exam, CCNA, Final, Module, Certification Exams
[ Pobierz całość w formacie PDF ]
CCNA Hands on finalTask breakdown and planningTask 1Cable the networkClear router configDo the bartmanTask 2Configure on all routers:Hostnameconfig: hostname [hostname]Disable DNS lookupconfig: no ip domain-lookupConfigure Exec mode passwordconfig: en secret ciscoMOTDconfig: banner motd # banner #Config a password for vtys/consoleconfig: line vty 0 4conflin: password ciscoConfigure synchronous loggingconfig: line con 0linecon: logging synchronousTask 3 Configure IP'sConfigure interfaces on routersVerify IP addressesConfigure PC IP'sTest with pingsTask 4 Configure serial stuphconfig: int serial whateverlincon: encap pppConfigure PPP w/ CHAP between r1 r2ppp authentication chapset CHAP password to ciscohostname = username for loginusername R3 password ciscoThe above is the username to compareto.Configure HDLC between r2 and 3config: interblahlincoln: encapsulation hdlcConfigure frame relay between r1, r3buttcon: encapsulation hdlclincoln: frame-relay interface-dlci #Task 5 Configure ripEnable RIP on all routers(Prevent RIP updates outside seriallinks)config:ip classless (Just in case)config:router ripripcon:network [network_address]ripcon:passive-interface [IF]config:ip classless (Just in case)Test with PingsVerify the routing tableshow ip routeTask 6 Configure security on R2Enable secure telnet with a DB on r2config: ip domain-name blah.comconfig: crypto key generate RSAconfig: username student secret ciscoconf tline vty 0 4no transport inputtransport input sshexitDisable unused services and interfaces r2conf tline aux 0no passwordloginexitno service tcp-small-serversno service udp-small-serversno ip bootp serverno http serverno service fingerno snmp-serverno cdp runno ip source-routevarious interfaces: SHUTDOWN//maybe try autosecure when all is done"Confirm that R2 is secured"Task 7 Configure ACLsAllow telnet to R1 and 3 from r2 onlyaccess-list 101 permit tcp [ip] [WC] eq telnetaccess-list 101 permit tcp [ip] [WC] eq telnetblock from internet to pc1: 80,23,21,20access-list 102 permit tcp eq 80 destination 10.0.0.10access-list 102 deny tcp any eq 80 destination 10.0.0.10access-list 102 deny tcp any eq 23 destination 10.0.0.10access-list 102 deny tcp any eq 21 destination 10.0.0.10access-list 102 deny tcp any eq 20 destination 10.0.0.10Block from 10.0.0.128/25 to pc1access-list 102 deny tcp 10.0.0.1 0.0.0.127 destination 10.0.0.10Verify that pc3 cannot ping pc1, but can ping 10.0.0.1Task 8Configure NAT to allow pc3 to ping pc1config: ip nat inside source static PC1 [GlobalIP]config:internal interfacelincoln: ip nat insidelincoln:exitconfig: interface [outside if]lincoln: ip nat outsideVerify that it worksTask 9copy down all router configsshow run | write terminalTask 10Clean up.
[ Pobierz całość w formacie PDF ]