FINAL SKILLS EXAM IN EXPLORATION 4 INSTRUCTIONS: I. a. b. ADDRESSING Use the first usable IP address of each LAN as a gateway.

Unless the address is indicated, use the tenth usable IP address of each LAN for each host shown in the topology. VLAN VLANs VLAN 50 VLAN 60 VLAN 70 VLAN 99 Names Engineering IT Finance Management&Native Port Fa0/6-10 Assignments Fa0/11-17 Fa0/18-24 Fa0/1-5 Subnet Addresses 192.168.50.0/24 192.168.60.0/24 192.168.70.0/24 192.168.99.0/24

II.

a. Configure VLAN 99 as the management and native VLAN. b. Ensure S6 as the root bridge. c. Ensure S6 as the server for VTP, S7 and S8 are the clients. Use CCNA as the domain name and cisco as the password. d. Perform all other necessary configurations to provide full connectivity among devices (PCs, switches and router).

III.

FRAME RELAY DLCI Mappings From To HQ R3 HQ N/A 103 R3 301 N/A R4 401 403

R4 104 304 N/A

a. Configure static maps on HQ, R3 and R4. b. Use the subnet 10.3.3.0/29 for WAN addressing. c. All routing through R3 and R4 must be done with static and default routing.

IV.

DHCP a. Configure R1 as DHCP server for all of its LANs. Exclude the first nine usable IP addresses.

V.

ENCAPSULATION, ROUTING PROTOCOL AND AUTHENTICATIONS a. b. c. d. e. f. Configure OSPF on HQ, R1 and R2 using process ID 1 and area 0. Link between HQ and ISP must have static and default routing. Propagate the default route to OSPF neighbors. Disable OSPF updates on appropriate interfaces. Configure PPP-PAP authentication and OSPF simple authentication on the serial link between HQ and R1. Configure PPP-CHAP authentication and OSPF MD5 authentication on the serial link between HQ and R2.

VI.

NAT a. Configure static NAT for an inside server located at network 192.168.40.0/24. b. Configure dynamic NAT to allow ALL internal hosts of VLANs 50, 60 and 70 to access the outside network at the same time.

VII.

ACLs Network Policy 1 a. Configure standard named ACLs on R1 and R2 permitting their respective hosts to gain telnet access. Explicitly deny all other connections. Network Policy 2 a. Prohibit traffic from the LAN of S1 from reaching the LAN of S2. b. Prohibit traffic from the LAN of S2 from reaching the LAN of S1. Network Policy 3 a. Block 192.168.10.0 network from accessing the 192.168.30.0 network. All other access to 192. 168.30.0 is allowed. b. Host 192.168.30.10 is not allowed to access host 192.168.11.10. All other hosts are allowed to access 192.168.11.10. c. Hosts 192.168.30.1 through 192.168.30.63 are not allowed WEB access to the outside WEB server. All other access is allowed.

Network Policy 4 a. Outside hosts are allowed to establish a WEB session with the internal WEB server at port 80 only. b. Allow only inbound ping replies from ISP and any source beyond ISP. c. Allow only established TCP sessions from ISP and any source beyond ISP. d. Explicitly block all other inbound access from ISP and any source beyond ISP.

Grading System: VLAN Frame Relay Static Routing WAN Encapsulation OSPF & Authentication DHCP & NAT ACL Full Connectivity = 25 pts. = 25 pts. = 25 pts. = 25 pts. = 25 pts. = 25 pts. = 25 pts. = 25pts = 200 pts. Note: Points will be provided based on the functionality per criterion and not on the configurations done.

--- GOOD LUCK ---