DCompNtwk Frame Relay/EIGRP PT Practice SBA

A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any exam windows during the exam. 2. Do not close Packet Tracer when you are done. It will close automatically. 3. Click the Submit Assessment button to submit your work.

Introduction
In this Packet Tracer Practice Skills Based Assessment, you will do the following: finish designing the IP addressing scheme implement the addressing in the network to meet the requirements configure Frame Relay and EIGRP to enable communication with the rest of the network configure a backup link in case the Frame Relay network becomes unavailable implement a security policy by using access control lists to filter traffic

Addressing Table
Device Interface Fa0/0.1 Fa0/0.15 Branch Fa0/0.25 Fa0/1 S0/0/0.55 Fa0/0 HQ Fa0/1 S0/0/0.65 Fa0/0 Internet Fa0/1 BR-S1 BR-S2 HQ-S1 PC1 Admin Web Server VLAN1 VLAN1 VLAN1 NIC NIC NIC 172.16.1.5 10.10.10.178 10.10.10.179 10.10.20.2 10.10.10.174 10.10.10.158 10.10.20.6 255.255.255.248 10.10.20.1 255.255.255.248 255.255.255.240 10.10.20.1 10.10.10.161 255.255.255.252 255.255.255.248 n/a Address 10.10.10.177 10.10.10.129 10.10.10.161 172.16.1.2 10.255.1.1 10.10.20.1 172.16.1.6 10.255.1.2 172.16.1.1 Subnet Mask 255.255.255.248 255.255.255.224 255.255.255.240 255.255.255.252 255.255.255.252 255.255.255.248 255.255.255.252 255.255.255.252 255.255.255.252 Default Gateway n/a n/a n/a n/a n/a n/a n/a n/a n/a

NOTE: To aid in configuring, verifying and troubleshooting the devices, use a printed version of these instructions to fill in the missing address information in the table during Step 1.

Step 1: Finish the IP Addressing Scheme.

Design an addressing scheme and fill in the Addressing Table based on the following requirements: a. Subnet the address space 10.10.10.128/25 to provide 30 host addresses for the Branch VLAN 15 while wasting the least amount of address space. b. Assign the first available subnet to the Branch VLAN 15. c. Assign the first (lowest) address in this subnet to the Fa0/0.15 subinterface on Branch. d. Subnet the remaining address space to provide 10 host addresses for the Branch VLAN 25 while wasting the least amount of space. e. Assign the first available subnet to the Branch VLAN 25. f. Assign the first (lowest) address in this subnet to the Fa0/0.25 subinterface on Branch. g. Assign the last (highest) address in this subnet to PC1. h. Subnet the remaining address space to provide 6 host addresses for the Branch VLAN 1 while wasting the least amount of space. i. j. Assign the first available subnet to the Branch VLAN 1. Assign the first (lowest) address in this subnet to the Fa0/0.1 subinterface on Branch.

k. Assign the second address in this subnet to the VLAN 1 interface on BR-S1.

Step 2: Configure Branch with IP Addressing and Inter-VLAN Routing.

NOTE: The user EXEC mode password is cisco and the privileged EXEC mode password is class for Branch and BR-S1. Finish the basic configuration of Branch by addressing the interfaces according to your IP addressing scheme completed in Step 1. For each Fast Ethernet subinterface, the VLAN number matches the subinterface number. Wait to configure the serial subinterface IP addressing until Step 5.

Step 3: Configure BR-S1 with IP Address, VLANs and as the STP Root Bridge.
NOTE: BR-S2 is already configured. You do not have access to BR-S2. On BR-S1, you will receive a Domain Mismatch message every 30 seconds until BR-S1 is correctly configured. a. Configure the BR-S1 VLAN 1 interface with the correct IP addressing as determined in Step 1 b. Configure the default gateway. c. Establish an 802.1q trunk with Branch and with BR-S2. After STP converges, BR-S1 should be able to ping both Branch and BR-S2. d. BR-S1 should be configured as a VTP server for thebranch domain. Set the VTP password to vtpbranch. BR-S2 is already configured as a client for this domain. e. Create and name two VLANs on the VTP server. Names are case-sensitive: VLAN 15, Name: Administration VLAN 25, Name: Employee

f. Assign VLAN 15 to the Fa0/10 interface for Admin access. g. Use a priority of 8192 to set BR-S1 as the STP root for all VLANs.

Step 4: Configure and Verify Host Addressing.

NOTE: Admin is already configured. You cannot access it directly. However, you can use the Add Simple PDU tool to test connectivity from Admin to other devices. a. Configure PC1 with IP addressing according to your design in Step 1. b. Verify that PC1 can ping the default gateway and Admin.

Step 5: Configure and Verify Frame Relay.

a. Configure Branch to use a point-to-point Frame Relay link through the Frame Relay cloud to HQ. Configure IP addressing according to the Addressing Table. Assume inverse ARP is disabled and configure DLCI 55.

b. Verify that Frame Relay is operational between Branch and HQ. c. Branch should be able to ping the directly-connected interface of HQ.

Step 6: Configure EIGRP Routing on Branch.

a. Configure Branch for EIGRP routing and use the following requirements: Use AS 50. Configure the classful network addresses without wildcards. Do not advertise the network that is shared with the Internet.

b. Verify that Branch is now a neighbor with HQ. c. Admin should be able to ping the Web Server. d. Use the Add Simple PDU tool to verify that PC1 can ping the Web Server.

Step 7: Configure and Verify a Backup Link to HQ.

a. The link to the Internet is used as a backup link in case the Frame Relay network goes down. Configure a floating static route on Branch to the HQ LAN subnet. Use the outbound interface argument in your configuration. Use an administrative distance of 150.

b. Verify that the backup link is operational by temporarily shutting down the Serial 0/0/0 interface. c. Admin and PC1 should still be able to ping the Web Server after the network converges. d. Restore the Serial 0/0/0 interface and verify that the Frame Relay network is operational again.

Step 8: Configure Access Control Lists.

a. Configure and apply an access control list with the case-sensitive name VLAN25 based on the following security policy: VLAN 25 should not be able to access VLAN 15. VLAN 25 should not be able to access the HQ LAN using HTTP (port 80) or HTTPS (port 443). All other traffic is allowed.

b. Verify the access control list satisfies the security policy.

Version 1.0 Created in Packet Tracer 5.3.2.0027 and Marvel 1.0.1 All contents are Copyright 1992 - 2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.