Title | ENSA (Version 7.00) Final PT Skills Assessment Exam (PTSA) Answers |
---|---|
Author | Amuel Wilson |
Course | Cisco Certified Network Associate |
Institution | Algonquin College |
Pages | 21 |
File Size | 471 KB |
File Type | |
Total Downloads | 63 |
Total Views | 146 |
ENSA (Version 7.00) Final PT Skills Assessment Exam (PTSA) Answers...
ENSA Final PT Skills Assessment (PTSA) Af ewt hi ngst okeepi nmi ndwhi l ec ompl et i ngt hi sact i v i t y : 1. Donotus et hebr ows erBackbut t onorc l os eorr el oadanyexam wi ndowsdur i ngt heexam. 2. Donotc l os ePack etTr acerwheny ouar edone.I twi l l cl os eaut omat i cal l y . 3. Cl i c kt heSubmi tAs s ess mentbut t oni nt hebr ows erwi ndowt os ubmi ty ourwor k . Topology
Addressing Table Device Name
G0/0/0
IP Address
Default Gateway
G0/ 0/ 0
198. 51. 100. 1/ 30
N/ A
G0/ 0/ 1
192. 168. 1. 1/ 24
N/ A
G0/ 0/ 2
64. 100. 1. 1/ 29
N/ A
G0/ 0/ 0
198. 51. 100. 2/ 30
N/ A
G0/ 0/ 1
172. 16. 2. 1/ 24
N/ A
R2
G0/ 0/ 2
209. 165. 202. 129/ 27
N/ A
S1
VLAN1
64. 100. 1. 2/ 29
64. 100. 1. 1
S2
VLAN1
192. 168. 1. 2/ 24
192. 168. 1. 1
S3
VLAN1
209. 165. 202. 130/ 27
209. 165. 202. 129
S4
VLAN1
172. 16. 2. 2/ 24
172. 16. 2. 1
DNS/ WebSer v er
NI C
209. 165. 202. 131/ 27
209. 165. 202. 129
R1
Device Name
G0/0/0
IP Address
Default Gateway
PCA
NI C
64. 100. 1. 5/ 29
64. 100. 1. 1
PCB
NI C
192. 168. 1. 5/ 24
192. 168. 1. 1
PCC
NI C
172. 16. 2. 5/ 24
172. 16. 2. 1
Scenario I nt hi sPac ketTr ac erSki l l sAs s ess ment ,y ouwi l lc onfi gur et hedevi cesi nasmal lnet wor k .Youwi l lc ompl et eal l t as ks i nPTPhy s i c al Mode.Youwi l lnothav eac c es st ot hel ogi calt opol ogy . Youwi l lpl acedev i c esi npr operl ocat i onsandpowert hem on.Youwi l lconfi gur er out er s ,s wi t c hes ,andPCst o s uppor tI Pv4c onnec t i v i t yf orhos t s .Ther out er sands wi t c hesmustbemanageds ecur el y .Youwi l l confi gur eSi ngl eAr eaOSPFv 2,NAT ,andac c es scont r oll i s t s .Fur t her ,y ouwi l lbac kupupy ourwor k i ngc onfi gur at i onst oaTFTPs er v er andupl oadawor ki ngc onfi gur at i ont oanot herdev i ce. Fur t her mor e ,di ffer entv er s i onsoft heI OSi magear eus edi ns wi t c hes .Youwi l lupdat eas wi t c ht ous et hel at es tI OS. Instructions Part 1: Place Devices in Proper Locations and Connect them with Proper Cables Step 1: Place devices in proper Locations inside the main wiring closet I nt hePhy s i c al Modepl ac enet wor kdev i c esi nt hef ol l owi ngl ocat i ons : Or gani z et her ackf oreas eofc onfi gur at i on.Pl ac eR1,R2,S1,S2,S3,andS4f r om t opdown,wi t hs ome s pac ebet weent hedev i c es . Dr agt wo4331r out er s ,R1andR2,f r om t hes hel ft ot her ack. Dr agf ourswi t c hes,S1,S2,S3,andS4,f r om t heshel ft ot her ac k . Mov ePCCt oTabl e1,ont hel ef t ,andpl acei ti nt hel ef t handar eaoft het abl et op Mov et heDNSs er v ert oT abl e1,ont hel ef t ,andpl acei ti nt her i ght handar eaoft het abl et op. Mov ePCAt oT abl e2,ont her i ght ,andpl acei ti nt hel ef t handar eaoft het abl et op. Mov ePCBt oTabl e2,ont her i ght ,andpl ac ei ti nt her i ght handar eaoft het abl et op. Step 2: Make sure all devices are powered on. Poweronal ldevi ces . Step 3: Connect devices according to the network topology.
Us et hel ogi calt opol ogydi agr am t oc onnec tt hedev i c est ot hecor r ectpor t swi t hcor r ec tcabl es.
Part 2: Configure Basic Devices Settings Al lc onfi gur at i onsar emadet hr oughadi r ec tc ons ol ec onnect i on. Step 1: Configure PCs with IPv4 addresses
Us et headdr es s i ngt abl et omanual l yconfi gur et hePCswi t hf ul l I Paddr es s i ng.
PC-A
PC-B
PC-C
Step 2: Configure router R1 and R2 a.Confi gur eR1andR2wi t ht hef ol l owi ng: 1. 2. 3. 4.
Pr ev entt her out erf r om at t empt i ngt or es ol v ei nc or r ec t l yent er edcommandsasdomai nnames . Rout ername:R1 orR2. Enc r ypt edpr i vi l egedEXECs ec r etpass wor d:ciscoenpass. Cons ol eacces spas swor d:ciscoconpass.
5. Sett hemi ni mum pass wor dl engt ht o10 c har act er s . 6. Enc r yptt hec l eart extpas s wor ds. 7. Confi gur eanappr opr i at eMOTDBanner . Answer:
Router R1
Router R2
Router(config)#no ip domain lookup Router(config)#hostname R1 R1(config)#enable secret ciscoenpass
R1(config)#line console 0 R1(config-line)#password ciscoconpass R1(config-line)#login R1(config-line)#exit
R1(config)#security passwords min-length 10 R1(config)#service password-encryption R1(config)#banner motd #Unauthorized Acess is Prohibited# b.Confi gur et hei nt er f ac esofr out er sR1andR2asf ol l ows . 1. Confi gur ei nt er f ac eG0/ 0/ 0wi t hadesc r i pt i onandI Pv4addr es s i ng. 2. Confi gur ei nt er f ac eG0/ 0/ 1wi t hadesc r i pt i onandI Pv4addr es s i ng. 3. Confi gur ei nt er f ac eG0/ 0/ 2wi t hadesc r i pt i onandI Pv4addr es s i ng. 4. Al li nt er f acesshoul dber eadyt osendandr ec ei v et r affic . Answer:
Router R1
Router R2
R1(config)#interface GigabitEthernet0/0/0 R1(config-if)#description Connection to R2
R1(config-if)#ip address 198.51.100.1 255.255.255.252 R1(config-if)#no shutdown
R1(config-if)#interface GigabitEthernet0/0/1 R1(config-if)#description Connection to S2 R1(config-if)#ip address 192.168.1.1 255.255.255.0 R1(config-if)#no shutdown
R1(config-if)#interface GigabitEthernet0/0/2 R1(config-if)#description Connection to S1 R1(config-if)#ip address 64.100.1.1 255.255.255.248 R1(config-if)#no shutdown c .Confi gur eSSH. 1. Domai nname:ccna-lab.com. 2. Cr eat eanadmi ni s t r at i v eus eri nt hel ocaldat abase: Us er name:admin Secr etPass wor d:admin1pass 3. Setl ogi nonVTYl i nest ous et hel ocaldat abase 4. SetVTYl i nest oac ceptSSHc onnec t i onsonl y 5. Us eanRSAcr ypt ok eywi t ha1024 bi t smodul us . 6. Enabl eSSHusi ngversion 2. Answer:
Router R1
Router R2
R1(config)#ip domain name ccna-lab.com R1(config)#username admin secret admin1pass
R1(config)#line vty 0 15 R1(config-line)#login local
R1(config-line)#transport input ssh R1(config-line)#exit
R1(config)#crypto key generate rsa 1024
R1(config)#ip ssh version 2 Step 3: Configure switches S1, S2, S3, and S4 a.Confi gur et hehost nameaccor di ngt ot heAddr ess i ngTabl e. b.Confi gur eManagementI nt er f ac e( SVI )f orVLAN1:Sett heI Pv 4addr essandac t i v at et hei nt er f ac e. c .Confi gur edef aul tgat eway . Answer:
S1
S2
S3
S4
Switch(config)#hostname S1 S1(config)#interface Vlan1 S1(config-if)#ip address 64.100.1.2 255.255.255.248 S1(config-if)#no shutdown
S1(config-if)#ip default-gateway 64.100.1.1 Part 3: Configure Single Area OSPFv2 Step 1: Configure single-area OSPF routing a.Confi gur et heOSPFr out i ngpr oc es s:Usepr oces si d1. b.Manual l yconfi gur et her out eri d:Use0.0.0.1 f orR1 and0.0.0.2 f orR2 c .Confi gur enet wor ks t at ement sf ort heappr opr i at enet wor ksonR1 andR2. Note: Fort hepur posesoft hi sas ses s ment ,ent ery ournet wor ks t at ement si nt hef ol l owi ngor der : OnR1: t heG0/ 0/ 2net wor k t heG0/ 0/ 0net wor k
OnR2: t heG0/ 0/ 2net wor k t heG0/ 0/ 0net wor k Answer:
Router R1
Router R2
R1(config)#router ospf 1 R1(config-router)#router-id 0.0.0.1 R1(config-router)#network 64.100.1.0 0.0.0.7 area 0 R1(config-router)#network 198.51.100.0 0.0.0.3 area 0 Step 2: Adjust OSPF operation a.Confi gur et heappr opr i at ei nt er f acest onotf or war dOSPFupdat eswher et heyar enotr equi r ed. b.Confi gur et her ef er enc ebandwi dt h:Adj ustt her ef er encebandwi dt ht o1Gi gabi t . c .Confi gur et heOSPFnet wor kasapoi nt t opoi ntnet wor k . d.Confi gur et hehel l ot i mef or30s econds. Answer:
Router R1
Router R2
R1(config)# router ospf 1 R1(config-router)# passive-interface GigabitEthernet0/0/1 R1(config-router)# passive-interface GigabitEthernet0/0/2 R1(config-router)# auto-cost reference-bandwidth 1000 R1(config-router)# exit
R1(config)# interface GigabitEthernet0/0/0 R1(config-if)# ip ospf network point-to-point R1(config-if)# ip ospf hello-interval 30 Part 4: Configure Access Control and NAT Step 1: Verify connectivity
PCBc annotv i s i tt hewebs er ver . PCCc annotpi ngPCA. Step 2: Configure NAT a.Confi gur es t at i cNATonr out erR1 wi t hapubl i cI Paddr es s64. 100. 1. 7t oal l owPCBt oacc es st hewebs er v er . R1(config)# ip nat inside source static 192.168.1.5 64.100.1.7
R1(config)# interface GigabitEthernet0/0/0 R1(config-if)# ip nat outside
R1(config-if)# interface GigabitEthernet0/0/1 R1(config-if)# ip nat inside b.Confi gur ePATonr out erR2 t oenabl es omedev i c esont henet wor kat t ac hedt ot heG0/ 0/ 1i nt er f ac et oacces st he i nt er net 1. Cr eat eaNATpool namedI PNAT1wi t hI Paddr essr angeof209. 165. 202. 140t o209. 165. 202. 150wi t ht he s ubnetmas kof255. 255. 255. 224. 2. Cr eat eanumber edACL( ACL1)t oal l owdev i c eswi t hI Paddr es sr angeof172. 16. 2. 1t hr ough 172. 16. 2. 15t oac c esst hei nt er nett hr oughNAT. 3. Us ePATt oal l owt her angeoft hepubl i cI Paddr es sest obes har ed. R2(config)# ip nat pool IPNAT1 209.165.202.140 209.165.202.150 netmask 255.255.255.224 R2(config)# ip nat inside source list 1 pool IPNAT1 overload R2(config)# access-list 1 permit 172.16.2.0 0.0.0.15
R2(config)# interface GigabitEthernet0/0/1 R2(config-if)# ip nat inside Step 3: Configure access control on R1 a.Cr eat eas t andar dACLR1-VTY-LIMIT t oal l owonl yPCBac c esst ot heR1v t yl i nes . b.Appl yt heACL. R1(config)#ip access-list standard R1-VTY-LIMIT R1(config-std-nacl)#permit host 192.168.1.5 R1(config-std-nacl)# R1(config-std-nacl)#line vty 0 15
R1(config-line)#access-class R1-VTY-LIMIT in Step 4: Configure access control on S1 a.Cr eat eas t andar dACLS1-VTY-LIMIT t oal l owonl yPCBac c es st ot heS1v t yl i nes . b.Appl yt heACL. S1(config)#ip access-list standard S1-VTY-LIMIT S1(config-std-nacl)#permit host 192.168.1.5 S1(config-std-nacl)# S1(config-std-nacl)#line vty 0 15 S1(config-line)#access-class S1-VTY-LIMIT in Step 5: Configure access control on R2 a.Cr eat eas t andar dACLR2-VTY-LIMIT t oal l owonl yPCCacc es st ot heR2v t yl i nes . b.Cr eat eane xt endedACLR2-SECURITY t or es t r i ctac cessf r om t hei nt er net Al l owFTPconnect i onsf r om t hePCBpubl i cI Paddr es st ot heweb/ DNSs er ver Denyal lot herFTPconnect i onsf r om t hei nt er nett ot heR2LANs Denyal lSSHc onnec t i onsf r om t hei nt er net Al l owal l ot hert ypesofc onnec t i onsf r om t hei nt er net YourACLs houl dc ons i stoffour s t at ement st hatc or r es pondt ot hef ourr equi r ement sabov e. c .Appl yt heACLs R2(config)#ip access-list standard R2-VTY-LIMIT R2(config-std-nacl)#permit host 172.16.2.5 R2(config-std-nacl)# R2(config-std-nacl)#line vty 0 15 R2(config-line)#access-class R2-VTY-LIMIT in R2(config-line)#exit
R2(config)#ip access-list extended R2-SECURITY R2(config-ext-nacl)#permit tcp host 64.100.1.7 host 209.165.202.131 eq ftp R2(config-ext-nacl)#deny tcp any any eq ftp R2(config-ext-nacl)#deny tcp any any eq 22 R2(config-ext-nacl)#permit ip any any
R2(config-ext-nacl)#interface GigabitEthernet0/0/0 R2(config-if)#ip access-group R2-SECURITY in R2(config-if)#ip nat outside Step 6: Configure access control on S3 a.Cr eat eas t andar dACLS3-VTY-LIMIT t oal l owonl yPCCacc es st ot heS3v t yl i nes . b.Appl yt heACL S3(config)#ip access-list standard S3-VTY-LIMIT S3(config-std-nacl)#permit host 172.16.2.5 S3(config-std-nacl)# S3(config-std-nacl)#line vty 0 15 S3(config-line)#access-class S3-VTY-LIMIT in S3(config-line)#login Part 5: Perform Configuration Backup and IOS Update Step 1: Use TFTP server to backup device configurations a.Back upt her unni ngconfi gur at i onsofR1,S1,andS2t ot heTFTPs er v eronPCB. b.Namet heconfi gur at i onfi l esasR1-Run-Config,S1- Run-Config,andS2-Run-Config. Go to R1: R1>en R1#copy running-config tftp Address or name of remote host []? 192.168.1.5 Destination filename [R1-confg]? R1-Run-Config Go to S1: S1>en S1#copy running-config tftp Address or name of remote host []? 192.168.1.5 Destination filename [S1-confg]? S1-Run-Config Go to S2: S2>en S2#copy running-config tftp Address or name of remote host []? 192.168.1.5
Destination filename [S2-confg]? S2-Run-Config Writing running-config....!! [OK - 1122 bytes]
1122 bytes copied in 3.003 secs (373 bytes/sec) Step 2: Use TFTP server to update/upgrade IOS software a.Obt ai nanewerI OSi magef r om t heTFTPser vi ceont heweb/ DNSs er v er . b.Thenewerv er s i onoft hes wi t c hI OSi sc2960l anbas ek 9mz . 1502. SE4. bi n. c .Confi gur eS3t ous et hi snewerver s i onI OSaf t err el oadi ng . S3#copy tftp flash: Address or name of remote host []? 209.165.202.131 Source filename []? c2960-lanbasek9-mz.150-2.SE4.bin Destination filename [c2960-lanbasek9-mz.150-2.SE4.bin]? Accessing tftp://209.165.202.131/c2960-lanbasek9-mz.150-2.SE4.bin.... Loading c2960-lanbasek9-mz.150-2.SE4.bin from 209.165.202.131: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!! [OK - 4670455 bytes]
S3#configure terminal S3(config)#boot system flash:c2960-lanbasek9-mz.150-2.SE4.bin S3(config)#exit S3# %SYS-5-CONFIG_I: Configured from console by console S3#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] S3#reload Proceed with reload? [confirm] Answer script R1 enable configure terminal
no ip domain lookup hostname R1 enable secret ciscoenpass line console 0 password ciscoconpass login exit
security passwords min-length 10 service password-encryption banner motd #Unauthorized Acess is Prohibited#
interface GigabitEthernet0/0/0 description Connection to R2 ip address 198.51.100.1 255.255.255.252 no shutdown
interface GigabitEthernet0/0/1 description Connection to S2 ip address 192.168.1.1 255.255.255.0 no shutdown
interface GigabitEthernet0/0/2 description Connection to S1
ip address 64.100.1.1 255.255.255.248 no shutdown
ip domain name ccna-lab.com username admin secret admin1pass
line vty 0 15 login local transport input ssh exit
crypto key generate rsa 1024
ip ssh version 2
router ospf 1 router-id 0.0.0.1 network 64.100.1.0 0.0.0.7 area 0 network 198.51.100.0 0.0.0.3 area 0 exit
router ospf 1 passive-interface GigabitEthernet0/0/1
passive-interface GigabitEthernet0/0/2 auto-cost reference-bandwidth 1000 exit
interface GigabitEthernet0/0/0 ip ospf network point-to-point ip ospf hello-interval 30 exit
ip nat inside source static 192.168.1.5 64.100.1.7
interface GigabitEthernet0/0/0 ip nat outside interface GigabitEthernet0/0/1 ip nat inside
ip access-list standard R1-VTY-LIMIT permit host 192.168.1.5
line vty 0 15 access-class R1-VTY-LIMIT in exit R2 enable
configure terminal
no ip domain lookup hostname R2 enable secret ciscoenpass line console 0 password ciscoconpass login exit
security passwords min-length 10 service password-encryption banner motd #Unauthorized Acess is Prohibited#
interface GigabitEthernet0/0/0 description Connection to R1 ip address 198.51.100.2 255.255.255.252 no shutdown
interface GigabitEthernet0/0/1 description Connection to S4 ip address 172.16.2.1 255.255.255.0 no shutdown
interface GigabitEthernet0/0/2 description Connection to S3 ip address 209.165.202.129 255.255.255.224 no shutdown
ip domain name ccna-lab.com username admin secret admin1pass
line vty 0 15 login local transport input ssh exit
crypto key generate rsa 1024
ip ssh version 2
router ospf 1 router-id 0.0.0.2 network 209.165.202.128 0.0.0.31 area 0 network 198.51.100.0 0.0.0.3 area 0 exit
router ospf 1 passive-interface GigabitEthernet0/0/1 passive-interface GigabitEthernet0/0/2 auto-cost reference-bandwidth 1000 exit
interface GigabitEthernet0/0/0 ip ospf network point-to-point ip ospf hello-interval 30 exit
ip nat pool IPNAT1 209.165.202.140 209.165.202.150 netmask 255.255.255.224 ip nat inside source list 1 pool IPNAT1 overload access-list 1 permit 172.16.2.0 0.0.0.15
interface GigabitEthernet0/0/1 ip nat inside
ip access-list standard R2-VTY-LIMIT permit host 172.16.2.5
line vty 0 15 access-class R2-VTY-LIMIT in exit
ip access-list extended R2-SECURITY permit tcp host 64.100.1.7 host 209.165.202.131 eq ftp deny tcp any any eq ftp deny tcp any any eq 22 permit ip any any
interface GigabitEthernet0/0/0 ip access-group R2-SECURITY in ip nat outside exit S1 enable configure ter configure terminal
hostname S1 interface Vlan1 ip address 64.100.1.2 255.255.255.248 no shutdown
ip default-gateway 64.100.1.1
ip access-list standard S1-VTY-LIMIT
permit host 192.168.1.5
line vty 0 15 access-class S1-VTY-LIMIT in exit S2 enable configure terminal
hostname S2 interface Vlan1 ip address 192.168.1.2 255.255.255.0 no shutdown
ip default-gateway 192.168.1.1 S3 enable config ter
hostname S3 interface Vlan1 ip address 209.165.202.130 255.255.255.224 no shutdown
ip default-gateway 209.165.202.129
ip access-list standard S3-VTY-LIMIT permit host 172.16.2.5
line vty 0 15 access-class S3-VTY-LIMIT in S4 enable config ter hostname S4 interface Vlan1 ip address 172.16.2.2 255.255.255.0 no shutdown
ip default-gateway 172.16.2.1...