Práctica 5 NAT

8/17/2019 Práctica 5 NAT

1/17

CCNA : Connecting Networks

Skills Assessment – Instructor Training Exam

Topology

Assessment Objecties

!art ": #uil$ t%e !%ysical Network an$ Initiali&e 'eices (5 points, 10 minutes)

!art (: Con)igure 'eice #asic Settings (15 points, 20 minutes)

!art *: Con)igure !!! Connections (17 points, 20 minutes)

!art +: Con)igure NAT (14 points, 15 minutes)

!art ,: -onitor t%e Network (16 points, 15 minutes)

!art .: Con)igure /rame 0elay (17 points, 20 minutes)

!art 1: Con)igure a 20E 3!N Tunnel (16 points, 20 minutes)

Scenario

In this Skills Assessment (SA) you will create a small network !ou must connect the network "e#ices an"con$i%ure those "e#ices to support #arious &A' protocols his will reuire that you reloa" the routers *e$orestartin% your con$i%uration o$ the ne+t &A' protocol he assessment has you sa#e your *asic "e#icecon$i%urations to $lash prior to implementin% a &A' protocol to allow you to restore these *asic con$i%urationsa$ter each reloa"

he $irst &A' protocol you will con$i%ure is oint-to-oint rotocol () with ./A authentication !ou willalso con$i%ure 'etwork A""ress ranslation ('A), an" network monitorin% protocols "urin% this phase o$ theassessment A$ter your instructor has si%ne" o$$ on this phase, you will reloa" the routers an" con$i%ure

201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e " o$ "1


2/17

CCNA: Connecting Networks SA Exam

3rame elay A$ter the 3rame elay part is complete, an" has *een si%ne" o$$ *y your instructor, you willreloa" the routers an" con$i%ure a ' tunnel 'etwork con$i%urations an" connecti#ity will *e #eri$ie"throu%hout the assessment *y usin% common .8I comman"s

0e4uire$ 0esources

• outers (.isco 1941 with .isco I:S elease 152(4); uni#ersal ima%e or compara*le)

• .s (&in"ows 7, ista, or an" 2 00 (12 point)

8A' ca*le *etween .-. an" 00 (12 point)

Step *: Initiali&e an$ reloa$ routers6

rase the startup con$i%urations an" reloa" the "e#ices

Task IOS Comman$ !oints

rase the startup-con$i% $ile on allrouters

erase startup-con$i% (1 point)

eloa" all routers eloa" (12point)

Note? >e$ore procee"in%, ha#e your instructor #eri$y "e#ice initiali@ations

Instructor Sign7o)) !art ": 8888888888888888888888888

!oints: 8888888888 o) ,

201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e ( o$ "1


3/17


!art (: Con)igure 'eice #asic Settings

Total points: ",

Time: (5 minutes

Step ": Con)igure !Cs6

Assi%n static I#4 a""ress in$ormation (I a""ress, su*net mask, "e$ault %ateway) to the three .s in thetopolo%y e$er to the opolo%y "ia%ram to o*tain the I a""ress in$ormation

Con)iguration Item or Task Speci)ication !oints

.on$i%ure static I#4 a""ress in$ormation on .-A I A""ress 1921611(12 point)

.on$i%ure static I#4 a""ress in$ormation on .-> I A""ress? 1921622(12 point)

.on$i%ure static I#4 a""ress in$ormation on .-. I A""ress? 1010

(12 point)

Step (: Con)igure 0"6

.on$i%uration tasks $or 1 inclu"e the $ollowin%?


=isa*le ='S lookup no ip "omain-lookup (12 point)

outer name 1 (12 point)

ncrypte" pri#ile%e"


4/17



=isa*le ='S lookup no ip "omain-lookup (12 point)

outer name 2 (12 point)

ncrypte" pri#ile%e"


5/17



.opy the runnin%-con$i% on 1 to $lash 'ame the$ile #asicCon)ig 1Dcopy runnin%-con$i% startup-con$i%

(12 point)

.opy the runnin%-con$i% on 2 to $lash 'ame the

$ile #asicCon)ig 1Dcopy runnin%-con$i% startup-con$i%

(12 point)

.opy the runnin%-con$i% on to $lash 'ame the$ile #asicCon)ig 1Dcopy runnin%-con$i% startup-con$i%

(12 point)

Instructor Sign7o)) !art (: 8888888888888888888888

!oints: 888888888 o) ",

!art *: Con)igure !!! Connections

Total points: "1

Time: (5 minutes

/igure ": !!! Topology

Bse /igure " to o*tain the I in$ormation nee"e" $or this part o$ the stu"ent assessment

Step ": Con)igure 0"6


201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e , o$ "1


6/17


Task Speci)ication !oints

.on$i%ure S000

Set the "escription

Set the 8ayer I#4 a""ress e$er to 3i%ure 1at the top o$ art $or I a""ress in$ormation

Set encapsulation to !!!Set the clockin% rate to "(9555

Acti#ate the inter$ace

(2 points)

• .on$i%ure ./A authentication on

S000(1 point)

.reate a local "ata*ase entry $or ./Aauthentication

Bsername? 0(

asswor"? cisco(1 point)

Set a static "e$ault route out S000 (12 point)

Step (: Con)igure 0(6



.on$i%ure S000

Set the "escription

Set the 8ayer I#4 a""ress e$er to 3i%ure1 at the top o$ art $or I a""ressin$ormation

Set the encapsulation to !!!


(2 point)

.on$i%ure ./A authentication on S000 (1 point)

.reate a local "ata*ase entry $or ./Aauthentication

Bsername? 0"

asswor"? cisco(1 point)

.on$i%ure S001

Set the "escription

Set the 8ayer I#4 a""ress e$er to 3i%ure1 at the top o$ art $or I a""ressin$ormation

Set the encapsulation to !!!

Set the clockin% rate to "(9555


(2 points)

Set a static "e$ault route out S001 (12 point)

Set a static route $or 1 8A' tra$$ic outS000

(1 point)

Step *: Con)igure 0*6

.on$i%uration tasks $or inclu"e the $ollowin%?

201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e . o$ "1


7/17



.on$i%ure S001

Set the "escription

Set the 8ayer I#4 a""ress e$er to 3i%ure 1 at the top o$art $or I a""ress in$ormation

Set the encapsulation to !!! Acti#ate the inter$ace

(2 points)

Step +: 3eri)y network connectiity6

eri$y connecti#ity usin% the ping comman"

/rom Comman$ To Expecte$ 0esults !oints

.-A pin% .-> in% shoul" *e success$ul (12 point)

.-. pin% 00 in% shoul" *e success$ul (12 point)

.-. pin% 2 S001 in% shoul" *e success$ul (12 point)

.-A pin% .-. in% shoul" not *e success$ul (12 point)

.-> pin% .-. in% shoul" not *e success$ul (12 point)

.-. pin% .-> in% shoul" not *e success$ul (12 point)

Note? It may *e necessary to "isa*le the . $irewall $or pin%s to *e success$ul

Instructor Sign7o)) !art *: 8888888888888888888888

!oints: 888888888 o) "1

!art +: Con)igure NAT

Total points: "+

Time: ", minutes

Step ": Con)igure 0(6


201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e 1 o$ "1


8/17



Assi%n a static 'A to map the insi"e local I a""ress$or .-> to a Insi"e lo*al a""ress Insi"e lo*al? (56".,6(556((.

(1 point)

=e$ine an access control list to permit the 1 8A' $or

"ynamic 'A Access 8ist? "

(1 point)

=e$ine the "ynamic 'A pool $or the 1 8A'

ool? 0"7;AN

Insi"e lo*al? (56".,6(556((1(1 point)

=e$ine the 'A $rom the insi"e source to the outsi"epool ;ake sure to allow multiple .s access to thissin%le Insi"e lo*al a""ress

Insi"e source? Access list "

:utsi"e pool? 0"7;AN(1 point)

=e$ine an access control list to permit the 2 8A' $or"ynamic 'A Access 8ist? (

(1 point)

=e$ine the "ynamic 'A pool $or the 2 8A'

ool? 0(7;AN

Insi"e lo*al? (56".,6(556((9(1 point)

=e$ine the 'A $rom the insi"e source to the outsi"epool ;ake sure to allow multiple .s access to thissin%le Insi"e lo*al a""ress

Insi"e source? Access list (

:utsi"e pool? 0(7;AN(1 point)

Assi%n the outsi"e 'A inter$ace (1 point)

Assi%n the insi"e 'A inter$ace $or the 1 8A' (1 point)

Assi%n the insi"e 'A inter$ace $or the 2 8A' (1 point)

Step (: 3eri)y network connectiity6



.-A pin% .-. in% shoul" *e success$ul (12 point)

.-. pin% Insi"e lo*al a""ress $or.-> (209165200226)

in% shoul" *e success$ul (12 point)


201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e 9 o$ "1


9/17


Step *: 3eri)y NAT Con)iguration on 0(6

nter the appropriate .8I comman" nee"e" to "isplay the $ollowin%?

Comman$ 'escription Stu$ent Input


10/17


Step *: Con)igure SN-! on 0"6

.on$i%uration tasks inclu"e the $ollowin%?


.reate a stan"ar" access list to permit the S';mana%ement station (.-A) to retrie#e S';in$ormation $rom 1 Access 8ist? SN-!7ACCESS

(1 points)

na*le S'; community access to the S';-A..SSaccess list

.ommunity? SA7;A#

Access le#el? 0ea$7only(1 points)

Set the S'; noti$ication host

/ost? "(6".96""6*

ersion? (c

.ommunity? SA7;A#

(1 points)

na*le all S'; traps (1 points)

Step +: Collect Net/low $ata on 0(6

.on$i%uration tasks inclu"e the $ollowin%?


.on$i%ure 'et3low "ata capture on *oth serialinter$aces .apture in%ress an" e%ress "ata packets

(1 points)

.on$i%ure 'et3low "ata e+port

=estination? !C7# I! a$$ress

B= ort? .(1 points)

.on$i%ure the 'et3low e+port #ersion ersion? (1 points)

.oman"o no a"miti"o

Step ,: 3eri)y monitoring con)igurations6




11/17


!art .: Con)igure /rame 0elay

NOTE: 'O NOT !0OCEE' ?IT@ T@E ASSESS-ENT NTI; BO0 INST0CTO0 @AS SI2NE' O// ONT@E !0E3IOS !A0TS6

Total points: "1

Time: (5 minutes

/igure (: /rame 0elay Topology

Bse /igure ( to o*tain the I in$ormation nee"e" $or this part o$ the stu"ent assessment

Step ": 0eloa$ routers an$ restore t%e #asicCon)ig to memory6

a rase the startup con$i%urations an" reloa" the "e#ices

* 3or each router, issue the copy )las%:#asicCon)ig running7con)ig comman" to reloa" the *asiccon$i%uration that you sa#e" at the en" o$ art 2

c Issue the no s%ut$own comman" $or the 00 inter$ace on 1 an"

Step (: Con)igure 0( as a /rame 0elay Switc%6

.opy an" paste the $ollowin% con$i%uration lines into 2 his will con$i%ure 2 as a 3rame elay switch an"allow you to complete art 6

Step *: Con)igure 0"6

.on$i%ure 3rame elay on S000 on 1 .on$i%uration tasks $or 1 inclu"e the $ollowin%?

201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e "" o$ "1


12/17



.on$i%ure S000

Set the "escription

Set the 8ayer I#4 a""ress e$er to 3i%ure 2at the top o$ art 6 $or I a""ress in$ormation

Set encapsulation to )rame7relaySet the clockin% rate to 12000

(2 points)

=isa*le In#erse A on S000 (12 point)

;ap the I local a""ress to the =8.I e$er to 3i%ure 2 $or =8.I in$ormation (1 point)

;ap the remote I a""ress to the =8.I Allow $or multicast or *roa"cast tra$$ic

e$er to 3i%ure 2 $or I a""ress an" =8.Iin$ormation

(1 point)

.han%e the 8;I type to the A'SI stan"ar" (1 point)

Acti#ate the inter$ace (12 point)

.reate a "e$ault route to the I a""ress onthe other si"e o$ the 3rame elay link e$er to 3i%ure 2 $or the I a""ress

(12 point)

Step +: Con)igure 0*6

.on$i%ure 3rame elay on a su*inter$ace o$ S001 on .on$i%uration tasks $or inclu"e the $ollowin%?


.on$i%ure S001

.on$i%ure 3rame elay ncapsulation Setencapsulation to )rame7relay (use the I3stan"ar")


(1 point)

.reate a point-to-point su*inter$ace onS001

Su*inter$ace D? *("

Set the "escription(1 point)

Set the 8ayer I#4 a""ress on thesu*inter$ace

e$er to 3i%ure 2 at the top o$ art 6 $or Ia""ress in$ormation

(1 point)

=isa*le In#erse A on the su*inter$ace (12 point)

;ap the su*inter$ace to the =8.I e$er to 3i%ure 2 $or =8.I in$ormation (1 point)

.reate a "e$ault route to the I a""ress onthe other si"e o$ the 3rame elay link e$er to 3i%ure 2 $or I a""ress

(12 point)

Step ,: 3eri)y network connectiity6


201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e "( o$ "1


13/17



.-A pin% =e$ault %ateway in% shoul" *e success$ul (12 point)

.-. pin% =e$ault %ateway in% shoul" *e success$ul (12 point)

.-A pin% 1722712 in% shoul" *e success$ul (12 point)

.-. pin% 1722711 in% shoul" *e success$ul (12 point)



Step .: 3eri)y /rame 0elay con)iguration6




14/17


/igure *: 20E 3!N Topology

Bse /igure * to o*tain the I in$ormation nee"e" $or this part o$ the stu"ent assessment

Step ": 0eloa$ routers an$ restore t%e #asicCon)ig to memory6

a rase the startup con$i%urations an" reloa" the "e#ices

* 3or each router, issue the copy )las%:#asicCon)ig running7con)ig comman" to reloa" the *asiccon$i%uration that you sa#e" at the en" o$ art 2

c Issue the no s%ut$own comman" $or the 00 inter$ace on 1 an"

Step (: Con)igure Serial Inter)aces6

a .on$i%uration tasks $or 1 inclu"e the $ollowin%?


.on$i%ure S000

Set the "escription

Set the 8ayer I#4 a""ress e$er to 3i%ure at the top o$ art 7 $or Ia""ress in$ormation

Set the encapsulation to @';C6



(1 point)

* .on$i%uration tasks $or 2 inclu"e the $ollowin%?

201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e "+ o$ "1


15/17



.on$i%ure S000

Set the "escription


Set the encapsulation to @';C6 Acti#ate the inter$ace

(1 point)

.on$i%ure S001

Set the "escription





(1 point)

c .on$i%uration tasks $or inclu"e the $ollowin%?


.on$i%ure S001

Set the "escription




(1 point)

Step *: Con)igure t%e 20E 3!N tunnel an$ EI20! on 0"6



.reate a tunnel inter$ace

Inter$ace? tunnel 5

Set the "escription

Set the 8ayer I#4 a""ress e$er to 3i%ure at the top o$ art 7 $or I a""ress in$ormation

(2 points)

Bse S000 as the tunnel source (12 point)

Set the tunnel "estination with the Ia""ress o$ the S001 inter$ace e$er to 3i%ure $or I a""ress in$ormation

(12 point)

.reate a "e$ault route out S000 (12 point)

.on$i%ure I on 1 Autonomous System (AS) num*er? " (12 point)

A"#ertise the 8A' an" unnel su*nets inI Set the 8A' inter$ace to passi#e e$er to the ' topolo%y

(12 point)

201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e ", o$ "1


16/17


Step +: Con)igure t%e 20E 3!N tunnel an$ EI20! on 0*6

.on$i%uration tasks $or inclu"e the $ollowin%?


.reate a tunnel inter$ace

Inter$ace? tunnel 5

Set the "escription

Set the 8ayer I#4 a""ress Bse the Ia""ress in$ormation liste" in 3i%ure at the topo$ art 7

(2 points)

Bse S001 as the tunnel source (12 point)

Set the tunnel "estination with the Ia""ress o$ the 1 S000 inter$ace

e$er to 3i%ure at the top o$ art 7 $or Ia""ress in$ormation

(12 point)

.reate a "e$ault route out S001 (12 point)

.on$i%ure I on Autonomous System (AS) num*er? " (12 point)

A"#ertise the 8A' an" unnel su*nets inI Set the 8A' inter$ace to passi#e e$er to the ' topolo%y

(12 point)

Step ,: 3eri)y network connectiity6

eri$y connecti#ity usin% the $ollowin% comman"s


.-A pin% =e$ault %ateway in% shoul" *e success$ul (12 point)

.-. pin% =e$ault %ateway in% shoul" *e success$ul (12 point)


1 traceroute 1722721 2 shoul" show up in the traceroute (12 point)

1 traceroute 1722712 2 shoul" *e a*sent $rom traceroute (12 point)


Step .: 3eri)y 20E 3!N con)iguration6




17/17


!art 9: Cleanup

NOTE: 'O NOT !0OCEE' ?IT@ C;EAN! NTI; BO0 INST0CTO0 @AS 20A'E' BO0 SI;;SEDA- AN' @AS IN/O0-E' BO T@AT BO -AB #E2IN C;EAN!6

>e$ore turnin% o$$ power to the routers?

• emo#e the 'A; con$i%uration $iles (i$ sa#e") $rom all "e#ices

• emo#e the #asicCon)ig $ile $rom $lash usin% the $elete )las%:#asicCon)ig comman"

=isconnect an" neatly put away all ca*les that were use" in the 3inal

0outer Inter)ace Summary Table

0outer Inter)ace Summary

0outer -o$el Et%ernet Inter)ace " Et%ernet Inter)ace ( Serial Inter)ace " Serial Inter)ace (

100 3ast thernet 00(300)

3ast thernet 01(301)

Serial 000 (S000) Serial 001 (S001)

1900 i%a*it thernet 00(00)

i%a*it thernet 01(01)








2900 i%a*it thernet 00(00)

i%a*it thernet 01(01)


Note? o $in" out how the router is con$i%ure", look at the inter$aces to i"enti$y the type o$ router an" how manyinter$aces the router has here is no way to e$$ecti#ely list all the com*inations o$ con$i%urations $or each router

class his ta*le inclu"es i"enti$iers $or the possi*le com*inations o$ thernet an" Serial inter$aces in the "e#icehe ta*le "oes not inclu"e any other type o$ inter$ace, e#en thou%h a speci$ic router may contain one Ane+ample o$ this mi%ht *e an IS=' >I inter$ace he strin% in parenthesis is the le%al a**re#iation that can *euse" in .isco I:S comman"s to represent the inter$ace

201 .isco an"or its a$$iliates All ri%hts reser#e" his "ocument is .isco u*lic a%e "1 o$ "1

Documents

Práctica 5 NAT