A
few things to keep in mind while completing this activity:
- Do not use the browser Back button or close or reload any exam windows during the exam.
- Do not close Packet Tracer when you are done. It will close automatically.
- Click the Submit Assessment button to submit your work.
In
this practice Packet Tracer Skills Exam, you will:
- configure VLANs using VTP
- configure inter-VLAN routing
- modify STP
- configure port security
- add a wireless LAN
Device
|
Interface
|
Address
|
Subnet Mask
|
Default Gateway
|
Router1
|
Fa0/0.10
|
172.16.10.1
|
255.255.255.0
|
n/a
|
Fa0/0.20
|
172.16.20.1
|
255.255.255.0
|
n/a
|
|
Fa0/0.43
|
172.16.43.1
|
255.255.255.0
|
n/a
|
|
Fa0/0.67
|
172.16.67.1
|
255.255.255.0
|
n/a
|
|
WRS
|
Internet
|
172.16.67.10
|
255.255.255.0
|
172.16.67.1
|
Wireless
|
172.16.100.1
|
255.255.255.0
|
n/a
|
|
SW_DS1
|
VLAN 43
|
172.16.43.11
|
255.255.255.0
|
172.16.43.1
|
SW_AC2
|
VLAN 43
|
172.16.43.12
|
255.255.255.0
|
172.16.43.1
|
SW_AC3
|
VLAN 43
|
172.16.43.13
|
255.255.255.0
|
172.16.43.1
|
PC1
|
NIC
|
172.16.10.10
|
255.255.255.0
|
172.16.10.1
|
PC2
|
NIC
|
172.16.20.10
|
255.255.255.0
|
172.16.20.1
|
PC3
|
NIC
|
172.16.10.11
|
255.255.255.0
|
172.16.10.1
|
PC4
|
NIC
|
DHCP
assigned
|
255.255.255.0
|
172.16.100.1
|
Note: The password for user
EXEC mode is cisco. The password for privileged EXEC mode is class.
Create,
enable, and address VLAN43 as the management interface on all three switches.
Use the values found in the addressing table.
Note: Packet Tracer now
supports the use of the range argument for the interface command.
For
interfaces FastEthernet 0/19 through FastEthernet 0/24 on all three switches:
- Configure static trunking.
- Assign VLAN 43 as the native VLAN.
a. Configure SW_DS1 as VTP server and the following VTP parameters:
· SW_DS1 is the VTP server.
· VTP domain name: CCNA
· VTP password: cisco
b. Create and name the
following VLANs on SW_DS1.
· VLAN 10: Student
· VLAN 20: Faculty
· VLAN 43: Management
· VLAN 67: Wireless
c. Configure SW_AC2 and SW_AC3 as VTP clients to participate in the
CCNA VTP domain.
d. Verify that VTP is
operational.
VLAN
port assignments on each switch are as follows:
Device
|
Ports
|
Assignment
|
SW_AC2, SW_AC3
|
Fa0/1 – 0/10
|
10
|
SW_AC2, SW_AC3
|
Fa0/11 – 0/17
|
20
|
SW_AC3
|
Fa0/18
|
67
|
a. Configure access ports on access layer switches.
· Configure the appropriate interfaces on SW_AC2
and SW_AC3 for access mode.
· Assign VLANs according to the port assignments
table.
b. Verify trunking and VLAN
assignments.
a. Modify STP root bridge elections.
· Using a priority of 4096, set SW_DS1 as the root bridge for all VLANs.
· Using a priority of 8192, set SW_AC2 so that it will become the root for all VLANs if SW_DS1 fails.
b. Verify the spanning tree
election.
- Use the information in the Addressing Table to configure Router1 for inter-VLAN routing. Be sure to designate the native VLAN.
- Verify inter-VLAN routing.
Note: Best practice requires
port security on all access ports. However, for this practice exercise you will
only configure one port with security.
a. Configure SW_AC3 with port security on FastEthernet 0/2.
· Enable port security.
· No more than two MAC addresses are allowed on
the FastEthernet 0/2 port for SW_AC3.
· Once learned, MAC addresses should be
automatically added to the running configuration.
· If this policy is violated, the port should be
automatically disabled.
b. Verify that port
security is implemented.
Refer
to the Addressing Table to configure the wireless LAN.
a. Configure WRS.
· Use static addressing on the Internet interface.
· Set the router IP and subnet mask.
· Use the DHCP Server Settings to configure the
router to provide wireless hosts with an IP address.
· The starting IP address in the wireless LAN
subnet is 172.16.100.10.
· The maximum number of users is 25.
b. Configure wireless
security.
· Set the SSID to WRS_LAN.
· Enable WEP security and use 12345ABCDE as key1.
c. Use cisco123 as the remote management password.
d. Configure PC4 to access
the wireless network that is provided by WRS. PC4 uses DHCP to obtain
addressing information.
Note: It will not be possible
for devices to ping PC4 since PC4 is behind the WRS NAT firewall.
Although
these are not scored, the following connectivity tests should be successful.
- SW_DS1 can ping Router1.
- SW_AC2 can ping Router1.
- SW_AC3 can ping Router1.
- PC1 can ping PC2.
- PC2 can ping PC3.
- PC4 can ping PC1.
Answer:
Step 1: Configure the
Switches for Remote Access. ***************************************************
SW_DS1(config)#
---------------
vlan 43
Name Management
exit
interface vlan 43
ip add 172.16.43.11 255.255.255.0
no shutdown
exit
ip default-gateway 172.16.43.1
SW_AC2 (config)#
---------------
vlan 43
Name Management
exit
interface vlan 43
ip add 172.16.43.12 255.255.255.0
no shutdown
exit
ip default-gateway 172.16.43.1
SW_AC3(config)#
---------------
vlan 43
Name Management
exit
interface vlan 43
ip add 172.16.43.13 255.255.255.0
no shutdown
exit
ip default-gateway 172.16.43.1
SW_DS1(config)#
---------------
vlan 43
Name Management
exit
interface vlan 43
ip add 172.16.43.11 255.255.255.0
no shutdown
exit
ip default-gateway 172.16.43.1
SW_AC2 (config)#
---------------
vlan 43
Name Management
exit
interface vlan 43
ip add 172.16.43.12 255.255.255.0
no shutdown
exit
ip default-gateway 172.16.43.1
SW_AC3(config)#
---------------
vlan 43
Name Management
exit
interface vlan 43
ip add 172.16.43.13 255.255.255.0
no shutdown
exit
ip default-gateway 172.16.43.1
For switch SW_DS1 & SW_AC2 & SW_AC3
--------------------
int range fast 0/19 - fa0/24
no shut
switchport mode trunk
switchport trunk native vlan 43
exit
For switch SW_DS1
-----------------------
VTP mode server
VTP domain CCNA
VTP Password cisco
Vlan 10
Name Student
VLAN 20
Name Faculty
VLAN 43
Name Management
VLAN 67
Name Wireless
For switch SW_AC2 & SW_AC3
----------------------
VTP mode client
VTP domain CCNA
VTP Password cisco
do Show VTP Status
do Show Vlan Brief
****************************************************
FOR SW_AC2 & SW_AC3
-------------
SW_AC2(config)#
--------------
interface range fastEthernet 0/1 - fa0/17
switchport mode trunk
no shutdown
exit
interface range fastEthernet 0/1 - fa0/10
switchport mode access
switchport access vlan 10
no shutdown
exit
interface range fastEthernet 0/11 - fa0/17
switchport mode access
switchport access vlan 20
no shutdown
exit
SW_AC3(config)#
------------------
interface range fastEthernet 0/1 - fa0/17
switchport mode trunk
no shutdown
exit
interface range fastEthernet 0/1 - fa0/10
switchport mode access
switchport access vlan 10
no shutdown
exit
interface range fastEthernet 0/11 - fa0/17
switchport mode access
switchport access vlan 20
no shutdown
exit
interface fastEthernet 0/18
switchport mode access
switchport access vlan 67
no shutdown
exit
*************************************************************
FOR S1:
----------
spanning-tree vlan 10,20,43,67 priority 4096
FOR S2:
----------
spanning-tree vlan 10,20,43,67 priority 8192
**************************************************************
interface fastEthernet 0/0
no shutdown
exit
interface fastEthernet 0/0.10
encapsulation dot1Q 10
ip address 172.16.10.1 255.255.255.0
exit
interface fastEthernet 0/0.20
encapsulation dot1Q 20
ip address 172.16.20.1 255.255.255.0
exit
interface fastEthernet 0/0.43
encapsulation dot1Q 43 native
ip address 172.16.43.1 255.255.255.0
exit
interface fastEthernet 0/0.67
encapsulation dot1Q 67
ip address 172.16.67.1 255.255.255.0
exit
***********************************************************************
a.Configure SW_AC3 with port security on FastEthernet 0/2.
SW_AC3(config)#
----------------
int fastEthernet 0/2
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown
exit
a. Configure WRS.
Hope this would be helpfull for You.