Wednesday, April 13, 2016

CCNAv2 Completed Packet Tracer 9.3.3.3 (CUSTOM)

Greetings, and welcome to Seeseenayy.
Packet Tracer Details: This is a CUSTOM packet tracer that asks us to configure the entire network with IP addresses and some basic configurations, as well as full functionality between devices with OSPF configuration, and then a range of ACLs to permit and deny statements. These are all simple ACLs.

I recommend that if you do not understand ACLs, use the previous PTs on Simple ACLs. 

Download(s)


Alternatively, you may use the commands from the tutorial. 

Tutorial / Walk-through

Quick notice. I interpreted the questions from the PDF weirdly, so I'm not confident this configuration will work, but I believe it will. Caveat endor! 

For once, I urge you don't listen to my tutorial unless you absolutely have to. Even I'm not sure (100%) on this one.

Configure R1 with the following basic settings:
Router>en
Router#conf t
Router(config)#hostname R1
R1(config)#banner motd "R1 - Authorized Access Only!"
R1(config)#int g0/1
R1(config-if)#ip add 172.168.217.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int loopback 1
R1(config-if)#ip add 192.168.20.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#ex
R1(config)#int S0/0/0
R1(config-if)#ip add 10.10.20.1 255.255.255.252
R1(config-if)#no sh

Configure ISP with the following basic settings:
Router>en
Router#conf t
Router(config)#hostname ISP
ISP(config)#banner motd "RT ISP - Authorized Access Only!"
ISP(config)#int s0/0/0
ISP(config-if)#ip add 10.10.20.2 255.255.255.252
ISP(config-if)#no sh
ISP(config-if)#ex
ISP(config)#int s0/0/1
ISP(config-if)#ip add 10.10.10.1 255.255.255.252
ISP(config-if)#no sh
ISP(config-if)#ex
ISP(config-if)#int loopback 1
ISP(config-if)#ip add 209.165.200.225 255.255.255.224
ISP(config-if)#ex

Configure R2 (Named 'R3' in the PDF) with the following basic settings:
Router>en
Router#conf t
Router(config)#hostname R2
R2(config)#banner motd "Authorized Access Only - R2"
R2(config)#int g0/1
R2(config-if)#ip add 172.168.37.1 255.255.255.0
R2(config-if)#no sh
R2(config)#int loopback 1
R2(config-if)#ip add 192.168.40.1 255.255.255.0
R2(config-if)#no sh
R2(config-if)#
R2(config-if)#int s0/0/1
R2(config-if)#ip add 10.10.10.2 255.255.255.252
R2(config-if)#no sh

Then we must configure our switches with configurations.
Configure S1 with the following basic settings:
Switch>en
Switch#conf t
Switch(config)#hostname S1
S1(config)#banner motd "S1 - Authorized Access Only!"
S1(config)#int vlan 1
S1(config-if)#ip add 172.168.217.11 255.255.255.0
S1(config-if)#ip default-gateway 172.168.217.1
S1(config)#int vlan 1
S1(config-if)#no sh
S1(config-if)#ex
S1(config)#

Then configure your IP addresses for PC-A and PC-C.
PC-A IP: 172.168.217.100
PC-A SM: 255.255.255.0
PC-A DG: 172.168.217.1

PC-C IP: 172.168.217.100
PC-C SM: 255.255.255.0
PC-C DG: 172.168.37.10

We then need to configure OSPF routing for all devices.
Lets start with our first Router: R1. Enter as follows for OSPF:
R1>en
R1#conf t
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.10.20.0 0.0.0.3 area 0
R1(config-router)#network 192.168.20.0 0.0.0.255 area 0
R1(config-router)#network 172.168.217.0 0.0.0.255 area 0
R1(config-router)#passive-interface G0/1
R1(config-router)#ex

Then, onto our second router, which is ISP. Configure as follows:
ISP>en
ISP#conf t
ISP(config)#router ospf 1
ISP(config-router)#router-id 2.2.2.2
ISP(config-router)#network 10.10.20.0 0.0.0.3 area 0
ISP(config-router)#network 10.10.10.0 0.0.0.3 area 0
ISP(config-router)#ex

The same type of configuring for R3. As follows:
R2>en
R2#conf t
R2(config)#router ospf 1
R2(config-router)#router-id 3.3.3.3
R2(config-router)#network 10.10.10.0 0.0.0.3 area 0
R2(config-router)#
R2(config-router)#network 172.168.37.0 0.0.0.255 area 0
R2(config-router)#passive-interface g0/1
R2(config-router)#ex

If you followed all steps above, attempt to ping PC-B from PC-A.
Your initial ping should succeed (25% or 0% Loss).
Packet Tracer PC Command Line 1.0
PC>ping 172.168.37.100

Pinging 172.168.37.100 with 32 bytes of data:
Request timed out.
Reply from 172.168.37.100: bytes=32 time=14ms TTL=125
Reply from 172.168.37.100: bytes=32 time=3ms TTL=125
Reply from 172.168.37.100: bytes=32 time=2ms TTL=125

Ping statistics for 172.168.37.100:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 14ms, Average = 6ms

The next task is to configure 'basic' settings, which for routers, is as follows:
a. Disable DNS Lookup
b. Configure device names as shown in the topology.
c. Create loopback interfaces on each router as shown in the addressing table.
d. Configure interface IP addresses as shown on the topology.
e. Configure a priveledged exec mode password of 'class'.
f. Assign a clock-rate of 128,000 to the DCE serial interfaces.
g. Assign 'cisco' as the console passworod.
h. Assign 'cisco' as the vty password and enable Telnet access.

Now, we need to go back and apply other Basic configurations.
Go back to R1, we must apply many the steps above to this Router:
R1>en
R1#conf t
R1(config)#enable secret class
R1(config)#int s0/0/0
R1(config-if)#clock rate 128000
R1(config-if)#ex
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#exit
R1(config)#line vty 0 15
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#no ip domain-lookup
R1(config)#exit

The same configuration for ISP RT...
ISP>en
ISP#conf t
ISP(config)#enable secret class
ISP(config)#int s0/0/1
ISP(config-if)#clock rate 128000
ISP(config-if)#exit
ISP(config)#line console 0
ISP(config-line)#password cisco
ISP(config-line)#exit
ISP(config)#line vty 0 15
ISP(config-line)#password cisco
ISP(config-line)#login
ISP(config-line)#exit
ISP(config)#no ip domain-lookup
ISP(config)#service password-encryption

R2's configuration is related, though we don't have a DCE serial connection so I skipped it.
R2>en
R2#conf t
R2(config)#enable secret class
R2(config)#int s0/0/1
R2(config-if)#ex
R2(config)#line console 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#line vty 0 15
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#no ip domain-lookup
R2(config)#service password-encryption
R2(config)#exit

Then, we need to configure the switch with basic settings.
S1>en
S1#conf t
S1(config)#enable secret class
S1(config)#no ip domain-lookup
S1(config)#ip default-gateway 172.168.217.1
S1(config)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#exit
S1(config)#service password-encryption

Since we didn't touch S3 at all yet, we need to configure it as we did S1, but go further.
Switch>en
Switch#conf t
Switch(config)#no ip domain-lookup
Switch(config)#hostname S3
S3(config)#banner motd "S3 - Authorized Access Only!"
S3(config)#enable secret class
S3(config)#ip default-gateway 172.168.37.1
S3(config)#line vty 0 15
S3(config-line)#password cisco
S3(config-line)#login
S3(config-line)#exit
S3(config)#line console 0
S3(config-line)#password cisco
S3(config-line)#login
S3(config-line)#exit
S3(config)#service password-encryption

At this point, we should have configured Routers with OSPF and standard settings.
We should also have both switches configured with basic settings and a VLAN-ID (int).

The Packet Tracer wants you to verify the following. Were your pings successful of the following:
Successful? From PC-A, Ping PC-C: My test works, yours should work too.
Successful? From PC-A, Ping R3's Loopback: My test works, yours should work too.
Successful? From R1, Ping PC-C: My test works, yours should work too.
Successful? From R1, Ping R3's Loopback: My test works, yours should work too.
Successful? From PC-C, Ping PC-A: My test works, yours should work too.
Successful? From PC-C, Ping R1's Loopback: My test works, yours should work too.
Successful? From R3, Ping PC-A: My test works, yours should work too.
Successful? From R3, Ping R1's Loopback: My test works, yours should work too.

Please verify you may ping each item. If ANY ping is to fail, your network configuration is incorrect.
Note, I had to correct some issues on my end, and i edited the output manually above, so if you're experiencing errors with Loopback pings...
Disable "lo0" and put that IP from "lo0" to "int loopback 1".

Now, the hardest part of this packet tracer, we must configure the ACLs.
The Access List we need to make allows only three connections from three IP types.
All other addresses not listed on the PDF should be denied (The #deny command).
We block anything else. The ID of the ACL has to be numeric,  but it is your choice.

Apply your ACL to R2, which is called 'R3' in your PDF.
R2(config)#ip access-list standard 1
R2(config-std-nacl)#permit 172.168.217.0 0.0.0.255
R2(config-std-nacl)#permit 192.168.20.0 0.0.0.255
R2(config-std-nacl)#permit 172.168.37.0 0.0.0.255
R2(config-std-nacl)#deny any
R2(config-std-nacl)#ex
R2(config)#int g0/1
R2(config-if)#ip access-group 1 in
R2(config-if)#ex

We want to make sure our ACLs work, so lets see if traffic from 172.168.217.0/24 can ping 172.168.37.0/24.

We are able to ping PC to PC, but R1 is unable to ping R2 now that we applied the ACL.
The IP from the 192.168.X.X network is unable to ping 172.168.37.100, PC-C, because of our inbound facing ACL.
The ACL has blocked connections-- the Router's address is a loopback not approved to the ACL.

We need to make our next ACL.
R1#en
R1#conf t
R1(config)#ip access-list standard BRANCH-OFFICE-POLICY
R1(config-std-nacl)#permit 192.168.40.0 0.0.0.255
R1(config-std-nacl)#permit 172.168.217.0 0.0.0.255
R1(config-std-nacl)#permit 172.168.37.100 255.255.255.0
R1(config-std-nacl)#deny any
R1(config-std-nacl)#ex
R1(config)#int g0/1
R1(config-if)#ip access-group BRANCH-OFFICE-POLICY in
R1(config-if)#ex

We then had to modify our existing ACL, as per step 4.
Instead of manually configuring that ACL, I re-created it. 
Though, since I was confused, I lost my steps and lost track of where I was, so I'll just link the configuration of what I have for each router.
I believe some are redundant, but others work.

R1's statements. 
interface GigabitEthernet0/1
ip address 172.168.217.1 255.255.255.0

ip access-group BRANCH-OFFICE-POLICY out

router ospf 1
router-id 1.1.1.1
log-adjacency-changes
passive-interface GigabitEthernet0/1
network 10.10.20.0 0.0.0.3 area 0
network 172.168.217.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0

default-information originate

ip access-list standard BRANCH-OFFICE-POLICY
permit 192.168.40.0 0.0.0.255
permit 172.168.217.0 0.0.0.255
permit 0.0.0.100 255.255.255.0

deny any

R3's (R2) statements.
interface GigabitEthernet0/1
ip address 172.168.37.1 255.255.255.0
ip access-group BRANCH-OFFICE-POLICY in
duplex auto
speed auto


router ospf 1
router-id 3.3.3.3
log-adjacency-changes
passive-interface GigabitEthernet0/1
network 10.10.10.0 0.0.0.3 area 0
network 172.168.37.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0

default-information originate

ip access-list standard BRANCH-OFFICE-POLICY
permit 209.165.200.224 0.0.0.31
permit 209.165.200.0 0.0.0.31
permit 192.168.10.0 0.0.0.255
permit 0.0.0.100 255.255.255.0
permit 172.168.37.0 0.0.0.255

deny any

Then, open the PDF. The matching questions should be verified within the router.
I'm not certain any of this works, I can't check yet, but when I can I will post it. Please configure those by yourself if you need help.
I'm fairly certain I did what was asked, but the questions were slightly confusing in wording.




No comments:

Post a Comment

Feel free to comment if you have a question, commendation, or concern. We love to hear your feedback!

Please do not share links to external websites if it not relevant to discussion. We reserve our right to remove any content we deem advertising.