- - - - - - Configure S1 with the following initial settings: Hostname Switch(config)#hostname S1 Banner that includes the word warning S1(config)#banner motd "warning" Console port login and password cisco S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login Encrypted enable password of class S1(config)#enable secret class Encrypt plain text passwords S1(config)#service password-encryption Management interface addressing S1(config)#int vlan1 S1(config-if)#ip address 10.10.10.2 255.255.255.0 S1(config-if)#no shutdown Configure SSH to secure remote access with the following settings: Domain name of cisco.com S1(config)#ip domain-name cisco.com RSA key-pair parameters to support SSH version 2 S1(config)#crypto key generate rsa Set SSH version 2 S1(config)#ip ssh version 2 User admin with secret password ccna S1(config)#username admin secret ccna VTY lines only accept SSH connections and use local login for authentication S1(config)#line vty 0 15 S1(config-line)#transport input ssh S1(config-line)#login local Configure the port security feature to restrict network access: Disable all unused ports. S1(config)#int range fa0/3-24 S1(config-if-range)#shutdown S1(config)#int range g0/0-1 S1(config-if-range)#shutdown Set the interface mode to access. S1(config-if-range)#switchport mode access Enable port security to allow only two hosts per port. S1(config)#int range fa0/1-2 S1(config-if-range)#switchport port-security S1(config-if-range)#switchport port-security maximum 2 Record the MAC address in the running configuration. S1(config-if-range)#switchport port-security mac-address sticky Ensure that port violations disable ports. S1(config-if-range)#switchport port-security violation shutdown Configure inter-VLAN routing on R1 based on the Addressing Table. R1(config)#int g0/0 R1(config-if)#no shutdown R1(config-if)#int g0/0.10 R1(config-subif)#int g0/0.99 R1(config-subif)#encapsulation dot1q 99 native R1(config-subif)#ip address 172.31.99.1 255.255.255.0 Configure trunking on S1. S1(config)#int g0/1 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 Configure four directly attached static route on HQ to each VLANs. HQ(config)#ip route 172.31.10.0 255.255.255.0 s0/0/0 Configure directly attached static routes on HQ to reach Outside Host. - Configure the primary path through the Serial 0/1/0 interface. - Configure the backup route through the Serial 0/1/1 interface with a 10 AD. HQ(config)#ip route 209.165.200.0 255.255.255.224 s0/1/0 HQ(config)#ip route 209.165.200.0 255.255.255.224 s0/1/1 10 Configure a directly attached default route on R1. R1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0 a. 172.16.159.254 255.255.240.0 172.16.143.254 255.255.240.0 172.16.144.1 255.255.240.0 172.16.159.254 Divide 172.16.128.0/19 into two equal subnets for use on Branch Subnet address First host 172.16.128.0 172.16.128.1 172.16.144.0 172.16.144.1 Last host Subnet mask Broadcast 172.16.143.254 255.255.240.0 172.16.143.255 172.16.159.254 255.255.240.0 172.16.159.255 1) Assign the last usable address of the second subnet to the Gigabit Ethernet 0/0 interface. Branch(config)#int g0/0 Branch(config-if)#ip address 172.16.159.254 255.255.240.0 2) Assign the last usable address of the first subnet to the Gigabit Ethernet 0/1 interface. Branch(config-if)#int g0/1 Branch(config-if)#ip address 172.16.143.254 255.255.240.0 3) 4) Document the addressing in the Addressing Table Configure Branch with appropriate addressing b. Configure B1 with appropriate addressing using the first available address of the network to which it is attached. Document the addressing in the Addressing Table. c. Configure HQ and Branch with RIPv2 routing according to the following criteria Advertise all three attached networks. Do not advertise the link to the Internet. (64.104.34.0) Branch#show ip route connected C 172.16.128.0/20 is directly connected, GigabitEthernet0/1 C 172.16.144.0/20 is directly connected, GigabitEthernet0/0 C 192.168.0.0/30 is directly connected, Serial0/0/0 Branch(config)#router rip Branch(config-router)#version 2 Branch(config-router)#passive-interface g0/0 Branch(config-router)#passive-interface g0/1 Branch(config-router)#no auto-summary Branch(config-router)#network 192.168.0.0 Branch(config-router)#network 172.16.128.0 Branch(config-router)#network 172.16.144.0 HQ#show ip route connected C 64.104.34.0/30 is directly connected, Serial0/0/1 C 172.16.0.0/18 is directly connected, GigabitEthernet0/1 C 172.16.64.0/18 is directly connected, GigabitEthernet0/0 C 192.168.0.0/30 is directly connected, Serial0/0/0 HQ(config)#router rip HQ(config-router)#version 2 HQ(config-router)#no auto-summary HQ (config-router)#passive-interface g0/0 HQ (config-router)#passive-interface g0/1 HQ (config-router)#passive-interface s0/0/1 HQ(config-router)#network 192.168.0.0 HQ(config-router)#network 172.16.0.0 HQ(config-router)#network 172.16.64.0 d. Set a default route on HQ which directs traffic to S0/0/1 interface. Redistribute the route to Branch. HQ(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1 HQ(config)#router rip HQ(config-router)#default-information originate e. Design a named access list HQServer to prevent any computers attached to the Gigabit Ethernet 0/0 interface of the Branch router from accessing HQServer.pka. All other traffic is permitted. Configure the access list on the appropriate router, apply it to the appropriate interface and in the appropriate direction. Branch(config)#ip access-list standard HQServer Branch(config-std-nacl)#deny 172.16.128.0 0.0.31.255 Branch(config-std-nacl)#permit any Branch(config)#int g0/0 Branch(config-if)#ip access-group HQServer in Branch#show ip access-lists Standard IP access list HQServer 10 deny 172.16.128.0 0.0.31.255 20 permit any f. Design a named access list BranchServer to prevent any computers attached to the Gigabit Ethernet 0/0 interface of the HQ router from accessing the Branch server. All other traffic is permitted. Configure the access list on the appropriate router, apply it to the appropriate interface and in the appropriate direction. HQ(config)#ip access-list standard BranchServer HQ(config-std-nacl)#deny 172.16.64.0 0.0.63.255 HQ(config-std-nacl)#permit any HQ(config)#int g0/0 HQ(config-if)#ip access-group BranchServer in HQ#show ip access-lists Standard IP access list BranchServer 10 deny 172.16.64.0 0.0.63.255 20 permit any Scenario In this culminating activity, you will configure VLANs, trunks, DHCP Server, DHCP relay agents, and configure a router as a DHCP client. Requirements Using the information in the tables above, implement the following requirements: Create VLANs on S2 and assign VLANs to appropriate ports. Names are case-sensitive S2(config)#vlan 10 S2(config-vlan)#name Sales S2(config)#int range f0/5-9 S2(config-if-range)#switchport mode access S2(config-if-range)#switchport access vlan 10 Configure S2 ports for trunking. S2(config)#int range f0/1-4 S2(config-if-range)#switchport mode trunk Configure all non-trunk ports on S2 as access ports. S2(config)#int range f0/5-24, g0/1-2 S2(config-if-range)#switchport mode access Configure R1 to route between VLANs. Subinterface names should match the VLAN number. R1(config)#int g0/0.10 R1(config-subif)#encapsulation dot1Q 10 R1(config-subif)#ip address 172.31.10.1 255.255.255.224 Configure R1 to act as a DHCP server for the VLANs attached to S2. R1(config)#ip dhcp pool VLAN_10 R1(dhcp-config)#network 172.31.10.0 255.255.255.224 R1(dhcp-config)#dns-server 209.165.201.14 R1(dhcp-config)#default-router 172.31.10.1 R1(dhcp-config)#ip dhcp excluded-address 172.31.10.1 172.31.10.10 - Create a DHCP pool for each VLAN. Names are case-sensitive. R1(config)#ip dhcp pool VLAN_10 - Assign the appropriate addresses to each pool. R1(dhcp-config)#network 172.31.10.0 255.255.255.224 - Configure DHCP to provide the default gateway address R1(dhcp-config)#default-router 172.31.10.1 - Configure the DNS server 209.165.201.14 for each pool. R1(dhcp-config)#dns-server 209.165.201.14 - Prevent the first 10 addresses from each pool from being distributed to end devices. R1(dhcp-config)#ip dhcp excluded-address 172.31.10.1 172.31.10.10 Configure R1 as a DHCP client so that it receives an IP address from the ISP network. R1(config)#int g0/1 R1(config-if)#ip address dhcp
© Copyright 2026 Paperzz