D4 SBA Student Ans Key

All contents are Copyright © 1992–2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 30

CCNA Discovery Designing and Supporting Computer Networks

Skills-Based Assessment

Academy Student – Answer Key

Grading

The exam is divided into two parts. If the exam is conducted in two separate sessions, hand out Part 1 on planning and let the students complete it. Then have them turn in Part 1 so that you can grade it before the second session. Return Part 1 to the students at the start of the second session, which is a hands-on session. If there are problems with the planning in Part 1, the student will know of them before starting on Part 2. If both parts of the exam are done in one session, you should still grade Part 1 before the students start on Part 2. Students must complete Part 1 before starting Part 2.

Suggested point totals are listed for the main fill-in-the-blank questions. They currently total 100 points, but can be adjusted or changed as desired. Divide the correct points by the possible points for an overall percentage grade.

Exam Time

The suggested time allowed to complete each part is 50 minutes. Part 2 takes longer than 50 minutes.

At the instructor’s discretion, the amount of time allowed may be adjusted.

Part 2 of the exam can be split into two parts to accommodate class schedules. Part 3 starts at Task 5 Configuring ACLs.


To save time and avoid splitting Part 2, have the equipment set up and cabled for the students prior to starting device configuration.

Exam Overview This skills-based assessment is the final practical exam for the course CCNA Discovery – Designing and Supporting Computer Networks. The exam is divided into two parts, and Part 1 must be completed before Part 2. When you have completed Part 1, give it to the instructor to check before starting Part 2.

In Part 1, you start with a test plan for the connecting the Team-A remote office to the Stadium Network. Appendix A in this exam contains the test plan. In Part 1, you develop the IP subnet scheme, document the device interfaces, and create an installation checklist.

In Part 2, you build the network and configure the Team-A routers and switches using Cisco IOS CLI commands. The Team-A branch office router BR2 connects the local network to the Stadium Network router Edge3 through a simulated Frame Relay switch. The Stadium router provides access to the Team-A server. The EIGRP routing protocol is used between the Team-A remote office router and the Stadium Network router.

Scenario The new equipment has arrived for the remote Team-A office, and it is ready to be installed and tested.

Team-A ordered an 1841 router to connect to the main Stadium Headquarters Edge3 router through a Frame Relay service provider network. They also ordered a backup DSL link through the ISP. The ISP router and simulated Frame Relay router are preconfigured. The ISP link has assigned IP addresses. A test plan for testing the new equipment and configurations in the NetworkingCompany lab has already been created.

Objectives Part 1 – Using a network design and test plan, create an IP addressing plan and document the network device interfaces. Create an installation checklist based on the test plan.

Part 2 – Connect and configure the network equipment and verify network connectivity.

Required Equipment The following equipment is required for each student:

• ISP router with two Fast Ethernet interfaces (preconfigured by the instructor)

• Router to simulate a Frame Relay switch with two serial interfaces (preconfigured by the instructor)

• Two 1841 routers (or other router with one serial interface and two Fast Ethernet interfaces)

• One computer to act as the Discovery Server (using the Discovery Server Live CD). Optionally, the ISP router loopback address can be used. If the loopback address is used, it restricts the protocols that can be filtered using an ACL.

• One 2960 switch (or other switch) or crossover cable to connect the Discovery Server to the ISP router

• Ethernet 2960 switches for Team-A

• Two Windows XP-based PCs

• Cat 5 and serial cabling, as necessary

Device running-configs are provided at end of this document.


Skills-Based Assessment – Part 1 [44 points] Network Planning

Step 1: Analyze the remote network test plan and develop an IP addressing scheme. Appendix A contains the Team–A test plan. Review the network design topology diagram and the tests to be performed. The general test procedures and the expected results are provided. Use the information that you acquire in the next steps, along with the topology diagram and equipment list in the test plan, to create a VLSM subnet plan and an IP addressing plan.

Instructor note: IP addresses in the lab answers are based on Team-A.

Step 2: Document the assigned network IP addressing. a. You will be working with the Team-X remote network, where X is the letter assigned by the instructor.

Enter the Team letter your are assigned here: Team-

b. The base IP address CIDR block of 512 addresses from which you will create your VLSM addressing scheme is based on a private Class B network address. Check with the instructor to verify the correct IP address block for you to use.

________

Enter the Team-X base IP network address and subnet mask:

IP address: __________________ 172.2X.0.0 Subnet mask: _______________ 255.255.254.0

172.2X.0.0/23, where X is 1-9, depending on the Team letter assigned. Team-A is assigned 172.21.0.0/23, Team-B 172.22.0.0/23, Team-C 172.23.0.0/23, etc.

Step 3: Allocate blocks of addresses to each area of the network. [10 points, two for each block]

VLSM and VLAN Plan

Network Area Number of Users / IPs

VLSM block size (Number of IPs) IP Address Range

Team-X block size to subdivide N/A 512 (9 bits) 172.2X.0.0/23 Edge3 Discovery Server local network N/A N/A 172.17.0.0/16 Edge3 user local network (Sim Lo0) 195 256 172.21.0.0/24 BR2 local network / VLANs

VLAN 1 (Default/mgmt – IP) 12 16 172.21.1.192/28 VLAN 11 (Name: Dept-11, Ports 3-11 on switches S1, S2)

53 64 172.21.1.128/26

VLAN 12 (Name: Dept-12, Ports 12-24 on switches S1, S2)

105 128 172.21.1.0/25

BR2 to Edge3 Frame Relay WAN link 2 4 172.21.1.208/30 Total users and total block sizes 367 468 N/A

Step 4: Select IP addresses for use when configuring devices. [14 points, one for each IP address/mask and one for each gateway]

Write the addresses and subnet masks (/##) from the IP Address Plan next to the appropriate devices and interfaces on the test plan network topology diagram.


IP Address Plan

Device Name Interface IP Address Subnet Mask Default Gateway

Edge3 Fa0/0 Fa0/1 S0/0/0.101 Lo0

172.17.0.1/16 172.16.1.6/30 172.21.1.209/30 172.21.0.1/24

255.255.0.0 255.255.255.252 255.255.255.252 255.255.255.0

N/A

BR2 Fa0/1 Fa0/0 Fa0/1.1 Fa0/1.11 Fa0/1.12 S0/0/0.100

172.16.1.2/30 172.21.1.193/28 172.21.1.129/26 172.21.1.1/25 172.21.1.210/30

255.255.255.252 255.255.255.240 255.255.255.192 255.255.255.128 255.255.255.252

N/A

ISP (preconfigured)

Fa0/0 Fa0/1

172.16.1.1/30 172.16.1.5/30

255.255.255.252 255.255.255.252

N/A

SP-FR (preconfigured)

S0/0/0 S0/0/1

DLCI 100 DLCI 101

N/A N/A

N/A

S1 VLAN1 172.21.1.194/28 255.255.255.240 172.21.1.193/28 S2 VLAN1 172.21.1.195/28 255.255.255.240 172.21.1.193/28 S3 (optional) VLAN1 172.17.0.2/16 255.255.0.0 172.17.0.1/16 H1 NIC 172.21.1.130/26 255.255.255.192 172.21.1.129/26 H2 NIC 172.21.1.2/25 255.255.255.128 172.21.1.1/25 Discovery Server NIC 172.17.1.1/16 255.255.0.0 172.17.0.1/16

Step 5: Create a network installation checklist. Review each test and the related test procedures in the Team-A test plan in Appendix A to create an installation checklist. Use the following guidelines to build the checklist:

• Identify the steps necessary to configure each piece of equipment to perform each test. List only the configuration steps needed to complete the test. Be sure to specify the device name and what is to be configured.

• Specify just the key items and interfaces to be configured. It is not necessary to include the exact commands and every IP address.

• For each step under the configuration requirements, first identify the device being configured and then the item to be configured. Use as many lines as necessary.

• The final step in each set of installation test requirements specifies to perform the test as described in the test plan.

Team-A Prototype Network Installation Checklist

[20 points total, 5 for each group of test items identified]

Installation Steps


Step No. Devices

Test 1: Basic Connectivity and VLAN Configuration

Configuration Requirements Completed 1 All devices Connect the cables between all devices as shown in the topology diagram. 2 S1 and S2 Perform basic switch configuration, including host name, passwords, and

VLAN1 IP address.

3 S1 Configure VLANs on S1 and add ports according to the VLAN plan. 4 S1 Configure a VTP domain for Team-A with S1 as the VTP server and a

password of cisco.

5 S1 Configure S1 as the STP root switch. 6 S1 Configure a trunk link to BR2 and S2. 7 S2 Configure S2 as the VTP client in the Team-A S1 domain. 8 S2 Add ports to VLANs according to the VLAN plan. 9 S2 Configure a trunk link to S1. 10 BR2 Perform basic router configuration on BR2, including host name, passwords,

and interface IP addresses.

11 BR2 Configure Fa0/0 subinterfaces for inter-VLAN routing. 12 Perform Test 1 according to the test plan.

Step No. Devices

Test 2: Frame Relay and EIGRP Configuration Configuration Requirements

1 BR2 Configure the Serial 0/0/0 interface on BR2 with Frame Relay encapsulation. Configure a point-to-point subinterface for DLCI 100.

2 BR2 On BR2, configure the EIGRP routing protocol to advertise the Team-A LANs and the Frame Relay WAN link network. Use EIGRP process ID 200. Disable auto-summary.

3 BR2 Configure EIGRP MD5 authentication to accept updates from the Stadium network router Edge3 on the Frame Relay subinterface.

4 Edge3 Perform basic router configuration on Edge3, including host name, passwords, and interface IP addresses.

5 Edge3 Configure the Serial 0/0/0 interface on Edge3 with Frame Relay encapsulation. Configure a point-to-point subinterface for DLCI 101.

6 Edge3 On Edge3, configure the EIGRP routing protocol to advertise the Discovery Server network, the simulated loopback network, and the Frame Relay WAN link network. Use EIGRP process ID 200. Disable auto-summary.

7 Edge3 Configure EIGRP MD5 authentication to accept updates from the Team-A network router BR2 on the Frame Relay subinterface.

8 Perform Test 2 according to the test plan.

Step No. Devices

Test 3: Backup Link Configuration Configuration Requirements

1 BR2 Configure a floating static route on BR2 to the Discovery Server network using the Ethernet connection to the ISP router.

2 Edge3 Configure a floating static route on Edge3 to the Team-A remote LAN using the Ethernet connection to the ISP router.



Step No. Devices

Test 4: ACL Filtering Configuration Requirements

1 BR2 Configure a VTY ACL to permit telnet only from the stadium Edge3 router (S0/0/0 IP address or Fa0/1 IP address). Apply the ACL to BR2 VTY 0-4 inbound.

2 Edge3 Configure an extended numbered or named ACL to permit access to the Discovery Server only from the remote Team-A LAN. Apply the ACL to Edge3 Fa0/0 outbound.


Check Your Work with the Instructor Before Going on to Part 2


Skills-Based Assessment – Part 2 [56 points] Instructor Note: Part 2 of the exam may be split into two parts to accommodate class schedules. Part 3 starts at Task 5 Configuring ACLs. To save time and avoid splitting this part of the exam, have the equipment set up and cabled for the students prior to starting device configuration.

Before students start Part 2, configure the SP-FR and ISP routers. (See the running-configs at end of lab.) Part 1 of the exam must be completed before starting Part 2.

Task 1: Build the Network and Connect the Cables Using the equipment list and topology diagram provided in the test plan, and the installation checklist and IP address plan completed in Part 1, build and configure the network.

Note: The ISP router, the Frame Relay router, and the Discovery Server should be preconfigured by the instructor.

Instructor note: If the ISP router is configured with a loopback address in lieu of the Discovery Server, the HTTP service in the router must be enabled.

Use the following guidelines to build the test the network:

• Make sure that the router and switch startup configs and the switch vlan.dat files have been erased prior to beginning configuration.

• Be sure to save the running-config frequently and after any major configuration.

• After each test segment is built, have the instructor check off the test plan items to be verified.

• You can connect and configure all devices according to the installation checklist up through and including Test 3. Configuration items for those tests can be verified at the same time.

• Do not configure ACLs for Test 4 until all basic connectivity, routing, and backup links are tested and functional.

Task 2: Configure and Perform Test 1 – Basic Connectivity and VLAN Configuration

Step 1: Build and configure the portion of the network being tested. Refer to the installation checklist for the steps required.

Instructor note: See device configs at the end of the exam.

Step 2: Review the expected test results. Before beginning the test, review the expected results in the test plan. The testing procedures are listed here for convenience. Enter the command used, and have the instructor check off each item as verified.

Test 1 Testing Procedures [17 points, one for each item verified]

Configuration Items to Verify Command Used Check BR2 basic config (host, password, IPs) show running-config

BR2 interface status show ip interfaces brief

BR2 routing table (VLANs) show ip route

BR2 subinterfaces on Fa0/0 show vlans


BR2 subinterfaces 802.1Q encap show vlans

S1 VLANs and port assignments show vlan brief

S1 802.1Q trunk ports show interfaces trunk

S1 is root switch show spanning-tree

S1 is VTP server show vtp status

S2 basic config (host, password, IPs) show running-config

S2 VLANs and port assignments show vlan brief

S2 802.1Q trunk ports show interfaces trunk

S2 is VTP client show vtp status

Ping from S1 or S2 to BR2 ping IP address

Telnet from S1 or S2 to router BR2 telnet IP address

Ping from the hosts to their default gateways ping IP address

Verify inter-VLAN routing by pinging from H1 to H2

ping IP address

Step 3: Record the results and conclusions.

__________________________________________________________________________________________

__________________________________________________________________________________________

__________________________________________________________________________________________

Step 4: Have the instructor verify all Test 1 test items before going on to Test 2.

Task 3: Configure and Perform Test 2 – Frame Relay and EIGRP Configuration




Test 2 Testing Procedures [10 points, one for each item verified]

Configuration Items to Verify Command Used Check BR2 configuration for Frame Relay, EIGRP, and MD5 authentication

show running-config

BR2 Frame Relay status of point-to-point links show frame-relay map

BR2 Frame Relay permanent virtual circuit (PVC) status and statistics

show frame-relay pvc

BR2 Frame Relay Local Management show frame-relay lmi


Interface (LMI) statistics BR2 EIGRP routing configuration show running-config

BR2 routing table (EIGRP routes) show ip route

Ping from hosts H1 and H2 to the Edge3 router ping IP address

Ping from hosts H1 and H2 to the Discovery Server

ping IP address

Verify path that packets are taking from H1 to the Discovery Server

tracert or traceroute IP

Verify EIGRP MD5 authentication as it occurs debug eigrp packet


__________________________________________________________________________________________

__________________________________________________________________________________________

__________________________________________________________________________________________


Task 4: Configure and Perform Test 3 – Backup Link Configuration




Test 3 Testing Procedures [10 points, two for each item verified]

Configuration Items to Verify Command Used Check BR2 and Edge3 floating static route configuration

show running-config

BR2 routing table with primary Frame Relay link up and backup link down

show ip route

BR2 routing table with primary Frame Relay link down and backup link up

show ip route

Ping test output from H1 and H2 to Discovery Server

ping IP address

Tracert test output from H1 and H2 to Discovery Server showing use of backup route through the ISP

tracert URL or IP address



__________________________________________________________________________________________

__________________________________________________________________________________________

__________________________________________________________________________________________


Task 5: Configure and Perform Test 4 – ACL Filtering




Test 4 Testing Procedures [12 points, two each for each item verified]

Configuration Items to Verify Command Used Check ACL configuration on Team-A and Stadium routers

show running-config

Access list output on both routers show access-lists

Telnet to BR2 from any host other than Edge3 telnet IP address

Telnet from Edge3 to BR2 telnet IP address

On H1, connect to the Discovery Server using URL http://server.discovery.ccna or IP address 172.17.1.1

Open browser or ping IP address

Attempt to access the Discovery Server from the Edge3 Lo0 simulated internal network using extended ping with the source address of the Edge3 interface Lo0 IP address. The ACL should block the attempt.

ping (pinging with no argument prompts for extended commands, including source IP address) Instructor note: If necessary, show the student how to do the extended ping command to perform this test item.


__________________________________________________________________________________________

__________________________________________________________________________________________

__________________________________________________________________________________________


http://server.discovery.ccna/�


Step 5: Save the running configs for each networking device to a file. [7 points] Save the output from BR2, Edge3, S1, and S2 to a single text file on your desktop and name it XXX-D4-SBA-Configs.txt, where XXX are your initials. Show it to the instructor. _________ Instructor check


Appendix A – Test Plan Team-A Remote Office Design

The purpose of this test is to verify these items:

• Team-A branch network design

• Switch and router configurations proposed for the Team-A connections to the Stadium Network

• Frame Relay WAN design and backup capability

• Design functions as expected

Tests to run:

• Test 1: Basic Connectivity and VLAN Configuration

o Verify physical and IP connectivity between devices on the prototype network

o Demonstrate the VLAN and VTP configuration

o Demonstrate routing of traffic between VLANs

o Document operation

• Test 2: Frame Relay and EIGRP Configuration

o Demonstrate functionality of primary Frame Relay link

o Demonstrate MD5 authentication process

o Demonstrate routing to remote resources


• Test 3: Backup Link Configuration

o Demonstrate that traffic takes the alternate route if the Frame Relay link goes down


• Test 4: ACL Filtering

o Demonstrate filtering of traffic to devices and resources from various sources



Equipment

Quantity required Model

Additional options or software required Substitute

Cisco IOS software version

2 1841 router none Any router with two Ethernet or Fast Ethernet interfaces capable of running 802.1q protocol

12.2 or later

1 Preconfigured router to simulate ISP; can be 1841 with two Fast Ethernet interfaces

none Any router or multilayer switch that can support two separate Ethernet networks

any

1 Preconfigured router to simulate Frame Relay switch

Configured as a Frame Relay switch

Any Cisco router with two serial interfaces

12.2 or later

3

2960 Layer 2 switch none Any 2950 or 2960 model switch

12.2 or later

1 Discovery Server HTTP and FTP server software

2

Personal computer end devices

Fast Ethernet NIC none Windows, Mac, or Linux operating system

2 V.35 DTE cables none V.35 crossover cable n/a 2 V.35 DCE cables none none n/a 5

Cat 5 or above straight-through patch cables

none none n/a

3

Cat 5 or above crossover patch cables

none none n/a

1 Console cable none none none


Design and Topology Diagram


Test 1 – Basic Connectivity and VLAN Configuration

Goals of Test Verify that the test topology is up and running and that VLANs are correctly configured between switches S1 and S2 and router BR2. A VTP domain is to be set up with S1 as the server and S2 as a client. S1 should also be the STP root switch. The Frame Relay links and EIGRP routing protocol are not included in this test (although they may be configured).

Data to Record

BR2, S1, and S2 running configuration

VLAN configurations on switches S1 and S2 and router BR2

STP and VTP configurations on switches S1 and S2

Ping output between hosts H1 and H2, switches S1 and S2, and router BR2

Estimated Time

50 minutes total

40 minutes build

10 minutes test

Procedures

1. Build the topology according to the Design and Topology diagram. Assign IP addresses to all devices according to the IP Address Plan, and activate interfaces.

2. Create a basic configuration on all Team-A and Stadium Network devices 3. Configure Team-A LAN devices S1, S2, and BR2 to support VLANs. 4. Console into one of the switches in the topology, and ping BR2. Record any anomalies. 5. Telnet from the switch to router BR2, and verify that you can start a session. 6. Verify that the BR2 routing table contains routes to each VLAN. 7. Ping from the hosts to their default gateways and between VLANs to each other. 8. Record the output of the show running-config and show interfaces commands for BR2, Edge3,

and switches S1 and S2 in a text file, using a text editor such as Notepad. Record the output of the show vlans command for BR2 and switches S1 and S2. Save this file for later analysis.

Expected Results and Success Criteria

• VLANs exist on switches S1 and S2.

• Hosts can ping successfully to hosts on other VLANs.

• Switches S1, S2, and router BR2 can ping each other and are accessible through Telnet.


Results and Conclusions

_________________________________________________________________________________________________________________________________________________________________________________________________________________________________

Instructor note: Students fill out this section upon completion of the exam.


Test 2 – Frame Relay and EIGRP Configuration

Goals of Test

Verify that the Frame Relay link to the Stadium network is functional, the EIGRP routing protocol is properly configured with MD5 authentication, and the correct static routes are configured.

Data to Record

BR2 and Edge3 running configuration with Frame Relay, EIGRP, and MD5 authentication

Frame Relay show command output

EIGRP MD5 authentication debug output

IP routing table information

Ping output between hosts H1, H2, routers BR2 and Edge3, and Discovery Server

Tracert output from H1 and H2 to Discovery Server

Estimated Time

20 minutes total

10 minutes configure

10 minutes test

Procedures

1. Configure Frame Relay on the Team-A and Stadium Network routers. 2. Configure EIGRP with MD5 on Team-A and Stadium Network routers.

3. Record the output of the debug eigrp packet command on the Team-A router to verify MD5 authentication.

4. Record the router output of the show running-config and show ip route commands.

5. Record the router output for the Frame Relay circuit using the show frame-relay map, show frame-relay pvc, and show frame-relay lmi commands.

6. Record ping results from the hosts H1 and H2 to the Edge3 router and the Discovery Server. 7. Use tracert or traceroute to verify that packets are taking the primary Frame Relay link.


• EIGRP debug output shows that the Team-A and Stadium Network routers are authenticating with each other.

• IP routing table information for the Team-A and Stadium Network routers shows that they have learned EIGRP routes and the route from Team-A to the Stadium Network is via the primary Frame Relay link.

• Ping tests from hosts H1 and H2 to the Discovery Server are successful.

• Traceroute tests from H1 and H2 to the Discovery Server are successful and take the primary Frame Relay link.



____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________



Test 3 – Backup Link Configuration

Goals of Test

Verify that the backup DSL link from the Team-A router BR2 through the ISP router to the Stadium Network is activated if the primary Frame Relay link fails.

Data to Record

Floating static route configuration using the show running-config command

Show IP route output with the primary Frame Relay link up and the backup link down

Show IP route output with the primary Frame Relay link down and the backup link up

Ping output from H1 and H2 to the Discovery Server

Tracert output from H1 and H2 to the Discovery Server showing use of backup route through the ISP

Estimated Time

20 minutes total


10 minutes test

Procedures

1. Configure floating static routes on the Team-A and Stadium Network routers to the Discovery Server through the ISP router.

2. Cause the Frame Relay link from BR2 to SP-FR to fail by shutting down the Serial 0/0/0 interface on BR2.

3. Display the routing table for BR2 and Edge3 using the show ip route command to verify that the floating static route through the ISP is installed in the routing table. Record the results.

4. Ping from the hosts H1 and H2 to the Discovery server at URL http://server.discovery.ccna or IP address 172.17.1.1. Record the results.

5. Verify that packets are taking the backup simulated DSL link using tracert from H1 or traceroute from BR2.


• Routing tables for BR2 and Edge3 show that the backup floating static route through the ISP is installed in the routing table.

• Pings from the hosts H1 and H2 to the Discovery Server are successful using the backup link.

• Packets from H1 or BR2 to the Discovery Server are using the backup link route, as shown by tracert or traceroute.




____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________



Test 4 – ACL Filtering Test

Goals of Test

Verify that an ACL placed on the Team-A BR2 router allows Telnet only from the stadium Edge3 router. Also, an ACL on Edge3 permits access to the Discovery Server only from the remote Team-A LAN.

Data to Record

ACL configuration on Team-A and Stadium routers

show ip access-lists output on both routers

Ping output

Telnet output

Estimated Time:

20 minutes total


10 minutes test

Procedures

1. Configure an ACL on the Team-A router BR2 and the Stadium Edge3 router to control traffic as described in the Test 4 goals.

2. Telnet to BR2 from any host other than Edge3, and then telnet from Edge3 to BR2. Record the results.

3. Open a browser on H1 and connect to the Discovery Server using URL http://server.discovery.ccna or IP address 172.17.1.1. Record the results.

4. Attempt to access the Discovery Server from the Edge3 Internet network using extended ping with a source address of interface Lo0 IP address. Record the results.


• Telnet to BR2 from Edge3 is successful. Telnet from any host other than Edge3 fails.

• Using a browser from H1 or H2 to connect to the Discovery Server is successful.

• Extended ping to the Discovery Server with the source address from the Edge3 Internet network interface Lo0 IP address fails.


____________________________________________________________________________________

____________________________________________________________________________________

____________________________________________________________________________________




Appendix B – Test Device Configs Note: Some commands entered by the router or switch have been removed to focus on those configuration commands that need to be graded.

BR2 Router Config (1841 – Cisco IOS 12.4) hostname BR2 ! enable secret class ! no ip domain lookup ! key chain MYCHAIN key 1 key-string securetraffic ! interface FastEthernet0/0 description Team-A LAN no ip address no shutdown interface fa0/0.1 encapsulation dot1Q 1 ip address 172.21.1.193 255.255.255.240 interface fa0/0.11 encapsulation dot1Q 11 ip address 172.21.1.129 255.255.255.192 interface fa0/0.12 encapsulation dot1Q 12 ip address 172.21.1.1 255.255.255.128 ! interface FastEthernet0/1 description backup link to ISP ip address 172.16.1.2 255.255.255.252 duplex auto speed auto no shutdown ! interface Serial0/0/1 no ip address shutdown no fair-queue ! interface Serial0/0/0 description primary Frame relay link to Edge3 no ip address encapsulation frame-relay no shutdown ! interface Serial0/0/0.100 point-to-point ip address 172.21.1.210 255.255.255.252 ip authentication mode eigrp 200 md5 ip authentication key-chain eigrp 200 MYCHAIN frame-relay interface-dlci 100 ! interface Vlan1 no ip address !


router eigrp 200 network 172.21.1.192 0.0.0.15 network 172.21.1.128 0.0.0.63 network 172.21.1.0 0.0.0.127 network 172.21.1.228 0.0.0.3 ! no auto-summary ! ip route 172.17.0.0 255.255.0.0 172.16.1.1 130 ! ip http server no ip http secure-server ! banner motd ^CUnauthorized use prohibited^C ! access-list 1 permit 172.21.1.229 access-list 1 permit 172.16.1.6 access-list 1 deny any ! line con 0 password cisco login line aux 0 line vty 0 4 access-class 1 in password cisco login !

Edge3 Router Config (1841 – Cisco IOS 12.4) hostname Edge3 ! enable secret class ! no ip domain lookup ! key chain MYCHAIN key 1 key-string securetraffic ! interface FastEthernet0/0 description Edge3 Discovery server ip address 172.17.0.1 255.255.0.0 ip access-group Server-Access out duplex auto speed auto no shutdown ! interface FastEthernet0/1 description backup link to ISP ip address 172.16.1.6 255.255.255.252 duplex auto speed auto no shutdown ! interface Serial0/0/0 description primary Frame Relay link to BR2


no ip address encapsulation frame-relay no shutdown ! interface Serial0/0/0.101 point-to-point ip address 172.21.1.209 255.255.255.252 ip authentication mode eigrp 200 md5 ip authentication key-chain eigrp 200 MYCHAIN frame-relay interface-dlci 101 ! interface Serial0/0/1 no ip address shutdown ! interface Lo0 description Edge3 local LAN ip address 172.21.0.1 255.255.255.0 ! interface Vlan1 no ip address ! router eigrp 200 network 172.17.0.0 0.0.255.255 network 172.21.0.0 0.0.0.255 network 172.21.1.228 0.0.0.3 no auto-summary ! ip route 172.21.1.0 255.255.255.0 172.16.1.5 130 ! ip http server no ip http secure-server ! ip access-list extended Server-Access remark Allow only Team-A LAN access to server permit ip 172.21.1.0 0.0.0.255 host 172.17.1.1 remark Deny and log all other traffic deny ip any any log banner motd #Unauthorized use prohibited# ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login

ISP Router Config (1841 – Cisco IOS 12.4) hostname ISP ! enable secret class ! no ip domain lookup ! interface FastEthernet0/0 description backup link to BR2 ip address 172.16.1.1 255.255.255.252


duplex auto speed auto no shutdown ! interface FastEthernet0/1 description backup link to Edge3 ip address 172.16.1.5 255.255.255.252 duplex auto speed auto no shutdown ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address ! ip route 172.21.1.0 255.255.255.0 172.16.1.2 ip route 172.17.0.0 255.255.0.0 172.16.1.6 ! banner motd #Unauthorized use prohibited# ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login

SP-FR Router Config (2620XM – Cisco IOS 12.2) hostname SP-FR ! enable secret class no ip domain-lookup banner motd #Unauthorized use prohibited# ! frame-relay switching ! interface serial0/0 description link to Team-A BR2 encapsulation frame-relay clock rate 64000 no shutdown frame-relay intf-type dce frame-relay route 100 interface serial0/1 101 ! interface serial0/1 description link to Stadium Edge3 encapsulation frame-relay clock rate 64000 no shutdown


frame-relay intf-type dce frame-relay route 101 interface serial0/0 100 line console 0 password cisco login line vty 0 4 password cisco login

S1 Switch Config (2960 – Cisco IOS 12.2) hostname S1 ! enable secret class ! no ip domain-lookup ! spanning-tree mode pvst spanning-tree extend system-id spanning-tree vlan 1 priority 4096 ! vlan internal allocation policy ascending ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport access vlan 11 switchport mode access ! interface FastEthernet0/4 switchport access vlan 11 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access ! interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8 switchport access vlan 11 switchport mode access ! interface FastEthernet0/9 switchport access vlan 11 switchport mode access ! interface FastEthernet0/10 switchport access vlan 11 switchport mode access !


interface FastEthernet0/11 switchport access vlan 11 switchport mode access ! interface FastEthernet0/12 switchport access vlan 12 switchport mode access ! interface FastEthernet0/13 switchport access vlan 12 switchport mode access ! interface FastEthernet0/14 switchport access vlan 12 switchport mode access ! interface FastEthernet0/15 switchport access vlan 12 switchport mode access ! interface FastEthernet0/16 switchport access vlan 12 switchport mode access ! interface FastEthernet0/17 switchport access vlan 12 switchport mode access ! interface FastEthernet0/18 switchport access vlan 12 switchport mode access ! interface FastEthernet0/19 switchport access vlan 12 switchport mode access ! interface FastEthernet0/20 switchport access vlan 12 switchport mode access ! interface FastEthernet0/21 switchport access vlan 12 switchport mode access ! interface FastEthernet0/22 switchport access vlan 12 switchport mode access ! interface FastEthernet0/23 switchport access vlan 12 switchport mode access ! interface FastEthernet0/24 switchport access vlan 12 switchport mode access ! interface Vlan1 ip address 172.21.1.194 255.255.255.240


no ip route-cache no shutdown ! ip default-gateway 172.21.1.193 ip http server ! vlan 11 name Dept11 vlan 12 name Dept12 exit ! vtp domain Team-A vtp mode server vtp password cisco ! banner motd ^Unauthorized use prohibited^ ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end

S2 Switch Config (2960 – Cisco IOS 12.2) hostname S2 ! enable secret class ! no ip domain-lookup ! ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport access vlan 11 switchport mode access ! interface FastEthernet0/4 switchport access vlan 11 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access !


interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8 switchport access vlan 11 switchport mode access ! interface FastEthernet0/9 switchport access vlan 11 switchport mode access ! interface FastEthernet0/10 switchport access vlan 11 switchport mode access ! interface FastEthernet0/11 switchport access vlan 11 switchport mode access ! interface FastEthernet0/12 switchport access vlan 12 switchport mode access ! interface FastEthernet0/13 switchport access vlan 12 switchport mode access ! interface FastEthernet0/14 switchport access vlan 12 switchport mode access ! interface FastEthernet0/15 switchport access vlan 12 switchport mode access ! interface FastEthernet0/16 switchport access vlan 12 switchport mode access ! interface FastEthernet0/17 switchport access vlan 12 switchport mode access ! interface FastEthernet0/18 switchport access vlan 12 switchport mode access ! interface FastEthernet0/19 switchport access vlan 12 switchport mode access ! interface FastEthernet0/20 switchport access vlan 12 switchport mode access ! interface FastEthernet0/21 switchport access vlan 12


switchport mode access ! interface FastEthernet0/22 switchport access vlan 12 switchport mode access ! interface FastEthernet0/23 switchport access vlan 12 switchport mode access ! interface FastEthernet0/24 switchport access vlan 12 switchport mode access ! interface Vlan1 ip address 172.21.1.195 255.255.255.240 no ip route-cache no shutdown ! ip default-gateway 172.21.1.193 ip http server ! vtp domain Team-A vtp mode client vtp password cisco ! banner motd ^Unauthorized use prohibited^ ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end

Documents

D4 SBA Student Ans Key