CCNAv7 ITN SA

Topology

Assessment Objectives

  1. Develop an IP Addressing Scheme (20 points, 25 minutes)
  2. Initialize and Reload Devices (10 points, 20 minutes)
  3. Configure Device IP address and Security Settings (45 points, 35 minutes)
  4. Test and Verify IPv4 and IPv6 End-to-End Connectivity (15 points, 20 minutes)
  5. Use the IOS CLI to Gather Device Information (10 points, 10 minutes)

Scenario

In this Skills Assessment (SA) you will configure the devices in a small network. You must configure a router, switch and PCs to support both IPv4 and IPv6 connectivity. You will configure security, including SSH, on the router. In addition, you will test and document the network using common CLI commands.

Note: The router and the switch have a startup-configuration saved with commands as following:

  • Router> enable
  • Router# configure terminal
  • Router(config)# hostname Rtr
  • Rtr(config)# interface lo1
  • Rtr(config-if)# ip address 10.10.10.10 255.255.255.255
  • Rtr(config-if)# no shutdown
  • Rtr(config-if)# end
  • Rtr# copy running-config startup-config
  • Switch
  • Switch> enable
  • Switch# configure terminal
  • Switch(config)# hostname Sws
  • Sws(config)# vlan 99
  • Sws(config)# end
  • Sws(config)# copy running-config startup-config

Required Resources

  • 1 Router (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
  • 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
  • 2 PCs (Windows with a terminal emulation program, such as Tera Term)
  • Console cables to configure the Cisco IOS devices via the console ports
  • Ethernet cables as shown in the topology

Instructions

Part 1: Develop an IP Addressing Scheme

Total points: 20 – Time: 25 minutes

a. Your instructor will assign one of the IPv4 networks from the table below. You will subnet it to provide IP addresses to two subnets that will support the required number of hosts. No subnet calculators may be used. All work must be shown using the IP Addressing worksheet below.

Network Number of Hosts in Subnet A Number of Hosts in Subnet B
192.168.10.0/24 100 50
172.16.1.0/25 60 20
209.165.201.0/27 12 5

Subnetting:

  • Subnet A – 100 hosts
  • 2x – 2 ≥ 100; 27 – 2 ≥ 100; 32 – 7 = 25 then the new Prefix is /25 or 255.255.255.128
  • From /24 to /25 means one more bit, then 21 = 2 Subnet Address and the incremental number 128
  • 192.168.10.0/25 and 192.168.10.128/25. The first subnet is assigned to Subnet A
  • Host IP range for Subnet A: 192.168.10.1 to 192.168.10.126
  • Subnet B – 50 hosts
  • 2x – 2 ≥ 50; 26 – 2 ≥ 50; 32 – 6 = 26 then the new Prefix is /26 or 255.255.255.192
  • From /25 to /26 means one more bit, then 21 = 2 Subnet Address and the incremental number 64
  • 192.168.10.128/26 and 192.168.10.192/26. The first subnet is assigned to Subnet B
  • Host IP range for Subnet A: 192.168.10.129 to 192.168.10.190

IP Addressing Worksheet

Network Subnet A Subnet B
Number of bits in the subnet (hosts) 7 6
IP mask (binary)  11111111.11111111.11111111.10000000 11111111.11111111.11111111.11000000
New IP mask (decimal) 255.255.255.128 255.255.255.192
Maximum number of usable subnets (including the 0th subnet)  21 = 2  21 = 2
Number of usable hosts per subnet  27 – 2 = 126  26 – 2 = 62
IP Subnet  192.168.10.0/25  192.168.10.128/26
First IP Host address  192.168.10.1  192.168.10.129
Last IP Host address  192.168.10.126 192.168.10.190

b. Record your subnet assignment in the table below.

  • 1) Assign the first IPv4 address of each subnet to a router interface
    • subnet A is hosted on R1 G0/0/1
    • subnet B is hosted on R1 G0/0/0
  • 2) Assign the last IPv4 address of each subnet to the PC NIC
  • 3) Assign the second IPv4 address of subnet A to S1
  • 4) List the maximum number of useable hosts per subnet
Description Subnet A Subnet B
 First IP address  192.168.10.1  192.168.10.129
 Last IP address  192.168.10.62  192.168.10.190
 Maximum number of hosts  126  62

c. Record the IP address information for each device:

Device IP Address Subnet Mask Gateway
PC-A 192.168.10.62  255.255.255.128  192.168.10.1
R1-G0/0/0  192.168.10.129  255.255.255.192  NA
R1-G0/0/1  192.168.10.1  255.255.255.128  NA
S1  192.168.10.2  255.255.255.128  192.168.10.1
PC-B  192.168.10.190  255.255.255.192  192.168.10.129

d. Use the IPv6 address 2001:db8:acad::/48 and create two subnets for use in this network. Record the IPv6 addresses in the table.

Assigned to Interface IPv6 Subnet Address Prefix Length
 R1-G0/0/0  2001:db8:acad:b::  64
 R1-G0/0/1  2001:db8:acad:a::  64

e. Record the IPv6 address information for each device.

Note: Use FE80::1 as the link-local address om both router interfaces.

Device IPv6 Address Prefix Length Gateway
R1-G0/0/0  2001:db8:acad:b::1  64  NA
R1-G0/0/1  2001:db8:acad:a::1  64 NA
S1  2001:db8:acad:a::2  64

Part 2: Initialize and Reload Devices

Total points: 10 – Time: 20 minutes

  • Erase the startup configurations and VLANs from the router and switch and reload the devices.
  • After the switch is reloaded, change the SDM template to one that supports IPv6 as necessary, and reload the switch again.

Before proceeding, ask your instructor verify device initializations.

Task IOS Command
 Erase the startup-config file on the Router.  Rtr# erase startup-config
 Reload the Router  Rtr# reload
 Erase the startup-config file on the Switch.  Sws# erase startup-config
 Delete the vlan.dat file on the Switch  Sws# del vlan.dat
 Reload the Switch.  Sws# reload
 Verify the Switch SDM Template  Switch# show sdm prefer

Part 3: Configure Device IP Address and Security Settings

Total points: 45 – Time: 35 minutes

The 2960 switch has been replaced with the 3560 model due to compatibility issues.

Step 1-4: Configure R1, S1, host computers, Test and Verify End-to-End Connectivity

If you get this question: Would you like to enter the initial configuration dialog? [yes/no]? the answer is no

  • Sws>enable
  • Sws# show vlan brief
  • Notice if vlan 99 exists, if it does:
  • Delete vlan.dat
  • Sws# delete vlan.dat
  • Delete filename [vlan.dat]?
  • Delete flash:/vlan.dat? [confirm]
  • Sws# reload
  • . . . . . .
  • Sws>enable
  • Sws# show vlan brief
  • Delete startup-config
  • Sws> enable
  • Sws# erase startup-config
  • Sws# reload
  • . . . . . .
  • Check if IPv6 is supported
  • Switch> enable
  • Switch# show sdm prefer

  • In the Cisco Laboratorium at NG uses 3750 switches. These switches runs SDM templates Access, Default, Routing and VLAN.
  • SDM Default is a mix between L2 and L3 capabilities (routing and VLAN).
  • In this lab you change to the SDM dual IPv4 and IPv6 routing.
  • Switch# configure terminal
  • Switch(config)# sdm prefer dual-ipv4-and-ipv6 routing
  • Switch(config)# end
  • Switch# write memory
  • Switch# reload
  • System configuration has been modified. Save? [yes/no]:yes
  • . . . . . . 
  • Verify if IPv6 is supported now
  • Switch> enable
  • Switch# show sdm prefer

  • Continue with configurations
  • Switch# configure terminal
  • Switch(config)# no ip domain lookup
  • S1(config)# hostname S1
  • S1(config)# ip domain-name ccna-lab.com
  • S1(config)# enable secret ciscoenpass
  • S1(config)# line console 0
  • S1(config-line)# password ciscoconpass
  • S1(config-line)# login
  • S1(config-line)# exit
  • S1(config)# interface range Fa 0/1 - 4
  • S1(config-if-range)# shutdown
  • S1(config-if-range)# exit
  • S1(config)# interface range Fa 0/7 - 24
  • S1(config-if-range)# shutdown
  • S1(config-if-range)# exit
  • S1(config)# interface range G0/1 - 2
  • S1(config-if-range)# shutdown
  • S1(config-if-range)# exit
  • S1(config)# username admin secret admin1pass
  • S1(config)# line vty 0 15
  • S1(config-line)# login local
  • S1(config-line)# transport input ssh
  • S1(config-line)# exit
  • S1(config)# service password-encryption
  • S1(config)# crypto key generate rsa general-keys modulus 1024
  • S1(config)# interface vlan 1
  • S1(config-if)# description Connected to Subnet A
  • S1(config-if)# ip address 192.168.10.2 255.255.255.128
  • S1(config-if)# ipv6 address fe80::2 link-local
  • S1(config-if)# ipv6 address 2001:db8:acad:a::2/64
  • S1(config-if)# no shutdown
  • S1(config-if)# exit
  • S1(config)# ip default-gateway 192.168.10.1
  • S1(config)#
  • Rtr>enable
  • Rtr# erase startup-config
  • Rtr# reload
  • . . . . . . .
  • Router> enable
  • Router# show run
  • Do you see any loopback address?
  • Router# configure terminal
  • Router(config)# no ip domain lookup
  • Router(config)# hostname R1
  • R1(config)# ip domain-name ccna-lab.com
  • R1(config)# enable secret ciscoenpass
  • R1(config)# line console 0
  • R1(config-line)# password ciscoconpass
  • R1(config-line)# login
  • R1(config-line)# exit
  • R1(config)# security passwords min-length 10
  • R1(config)# username admin secret admin1pass
  • R1(config)# line vty 0 15
  • R1(config-line)# login local
  • R1(config-line)# transport input ssh
  • R1(config-line)# exit
  • R1(config)# service password-encryption
  • R1(config)# banner motd  "Unauthorized Access is Prohibited"
  • R1(config)# ipv6 unicast-routing
  • R1(config)# interface G0/0/0
  • R1(config-if)# description Connected to Subnet B
  • R1(config-if)# ip address 192.168.10.129 255.255.255.192
  • R1(config-if)# ipv6 address fe80::1 link-local
  • R1(config-if)# ipv6 address 2001:db8:acad:b::1/64
  • R1(config-if)# no shutdown
  • R1(config-if)# exit
  • R1(config)# interface G0/0/1
  • R1(config-if)# description Connected to Subnet A
  • R1(config-if)# ip address 192.168.10.1 255.255.255.128
  • R1(config-if)# ipv6 address fe80::1 link-local
  • R1(config-if)# ipv6 address 2001:db8:acad:a::1/64
  • R1(config-if)# no shutdown
  • R1(config-if)# exit
  • R1(config)# crypto key generate rsa general-keys modulus 1024
  • R1(config)# 
  • PC-A
  • IP Address: 192.168.10.126
  • Subnet Mask: 255.255.255.128
  • Default Gateway: 192.168.10.1
  • DNS server:
  • IPv6 Address: 2001:db8:acad:a::a / 64
  • IPv6 Gateway: fe80::1
  • PC-B
  • IP address: 192.168.10.126
  • Subnet Mask: 255.255.255.128
  • Default Gateway: 192.168.10.1
  • DNS server:
  • IPv6 Address: 2001:db8:acad:b::b / 64
  • IPv6 Gateway: fe80::1