Anda di halaman 1dari 6

Packet Tracer v7 CCNA3 MidTerm Challenge

Topology

Scenario
In this activity, you will set up a medium sized network with MultiArea OSPF. You will need the skills you have
obtained in the previous courses as well as new skills from the first part of Scaling networks as well as
troubleshooting skills. You are responsible for configuring subinterfaces to communicate with the switches.
You will configure VLANs, trunking, EtherChannel, Spanning tree and FHRP to provide redundancy.
Servers are locked and preconfigured. You will connect to the Internet implementing NAT and optimize path
selection in AREA 51. You will have to troubleshoot missing routes and password issues.

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6
Packet Tracer Skills Integration Challenge

Addressing Table AREA 1

Device Interface IP Address Subnet Mask Default Gateway VLAN Association

G0/0 172.31.100.1 255.255.255.0 N/A N/A


R1
G0/1 172.31.1.1 255.255.255.0 N/A N/A
G0/0.10 172.31.10.2 255.255.255.0 N/A VLAN 10
G0/0.20 172.31.20.2 255.255.255.0 N/A VLAN 20
R2 G0/0.88 172.31.88.2 255.255.255.0 N/A VLAN 88
G0/1 172.31.1.2 255.255.255.0 N/A N/A
G0/1 172.31.32.2 255.255.255.0 N/A N/A
G0/0.10 172.31.10.3 255.255.255.0 N/A VLAN 10
G0/0.20 172.31.20.3 255.255.255.0 N/A VLAN 20
R3 G0/0.88 172.31.88.3 255.255.255.0 N/A VLAN 88
G0/1 172.31.1.3 255.255.255.0 N/A N/A
G0/1 172.31.32.3 255.255.255.0 N/A N/A
G0/0 172.31.254.1 255.255.255.0 N/A N/A
R4
G0/1 172.31.1.4 255.255.255.0 N/A N/A
S1 VLAN 88 172.31.88.11 255.255.255.0 172.31.88.1 N/A
S2 VLAN 88 172.31.88.12 255.255.255.0 172.31.88.1 N/A
S3 VLAN 88 172.31.88.13 255.255.255.0 172.31.88.1 N/A
S4 VLAN 88 172.31.88.14 255.255.255.0 172.31.88.1 N/A
PC10 NIC DHCP VLAN 10
PC11 NIC DHCP VLAN 10
PC20 NIC DHCP VLAN 20
PC21 NIC DHCP VLAN 20

Requirements
You are responsible for configuring routers and switches in AREA 1, Authentication on AREA 0 and
optimizing OSPF in AREA 51. Furthermore, you will configure DHCP on R1 and configure default-routing and
NAT/PAT on router ASBR.

2016 EUC Syd and/or its affiliates. All rights reserved. This document is EUC Syd Public. Page 2 of 6
Packet Tracer Skills Integration Challenge

AREA 1
Inter-VLAN Routing
On R2 and R3, enable and configure the subinterfaces with the following requirement:
- Configure the appropriate dot1Q encapsulation.
- Configure the IP address for the subinterface according to the Addressing Table.

Routing AREA 1
Configure OSPFv2 using the following requirements:
- User process ID 1.
- Router-id x.x.x.x where x = router number
- Advertise the network for each interface.
- Disable OSPF updates for all unused interfaces and interfaces with no neighboring Router
- R1 should be the DR on the 172.31.1.0 LAN (Give R1 the highest possible priority).
R4 should be the BDR (default priority plus 1).
R2 and R3 should never take part in the DR/BDR election.
VLANs
For all switches, create VLAN 10, 20, 88 and 99.
Configure S1 and S2:
- Configure all unused ports as access ports assigned VLAN 99.
- Shut down unused ports
- Configure F0/21 F24 and G0/1 0/2 to trunk unconditionally and not negotiate trunking
- Configure F0/21 F24 and G0/1 0/2 as the native trunk for VLAN 99.
- Allow only VLAN 10, 20 and 88 on trunks.
Configure S3 and S4:
- Configure F0/1 9 as access ports in VLAN 10.
- Configure F0/10 20 as access ports in VLAN 20.
- Configure F0/21 F24 to trunk unconditionally and not negotiate trunking
- Configure F0/21 F24 as the native trunk for VLAN 99.
- Allow only VLAN 10, 20 and 88 on trunks.
Implement port security on S3:
- On Fa0/1 and fa0/11, allow 2 MAC addresses that are automatically added to the configuration file
when detected. The port should not be disabled, but a syslog message should be captured if a
violation occurs.
- Disable all other unused ports (Access ports without a host).

EtherChannels
All EtherChannels are configured as PAGP.
All EtherChannels are statically configured as the native trunk for VLAN 99.

2016 EUC Syd and/or its affiliates. All rights reserved. This document is EUC Syd Public. Page 3 of 6
Packet Tracer Skills Integration Challenge

Use the following table to configure the appropriate switch ports to form EtherChannels:
Ensure EtherChannels trunking properties match the configuration on the participation interfaces.

Port Channel Device: Ports Device: Ports

1 S1: F0/23 24 S3: F0/23 24


2 S2: F0/23 24 S4: F0/23 24
3 S1: F0/21 22 S4: F0/21 22
4 S2: F0/21 - 22 S3: F0/21 - 22

Spanning Tree
Configure PortFast as default on both Access Switches.
Enable BPDU-guard on S3 access ports
Configure spanning tree priorities according to the table below:

Device VLAN 10 + 88 Priority VLAN 20 Priority

S1 4096 8192
S2 8192 4096
S3 32768 32768
S4 32768 32768

Configure HSRP on R2 and R3


Standby group = VLAN number
Virtual Router: VLAN 10 = 172.31.10.1 VLAN 20 = 172.31.20. 1 VLAN 88 = 172.31.88.1
Configure R3 with a priority that is 5 higher than the default for VLAN 10 and VLAN 88.
Configure R2 with a priority that is 5 higher for VLAN 20.
Track interface G0/1
Routers should preempt

Configure DHCP on R1
Create two DHCP pools VLAN10 and VLAN20 with the following settings
- Network 172.31.xx.0 /24 where xx=VLAN number
- Default router 172.31.xx.1
- DNS server 172.31.254.10
- Exclude the first 9 addresses from each pool
Configure helper-address on appropriate routers in AREA 1.
Enable DHCP on PCs

2016 EUC Syd and/or its affiliates. All rights reserved. This document is EUC Syd Public. Page 4 of 6
Packet Tracer Skills Integration Challenge

Configure SSH on S1
Configure remote management access including IP addressing and SSH:
- Domain is eucsyd.local
- User admin must bypass User Exec mode with encrypted password cisco
- Crypto key length of 1024
- SSH version 2, limited to 2 authentication attempts and a 60 second timeout

Connectivity
All PCs should be able to ping the eucsyd.local and other PCs.

AREA 0
Default Routing / Internet Access
Enable DHCP on G0/0.
Configure a directly attached default route to the Internet.
Routing ASBR (ABR is preconfigured)
Configure OSPFv2 using the following requirements:
- User process ID 1.
- Advertise the network for each interface in the appropriate area.
- Disable OSPF updates on all interfaces except S0/0/0 and S0/0/1
- Enable authentication for area 0
- OSPF MD5 authentication key ID of 1 and MD5 key cisco on
- Set the router to distribute default routes
Network Address Translation
- Create a standard access-list called PRIVATE.
- Permit private IP ranges (RFC1918).
- Explicitly deny all other networks.
- Identify the inside and outside interfaces.
- Configure dynamic NAT with PAT using the outside interface.

2016 EUC Syd and/or its affiliates. All rights reserved. This document is EUC Syd Public. Page 5 of 6
Packet Tracer Skills Integration Challenge

AREA 51
OSPF configuration (preconfigured)
Router ospf 1
Router-id 51.0.0.x
Network 10.51.0.0 0.0.255.255 area 51

Optimize OSPF
(Serial interfaces IP address = Router Number)
- Summarize OSPF area 51 to advertise only the 10.51.0.0/16 network
- Use the following table to configure the appropriate bandwidth and cost

Network Bandwidth Cost

10.51.50.0 N/A 100


10.51.56.0 512 200
10.51.57.0 250 300
10.51.58.0 1024 150

Troubleshoot R7
R7 receives no OSPF routes find and correct the problem
Document the changes you made to R7s configuration.

Connectivity
All PCs should be able to ping 8.8.8.8, eucsyd.local, eucsyd.dk by name and all IP addresses in
AREA 0 and AREA 51.
Use extended ping (source loopback IP) to test connectivity to AREA 1 and Internet from AREA 51.
Http to eucsyd.local and eucsyd.dk

2016 EUC Syd and/or its affiliates. All rights reserved. This document is EUC Syd Public. Page 6 of 6