Topology
Assessment Objectives
- Develop an IP Addressing Scheme (20 points, 25 minutes)
- Initialize and Reload Devices (10 points, 20 minutes)
- Configure Device IP address and Security Settings (45 points, 35 minutes)
- Test and Verify IPv4 and IPv6 End-to-End Connectivity (15 points, 20 minutes)
- Use the IOS CLI to Gather Device Information (10 points, 10 minutes)
Scenario
In this Skills Assessment (SA) you will configure the devices in a small network. You must configure a router, switch and PCs to support both IPv4 and IPv6 connectivity. You will configure security, including SSH, on the router. In addition, you will test and document the network using common CLI commands.
Note: The router and the switch have a startup-configuration saved with commands as following:
- Router> enable
- Router# configure terminal
- Router(config)# hostname Rtr
- Rtr(config)# interface lo1
- Rtr(config-if)# ip address 10.10.10.10 255.255.255.255
- Rtr(config-if)# no shutdown
- Rtr(config-if)# end
- Rtr# copy running-config startup-config
- Switch
- Switch> enable
- Switch# configure terminal
- Switch(config)# hostname Sws
- Sws(config)# vlan 99
- Sws(config)# end
- Sws(config)# copy running-config startup-config
Required Resources
- 1 Router (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
- 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
- 2 PCs (Windows with a terminal emulation program, such as Tera Term)
- Console cables to configure the Cisco IOS devices via the console ports
- Ethernet cables as shown in the topology
Instructions
Part 1: Develop an IP Addressing Scheme
Total points: 20 – Time: 25 minutes
a. Your instructor will assign one of the IPv4 networks from the table below. You will subnet it to provide IP addresses to two subnets that will support the required number of hosts. No subnet calculators may be used. All work must be shown using the IP Addressing worksheet below.
Network | Number of Hosts in Subnet A | Number of Hosts in Subnet B |
---|---|---|
192.168.10.0/24 | 100 | 50 |
172.16.1.0/25 | 60 | 20 |
209.165.201.0/27 | 12 | 5 |
Subnetting:
- Subnet A – 100 hosts
- 2x – 2 ≥ 100; 27 – 2 ≥ 100; 32 – 7 = 25 then the new Prefix is /25 or 255.255.255.128
- From /24 to /25 means one more bit, then 21 = 2 Subnet Address and the incremental number 128
- 192.168.10.0/25 and 192.168.10.128/25. The first subnet is assigned to Subnet A
- Host IP range for Subnet A: 192.168.10.1 to 192.168.10.126
- Subnet B – 50 hosts
- 2x – 2 ≥ 50; 26 – 2 ≥ 50; 32 – 6 = 26 then the new Prefix is /26 or 255.255.255.192
- From /25 to /26 means one more bit, then 21 = 2 Subnet Address and the incremental number 64
- 192.168.10.128/26 and 192.168.10.192/26. The first subnet is assigned to Subnet B
- Host IP range for Subnet A: 192.168.10.129 to 192.168.10.190
IP Addressing Worksheet
Network | Subnet A | Subnet B |
---|---|---|
Number of bits in the subnet (hosts) | 7 | 6 |
IP mask (binary) | 11111111.11111111.11111111.10000000 | 11111111.11111111.11111111.11000000 |
New IP mask (decimal) | 255.255.255.128 | 255.255.255.192 |
Maximum number of usable subnets (including the 0th subnet) | 21 = 2 | 21 = 2 |
Number of usable hosts per subnet | 27 – 2 = 126 | 26 – 2 = 62 |
IP Subnet | 192.168.10.0/25 | 192.168.10.128/26 |
First IP Host address | 192.168.10.1 | 192.168.10.129 |
Last IP Host address | 192.168.10.126 | 192.168.10.190 |
b. Record your subnet assignment in the table below.
- 1) Assign the first IPv4 address of each subnet to a router interface
- subnet A is hosted on R1 G0/0/1
- subnet B is hosted on R1 G0/0/0
- 2) Assign the last IPv4 address of each subnet to the PC NIC
- 3) Assign the second IPv4 address of subnet A to S1
- 4) List the maximum number of useable hosts per subnet
Description | Subnet A | Subnet B |
---|---|---|
First IP address | 192.168.10.1 | 192.168.10.129 |
Last IP address | 192.168.10.62 | 192.168.10.190 |
Maximum number of hosts | 126 | 62 |
c. Record the IP address information for each device:
Device | IP Address | Subnet Mask | Gateway |
---|---|---|---|
PC-A | 192.168.10.62 | 255.255.255.128 | 192.168.10.1 |
R1-G0/0/0 | 192.168.10.129 | 255.255.255.192 | NA |
R1-G0/0/1 | 192.168.10.1 | 255.255.255.128 | NA |
S1 | 192.168.10.2 | 255.255.255.128 | 192.168.10.1 |
PC-B | 192.168.10.190 | 255.255.255.192 | 192.168.10.129 |
d. Use the IPv6 address 2001:db8:acad::/48 and create two subnets for use in this network. Record the IPv6 addresses in the table.
Assigned to Interface | IPv6 Subnet Address | Prefix Length |
---|---|---|
R1-G0/0/0 | 2001:db8:acad:b:: | 64 |
R1-G0/0/1 | 2001:db8:acad:a:: | 64 |
e. Record the IPv6 address information for each device.
Note: Use FE80::1 as the link-local address om both router interfaces.
Device | IPv6 Address | Prefix Length | Gateway |
---|---|---|---|
R1-G0/0/0 | 2001:db8:acad:b::1 | 64 | NA |
R1-G0/0/1 | 2001:db8:acad:a::1 | 64 | NA |
S1 | 2001:db8:acad:a::2 | 64 |
Part 2: Initialize and Reload Devices
Total points: 10 – Time: 20 minutes
- Erase the startup configurations and VLANs from the router and switch and reload the devices.
- After the switch is reloaded, change the SDM template to one that supports IPv6 as necessary, and reload the switch again.
Before proceeding, ask your instructor verify device initializations.
Task | IOS Command |
---|---|
Erase the startup-config file on the Router. | Rtr# erase startup-config |
Reload the Router | Rtr# reload |
Erase the startup-config file on the Switch. | Sws# erase startup-config |
Delete the vlan.dat file on the Switch | Sws# del vlan.dat |
Reload the Switch. | Sws# reload |
Verify the Switch SDM Template | Switch# show sdm prefer |
Part 3: Configure Device IP Address and Security Settings
Total points: 45 – Time: 35 minutes
The 2960 switch has been replaced with the 3560 model due to compatibility issues.
Step 1-4: Configure R1, S1, host computers, Test and Verify End-to-End Connectivity
If you get this question: Would you like to enter the initial configuration dialog? [yes/no]? the answer is no
- Sws>enable
- Sws# show vlan brief
- Notice if vlan 99 exists, if it does:
- Delete vlan.dat
- Sws# delete vlan.dat
- Delete filename [vlan.dat]?
- Delete flash:/vlan.dat? [confirm]
- Sws# reload
- . . . . . .
- Sws>enable
- Sws# show vlan brief
- Delete startup-config
- Sws> enable
- Sws# erase startup-config
- Sws# reload
- . . . . . .
- Check if IPv6 is supported
- Switch> enable
- Switch# show sdm prefer
- In the Cisco Laboratorium at NG uses 3750 switches. These switches runs SDM templates Access, Default, Routing and VLAN.
- SDM Default is a mix between L2 and L3 capabilities (routing and VLAN).
- In this lab you change to the SDM dual IPv4 and IPv6 routing.
- Switch# configure terminal
- Switch(config)# sdm prefer dual-ipv4-and-ipv6 routing
- Switch(config)# end
- Switch# write memory
- Switch# reload
- System configuration has been modified. Save? [yes/no]:yes
- . . . . . .
- Verify if IPv6 is supported now
- Switch> enable
- Switch# show sdm prefer
- Continue with configurations
- Switch# configure terminal
- Switch(config)# no ip domain lookup
- S1(config)# hostname S1
- S1(config)# ip domain-name ccna-lab.com
- S1(config)# enable secret ciscoenpass
- S1(config)# line console 0
- S1(config-line)# password ciscoconpass
- S1(config-line)# login
- S1(config-line)# exit
- S1(config)# interface range Fa 0/1 - 4
- S1(config-if-range)# shutdown
- S1(config-if-range)# exit
- S1(config)# interface range Fa 0/7 - 24
- S1(config-if-range)# shutdown
- S1(config-if-range)# exit
- S1(config)# interface range G0/1 - 2
- S1(config-if-range)# shutdown
- S1(config-if-range)# exit
- S1(config)# username admin secret admin1pass
- S1(config)# line vty 0 15
- S1(config-line)# login local
- S1(config-line)# transport input ssh
- S1(config-line)# exit
- S1(config)# service password-encryption
- S1(config)# crypto key generate rsa general-keys modulus 1024
- S1(config)# interface vlan 1
- S1(config-if)# description Connected to Subnet A
- S1(config-if)# ip address 192.168.10.2 255.255.255.128
- S1(config-if)# ipv6 address fe80::2 link-local
- S1(config-if)# ipv6 address 2001:db8:acad:a::2/64
- S1(config-if)# no shutdown
- S1(config-if)# exit
- S1(config)# ip default-gateway 192.168.10.1
- S1(config)#
- Rtr>enable
- Rtr# erase startup-config
- Rtr# reload
- . . . . . . .
- Router> enable
- Router# show run
- Do you see any loopback address?
- Router# configure terminal
- Router(config)# no ip domain lookup
- Router(config)# hostname R1
- R1(config)# ip domain-name ccna-lab.com
- R1(config)# enable secret ciscoenpass
- R1(config)# line console 0
- R1(config-line)# password ciscoconpass
- R1(config-line)# login
- R1(config-line)# exit
- R1(config)# security passwords min-length 10
- R1(config)# username admin secret admin1pass
- R1(config)# line vty 0 15
- R1(config-line)# login local
- R1(config-line)# transport input ssh
- R1(config-line)# exit
- R1(config)# service password-encryption
- R1(config)# banner motd "Unauthorized Access is Prohibited"
- R1(config)# ipv6 unicast-routing
- R1(config)# interface G0/0/0
- R1(config-if)# description Connected to Subnet B
- R1(config-if)# ip address 192.168.10.129 255.255.255.192
- R1(config-if)# ipv6 address fe80::1 link-local
- R1(config-if)# ipv6 address 2001:db8:acad:b::1/64
- R1(config-if)# no shutdown
- R1(config-if)# exit
- R1(config)# interface G0/0/1
- R1(config-if)# description Connected to Subnet A
- R1(config-if)# ip address 192.168.10.1 255.255.255.128
- R1(config-if)# ipv6 address fe80::1 link-local
- R1(config-if)# ipv6 address 2001:db8:acad:a::1/64
- R1(config-if)# no shutdown
- R1(config-if)# exit
- R1(config)# crypto key generate rsa general-keys modulus 1024
- R1(config)#
- PC-A
- IP Address: 192.168.10.126
- Subnet Mask: 255.255.255.128
- Default Gateway: 192.168.10.1
- DNS server:
- IPv6 Address: 2001:db8:acad:a::a / 64
- IPv6 Gateway: fe80::1
- PC-B
- IP address: 192.168.10.126
- Subnet Mask: 255.255.255.128
- Default Gateway: 192.168.10.1
- DNS server:
- IPv6 Address: 2001:db8:acad:b::b / 64
- IPv6 Gateway: fe80::1