Professional Documents
Culture Documents
Cisco Ewan Nat Acl PT Practice Sba With Solution
Cisco Ewan Nat Acl PT Practice Sba With Solution
In this practice Packet Tracer Skills Exam, you are expected to:
Addressing Table
Device
R1
Interface
Fa0/0
S0/0/0
S0/0/1.101
Address
Subnet Mask
Default Gateway
172.30.1.1
10.10.10.1
255.255.255.252
255.255.255.252
n/a
n/a
R2
S0/0/0
S0/0/1.201
S0/1/0
172.30.1.6
10.10.10.2
209.165.201.2
255.255.255.252
255.255.255.252
255.255.255.252
n/a
n/a
n/a
R3
Fa0/0
S0/0/0
S0/0/1
172.30.1.2
172.30.1.5
255.255.255.252
255.255.255.252
n/a
n/a
n/a
DHCP Assigned
DHCP Assigned
DHCP Assigned
PC1
NIC
PC3
NIC
NOTE: The password for user EXEC mode is cisco. The password for privileged EXEC mode is
class.
c.
Assign the first (lowest) address in this subnet to the Fa0/0 interface on R3.
d.
Subnet the remaining address space to provide 30 host addresses for the R1 LAN while
wasting the fewest addresses.
e.
f.
g.
h.
Configure PC1 with IP addressing. PC3 will get its address from the DHCP server on R3 in
the next step.
b.
Verify that PC3 now has full IP addressing. It may be necessary to toggle between Static
and DHCP on the IP Configuration screen for PC3 before PC3 will send a DHCP request. PC3
should be able to ping the default gateway.
b.
Configure R2 with a default route using the outbound interface argument. Use one command
to propagate the default route into the EIGRP routing process.
c.
Verify PC1 and PC3 can ping each other as well as R1, R2 and R3. You will not be able to
ping Internet hosts yet.
b.
Verify that PC1 and PC3 can ping the Internet hosts.
Configure and apply an ACL with the number 50 that implements the following policy:
Deny any host from the R3 LAN from accessing hosts on the R1 LAN.
b.
c.
Configure and apply a named ACL with the case-sensitive name FIREWALL that
implements the following policy:
d.
SOLUTION
IP pool received 172.16.1.128 /25
172.16.1.192 /27
172.16.1.193 255.255.255.224
172.16.1.222 255.255.255.224
R1#sh run
Building configuration...
Current configuration : 1309 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
!
!
!
!
!
!
!
ip ssh version 1
ip name-server 0.0.0.0
!
!
!
!
!
!
interface FastEthernet0/0
ip address 172.16.1.193 255.255.255.224
ip access-group 50 out
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 172.30.1.1 255.255.255.252
clock rate 2000000
!
interface Serial0/0/1
no ip address
encapsulation frame-relay
!
interface Serial0/0/1.101 point-to-point
ip address 10.10.10.1 255.255.255.252
frame-relay interface-dlci 101
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
passive-interface FastEthernet0/0
network 172.16.0.0
network 172.30.0.0
network 10.0.0.0
no auto-summary
!
ip classless
!
!
access-list 50 deny 172.16.1.128 0.0.0.63
access-list 50 permit any
!
banner motd ^CAuthorized Access Only!^C
!
!
!
!
logging trap debugging
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
ntp update-calendar
!
end
R2#sh run
Building configuration...
Current configuration : 1718 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
!
!
!
username R3 password 0 ciscochap
!
!
!
!
!
ip ssh version 1
ip name-server 0.0.0.0
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 172.30.1.6 255.255.255.252
encapsulation ppp
ppp authentication chap
ip nat inside
!
interface Serial0/0/1
no ip address
encapsulation frame-relay
!
interface Serial0/0/1.201 point-to-point
ip address 10.10.10.2 255.255.255.252
frame-relay interface-dlci 201
ip nat inside
!
interface Serial0/1/0
ip address 209.165.201.2 255.255.255.252
ip access-group FIREWALL in
ip nat outside
!
interface Serial0/1/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
redistribute static
passive-interface Serial0/1/0
network 172.30.0.0
network 10.0.0.0
no auto-summary
!
ip nat inside source list 1 interface Serial0/1/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
!
!
access-list 1 permit 172.16.1.128 0.0.0.127
ip access-list extended FIREWALL
deny icmp any any echo
deny tcp any any eq telnet
deny tcp any any eq www
permit ip any any
!
banner motd ^CAuthorized Access Only!^C
!
!
!
!
logging trap debugging
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
ntp update-calendar
!
End
R3#sh run
Building configuration...
interface Vlan1
no ip address
shutdown
!
router eigrp 100
passive-interface FastEthernet0/0
network 172.16.0.0
network 172.30.0.0
no auto-summary
!
ip classless
!
!
!
banner motd ^CAuthorized Access Only!^C
!
!
!
!
logging trap debugging
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
ntp update-calendar
!
end