0.0.0 Serial0/1/0 access-list 1 permit 172.16.1.128 0.0.0.127 ip access-list extended FIREWALL deny icmp any any echo deny tcp any any eq telnet deny tcp any any eq www permit ip any any banner motd ^CAuthorized Access Only!^C logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar

End

R3
R3#show run Building configuration...

Current configuration : 1323 bytes version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption hostname R3 enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1 ip dhcp excluded-address 172.16.1.129 172.15.1.131 ip dhcp pool R3_LAN network 172.16.1.128 255.255.255.192 default-router 172.16.1.129 username R2 password 0 ciscochap ip ssh version 1 ip name-server 0.0.0.0 spanning-tree mode pvst interface FastEthernet0/0 ip address 172.16.1.129 255.255.255.192 duplex auto speed auto interface FastEthernet0/1 no ip address duplex auto

speed auto shutdown interface Serial0/0/0 ip address 172.30.1.2 255.255.255.252 interface Serial0/0/1 ip address 172.30.1.5 255.255.255.252 encapsulation ppp ppp authentication chap clock rate 2000000 interface Vlan1 no ip address shutdown router eigrp 100 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.30.0.0 no auto-summary ip classless banner motd ^CAuthorized Access Only!^C logging trap debugging line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0

password cisco logging synchronous login line vty 5 15 exec-timeout 0 0 password cisco logging synchronous login ntp update-calendar End