Addressing Table

VLANs and Port Assignments Table

Scenario

This activity includes many of the skills that you have acquired during your CCNA studies. First, you will complete the documentation for the network. Make sure you have a printed version of the instructions. During implementation, you will configure VLANs, trunking, port security, and SSH remote access on a switch. Then, you will implement inter-VLAN routing and NAT on a router. Finally, you will use your documentation to verify your implementation by testing end-to-end connectivity.
Documentation
You are required to fully document the network. You will need a print out of this instruction set, which will include an unlabeled topology diagram:

– Label all the device names, network addresses, and other important information that Packet Tracer generated.
– Complete the Addressing Table and VLANs and Port Assignments Table.
– Fill in any blanks in the Implementation and Verification steps. The information is supplied when you launch the Packet Tracer activity.

Implementation

Note: All devices in the topology except Central, Cnt-Sw, and NetAdmin are fully configured. You do not have access to the other routers. You can access all the servers and PCs for testing purposes.
Implement to following requirements using your documentation:

Cnt-Sw

+ Configure remote management access including IP addressing and SSH:

  • Domain is cisco.com
  • Enable secret ciscoenpass
  • User CAdmin with password itsasecret
  • Crypto key length of 1024
  • SSH version 2, limited to 2 authentication attempts and a 60 second timeout
  • Plaintext passwords should be encrypted.

a. Configure, name, and assign VLANs. Ports should be manually configured as access ports.
b. Configure trunking.
c. Implement port security:

  • On F0/1, allow 2 MAC addresses that are automatically added to the configuration file when detected. The port should not be disabled, but a syslog message should be captured if a violation occurs.
  • Disable all other unused ports.

Cnt-Sw

Cnt-Sw#config t
Cnt-Sw(config)#int vlan 60
Cnt-Sw(config-if)#ip address 192.168.45.34 255.255.255.240
Cnt-Sw(config-if)#no shutdown
Cnt-Sw(config-if)#ip default-geteway 192.168.45.33
Cnt-Sw(config-if)#exit
Cnt-Sw(config)#ip default-gateway 192.168.45.33
Cnt-Sw(config)#vlan 15
Cnt-Sw(config-vlan)#name Server
Cnt-Sw(config-vlan)#vlan 30
Cnt-Sw(config-vlan)#name PCs
Cnt-Sw(config-vlan)#vlan 45
Cnt-Sw(config-vlan)#name Native
Cnt-Sw(config-vlan)#vlan 60
Cnt-Sw(config-vlan)#name Management
Cnt-Sw(config-vlan)#int range f0/1 – 10
Cnt-Sw(config-if-range)#switchport mode access
Cnt-Sw(config-if-range)#switchport access vlan 30

Cnt-Sw(config-if-range)#int fa0/1
Cnt-Sw(config-if)#switchport port-security
Cnt-Sw(config-if)#switchport port-security maximum 2
Cnt-Sw(config-if)#switchport port-security mac-address sticky
Cnt-Sw(config-if)#switchport port-security violation restrict

Cnt-Sw(config-if)#int range f0/11 – 20
Cnt-Sw(config-if-range)#switchport mode access
Cnt-Sw(config-if-range)#switchport access vlan 15
Cnt-Sw(config-if-range)#int g0/1
Cnt-Sw(config-if)#switchport mode trunk
Cnt-Sw(config-if)#switchport trunk native vlan 45
Cnt-Sw(config-if)#int range fa0/21 – 24 , gi0/2
Cnt-Sw(config-if-range)#shutdown

Cnt-Sw(config-if-range)#exit
Cnt-Sw(config)#ip domain-name cisco.com
Cnt-Sw(config)#crypto key generate rsa
The name for the keys will be: Cnt-Sw.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys.
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

Cnt-Sw(config)#enable secret ciscoenpass
Cnt-Sw(config)#service password-encryption
Cnt-Sw(config)#ip ssh authentication-retries 2
Cnt-Sw(config)#ip ssh time 60
Cnt-Sw(config)#line vty 0 15
Cnt-Sw(config-line)#login local
Cnt-Sw(config-line)#transport input ssh

Central
a. Configure inter-VLAN routing.
b. Configure DHCP services for VLAN 30. Use LAN as the case-sensitive name for the pool.
c. Implement routing:

  • Use RIPv2.
  • Configure one network statement for the entire 192.168.45.0/24 address space.
  • Disable interfaces that should not send RIPv2 messages.
  • Configure a default route to the Internet.

+ Implement NAT:

  • Configure a standard, one statement ACL number 1. All IP addresses belonging to the 192.168.45.0/24 address space are allowed.
  • Refer to your documentation and configure static NAT for the File Server.
  • Configure dynamic NAT with PAT using a pool name of your choice, a /30 mask, and these two public addresses:
    64.100.32.56 and 64.100.32.57

+ Configure on Central Router

Central(config)#ip dhcp excluded-address 192.168.45.129
Central(config)#ip dhcp pool LAN
Central(dhcp-config)#network 192.168.45.128 255.255.255.192
Central(dhcp-config)#default-route 192.168.45.129
Central(dhcp-config)#interface gi0/0
Central(config-if)#no shutdown

Central(config-if)#
Central(config-if)#int gi0/0.15
Central(config-subif)#encapsulation dot1Q 15
Central(config-subif)#ip address 192.168.45.65 255.255.255.192
Central(config-subif)#ip nat inside

Central(config-subif)#inter gi0/0.30
Central(config-subif)#encapsulation dot1Q 30
Central(config-subif)#ip address 192.168.45.129 255.255.255.192
Central(config-subif)#ip nat inside

Central(config-subif)#int gi0/0.45
Central(config-subif)#encapsulation dot1Q 45 native
Central(config-subif)#ip address 192.168.45.17 255.255.255.240

Central(config-subif)#interface gi0/0.60
Central(config-subif)#encapsulation dot1Q 60
Central(config-subif)#ip address 192.168.45.33 255.255.255.240

Central(config-subif)#router rip
Central(config-router)#passive-interface gi0/0.15
Central(config-router)#passive-interface gi0/0.30
Central(config-router)#passive-interface gi0/0.45
Central(config-router)#passive-interface gi0/0.60
Central(config-router)#passive-interface s0/1/0
Central(config-router)#network 192.168.45.0
Central(config-router)#no auto-summary

Central(config-router)#version 2
Central(config-router)#int s0/0/0
Central(config-if)#ip nat inside
Central(config-if)#int s0/0/1
Central(config-if)#ip nat inside
Central(config-if)#int s0/1/0
Central(config-if)#ip nat outside

Central(config-if)#ip nat pool TEST 64.100.32.56 64.100.32.57 netmask 255.255.255.252
Central(config)#ip nat inside source list 1 pool TEST over
Central(config)#ip nat inside source list 1 pool TEST overload
Central(config)#ip nat inside source static 192.168.45.66 64.100.32.58
Central(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0

Central(config)#access-list 1 permit 192.168.45.0 0.0.0.255
Central(config)#

NetAdmin

Verify NetAdmin has received full addressing information from Central.

Verification

All devices should now be able to ping all other devices. If not, troubleshoot your configurations to isolate and solve problems. A few tests include:

· Verify remote access to Cnt-Sw by using SSH from a PC.
· Verify VLANs are assigned to appropriate ports and port security is in force.
· Verify a complete routing table.
· Verify NAT translations and statics.

  • Outside Host should be able to access File Server at the public address.
  • Inside PCs should be able to access Web Server.

· Document any problems you encountered and the solutions in the Troubleshooting Documentation table below.

By Admin