Scribd
Upload
1 views

Week 2-10 - SRWE Lab - Mock Test - Answer Key

The document outlines a detailed workshop for the Switching, Routing, and Wireless (SRWE) course, focusing on IP addressing, router configuration, and network protocols. It includes specific tasks for configuring routers, implementing AAA authentication, setting up DHCP servers, and configuring access control lists (ACLs) for security. Additionally, it covers the setup of NAT and VPN services, along with wireless router and access point configurations.

Uploaded by

Rocky Official
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1 views

Week 2-10 - SRWE Lab - Mock Test - Answer Key

The document outlines a detailed workshop for the Switching, Routing, and Wireless (SRWE) course, focusing on IP addressing, router configuration, and network protocols. It includes specific tasks for configuring routers, implementing AAA authentication, setting up DHCP servers, and configuring access control lists (ACLs) for security. Additionally, it covers the setup of NAT and VPN services, along with wireless router and access point configurations.

Uploaded by

Rocky Official
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Switching, Routing, and Wireless (SRWE) – Semester 2

Week 10 workshop – Revision / Mock Test

IP Addressing Table

DEVICE INTERFACE IP ADDRESS SUBNET MASK DEFAULT


GATEWAY
S0/0/0 67.223.164.1 255.255.255.248 N/A
Gig0/0 125.229.50.1 255.255.255.252 N/A
ISP
Gig0/1 98.102.118.1 255.255.255.252 N/A
Gig0/2 78.223.167.1 255.255.255.252 N/A
Google Cloud Fa0 125.229.50.2 255.255.255.252 125.229.50.1
Citadel Servers
Fa0 98.102.118.2 255.255.255.252 98.102.118.1
Amazon Game
Fa0 78.223.167.2 255.255.255.252 78.223.167.1
lift
S0/0/0 67.223.164.2 255.255.255.248 N/A

MainRouter Gig0/0 192.168.10.1 255.255.255.0 N/A


Gig0/1 192.168.20.1 255.255.255.0 N/A
Gig0/0 192.168.10.2 255.255.255.0 N/A

BranchRouter1 Gig0/1 192.168.8.1 255.255.255.0 N/A


Gig0/2 192.168.1.2 255.255.255.0 N/A
Gig0/1 192.168.20.2 255.255.255.0 N/A
BranchRouter2
Gig0/2 192.168.1.3 255.255.255.0 N/A
TFTP Server Fa0 192.168.8.2 255.255.255.0 192.168.8.1
TACACS+
Fa0 192.168.8.3 255.255.255.0 192.168.8.1
Server
File Server Fa0 192.168.8.4 255.255.255.0 192.168.8.1
Laptop1 Fa0 DHCP DHCP Obtained DHCP
Obtained Obtained
Laptop2 Fa0 DHCP DHCP Obtained DHCP
Obtained Obtained
Laptop3 Fa0 DHCP DHCP Obtained DHCP
Obtained Obtained
Laptop4 Fa0 DHCP DHCP Obtained DHCP
Obtained Obtained

NOTES: -
1. The ISP side does not have to be configured.
2. IP configuration has already been done for devices working with static
assignment.
3. Configure the Routers using the Laptops connected to them using the
console connection. The default console access password is
‘consoleclass’ and the exec mode password is ‘cisco’.

a) Recover and restore the BranchRouter1.

1. The BranchRouter1 is not being accessed through the default exec mode
password ‘cisco’.

2. Enter the rommon mode of the BranchRouter1.

Configure the BranchRouter1 using the console connection on the Laptop.


PC>Desktop>Terminal
Physically reboot the BranchRouter1 and while the router is still booting,
interrupt the process with the key combination of ‘ctrl + c’. This will lead the
router into the rommon mode.

3. Edit the required registries and restore the router configuration from the TFTP
Server located at 192.168.8.2

Once inside the rommon mode. Prepare the BranchRouter1 to bypass the
startup configuration and boot itself from the flash memory.
rommon 1 > confreg 0x2142

Reset the BranchRouter1.


rommon 2 > reset

After gaining access to the global configuration mode, configure the router to
no-longer bypass the startup configuration.
Router(config) #config-register 0x2102

Router(config) #int gig0/1


Router(config-if) #ip address 192.168.8.1 255.255.255.0
Router(config-if) #no shut
Router(config-if) #exit

Router(config) #do copy tftp: running-config


Address or name of remote host []? 192.168.8.2
Source filename []? BranchRouter1-confg
Destination filename [running-config]?

4. Administratively turn on all the ports being used.

BranchRouter1 (config) #int gig0/0


BranchRouter1 (config-if) #no shut
BranchRouter1 (config-if) #exit

BranchRouter1 (config) #int gig0/2


BranchRouter1 (config-if) #no shut
BranchRouter1 (config-if) #exit

b) Configure the BranchRouter1 to use AAA authentication for console access.

1. Configure the TACACS+ Server with the following variables: -


VALUES VARIABLES
Service On
Network Configuration
Client Name Hostname of the Router to be Authenticated
Client IP IP Address of the Router to be Authenticated
Secret secretkey
Server Type TACACS
User Setup
Username admin
Secret admin-key

2. Enable AAA on the BranchRouter1.

BranchRouter1(config) #aaa new-model

3. Point the BranchRouter1 to the TACACS+ Server. Use the IP Address from the
IP Addressing scheme and the secret key previously established.

BranchRouter1(config) #tacacs-server host 192.168.8.3 key secretkey

4. Set the AAA authentication parameters on R1 for login. Create a word list
named ‘srwe-revision’. Use the TACACS+ server for authentication.

BranchRouter1(config) #aaa authentication login srwe-revision group


tacacs+

5. Configure the line console to use the configured TACACS+ Server for the login
authentication.

BranchRouter1(config) #line console 0


BranchRouter1(config-line) #login authentication srwe-revision
BranchRouter1config-if) #exit
c) Configure Hot Standby Router Protocol (HSRP) – FHRP on the
BranchRouter1 and BranchRouter2.

DEVICE VARIABLES VALUES


Standby Group Number 1
Virtual IP Address 192.168.1.1
BranchRouter1 Priority 105
Preempt Yes
Track Gig0/0

BranchRouter2 Virtual IP Address 192.168.1.1

BranchRouter1(config) #int g0/2


BranchRouter1(config-if) #standby 1 ip 192.168.1.1
BranchRouter1(config-if) #standby 1 priority 105
BranchRouter1(config-if) #standby 1 preempt
BranchRouter1(config-if) #standby track gig0/0
BranchRouter1(config-if) #exit

BranchRouter2(config) #int g0/2


BranchRouter2(config-if) #standby 1 ip 192.168.1.1
BranchRouter2(config-if) #exit

d) Configure BranchRouter1 and BranchRouter2 as DHCP Servers.

VALUES VARIABLES
Pool Name REVISION_DHCP_POOL
Network 192.168.1.0 255.255.255.0
Default Router 192.168.1.1
The first 10 useable IP addresses and the last useable
Excluded Addresses
IP address.
BranchRouter1(config) #ip dhcp pool REVISION_DHCP_POOL
BranchRouter1(config-if) #network 192.168.1.0 255.255.255.0
BranchRouter1(config-if) #default-router 192.168.1.1
BranchRouter1(config-if) #exit
BranchRouter1(config) #ip dhcp excluded-address 192.168.1.1 192.168.1.10
BranchRouter1(config) #ip dhcp excluded-address 192.168.1.254

BranchRouter2(config) #ip dhcp pool REVISION_DHCP_POOL


BranchRouter2(config-if) #network 192.168.1.0 255.255.255.0
BranchRouter2(config-if) #default-router 192.168.1.1
BranchRouter2(config-if) #exit
BranchRouter2(config) #ip dhcp excluded-address 192.168.1.1 192.168.1.10
BranchRouter2(config) #ip dhcp excluded-address 192.168.1.254

e) Wireless Router Configuration

1. Configure the Wireless Router with the following parameters: -

VARIABLES VALUES
Internet Connection Type Automatic Configuration - DHCP

LAN Network Router IP 192.168.88.1


LAN Network Router Subnet 255.255.255.0
DHCP Server Enabled
Start IP Address 192.168.88.10
Max Number of Users 30

Network Mode Mixed


SSID SRWE_revision_router
Channel 6
SSID Broadcast Enabled
Security Mode WPA2 Personal
Encryption TKIP
Passphrase cisco#123
2. Connect the Laptop1 and Laptop2 to the Wireless Router and obtain IP
addresses using DHCP.

f) Wireless Access Point Configuration.

1. Configure the Wireless Access Point with the following parameters: -

VARIABLES VALUES
Port Status On
SSID SRWE_revision_ap
Channel 11
Authentication WPA2-PSK
Pass Phrase cisco#123
Encryption TIKP

3. Connect the Laptop3 and Laptop4 to the Wireless Access Point and obtain IP
addresses using DHCP. Obtain the IP addresses serially.

g) Configure a Named Standard ACL ‘NSACL’ that denies traffic from the local
network (192.168.1.0) from reaching the VPN Server at 192.168.16.100.
Explicitly permit all other traffic.

BranchRouter2(config) #ip access-list standard NSACL


BranchRouter2(config-std-nacl) #deny 192.168.1.0 0.0.0.255
BranchRouter2(config-std-nacl) #permit any
BranchRouter2(config-std-nacl) #exit
BranchRouter2(config) #int gig0/0
BranchRouter2(config-if) #ip access-group NSACL out
BranchRouter2(config-if) #exit

h) Configure a Numbered Extended ACL 130 that denies telnet, web, and ping
to the File Server (192.168.8.4) from the local (192.168.1.0) network. Explicitly
permit all other traffic trying to pass through.

BranchRouter1(config) #ip access-list extended 130


BranchRouter1(config-std-nacl) #deny tcp 192.168.1.0 0.0.0.255 host
192.168.8.4 eq telnet
BranchRouter1(config-std-nacl) #deny tcp 192.168.1.0 0.0.0.255 host
192.168.8.4 eq www
BranchRouter1(config-std-nacl) #deny tcp 192.168.1.0 0.0.0.255 host
192.168.8.4 eq 443
BranchRouter1(config-std-nacl) #deny icmp 192.168.1.0 0.0.0.255 host
192.168.8.4 echo
BranchRouter1(config-std-nacl) #permit ip any any
BranchRouter1(config-std-nacl) #exit

BranchRouter1(config) #int gig0/1


BranchRouter1(config-if) #ip access-group 130 out
BranchRouter1(config-if) #exit

i) Configure the VPN Server having an Inside Local IP of 192.168.16.100 to work


with static NAT using an Inside Global IP of 67.223.164.6

MainRouter(config) #ip nat inside source static 192.168.16.100 67.223.164.6

MainRouter (config) #int range gig0/0-1


MainRouter (config-if-range) #ip nat inside
MainRouter (config-if-range) #exit

MainRouter (config) #int s0/0/0


MainRouter (config-if) #ip nat outside
MainRouter (config-if) #exit

j) Configure the Server LAN (192.168.8.0) to work with PAT. For the interesting
traffic use a Numbered Standard ACL 1, implicitly denying all other traffic.

MainRouter(config) #ip access-list standard 1


MainRouter (config-std-nacl) #permit 192.168.8.0 0.0.0.255
MainRouter (config-std-nacl) #exit

MainRouter(config) #ip nat inside source list 1 interface s0/0/0 overload

MainRouter (config) #int range gig0/0-1


MainRouter (config-if-range) #ip nat inside
MainRouter (config-if-range) #exit

MainRouter (config) #int s0/0/0


MainRouter (config-if) #ip nat outside
MainRouter (config-if) #exit

End of Paper !!

Regards

Cisco SRWE, Subekshya Pradhan.

You might also like