Sei sulla pagina 1di 5

DRSEnt OSPF/ACL PT Practice SBA

A few things to keep in mind while completing this activity:

1. Do not use the browser Back button or close or reload any exam windows during the exam. 2. Do not close Packet Tracer when you are done. It will close automatically. 3. Click the Submit Assessment button to submit your work.

Introduction
In this practice Packet Tracer Skills Exam, you will do as follows: finish the configuration of a partially configured network establish connectivity within the enterprise and to the Internet implement access control lists based on a set of security policies

Addressing Table
Device Interface Fa0/0 S0/0/0 HQ S0/1/0 S0/0/1 Lo0 R1 Fa0/0 Fa0/1 Address 172.16.100.97 172.16.100.121 172.16.100.125 209.165.201.2 10.0.0.3 172.16.100.65 172.16.100.113 Subnet Mask 255.255.255.240 255.255.255.252 255.255.255.252 255.255.255.252 255.255.255.255 255.255.255.224 255.255.255.248 Default Gateway n/a n/a n/a n/a n/a n/a n/a

S0/0/0 Lo0 Fa0/0 R2 Fa0/1 S0/0/0 Lo0 H1 H2 H3 Web Server NIC NIC NIC NIC

172.16.100.122 10.0.0.1 172.16.100.1 172.16.100.126 10.0.0.2 172.16.100.4 172.16.100.5 172.16.100.100 128.107.0.10

255.255.255.252 255.255.255.255 255.255.255.192 255.255.255.252 255.255.255.255 255.255.255.192 255.255.255.192

n/a n/a n/a n/a n/a n/a 172.16.100.1 172.16.100.1

255.255.255.240

172.16.100.97

NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.

Step 1: Configure the Device Basics.


Use the IP addresses in the Addressing Table and your subnetting skills to determine the missing IP addresses according to the following guidelines: a. Configure Fa0/1 interface on R2 with the highest (last) host IP address in the subnet. b. Configure H3 with the highest (last) host IP address in the subnet c. Verify connectivity.

Step 2: Configure OSPF.


a. Use the following requirements to configure OSPF on HQ, R1, and R2. Use the process ID 1. Advertise each subnet individually in area 0 with its corresponding wildcard mask. (HQ should not advertise the link to the Internet.) Verify OSPF convergence. Encrypt the updates using MD5 authentication. Authentication should be enabled for the entire area 0. On the appropriate interfaces, use a key ID of 5 and the password itsasecret. Verify OSPF convergence. Modify both sides of the link between HQ and R2 to reflect the actual bandwidth of 384 Kb/s. Change the priority on R1 so that it is the preferred DR for the LAN it shares with R2. Configure a default route on HQ and point it to the Internet. Use the outbound interface argument. Configure OSPF to advertise the default route to neighbors.

b. Configure OSPF authentication on the links between R1 and R2, R1 and HQ, and R2 and HQ.

c. Modify the OSPF configuration.

d. Propagate a default route in the OSPF updates.

e. Verify connectivity.

Step 3: Configure Access Control Lists.


a. Filter inbound traffic from the Internet. Configure and apply a single ACL numbered 100 on the correct router that will implement the following policy in order: Allow only HTTP access to the Inside Web Server at its public address 128.107.0.10.

Allow all established TCP connections. Allow all ICMP replies and unreachable messages.

b. Verify that the policy is successfully implemented. c. Filter traffic from the R2 LAN. Configure and apply on the router a single ACL numbered 115 that will limit network traffic and will implement the following policy: Hosts from the LAN connected to the Fa0/0 interface of R2 are blocked from accessing hosts on the R1 R&D LAN. All other traffic is allowed anywhere.

d. Verify that the policy is successfully implemented.

Step 4: Verify Connectivity.


Using tools such as ping and show commands, verify authorized connectivity in the network.

Otvety dlya chainikov ot Shynggys


Router 1 !Configure OSPF Conf t router ospf 1 network 172.16.100.64 0.0.0.31 area 0 network 172.16.100.112 0.0.0.7 area 0 network 172.16.100.120 0.0.0.3 area 0 log-adjacency-changes area 0 authentication message-digest exit int Lo0 ip address 10.0.0.1 255.255.255.255 no shut exit ! interface s0/0/0 ip ospf message-digest-key 5 md5 itsasecret exit ! interface Fa0/0 ip ospf message-digest-key 5 md5 itsasecret exit ! ! interface Fa0/1 ip ospf priority 50 ip ospf message-digest-key 5 md5 itsasecret end copy run start

Router 2

! Conf t interface Fa0/1 ip address 172.16.100.118 255.255.255.248 no shutdown exit ! interface Lo0 ip address 10.0.0.2 255.255.255.255 no shutdown exit ! interface Fa0/0 ip address 172.16.100.1 255.255.255.192 no shutdown exit ! ! interface S0/0/0 ip address 172.16.100.126 255.255.255.252 no shutdown exit ! router ospf 1 network 172.16.100.0 0.0.0.63 area 0 network 172.16.100.112 0.0.0.7 area 0 network 172.16.100.124 0.0.0.3 area 0 network 172.16.100.120 0.0.0.3 area 0 log-adjacency-changes ! area 0 authentication message-digest exit ! interface s0/0/0 bandwidth 384 ip ospf message-digest-key 5 md5 itsasecret exit ! interface Fa0/0 ip ospf message-digest-key 5 md5 itsasecret exit ! ! interface Fa0/1 ip ospf priority 25 ip ospf message-digest-key 5 md5 itsasecret exit ! Access-list 115 deny ip 172.16.100.0 0.0.0.63 172.16.100.64 0.0.0.31 Access-list 115 permit ip any any ! interface Fa0/0 ip access-group 115 in end copy run start

HQ
! Conf t router ospf 1 network 172.16.100.96 0.0.0.15 area 0 network 209.165.201.0 0.0.0.3 area 0 network 172.16.100.120 0.0.0.3 area 0 network 172.16.100.124 0.0.0.3 area 0 network 172.16.100.120 0.0.0.3 area 0 log-adjacency-changes ! area 0 authentication message-digest exit ! interface s0/0/0 ip ospf message-digest-key 5 md5 itsasecret exit ! interface Lo0 ip address 10.0.0.3 255.255.255.255 no shutdown exit ! interface s0/0/1 ip ospf message-digest-key 5 md5 itsasecret exit ! interface s0/1/0 bandwidth 384 ip ospf message-digest-key 5 md5 itsasecret exit ! interface Fa0/1 ip ospf message-digest-key 5 md5 itsasecret exit ! ! configure terminal ip route 0.0.0.0 0.0.0.0 s0/0/1 ! router ospf 1 default-information originate exit ! ! access-list 100 permit tcp any host 128.107.0.10 eq 80 access-list 100 permit tcp any any established access-list 100 permit icmp any any unreachable access-list 100 permit icmp any any echo-reply ! interface s0/0/1 ip access-group 100 in end copy run start vsem udachi))) NE ZABUD NAPISAT By shynggys

COPY RUN START NA ROUTERAX I SWITCHE)))