School of Computing and Mathematics

ITC355 Network Design - 201730

Cisco CCNARS-4 Scaling Networks

Skills Assessment 201730

LECTURER: George Zajko

DAY & DATE: Due Thursday 1June 2017 during class time

WRITING TIME: 120 minutes READING TIME: 10 minutes

MATERIALS SUPPLIED BY UNIVERSITY: PCs and Packet Tracer Software Version 6.3 (Not V7!)

MATERIALS PERMITTED IN EXAMINATION:

NUMBER OF QUESTIONS: N/A TOTAL MARKS: 100 marks

INSTRUCTIONS TO CANDIDATES:

This is a closed book skills test. This is implemented as an EIGRP network configuration practical
assessment.

Answer all questions. Each question is has allocated marks on the question paper and total mark
is 100 marks.

Answer these questions in the space provided.

Submit your Packet Tracer file TOGETHER with your written solution to this paper to the
supervisor on the day of the assessment, via email by the due date. Please Save your files
as:

Lastname, Firstname. PKT for the Packet Tracer file

STUDENT NAME: .............................................................. STUDENT No.: .................................

STUDENT SIGNATURE: ...............................................................................................................

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 1

 CCNA Preparation Course Semester 4

Skills Assessment Lab v2

EIGRP, PPP/CHAP & NAT/PAT

Aim
To configure PPP CHAP authentication between two routers using EIGRP as the routing
protocol, and NAT/PAT for IP address translation.

Sydney Auckland
router PPP Link router
Loopback network Loopback network
16.0.0.0
192.168.2.0 / 24 38.0.0.0

S1 (DCE)
192.168.2.1 S0 (DTE)
192.168.2.2 Loopback network
Loopback network
E0 = 10.10.0.1 /16 39.0.0.0
17.0.0.0 E0 = 10.20.0.1 /16

202.168.100.0 /24 Outside

10.10.0.0 /16 Inside 172.16.15.0 /24 Outside
10.20.0.0 /16 Inside

Hub/Switch/Crossover
Hub/Switch/Crossover

10.10.0.2 /16 10.20.0.2 /16

Instructions
- There is a reading time of 15 minutes
- This skills lab has a time limit of 120 minutes. There are 100 available marks

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 2

- Successful completion of this lab assessment will require:
1. successful ping to/from the Sydney host PC to/from the Auckland host PC
2. demonstration of the correct configuration stored in the startup-config file

Objectives
Complete the following tasks throughout the exam:
First configure PPP CHAP on the serial link between the Sydney and Auckland routers
Configure EIGRP on all directly connected networks on each router EXCEPT the translated
networks and the 10.0.0.0. networks on both routers.
Configure NAT so that the Sydney 10.10.0.0 /16 network is translated to 202.168.100.0 /24
network addresses via a pool; and the Auckland 10.20.0.0 /16 network is translated to
172.16.15.0 /24 network addresses via a pool. There is a static mapping of 202.168.100.1
to Sydney Ethernet 0 interface of 10.10.0.1. There is also a static mapping of 172.16.15.1 to
Auckland Ethernet 0 interface of 10.20.0.1
Static routes are set in both directions on both routers to enable the translated network
addresses on both routers to be accessible
Verify connectivity

Pre-configuration

The following items have been preconfigured on all three routers:

Hostnames on all routers
Interface IP addresses, subnet masks, and no shutdown commands
Vty and privileged passwords
Clock rates on DCE interfaces
IP addresses and subnet masks on PCs, including the default gateway IP address.

Following are the actual commands already configured on the devices:

Sydney Router Pre-configuration

hostname Sydney
enable secret class
interface serial0
shutdown
interface serial1
ip address 192.168.2.1 255.255.255.0
clock rate 64000
no shutdown
interface ethernet0
ip address 10.10.0.1 255.255.0.0
no shutdown
line con 0
logging synchronous
line vty 0 4
password cisco
login

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 3

Auckland Router Pre-configuration

hostname Auckland
enable secret class
interface serial0
ip address 192.168.2.2 255.255.255.0
no shutdown
interface ethernet0
ip address 10.20.0.1 255.255.0.0
no shutdown
line con 0
logging synchronous
line vty 0 4
password cisco
login

Configuration Tasks
1. Configure PPP & CHAP

Use the following values to configure PPP encapsulation on the serial link between Sydney
and Auckland:
Configure the link between Sydney and Auckland with PPP encapsulation.

Use the following values to configure CHAP on Sydney:

Initialise CHAP authentication
Set the hostname of the Sydney router to Sydney
Set the CHAP authentication hostname of the Sydney router to Sydney_City
Set the CHAP password to TransTasman (case sensitive).

Use the following values to configure CHAP on Auckland:

Initialise CHAP authentication
Set the hostname of the Auckland router to Auckland
Set the CHAP authentication hostname of the Auckland router to Auckland _City
Set the CHAP password to TransTasman (case sensitive).

NOTE that the CHAP authentication passwords must match on both routers. Try changing it
on one router, save the configuration, and then re-boot the other router to see whether
authentication takes place. You will need to view the authentication packets realtime on the
non-booting router, say, Sydney:
Sydney# debug ppp authentication

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 4

2. Configure EIGRP
Use the following values to configure the routing between Sydney and Auckland.

Configure EIGRP routing between Sydney and Auckland. Enable EIGRP only on the
following networks (but not all, of course, on the same router):

- 192.168.2.0 255.255.255.0
- 16.0.0.0 255.0.0.0
- 17.0.0.0 255.0.0.0
- 38.0.0.0 255.0.0.0
- 39.0.0.0 255.0.0.0

Both Sydney and Auckland should be able to see the Loopback networks of the
neighbouring router in its routing table, as well as the serial link network between the routers.

Use 100 as the autonomous system number for EIGRP

3. Configure NAT on the Sydney Router

Use the following values to configure NAT services on Sydney:

Configure NAT on the Sydney router to translate the 10.10.0.0/16 inside host IP addresses
to the 202.168.100.0/24 outside network address range.

Use PAT, so that all addresses are using only the IP addresses of 202.168.100.10 through
202.168.100.20, with a subnet mask of 255.255.255.0. Call this pool of addresses
Sydney_public_access

Create a static mapping of 202.168.100.1 to Sydney Ethernet 0 interface of 10.10.0.1. This

will allow other routers to ping the Ethernet 0 interface of Sydney with the command ping
202.168.100.1

4. Configure NAT on the Auckland Router

Use the following values to configure NAT services on Auckland:

Configure NAT on the Auckland router to translate the 10.20.0.0/16 inside host IP addresses
to the 172.16.15.0 /24 outside network address range.

Use PAT, so that all addresses are using only the IP addresses of 172.16.15.10 through
172.16.15.20, with a subnet mask of 255.255.255.0. Call this pool of addresses
Auckland_public_access

Create a static mapping of 172.16.15.1 to Auckland Ethernet 0 interface of 10.20.0.1. This

will allow other routers to ping the Ethernet 0 interface of Auckland with the command ping
172.16.15.1.
Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 5
5. Configure a static route to the Auckland Router on the Sydney Router
Set up a static route on the Sydney router so that the translated network 172.16.15.0 /24
becomes accessible via the Auckland router serial interface 192.168.2.2. Use the appropriate
subnet mask for the /24 subnet.

6. Configure a static route to the Sydney Router on the Auckland Router

Set up a static route on the Auckland router so that the translated network 202.168.100.0 /24
becomes accessible via the Sydney router serial interface 192.168.2.1. Use the appropriate
subnet mask for the /24 subnet.

7. Configuration in startup-config file on the Sydney Router

Save the completed configuration file, and display its contents.

8. Configuration in startup-config file on the Auckland Router

Save the completed configuration file, and display its contents.

9. Demonstration of correct NAT translations on the Sydney Router

Use the appropriate command to display the contents of the NAT translation table kept in
RAM on the Sydney router.

10. Demonstration of correct NAT translations on the Auckland Router

Use the appropriate command to display the contents of the NAT translation table kept in
RAM on the Auckland router.

11. Demonstration of pinging the two translated 10.20.0.0/16 addresses on

the Auckland Router from the Sydney Router
After viewing the contents of the NAT translation table, show the translated 10.20.0.0
addresses on the Auckland router respond to the ping command from the Sydney router.

12. Demonstration of pinging the two translated 10.10.0.0/16 addresses on

the Sydney Router from the Auckland Router
After viewing the contents of the NAT translation table, show the translated 10.10.0.0
addresses on the Sydney router respond to the ping command from the Auckland router.

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 6

Your Tasks
1. Configure PPP & CHAP
Configure the link between Sydney and Auckland with PPP encapsulation.

1.1 Using the correct prompt, write out the command to set PPP encapsulation on the
Sydney router:

(1 Mark)

1.2 Using the correct prompt, write out the command to set PPP encapsulation on the
Auckland router:

(1 Mark)

1.3 Use the following values to configure CHAP on Sydney:

Initialise CHAP authentication
Set the CHAP authentication hostname of the Sydney router to Sydney_City
Set the hostname of the Sydney router to Sydney
Set the CHAP password to TransTasman

Your router commands:

(10 Marks)

1.4 Use the following values to configure CHAP on Auckland:

Initialise CHAP authentication
Set the CHAP authentication hostname of the Auckland router to Auckland_City
Set the hostname of the Auckland router to Auckland
Set the CHAP password to TransTasman

Your router commands:

(10 Marks)
Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 7
2. Configure EIGRP
Use the following values to configure the routing between Sydney and Auckland.

Take 100 as the autonomous system number for EIGRP

Configure EIGRP routing between Sydney and Auckland. Enable EIGRP only on the
following networks:

- 192.168.2.0 255.255.255.0
- 16.0.0.0 255.0.0.0
- 17.0.0.0 255.0.0.0
- 38.0.0.0 255.0.0.0
- 39.0.0.0 255.0.0.0

2.1 Using the correct prompt, write out the commands to initialise EIGRP routing on the
Sydney router. Recall that on each router, only the directly connected networks and Loopback
networks have to be entered, EXCEPT the translated networks and the 10.0.0.0. networks on
both routers. . The routing process will distribute the information about these advertised
directly connected network to other routers.

Your router command:

(4 Marks)

2.2 Using the correct prompt, write out the commands to initialise EIGRP routing on the
Auckland router. Recall that on each router, only the directly connected networks have to be
entered. The routing process will distribute the information about these directly connected
network to other routers

Your router command:

(4 Marks)

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 8

2.3 Both Sydney and Auckland should be able to see the Loopback networks of the
neighbouring router in its routing table, as well as the serial link network between the routers.
Using the correct prompt, write out the command to view the contents of the routing table on
the Sydney router. Briefly interpret, in your own words, what this table shows.

Your router command:

(3 Marks)

2.4 Using the correct prompt, write out the command to view the contents of the routing
table on the Auckland router. Briefly interpret, in your own words, what this table shows.

Your router command:

(3 Marks)

3. Configure NAT on the Sydney Router

3.1 Write out the commands, using the following values, to configure NAT services on the
Sydney router.

Configure NAT on the Sydney router to translate the 10.10.0.0/16 inside host IP addresses
to the 202.168.100.0/24 outside network address range.

Use PAT, so that all addresses are using only the IP addresses of 202.168.100.10 through
202.168.100.20, with a subnet mask of 255.255.255.0. Call this pool of addresses
Sydney_public_access

Create a static mapping of 202.168.100.1 to Sydney Ethernet 0 interface of 10.10.0.1. This

will allow other routers to ping the Ethernet 0 interface of Sydney with the command ping
202.168.100.1. Verify that the Auckland PC can ping both the Ethernet 0 interface of Sydney
and the Sydney PC.

Your router commands:

(10 Marks)
Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 9
4. Configure NAT on the Auckland Router
4.1 Use the following values to configure NAT services on Auckland router:

Configure NAT on the Auckland router to translate the 10.20.0.0/16 inside host IP addresses
to the 172.16.15.0/24 outside network address range.

Use PAT, so that all addresses are using only the IP addresses of 172.16.15.10 through
172.16.15.20, with a subnet mask of 255.255.255.0. Call this pool of addresses
Auckland_public_access

Create a static mapping of 172.16.15.1 to Auckland Ethernet 0 interface of 10.20.0.1. This

will allow other routers to ping the Ethernet 0 interface of Auckland with the command ping
172.16.15.1. Verify that the Sydney PC can ping both the Ethernet 0 interface of Auckland
and the Auckland PC.

Your router commands:

(10 Marks)

5. Configure a static route to the Auckland Router on the Sydney Router

5.1 Use the following values to configure the static route to Auckland:

Set up a static route on the Sydney router so that the translated network 172.16.15.0 /24
becomes accessible via the Auckland router serial interface 192.168.2.2. Use the appropriate
subnet mask for the /24 subnet.
Your router command:

(2 Marks)

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 10

6. Configure a static route to the Sydney Router on the Auckland Router
6.1 Use the following values to configure the static route to Sydney:
Set up a static route on the Auckland router so that the translated network 202.168.100.0 /24
becomes accessible via the Sydney router serial interface 192.168.2.1. Use the appropriate
subnet mask for the /24 subnet.

Your router command:

(2 Marks)

7. Test CHAP on the Sydney Router

7.1 Ping the Auckland serial interface from the Sydney PC, and using the correct prompt,
write out the command that will display the realtime CHAP authentication packet exchanges
as they actually occur (hint: debug). After switching on the display of realtime authentication
packet exchanges, you may need to save the Sydney and Auckland router configurations, and
then restart ONLY the Auckland router.

Your router command:

(1 Mark)

8. Test CHAP on the Auckland Router

8.1 Ping the Sydney serial interface from the Auckland PC, and using the correct prompt,
write out the command that will display the realtime CHAP authentication packet exchanges
as they actually occur (hint: debug). After switching on the display of realtime authentication
packet exchanges, you may need to save the Sydney and Auckland router configurations, and
then restart ONLY the Sydney router.

Your router command:

(1 Mark)

8.2 Write out the command that will display realtime PPP negotiation packets (hint: debug).
Again it may be necessary to save the configurations on each router, and then reload one of
them while watching the output generated on the other in Hyperterminal.
Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 11
Your router command:

(2 Marks)

8.3 Change the password for CHAP authentication ONLY on the Auckland router to
Oceanic, save the configuration, and then reboot the Sydney router. Monitor the PPP
authentication on the Auckland router with:
Auckland# debug ppp authentication

Your router commands to change the password for CHAP authentication:

(2 Marks)

9. Test NAT on the Sydney Router

9.1 To ensure that the ICMP echo requests and echo replies do not age out in the NAT table
type in the following line:

Sydney(config)# ip nat translation icmp-timeout never

Ping the Auckland serial interface from the Sydney PC, and using the correct prompt, write
out the command to view the contents of the NAT translation table on the Sydney router.
Also, write out the command that will show the realtime address translations as they actually
occur. What does this table show?

Your router commands:

(3 Marks)
9.2 Ping the Auckland PCs translated IP address (not the actual IP address, because this
has been translated by NAT) from the Sydney PC, and using the correct prompt, write out the
command to view the contents of the NAT translation table on the Sydney router. Also, write

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 12

out the command that will show the realtime address translations as they actually occur. What
does this table show?

Your router commands:

(3 Marks)

10. Test NAT on the Auckland Router

10.1 To ensure that the ICMP echo requests and echo replies do not age out in the NAT
table type in the following line:

Auckland(config)# ip nat translation icmp-timeout never

Ping the Sydney serial interface from the Auckland PC, and using the correct prompt, write
out the command to view the contents of the NAT translation table on the Auckland router.
Also, write out the command that will show the realtime address translations as they actually
occur. What does this table show?

Your router commands:

(3 Marks)

10.2 Ping the Sydney PCs translated IP address (not the actual IP address, because this has
been translated by NAT) from the Auckland PC, and using the correct prompt, write out the
Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 13
command to view the contents of the NAT translation table on the Sydney router. Also, write
out the command that will show the realtime address translations as they actually occur. What
does this table show?

Your router commands:

(3 Marks)

11. Configuration in startup-config file on the Sydney Router

(2 Marks)

12. Configuration in startup-config file on the Auckland Router

(2 Marks)

13. Demonstration of correct NAT translations on the Sydney Router

(5 Marks)

14. Demonstration of correct NAT translations on the Auckland Router

(5 Marks)

15. Demonstration of pinging the two translated 10.20.0.0/16 addresses on the

Auckland Router from the Sydney Router
(4 Marks)

16. Demonstration of pinging the two translated 10.10.0.0/16 addresses on the Sydney
Router from the Auckland Router
(4 Marks)

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 14

EIGRP, PPP/CHAP, NAT/PAT Skills Assessment Lab Marking Sheet

STUDENT: DATE: .
Task Task Name Max. Actual Comment
No. Mark Mark
1.1 PPP encapsulation Sydney 1

1.2 PPP encapsulation Auckland 1

1.3 CHAP on Sydney 10

1.4 CHAP on Sydney 10

2.1 EIGRP on Sydney 4

2.2 EIGRP on Auckland 4

2.3 Routing table on Sydney 3

2.4 Routing table on Auckland 3

3.1 NAT & PAT on Sydney 10

4.1 NAT & PAT on Auckland 10

5.1 Static route on Sydney 2

6.1 Static route on Auckland 2

7.1 Ping & CHAP authentication Sydney 1

8.1 Ping & CHAP authentication 1

Auckland
8.2 PPP negotiation Sydney & Auckland 2

8.3 Change password on Auckland 2

9.1 Sydney NAT test to Auckland serial 3

9.2 Sydney NAT test to Auckland PC 3

10.1 Auckland NAT test to Sydney serial 3

10.2 Auckland NAT test to Sydney PC 3

11 Configuration file on Sydney 2

12 Configuration file on Auckland 2

13 Demonstrate NAT on Sydney 5

14 Demonstrate NAT on Auckland 5

15 Demonstrate ping of translated 4

addresses from Sydney
16 Demonstrate ping of translated 4
addresses from Auckland

Cisco Networking Academy Semester 4 Skills Assessment Lab v2 18-05-2017 Page 15