Sie sind auf Seite 1von 5

DRSEnt OSPF/ACL PT Practice SBA

A few things to keep in mind while completing this activity:


1. Do not use the browser Back button or close or reload any exam windows during the exam.
2. Do not close Packet Tracer when you are done. It will close automatically.
3. lick the Submit Assessment button to submit your work.
Introduction
In this practice Packet Tracer !kills "xam# you will do as follows:
finish the configuration of a partially configured network
establish connectivity within the enterprise and to the Internet
implement access control lists based on a set of security policies
Addressing Table
Deice Inter!ace Address Subnet "ask De!ault #ate$a%
$%
&a'(' )*+.),.)''.-* +...+...+...+/' n(a
!'('(' )*+.),.)''.)+) +...+...+...+.+ n(a
!'()(' )*+.),.)''.)+. +...+...+...+.+ n(a
!'('() +'-.),..+').+ +...+...+...+.+ n(a
0o' )'.'.'.1 +...+...+...+.. n(a
2) &a'(' )*+.),.)''.,. +...+...+...++/ n(a
&a'() )*+.),.)''.))1 +...+...+...+/3 n(a
!'('(' )*+.),.)''.)++ +...+...+...+.+ n(a
0o' )'.'.'.) +...+...+...+.. n(a
2+
&a'(' )*+.),.)''.) +...+...+...)-+ n(a
&a'() n(a
!'('(' )*+.),.)''.)+, +...+...+...+.+ n(a
0o' )'.'.'.+ +...+...+...+.. n(a
$) 4I )*+.),.)''./ +...+...+...)-+ )*+.),.)''.)
$+ 4I )*+.),.)''.. +...+...+...)-+ )*+.),.)''.)
$1 4I
5eb !erver 4I
)*+.),.)''.)''
)+3.)'*.'.)'
+...+...+...+/' )*+.),.)''.-*
&OTE' The password for user "6" mode is cisco. The password for privileged "6" mode
is class.
Ste( )' Con!igure t*e Deice Basics+
7se the IP addresses in the Addressing Table and your subnetting skills to determine the missing IP
addresses according to the following guidelines:
a. onfigure &a'() interface on 2+ with the highest 8last9 host IP address in the subnet.
b. onfigure $1 with the highest 8last9 host IP address in the subnet
c. :erify connectivity.
Ste( ,' Con!igure OSPF+
a. 7se the following re;uirements to configure <!P& on $%# 2)# and 2+.
7se the process ID ).
Advertise each subnet individually in area ' with its corresponding wildcard mask. 8$%
should not advertise the link to the Internet.9
:erify <!P& convergence.
b. onfigure <!P& authentication on the links between 2) and 2+# 2) and $%# and 2+ and $%.
"ncrypt the updates using =D. authentication. Authentication should be enabled for the
entire area '.
<n the appropriate interfaces# use a key ID of - and the password itsasecret.
:erify <!P& convergence.
c. =odify the <!P& configuration.
=odify both sides of the link between $% and 2+ to reflect the actual bandwidth of 13/
>b(s.
hange the priority on 2) so that it is the preferred D2 for the 0A4 it shares with 2+.
d. Propagate a default route in the <!P& updates.
onfigure a default route on $% and point it to the Internet. 7se the outbound
inter!ace argument.
onfigure <!P& to advertise the default route to neighbors.
e. :erify connectivity.
Ste( .' Con!igure Access Control Lists+
a. &ilter inbound traffic from the Internet. onfigure and apply a single ACL numbered 100 on the correct
router that will implement the following policy in order:
Allow only $TTP access to the Inside 5eb !erver at its public address )+3.)'*.'.)'.
Allow all established TP connections.
Allow all I=P replies and unreachable messages.
b. :erify that the policy is successfully implemented.
c. &ilter traffic from the 2+ 0A4. onfigure and apply on the router a single ACL numbered 115 that will
limit network traffic and will implement the following policy:
$osts from the 0A4 connected to the &a'(' interface of 2+ are blocked from accessing
hosts on the 2) 2?D 0A4.
All other traffic is allowed anywhere.
d. :erify that the policy is successfully implemented.
Ste( /' 0eri!% Connectiit%+
7sing tools such as (ing and s*o$ commands# verify authori@ed connectivity in the network.


Otet% dl%a c*ainiko ot S*%ngg%s
Router )
Aonfigure <!P&
onf t
router ospf )
network )*+.),.)''.,/ '.'.'.1) area '
network )*+.),.)''.))+ '.'.'.* area '
network )*+.),.)''.)+' '.'.'.1 area '
logBadCacencyBchanges
area ' authentication messageBdigest
exit
int 0o'
ip address )'.'.'.) +...+...+...+..
no shut
exit
A
interface s'('('
ip ospf messageBdigestBkey . md. itsasecret
exit
A
interface &a'('
ip ospf messageBdigestBkey . md. itsasecret
exit
A
A
interface &a'()
ip ospf priority .'
ip ospf messageBdigestBkey . md. itsasecret
end
copy run start
Router ,
A
onf t
interface &a'()
ip address )*+.),.)''.))3 +...+...+...+/3
no shutdown
exit
A
interface 0o'
ip address )'.'.'.+ +...+...+...+..
no shutdown
exit
A
interface &a'('
ip address )*+.),.)''.) +...+...+...)-+
no shutdown
exit
A
A
interface !'('('
ip address )*+.),.)''.)+, +...+...+...+.+
no shutdown
exit
A
router ospf )
network )*+.),.)''.' '.'.'.,1 area '
network )*+.),.)''.))+ '.'.'.* area '
network )*+.),.)''.)+/ '.'.'.1 area '
network )*+.),.)''.)+' '.'.'.1 area '
logBadCacencyBchanges
A
area ' authentication messageBdigest
exit
A
interface s'('('
bandwidth 13/
ip ospf messageBdigestBkey . md. itsasecret
exit
A
interface &a'('
ip ospf messageBdigestBkey . md. itsasecret
exit
A
A
interface &a'()
ip ospf priority +.
ip ospf messageBdigestBkey . md. itsasecret
exit
A
AccessBlist )). deny ip )*+.),.)''.' '.'.'.,1 )*+.),.)''.,/ '.'.'.1)
AccessBlist )). permit ip any any
A
interface &a'('
ip accessBgroup )). in
end
copy run start
12
A
onf t
router ospf )
network )*+.),.)''.-, '.'.'.). area '
network +'-.),..+').' '.'.'.1 area '
network )*+.),.)''.)+' '.'.'.1 area '
network )*+.),.)''.)+/ '.'.'.1 area '
network )*+.),.)''.)+' '.'.'.1 area '
logBadCacencyBchanges
A
area ' authentication messageBdigest
exit
A
interface s'('('
ip ospf messageBdigestBkey . md. itsasecret
exit
A
interface 0o'
ip address )'.'.'.1 +...+...+...+..
no shutdown
exit
A
interface s'('()
ip ospf messageBdigestBkey . md. itsasecret
exit
A
interface s'()('
bandwidth 13/
ip ospf messageBdigestBkey . md. itsasecret
exit
A
interface &a'()
ip ospf messageBdigestBkey . md. itsasecret
exit
A
A
configure terminal
ip route '.'.'.' '.'.'.' s'('()
A
router ospf )
defaultBinformation originate
exit
A
A
accessBlist )'' permit tcp any host )+3.)'*.'.)' e; 3'
accessBlist )'' permit tcp any any established
accessBlist )'' permit icmp any any unreachable
accessBlist )'' permit icmp any any echoBreply
A
interface s'('()
ip accessBgroup )'' in
end
copy run start
vsem udachi999
4" DAE7DF 4API!ATF <PG 274 !TA2T 4A 2<7T"2A6 I !5IT$"999
Ey shynggys