CCNA 2 Routing and Switching – Routing Protocols – Skill Assessment – PT

CCNA 2 Routing and Switching
Routing Protocols

Routing Protocols OSPF Practice Skills Assessment – Packet Tracer

A few things to keep in mind while completing this activity:
1. Do not use the browser Back button or close or reload any exam windows during the exam.
2. Do not close Packet Tracer when you are done. It will close automatically.
3. Click the Submit Assessment button in the browser window to submit your work.
Introduction

In this practice skills assessment, you will configure the Our Town three-router network with multiarea OSPFv2. As part of this process, you will perform basic router configuration tasks, address router interfaces and hosts, and implement two ACLs.

All IOS device configurations should be completed from a direct terminal connection to the device console.

Some values that are required to complete the configurations have not been given to you. In those cases, create the values that you need to complete the requirements. These values may include certain IP addresses, passwords, interface descriptions, banner text, and other values.

You will practice and be assessed on the following skills:

Configuration of initial device settings
IPv4 address assignment
Configuration and addressing of router interfaces
Configuration of the multiarea OSPFv2 routing protocol
Configuration of a default route and a static summary route.
Configuration of ACL to limit device access
You are only required to configure the following devices. See the instructions for details.

Police:
Configuration of initial router settings
Interface configuration and IPv4 addressing
Configuration of multiarea OSPFv2

Central:
Interface configuration and IPv4 addressing
Configuration of multiarea OSPFv2
Configuration of IPv4 route summarization
Configuration and propagation of a default route
Configuration of ACLs

Fire:
Interface configuration and IPv4 addressing
Configuration of multiarea OSPFv2
Internal PC hosts:
IPv4 full addressing

Addressing Table

Note: You are provided with the networks that interfaces should be configured on. Unless you are told to do differently in the detailed instructions below, you are free to choose the host addresses to assign.

The following addresses have been preconfigured:

Instructions

Step 1: Determine the Addresses to Assign

Determine the IP addresses that you plan to use for the required interfaces on the three routers, and the four LAN hosts. Refer to the addressing table and follow the guidelines below:

• The first IP addresses in the networks that are provided in the addressing table should be assigned to the LAN and loopback interfaces.
• The first address in the Central subnet that is connected to the Internet has already been assigned to the ISP end of the connection in the Internet cloud.
• Any valid host address in the networks that are provided in the addressing table can be assigned to the serial interfaces.
• Any valid host addresses in the appropriate network can be assigned to the hosts.

Step 2: Configure Police

Configure Police with the following:

• Configure the router with the hostname Police. Your entry must match this value exactly.
• Prevent the router from attempting to resolve command line entries to IP addresses.
• Protect device configurations from unauthorized access with the encrypted password.
• Secure the router console and terminal lines.
• Prevent all passwords from being viewed in clear text in device configuration files.
• Configure a message-of-the-day banner.

Step 3: Configure the Router Interfaces

Configure the interfaces of all routers for full connectivity with the following:

• Configure IP addresses.
• Configure descriptions for all physical router interfaces.
• Configure DCE settings where appropriate. Use a rate of 128000.
• Use loopback 0 when required.

Step 4: Configure and Verify Host Addressing

Assign addresses to the hosts that are connected to the LAN interfaces of the Police and Fire routers.

Step 5: Configure Static and Default Routing

On Central, configure the following static routes:

• A default route to the Internet. This route will be distributed to the other routers in the topology. Use the exit interface argument.
• A summary route to the branch networks. Create a single summary route that will enable connectivity between the three branch networks and all other hosts within the Our Town network, and the appropriate external hosts. Use the exit interface argument.

Step 6: Configure OSPF Routing

a. On all routers:

• Configure multiarea OSPFv2 to route between all internal networks. Use a process ID of 1.
• Use the area numbers shown in the topology.
• Use the correct inverse masks for all network statements.
• Prevent routing updates from being sent to the LANs.

b. On the Central router:

• Configure multiarea OSPFv2 to distribute the default route to Police and Fire.

Step 7: Customize Multiarea OSPFv2

Customize multiarea OSPFv2 by performing the following configuration tasks:

a. Set the bandwidth of the serial interfaces to 128 kb/s.

b. Configure OSPF router IDs as follows:

• Police: 1.1.1.1
• Central: 2.2.2.2
• Fire: 3.3.3.3

c. Configure the OSPF cost of the link between Police and Central to 7500.

Step 8: Configure OSPF MD5 Authentication on the Required Interfaces

Configure OSPF to authenticate routing updates with MD5 authentication on the OSPF interfaces.

• Use a key value of 1.
• Use xyz_OSPF as the password.
• Apply MD5 authentication to the correct interfaces.

Step 9: Configure Access Control Lists

You will configure two access control lists on Central. You must use the any and host keywords in the ACL statements where required. The ACL specifications are as follows:

a. Restrict access to the vty lines on Central with a named standard ACL:

• Create a named standard ACL using the name MANAGE. Be sure that you use this name exactly as it appears in these instructions (case and spelling).
• Allow the NetAdmin Host to access the vty lines of Central.
• No other Internet hosts (including Internet hosts not visible in the topology) should be able to access the vty lines of Central.
• Your solution should consist of one ACL statement.

b. Control traffic from the Internet by creating an extended ACL:

• Use access list number 101.
• Allow the external NetAdmin Host full access to the Our Town network.
• Allow hosts within the network to ping outside hosts by allowing responses to ping requests to enter the network.
• Allow any other traffic that is in response to requests for data from the LANs. Use the any keyword.
• All other traffic should be denied. Be sure that matches to this condition can be viewed using IOS show commands.
• Your ACL should consist of four statements.
• Your ACL should be placed in the most efficient location as possible to conserve network bandwidth and device processing resources.

NOTA: Si esta configuración compartida por uno de nuestros usuarios te ha sido útil háznoslo saber en los comentarios.

 Shared by Gega Sxirtladze

_______HQ R2________
en
conf t

no ip domain-lookup

enable secret cisco

line con 0
logging synchronous

line console 0
password cisco
login

line vty 0 15
password cisco
login

service password-encryption
int s0/0/0
ip addr 192.168.100.21 255.255.255.252
description HQ and Site1
ip ospf cost 7500
ip ospf message-digest-key 1 md5 xyz_OSPF
ip ospf authentication message-digest
bandwidth 128
no shut
exit

int s0/0/1
ip addr 192.168.100.37 255.255.255.252
description HQ and site2
clock rate 128000
ip ospf message-digest-key 1 md5 xyz_OSPF
ip ospf authentication message-digest
bandwidth 128
no shut
exit

int s0/1/0
ip addr 203.0.113.18 255.255.255.248
description HQ and Internet
bandwidth 128
no shut
exit

ip route 0.0.0.0 0.0.0.0 s0/1/0
ip route 192.168.116.0 255.255.252.0 gi0/0

router ospf 1
router-id 2.2.2.2
default-information originate
net 192.168.100.20 0.0.0.3 area 0
net 192.168.100.36 0.0.0.3 area 0

area 0 authentication message-digest
Router(config)#line vty 0 15
Router(config-line)#access-class MANAGE in
Router(config-line)#exit

Router(config)#int s0/1/0
Router(config-if)#ip access-group 101 in
Router(config-if)#exit

Router(config)#ip access-list standard MANAGE
Router(config-std-nacl)#permit host 198.51.100.5
Router(config-std-nacl)#access-list 101 permit ip host 198.51.100.5 any
Router(config)#access-list 101 permit icmp any any echo-reply
Router(config)#access-list 101 permit tcp any any established
Router(config)#access-list 101 deny ip any any
_________site1 R1___________

en
conf t

hostname Site-1

no ip domain-lookup

enable secret cisco

line con 0
logging synchronous

line console 0
password cisco
login

line vty 0 15
password cisco
login

service password-encryption

banner motd % message-of-the-day %

int s0/0/0
ip addr 192.168.100.22 255.255.255.252
description Site1 and HQ
clock rate 128000
ip ospf cost 7500
ip ospf message-digest-key 1 md5 xyz_OSPF
ip ospf authentication message-digest
bandwidth 128
no shut
exit

int gi0/0
ip addr 192.168.8.1 255.255.255.0
description local int
no shut
exit

int gi0/1
ip addr 192.168.9.1 255.255.255.0
description local int
no shut
exit

int loo 0
ip addr 192.168.10.1 255.255.255.0
exit
router ospf 1
router-id 1.1.1.1
net 192.168.100.20 0.0.0.3 area 0
net 192.168.8.0 0.0.0.255 area 3
net 192.168.9.0 0.0.0.255 area 3

passive-interface gi0/0
passive-interface gi0/1

area 3 authentication message-digest
_________Site 2 R3__________
en
conf t

int s0/0/1
ip addr 192.168.100.38 255.255.255.252
description Site2 and HQ
ip ospf message-digest-key 1 md5 xyz_OSPF
ip ospf authentication message-digest
bandwidth 128
no shut
exit

int gi0/0
ip addr 192.168.12.1 255.255.255.0
description local int
no shut
exit

int gi0/1
ip addr 192.168.13.1 255.255.255.0
description local int
no shut
exit

int loo 0
ip addr 192.168.14.1 255.255.255.0
exit
router ospf 1
router-id 3.3.3.3
net 192.168.100.36 0.0.0.3 area 0
net 192.168.12.0 0.0.0.255 area 4
net 192.168.13.0 0.0.0.255 area 4

passive-interface gi0/0
passive-interface gi0/1

area 4 authentication message-digest