CCNA 2 Routing & Switching Essentials Practice Skills Assessment Part I

CCNA 2 Routing & Switching Essentials Practice Skills Assessment Part I PT Exam Answers

CCNA Routing and Switching Routing & Switching Essentials Practice Skills Assessment Part I – Type A – Type B

ccna-2-routing-switching-essentials-practice-skills-assessment-part-1-1

A few things to keep in mind while completing this activity:

  1. Do not use the browser Back button or close or reload any exam windows during the exam.
  2. Do not close Packet Tracer when you are done. It will close automatically.
  3. Click the Submit Assessment button in the browser window to submit your work.

Introduction

In this practice skills assessment, you will configure the Science Academy network. You will perform basic router configuration tasks, address router interfaces and hosts, and configure VLANs, trunking, and routing between VLANs. You will also configure and customize RIPv2 and control access to router vty lines with a standard named ACL. For a full list of tasks, see below.

You are not required to configure the following:

  • Main-4-SW
  • Remote-SW
  • LAN2-1
  • Remote-A
  • NetAdmin
  • Internet
  • Hosts attached to Main-3-SW

All IOS device configurations should be completed from a direct terminal connection to the device console. In addition, many values that are required to complete the configurations have not been given to you. In those cases, create the values that you need to complete the requirements.

You will practice and be assessed on the following skills:

  • Configuration of initial device settings
  • Interface addressing
  • Configuration of VLANs and trunking
  • Routing between VLANs
  • Dynamic routing with RIPv2
  • Configuration of standard ACLs
  • Switch port security configuration
  • Remote switch management configuration
  • Syslog and NTP configuration

You will configure specific devices the following:

Main:

  • Basic device configuration
  • Interface addressing
  • Routing between VLANs
  • RIPv2 routing
  • Standard numbered ACL on vty
  • Syslog logging with NTP timestamping

Remote:

  • RIPv2 routing

Main-1-SW:

  • VLANs and trunking
  • Management interface

Main-2-SW:

  • VLANs and trunking
  • Port security
  • Management interface

Main-3-SW:

  • VLANs and trunking
  • Management interface

Main-2-SW Hosts:

  • IP addresses
  • Subnet masks
  • Gateways

Addressing Table

Use the following addresses to configure the network. Some addresses are preconfigured on devices that you are not required to configure, and are provided for reference purposes only.

ccna-2-routing-switching-essentials-practice-skills-assessment-part-1-2

VLAN Table

ccna-2-routing-switching-essentials-practice-skills-assessment-part-1-3

Step1: Basic Device Configuration

Complete a basic device configuration on the Main router. Perform the following tasks:

  1. Disable DNS lookup.
  2. Configure the device with the name shown in the addressing table.
  3. Configure password encryption.
  4. Assign the encrypted type of privileged EXEC password.
  5. Configure a MOTD banner to warn users that unauthorized access is prohibited.
  6. Configure the console line so that router status messages will not interrupt command line input.
  7. Configure the console to require a password for access.
  8. Configure the VTY ports to only accept connections over SSH. Use the following values:

Domain Name: cisco.com
Local Username: admin
User Password: class
Modulus: 1024
Version: 2

The values for your SSH configuration must match these values exactly in order for you to receive credit for your configuration.

Step 2: Interface Addressing Main

Activate and configure the G0/1 and S0/0/0 interfaces of the Main router with the IP addresses given in the Addressing Table. The G0/0 interface will be configured later in the assessment.Configure descriptions for these interfaces.

Step 3: VLANs and Trunking

Configure the Main-1-SWMain-2-SW, and Main-3-SW switches with VLANs and trunking according to the values in the VLAN table.

  1. Add the VLANs to the switches.
  2. Name the VLANs exactly as shown in the VLAN table.
  3. Configure the links between the Main-1-SW, Main-2-SW, and Main-3-SW switches as trunks. Configure the link between Main-1-SW and Main as a trunk. All trunking interfaces should be statically configured as trunks.
  4. Assign the appropriate ports to the VLANs.

Step 4: Routing Between VLANs

Configure routing between VLANs on the Main router. Use the information in the addressing and VLAN tables.

Step 5: Access Control List ConfigurationConfigure a named standard ACL that meets the following requirements:

  1. The list should be named block15. The name must match this value exactly in order for you to receive credit for your work.
  2. Prevent any host with an address on the VLAN15subnetwork from accessing the VLAN10 subnetwork.
  3. All other hosts should be permitted
  4. The list should have two statements. One statement for each requirement in steps 5b and 5c.

Step 6: Switch Virtual Interface (SVI) Configuration

Configure the switch virtual management interfaces on Main-1-SWMain-2-SW, and Main-3-SW. Use the information in the addressing and VLAN tables for your configuration. All switches should be reachable from hosts on other networks for the purpose of this assessment.

Step 7: Switch Port Security Configuration

Improve network security by configuring the Main-2-SW switch with the following. You are only required to configure these settings on this one switch for this assessment.

  1. Disable ALL unused switch ports.
  2. Activate port security on all ports that have hosts connected.
  3. Allow only a maximum of two MAC addresses to access the active switch ports.
  4. Configure the switch ports to automatically learn the two allowed MAC addresses and record the addresses in the running configuration.
  5. Configure the switch ports so that, if the maximum number of addresses for each port is exceeded, packets with unknown source addresses are dropped until a sufficient number of secure MAC addresses are removed. Notification that a violation has occurred is not required.

Step 8: Dynamic Routing

Configure RIPv2 routing on Main and Remote.

  1. Configure RIPv2 on Main and Remote so that all networks are reachable.
  2. Configure all LAN physical interfaces so that RIP updates are not sent out to the LANs.
  3. Be sure to use the version of RIP that supports classless routing.
  4. Prevent RIP from automatically summarizing networks.
  5. Configure RIP to automatically send the default route that is already configured on Remoteto Main.

Step 9: Configure Network Monitoring

Configure NTP and Syslog server logging on Main.

  1. Activate the logging and debug timestamp services.
  2. Configure Mainas an NTP client. The NTP server is NetAdmin with the address of 192.168.2.10.
  3. Configure Syslog to send debug levelmessages to the NetAdmin logging server.

Step 10: Configure Host Addressing

Address the hosts that are connected to Main-2-SW so that they have connectivity to the IP address of the Internet server on the Internet. Use the information provided in the Addressing Table.

Intructions- Answers Script – Type A

Main – Router

Remote – Router

Main-1-SW (Switch)

Main-2-SW

Main-3-SW

Host Addressing

Hosts ACAD-1 TEACH-1 STUDENT-1 NETADMIN-1
IP Address 192.168.1.10 192.168.1.26 192.168.1.42 192.168.1.58
Subnet mask 255.255.255.240 255.255.255.240 255.255.255.240 255.255.255.240
Default gateway 192.168.1.1 192.168.1.17 192.168.1.33 192.168.1.49

ccna-2-routing-switching-essentials-practice-skills-assessment-part-1-4

A few things to keep in mind while completing this activity:

  1. Do not use the browser Back button or close or reload any exam windows during the exam.
  2. Do not close Packet Tracer when you are done. It will close automatically.
  3. Click the Submit Assessment button in the browser window to submit your work.

Introduction

In this practice skills assessment, you will configure the Science Academy network. You will perform basic router configuration tasks, address router interfaces and hosts, and configure VLANs, trunking, and routing between VLANs. You will also configure and customize RIPv2 and control access to router vty lines with a standard named ACL. For a full list of tasks, see below.

You are not required to configure the following:

  • SW-Bldg-B-1
  • SW-Branch
  • BLDG-B-1
  • Branch-1
  • Admin
  • Web
  • Hosts attached to SW-Bldg-A-2

All IOS device configurations should be completed from a direct terminal connection to the device console. In addition, many values that are required to complete the configurations have not been given to you. In those cases, create the values that you need to complete the requirements.

You will practice and be assessed on the following skills:

  • Configuration of initial device settings
  • Interface addressing
  • Configuration of VLANs and trunking
  • Routing between VLANs
  • Dynamic routing with RIPv2
  • Configuration of standard ACLs
  • Switch port security configuration
  • Remote switch management configuration
  • Syslog and NTP configuration

You will configure specific devices the following:

HQ:

  • Basic device configuration
  • Interface addressing
  • Routing between VLANs
  • RIPv2 routing
  • Standard numbered ACL on vty
  • Syslog logging with NTP timestamping

Branch:

  • RIPv2 routing

SW-Bldg-A:

  • VLANs and trunking
  • Management interface

SW-Bldg-A-1:

  • VLANs and trunking
  • Port security
  • Management interface

SW-Bldg-A-2:

  • VLANs and trunking
  • Management interface

SW-Bldg-A-1 Hosts:

  • IP addresses
  • Subnet masks
  • Default gateways

Addressing Table

Use the following addresses to configure the network. Some addresses are preconfigured on devices that you are not required to configure, and are provided for reference purposes only.

ccna-2-routing-switching-essentials-practice-skills-assessment-part-1-5

VLAN Table

ccna-2-routing-switching-essentials-practice-skills-assessment-part-1-6

Step1: Basic Device Configuration

Complete a basic device configuration on the HQ router. Perform the following tasks:

  1. Disable DNS lookup.
  2. Configure the device with the name shown in the addressing table.
  3. Configure password encryption.
  4. Assign the encrypted type of privileged EXEC password.
  5. Configure a MOTD banner to warn users that unauthorized access is prohibited.
  6. Configure the console line so that router status messages will not interrupt command line input.
  7. Configure the console to require a password for access.
  8. Configure the VTY ports to only accept connections over SSH. Use the following values:

Domain Name: cisco.com
Local Username: admin
User Password: class
Modulus: 1024
Version: 2

The values for your SSH configuration must match these values exactly in order for you to receive credit for your configuration.

Step 2: Interface Addressing HQ

Activate and configure the G0/1 and S0/0/0 interfaces of the HQ router with the IP addresses given in the Addressing Table. The G0/0 interface will be configured later in the assessment.Configure descriptions for these interfaces.

Step 3: VLANs and Trunking

Configure the SW-Bldg-ASW-Bldg-A-1, and SW-Bldg-A-2 switches with VLANs and trunking according to the values in the VLAN table.

  1. Add the VLANs to the switches.
  2. Name the VLANs exactly as shown in the VLAN table.
  3. Configure the links between the SW-Bldg-A, SW-Bldg-A-1, and SW-Bldg-A-2 switches as trunks. Configure the link between SW-Bldg-A and HQ as a trunk. All trunking interfaces should be statically configured as trunks.
  4. Assign the appropriate ports to the VLANs.

Step 4: Routing Between VLANs

Configure routing between VLANs on the HQ router. Use the information in the addressing and VLAN tables.

Step 5: Access Control List Configuration

Configure a named standard ACL that meets the following requirements:

  1. The list should be named block15. The name must match this value exactly in order for you to receive credit for your work.
  2. Prevent any host with an address on the VLAN15subnetwork from accessing the VLAN10 subnetwork.
  3. All other hosts should be permitted
  4. The list should have two statements. One statement for each requirement in steps 5b and 5c.

Step 6: Switch Virtual Interface (SVI) Configuration

Configure the switch virtual management interfaces on SW-Bldg-ASW-Bldg-A-1, and SW-Bldg-A-2. Use the information in the addressing and VLAN tables for your configuration. All switches should be reachable from hosts on other networks for the purpose of this assessment.

Step 7: Switch Port Security Configuration

Improve network security by configuring the SW-Bldg-A-1 switch with the following. You are only required to configure these settings on this one switch for this assessment.

  1. Disable ALL unused switch ports.
  2. Activate port security on all ports that have hosts connected.
  3. Allow only a maximum of two MAC addresses to access the active switch ports.
  4. Configure the switch ports to automatically learn the two allowed MAC addresses and record the addresses in the running configuration.
  5. Configure the switch ports so that, if the maximum number of addresses for each port is exceeded, packets with unknown source addresses are dropped until a sufficient number of secure MAC addresses are removed. Notification that a violation has occurred is not required.

Step 8: Dynamic Routing

Configure RIPv2 routing on HQ and Branch.

  1. Configure RIPv2 on HQ and Branch so that all networks are reachable.
  2. Configure all LAN physical interfaces so that RIP updates are not sent out to the LANs.
  3. Be sure to use the version of RIP that supports classless routing.
  4. Prevent RIP from automatically summarizing networks.
  5. Configure RIP to automatically send the default route that is already configured on Branchto HQ.

Step 9: Configure Network Monitoring

Configure NTP and Syslog server logging on HQ.

  1. Activate the logging and debug timestamp services.
  2. Configure HQas an NTP client. The NTP server is Admin with the address of 192.168.2.10.
  3. Configure Syslog to send debug levelmessages to the Admin logging server.

Step 10: Configure Host Addressing

Address the hosts that are connected to SW-Bldg-A-1 so that they have connectivity to the IP address of the Web server on the Web. Use the information provided in the Addressing Table.

Intructions- Answers Script – Type B

HQ – Router

Branch – Router

SW-Bldg-A (Switch)

SW-Bldg-A-1

SW-Bldg-A-2

Host Addressing

Hosts OFFICE 1 PROD-1 ACCT 1 ADMIN-1
IP Address 192.168.1.10 192.168.1.26 192.168.1.42 192.168.1.58
Subnet mask 255.255.255.240 255.255.255.240 255.255.255.240 255.255.255.240
Default gateway 192.168.1.1 192.168.1.17 192.168.1.33 192.168.1.49

More Resources

About the author

James Palmer

Leave a Comment