Entrepreneurship, Technology & Trending

CCNA LAB 5

Cisco Certified Network Associate - CCNA Labs
Network Engineering

Here you will find answers to SIMULATION Questions

Question:

A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.

The following have already been configured on the router：

- The basic router configuration

- The appropriate interfaces have been configured for NAT inside and NAT outside

- The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.)

- All passwords have been temporarily set to "cisco"

Solution:

-->The company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)

Double click on the Weaver router to open it

Router>enable
Router#configure terminal

First you should change the router's name to Weaver

Router(config)#hostname Weaver

Create a NAT pool of global addresses to be allocated with their netmask.

Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248

Create a standard access control list that permits the addresses that are to be translated

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

Establish dynamic source translation, specifying the access list that was defined in the prior step

Weaver(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110)

Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.

This is how to configure the NAT inside and NAT outside, just for your understanding:

Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside

Weaver(config-if)#exit

Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end

Finally, we should save all your work with the following command:

Weaver#copy running-config startup-config

Check your configuration by going to "Host for testing" and type:

C:\>ping 192.0.2.114

The ping should work well and you will be replied from 192.0.2.114

April 20, 2010

CCNA

CCNA LAB 4

Cisco Certified Network Associate - CCNA Labs
Network Engineering
(Updated from real CCNA Exam on 19-Feb-2009)

Question:

After adding R3 router, no routing updates are being exchanged between R3 and the new location. All other inter connectivity and Internet access for the existing locations of the company are working properly.
The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords on all routers are cisco.

IP addresses are listed in the chart below.

R1 Fa0/0: 192.168.77.33 S1/0: 198.0.18.6 S0/1: 192.168.60.25	R2 Fa0/0: 192.168.60.97 Fa0/1: 192.168.60.113 S0/0: 192.168.36.14
R3 Fa0/0: 192.168.77.34 Fa0/1: 192.168.60.65 Fa1/0: 192.168.60.81	R4 Fa0/0: 192.168.60.129 Fa0/1: 192.168.60.145 S0/1: 192.168.60.26

Answer and explanation:

-->We should check the configuration of the new added router first because it does not function properly while others work well. From the command line interface of R3 router, enter the show running-config command

From the output above, we know that this router was wrongly configured with an autonomous number (AS) of 22. When the AS numbers among routers are mismatched, no adjacency is formed.
(You should check the AS numbers on other routers for sure)

To solve this problem, we simply re-configure router R3 with the following commands:

R3>enable (you have to enter cisco as its password here)
R3#configure terminal
R3(config)#no router eigrp 22
R3(config)#router eigrp 212
R3(config-router)#network 192.168.60.0
R3(config-router)#network 192.168.77.0
R3(config-router)#no auto-summary
R3(config-router)#end
R3#copy running-config startup-config

Check R1 router with the show running-config command:

Notice that it is missing a definition to the network R3. Therefore we have to add it so that it can recognize R3 router

R1>enable (you have to enter cisco as its password here)
R1#configure terminal
R1(config)#router eigrp 212
R1(config-router)#network 192.168.77.0
R1(config-router)#end
R1#copy running-config startup-config

Now the whole network will work well. You should check again with ping command from router R3 to other routers!

April 20, 2010

CCNA

CCNA LAB 3

Cisco Certified Network Associate - CCNA Labs
Network Engineering
(Updated from real CCNA exam on 19-Feb-2009)

-->Question:

You have been hired by Specialty Hardware Incorporated to document the layout of the network. Complete the following tasks: Complete the network topology shown in the graphic by dragging the labels below with the appropriate router types, interface types, and IP addresses to the graphic . Find the information you need by using the router console attached to the R-CENTER router.

Answer and explanation:

This is the simplest lab question in four labs you see in the real CCNA exam. First we should identify the types of these routers by using the show cdp neighbors command:

There are 3 columns we should pay more attention to:

+ Local Interface: the interface on the device you are using "show cdp neighbors" command. In this case it is the interface of R-CENTER router

+ Platform: the platform of neighbor device

+ Port ID: the neighbor device's port or interface on which the CDP packets are multicast

From the exhibit, the "Local Interface", "Platform" and "Port ID" columns, we can identify where these four routers should be placed and their corresponding associated ports

Finally, use the show running-config command to find out the ip addresses of four interfaces on R-CENTER

And we can easily assign corresponding ip addresses to four neighbor routers, which are on the same network with R-CENTER router's interfaces

Please remember in the real CCNA Exam the routers' types, ip addresses and interfaces may be different! So make sure you understand how it works.

April 20, 2010

CCNA

CCNA LAB 2

Cisco Certified Network Associate - CCNA Labs
Network Engineering

(Updated from real CCNA exam on 19-Feb-2009)

This topology contains 3 routers and 1 switch. Complete the topology.

Drag the appropriate device icons to the labeled Device
Drag the appropriate connections to the locations labeled Connections.
Drag the appropriate IP addresses to the locations labeled IP address

(Hint: use the given host addresses and Main router information)
To remove a device or connection, drag it away from the topology.

Use information gathered from the Main router to complete the configuration of any additional routers. No passwords are required to access the Main router. The config terminal command has been disabled for the HQ router. The router does not require any configuration.

Configure each additional router with the following:

Configure the interfaces with the correct IP address and enable the interfaces.
Set the password to allow console access to consolepw
Set the password to allow telnet access to telnetpw
Set the password to allow privilege mode access to privpw

Note: Because routes are not being added to the configurations, you will not be able to ping through the internetwork.
All devices have cable autosensing capabilities disabled.
All hosts are PC’s

Answer and explanation:

-->Specify appropriate devices and drag them on the "Device" boxes

For the device at the bottom-right box, we notice that it has 2 interfaces Fa0/2 and Fa0/4; moreover the link connects the PC on the right with the device on the bottom-right is a straight-through link -> it is a switch

The question stated that this topology contains 3 routers and 1 switch -> two other devices are routers

Place them on appropriate locations as following:

(Host D and host E will be automatically added after placing two routers. Click on them to access neighboring routers)

Specify appropriate connections between these devices:

+ The router on the left is connected with the Main router through FastEthernet interfaces: use a crossover cable
+ The router on the right is connected with the Main router through Serial interfaces: use a serial cable
+ The router on the right and the Switch: use a straight-through cable
+ The router on the left and the computer: use a crossover cable

(To remember which type of cable you should use, follow these tips:

- To connect two serial interfaces of 2 routers we use serial cable
- To specify when we use crossover cable or straight-through cable, we should remember:
Group 1: Router, Host, Server
Group 2: Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable

For example: we use straight-through cable to connect switch to router, switch to host, hub to host, hub to server... and we use crossover cable to connect switch to switch, switch to hub, router to router, host to host... )

Assign appropriate IP addresses for interfaces:

From Main router, use show running-config command:

(Notice that you may see different IP addresses in the real CCNA exam, the ones shown above are just used for demonstration)

From the output we learned that the ip address of Fa0/0 interface of the Main router is 192.168.152.177/28. This address belongs to a subnetwork which has:

Increment: 16 (/28 = 255.255.255.240 or 1111 1111.1111 1111.1111 1111.1111 0000)
Network address: 192.168.152.176 (because 176 = 16 * 11 and 176 < 177)
Broadcast address: 192.168.152.191 (because 191 = 176 + 16 - 1)

And we can pick up an ip address from the list that belongs to this subnetwork: 192.168.152.190 and assign it to the Fa0/0 interface the router on the left

Use the same method for interface Serial0/0 with an ip address of 192.168.152.161

Increment: 16
Network address: 192.168.152.160 (because 160 = 16 * 10 and 160 < 161)
Broadcast address: 192.168.152.175 (because 176 = 160 + 16 - 1)

-> and we choose 192.168.152.174 for Serial0/0 interface of the router on the right

Interface Fa0/1 of the router on the left

IP (of the computer on the left) : 192.168.152.129/28

Increment: 16
Network address: 192.168.152.128 (because 128 = 16 * 8 and 128 < 129)
Broadcast address: 192.168.152.143 (because 143 = 128 + 16 - 1)

-> we choose 192.168.152.142 from the list

Interface Fa0/0 of the router on the right

IP (of the computer on the left) : 192.168.152.225/28

Increment: 16
Network address: 192.168.152.224 (because 224 = 16 * 14 and 224 < 225)
Broadcast address: 192.168.152.239 (because 239 = 224 + 16 - 1)

-> we choose 192.168.152.238 from the list

Let's have a look at the picture below to summarize

Configure two routers on the left and right with these commands:

Router1 = router on the left

Assign appropriate IP addresses to Fa0/0 & Fa0/1 interfaces:

Router1>enable
Router1#configure terminal
Router1(config)#interface fa0/0
Router1(config-if)#ip address 192.168.152.190 255.255.255.240
Router1(config-if)#no shutdown

Router1(config-if)#interface fa0/1
Router1(config-if)#ip address 192.168.152.142 255.255.255.240
Router1(config-if)#no shutdown

Set passwords (configure on two routers)

+ Console password:

Router1(config-if)#exit
Router1(config)#line console 0
Router1(config-line)#password consolepw
Router1(config-line)#login
Router1(config-line)#exit

+ Telnet password:

Router1(config)#line vty 0 4
Router1(config-line)#password telnetpw
Router1(config-line)#login
Router1(config-line)#exit

+ Privilege mode password:

Router1(config)#enable password privpw

Save the configuration:

Router1(config)#exit
Router1#copy running-config startup-config

Configure IP addresses of Router2 (router on the right)

Router2>enable
Router2#configure terminal
Router2(config)#interface fa0/0
Router2(config-if)#ip address 192.168.152.238 255.255.255.240
Router2(config-if)#no shutdown

Router2(config-if)#interface serial0/0
Router2(config-if)#ip address 192.168.152.174 255.255.255.240
Router2(config-if)#no shutdown

and set console, telnet and privilege mode passwords for Router2 as we did for Router1, remember to save the configuration when you finished

April 20, 2010

CCNA

CCNA LAB 1

Cisco Certified Network Associate - CCNA Labs
Network Engineering

LAB:- No 1

Question

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to "cisco".
The Core connection uses an IP address of 198.18.196.65
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254
Host A 192.168.33.1
Host B 192.168.33.2
Host C 192.168.33.3
Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30
The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer and Explanation

Corp1>enable (you may enter "cisco" as it passwords here)

We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 - 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the "show running-config" command to check which interface has the IP address of 172.22.242.30.

Corp1#show running-config

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).

Corp1#configure terminal

Our access-list needs to allow host C - 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via web

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permitted

Corp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

Click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.

Click on other hosts (A, B and D) and check to make sure you can't access Finance Web Server from these hosts.

Finally, save the configuration

Corp1(config-if)#end
Corp1#copy running-config startup-config

(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic - like FTP, SMTP... then other hosts can access it, too.)

April 20, 2010

CCNA

CCNA LAB 1

LAB:- No 1

Question

Answer and Explanation

Corp1>enable (you may enter "cisco" as it passwords here)

Corp1#show running-config

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).

Corp1#configure terminal

Our access-list needs to allow host C - 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via web

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permitted

Corp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

Click on other hosts (A, B and D) and check to make sure you can't access Finance Web Server from these hosts.

Finally, save the configuration

Corp1(config-if)#end
Corp1#copy running-config startup-config

(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic - like FTP, SMTP... then other hosts can access it, too.)

April 20, 2010

Entrepreneurship, Technology & Trending - How to

Labels

Recent

Popular

Labels

Featured Post

Is Business Analyst fill the Gap?

Technology

CCNA LAB 5

CCNA LAB 4

CCNA LAB 3

CCNA LAB 2

CCNA LAB 1

CCNA LAB 1

Mr.16x9 blog

Contact Form