Abstract image of a woman sitting on books and studying on a laptop

ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, neste caso, "scrypt". O algoritmo scrypt é uma técnica de derivação de chave adaptativa projetada para ser resistente a ataques de força bruta.

S
SilvioDias29

The document provides the network topology, addressing tables, objectives, background, and startup configurations for routers R1-R3 and switches D1, D2, and A1 to complete the network configuration. The objectives include building the network, configuring basic device settings and interface addressing, configuring layer 2 networking and host support, routing protocols, first-hop redundancy, security, and network management features.

Engineering
1 of 16
Download to read offline
1
2
3
Most read
4
5
6
7
8
Most read
9
10
11
12
13
14
15
16
© 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 16 www.netacad.com ENCOR Skills Assessment (Scenario 1) Topology Addressing Table Device Interface IPv4 Address IPv6 Address IPv6 Link-Local R1 G0/0/0 209.165.200.225/27 2001:db8:200::1/64 fe80::1:1 R1 G0/0/1 10.0.10.1/24 2001:db8:100:1010::1/64 fe80::1:2 R1 S0/1/0 10.0.13.1/24 2001:db8:100:1013::1/64 fe80::1:3 R2 G0/0/0 209.165.200.226/27 2001:db8:200::2/64 fe80::2:1 R2 Loopback0 2.2.2.2/32 2001:db8:2222::1/128 fe80::2:3 R3 G0/0/1 10.0.11.1/24 2001:db8:100:1011::1/64 fe80::3:2 R3 S0/1/0 10.0.13.3/24 2001:db8:100:1013::3/64 fe80::3:3 D1 G1/0/11 10.0.10.2/24 2001:db8:100:1010::2/64 fe80::d1:1 D1 VLAN 100 10.0.100.1/24 2001:db8:100:100::1/64 fe80::d1:2 D1 VLAN 101 10.0.101.1/24 2001:db8:100:101::1/64 fe80::d1:3 D1 VLAN 102 10.0.102.1/24 2001:db8:100:102::1/64 fe80::d1:4 D2 G1/0/11 10.0.11.2/24 2001:db8:100:1011::2/64 fe80::d2:1
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 16 www.netacad.com Device Interface IPv4 Address IPv6 Address IPv6 Link-Local D2 VLAN 100 10.0.100.2/24 2001:db8:100:100::2/64 fe80::d2:2 D2 VLAN 101 10.0.101.2/24 2001:db8:100:101::2/64 fe80::d2:3 D2 VLAN 102 10.0.102.2/24 2001:db8:100:102::2/64 fe80::d2:4 A1 VLAN 100 10.0.100.3/23 2001:db8:100:100::3/64 fe80::a1:1 PC1 NIC 10.0.100.5/24 2001:db8:100:100::5/64 EUI-64 PC2 NIC DHCP SLAAC EUI-64 PC3 NIC DHCP SLAAC EUI-64 PC4 NIC 10.0.100.6/24 2001:db8:100:100::6/64 EUI-64 Objectives Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing Part 2: Configure the Layer 2 Network and Host Support Part 3: Configure Routing Protocols Part 4: Configure First-Hop Redundancy Part 5: Configure Security Part 6: Configure Network Management Features Part 7: Cleanup Background / Scenario In this skills assessment, you are responsible for completing the configuration of the network so there is full end-to-end reachability, so the hosts have reliable default gateway support, and so that management protocols are operational within the “Company Network” part of the topology. Be careful to verify that your configurations meet the provided specifications and that the devices perform as required. Note: The routers used with CCNP hands-on labs are Cisco 4221 routers with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3650 switches with Cisco IOS XE Release 16.9.4 (universalk9 image) and Cisco Catalyst 2960s with Cisco IOS Release 15.2(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure, contact your instructor. Note: The default Switch Database Manager (SDM) template on a Catalyst 2960 does not support IPv6. You must change the default SDM template to the dual-ipv4-and-ipv6 default template using the sdm prefer dual- ipv4-and-ipv6 default global configuration command. Changing the template will require a reboot. Required Resources • 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable) • 2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable) • 1 Switch (Cisco 2960 with Cisco IOS release 15.2 lanbase image or comparable) • 4 PCs (Choice of operating system with a terminal emulation program) • Console cables to configure the Cisco IOS devices via the console ports
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 16 www.netacad.com • Ethernet and serial cables as shown in the topology Instructions Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing In Part 1, you will set up the network topology and configure basic settings and interface addressing. Step 1: Cable the network as shown in the topology. Attach the devices as shown in the topology diagram, and cable as necessary. Step 2: Configure basic settings for each device. a. Console into each device, enter global configuration mode, and apply the basic settings. The startup configurations for each device are provided below. Router R1 hostname R1 ipv6 unicast-routing no ip domain lookup banner motd # R1, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit interface g0/0/0 ip address 209.165.200.225 255.255.255.224 ipv6 address fe80::1:1 link-local ipv6 address 2001:db8:200::1/64 no shutdown exit interface g0/0/1 ip address 10.0.10.1 255.255.255.0 ipv6 address fe80::1:2 link-local ipv6 address 2001:db8:100:1010::1/64 no shutdown exit interface s0/1/0 ip address 10.0.13.1 255.255.255.0 ipv6 address fe80::1:3 link-local ipv6 address 2001:db8:100:1013::1/64 no shutdown exit Router R2 hostname R2 ipv6 unicast-routing
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 16 www.netacad.com no ip domain lookup banner motd # R2, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit interface g0/0/0 ip address 209.165.200.226 255.255.255.224 ipv6 address fe80::2:1 link-local ipv6 address 2001:db8:200::2/64 no shutdown exit interface Loopback 0 ip address 2.2.2.2 255.255.255.255 ipv6 address fe80::2:3 link-local ipv6 address 2001:db8:2222::1/128 no shutdown exit Router R3 hostname R3 ipv6 unicast-routing no ip domain lookup banner motd # R3, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit interface g0/0/1 ip address 10.0.11.1 255.255.255.0 ipv6 address fe80::3:2 link-local ipv6 address 2001:db8:100:1011::1/64 no shutdown exit interface s0/1/0 ip address 10.0.13.3 255.255.255.0 ipv6 address fe80::3:3 link-local ipv6 address 2001:db8:100:1010::2/64 no shutdown exit Switch D1 hostname D1 ip routing ipv6 unicast-routing no ip domain lookup
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 16 www.netacad.com banner motd # D1, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit vlan 100 name Management exit vlan 101 name UserGroupA exit vlan 102 name UserGroupB exit vlan 999 name NATIVE exit interface g1/0/11 no switchport ip address 10.0.10.2 255.255.255.0 ipv6 address fe80::d1:1 link-local ipv6 address 2001:db8:100:1010::2/64 no shutdown exit interface vlan 100 ip address 10.0.100.1 255.255.255.0 ipv6 address fe80::d1:2 link-local ipv6 address 2001:db8:100:100::1/64 no shutdown exit interface vlan 101 ip address 10.0.101.1 255.255.255.0 ipv6 address fe80::d1:3 link-local ipv6 address 2001:db8:100:101::1/64 no shutdown exit interface vlan 102 ip address 10.0.102.1 255.255.255.0 ipv6 address fe80::d1:4 link-local ipv6 address 2001:db8:100:102::1/64 no shutdown exit ip dhcp excluded-address 10.0.101.1 10.0.101.109 ip dhcp excluded-address 10.0.101.141 10.0.101.254 ip dhcp excluded-address 10.0.102.1 10.0.102.109
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 16 www.netacad.com ip dhcp excluded-address 10.0.102.141 10.0.102.254 ip dhcp pool VLAN-101 network 10.0.101.0 255.255.255.0 default-router 10.0.101.254 exit ip dhcp pool VLAN-102 network 10.0.102.0 255.255.255.0 default-router 10.0.102.254 exit interface range g1/0/1-10, g1/0/12-24, g1/1/1-4 shutdown exit Switch D2 hostname D2 ip routing ipv6 unicast-routing no ip domain lookup banner motd # D2, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit vlan 100 name Management exit vlan 101 name UserGroupA exit vlan 102 name UserGroupB exit vlan 999 name NATIVE exit interface g1/0/11 no switchport ip address 10.0.11.2 255.255.255.0 ipv6 address fe80::d1:1 link-local ipv6 address 2001:db8:100:1011::2/64 no shutdown exit interface vlan 100 ip address 10.0.100.2 255.255.255.0 ipv6 address fe80::d2:2 link-local ipv6 address 2001:db8:100:100::2/64
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 16 www.netacad.com no shutdown exit interface vlan 101 ip address 10.0.101.2 255.255.255.0 ipv6 address fe80::d2:3 link-local ipv6 address 2001:db8:100:101::2/64 no shutdown exit interface vlan 102 ip address 10.0.102.2 255.255.255.0 ipv6 address fe80::d2:4 link-local ipv6 address 2001:db8:100:102::2/64 no shutdown exit ip dhcp excluded-address 10.0.101.1 10.0.101.209 ip dhcp excluded-address 10.0.101.241 10.0.101.254 ip dhcp excluded-address 10.0.102.1 10.0.102.209 ip dhcp excluded-address 10.0.102.241 10.0.102.254 ip dhcp pool VLAN-101 network 10.0.101.0 255.255.255.0 default-router 10.0.101.254 exit ip dhcp pool VLAN-102 network 10.0.102.0 255.255.255.0 default-router 10.0.102.254 exit interface range g1/0/1-10, g1/0/12-24, g1/1/1-4 shutdown exit Switch A1 hostname A1 no ip domain lookup banner motd # A1, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit vlan 100 name Management exit vlan 101 name UserGroupA exit vlan 102 name UserGroupB
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 16 www.netacad.com exit vlan 999 name NATIVE exit interface vlan 100 ip address 10.0.100.3 255.255.255.0 ipv6 address fe80::a1:1 link-local ipv6 address 2001:db8:100:100::3/64 no shutdown exit interface range f0/5-22 shutdown exit b. Save the running configuration to startup-config on all devices. c. Configure PC 1 and PC 4 host addressing as shown in the addressing table. Assign a default gateway address of 10.0.100.254 which will be the HSRP virtual IP address used in Part 4. Part 2: Configure the Layer 2 Network and Host Support In this part of the Skills Assessment, you will complete the Layer 2 network configuration and set up basic host support. At the end of this part, all the switches should be able to communicate. PC2 and PC3 should receive addressing from DHCP and SLAAC. Your configuration tasks are as follows: Task# Task Specification Points 2.1 On all switches, configure IEEE 802.1Q trunk interfaces on interconnecting switch links Enable 802.1Q trunk links between: • D1 and D2 • D1 and A1 • D2 and A1 6 2.2 On all switches, change the native VLAN on trunk links. Use VLAN 999 as the native VLAN. 6 2.3 On all switches, enable the Rapid Spanning- Tree Protocol. Use Rapid Spanning Tree. 3 2.4 On D1 and D2, configure the appropriate RSTP root bridges based on the information in the topology diagram. D1 and D2 must provide backup in case of root bridge failure. Configure D1 and D2 as root for the appropriate VLANs with mutually supporting priorities in case of switch failure. 2 2.5 On all switches, create LACP EtherChannels as shown in the topology diagram. Use the following channel numbers: • D1 to D2 – Port channel 12 • D1 to A1 – Port channel 1 • D2 to A1 – Port channel 2 3
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 9 of 16 www.netacad.com Task# Task Specification Points 2.6 On all switches, configure host access ports connecting to PC1, PC2, PC3, and PC4. Configure access ports with appropriate VLAN settings as shown in the topology diagram. Host ports should transition immediately to forwarding state. 4 2.7 Verify IPv4 DHCP services. PC2 and PC3 are DHCP clients and should be receiving valid IPv4 addresses. 1 2.8 Verify local LAN connectivity. PC1 should successfully ping: • D1: 10.0.100.1 • D2: 10.0.100.2 • PC4: 10.0.100.6 PC2 should successfully ping: • D1: 10.0.102.1 • D2: 10.0.102.2 PC3 should successfully ping: • D1: 10.0.101.1 • D2: 10.0.101.2 PC4 should successfully ping: • D1: 10.0.100.1 • D2: 10.0.100.2 • PC1: 10.0.100.5 1 Part 3: Configure Routing Protocols In this part, you will configure IPv4 and IPv6 routing protocols. At the end of this part, the network should be fully converged. IPv4 and IPv6 pings to the Loopback 0 interface from D1 and D2 should be successful. Note: Pings from the hosts will not be successful because their default gateways are pointing to the HSRP address which will be enabled in Part 4. Your configuration tasks are as follows:
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 10 of 16 www.netacad.com Task# Task Specification Points 3.1 On the “Company Network” (i.e., R1, R3, D1, and D2), configure single- area OSPFv2 in area 0. Use OSPF Process ID 4 and assign the following router-IDs: • R1: 0.0.4.1 • R3: 0.0.4.3 • D1: 0.0.4.131 • D2: 0.0.4.132 On R1, R3, D1, and D2, advertise all directly connected networks / VLANs in Area 0. • On R1, do not advertise the R1 – R2 network. • On R1, propagate a default route. Note that the default route will be provided by BGP. Disable OSPFv2 advertisements on: • D1: All interfaces except G1/0/11 • D2: All interfaces except G1/0/11 8 3.2 On the “Company Network” (i.e., R1, R3, D1, and D2), configure classic single-area OSPFv3 in area 0. Use OSPF Process ID 6 and assign the following router-IDs: • R1: 0.0.6.1 • R3: 0.0.6.3 • D1: 0.0.6.131 • D2: 0.0.6.132 On R1, R3, D1, and D2, advertise all directly connected networks / VLANs in Area 0. • On R1, do not advertise the R1 – R2 network. • On R1, propagate a default route. Note that the default route will be provided by BGP. Disable OSPFv3 advertisements on: • D1: All interfaces except G1/0/11 • D2: All interfaces except G1/0/11 8
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 11 of 16 www.netacad.com Task# Task Specification Points 3.3 On R2 in the “ISP Network”, configure MP-BGP. Configure two default static routes via interface Loopback 0: • An IPv4 default static route. • An IPv6 default static route. Configure R2 in BGP ASN 500 and use the router-id 2.2.2.2. Configure and enable an IPv4 and IPv6 neighbor relationship with R1 in ASN 300. In IPv4 address family, advertise: • The Loopback 0 IPv4 network (/32). • The default route (0.0.0.0/0). In IPv6 address family, advertise: • The Loopback 0 IPv4 network (/128). • The default route (::/0). 4 3.4 On R1 in the “ISP Network”, configure MP-BGP. Configure two static summary routes to interface Null 0: • A summary IPv4 route for 10.0.0.0/8. • A summary IPv6 route for 2001:db8:100::/48. Configure R1 in BGP ASN 300 and use the router-id 1.1.1.1. Configure an IPv4 and IPv6 neighbor relationship with R2 in ASN 500. In IPv4 address family: • Disable the IPv6 neighbor relationship. • Enable the IPv4 neighbor relationship. • Advertise the 10.0.0.0/8 network. In IPv6 address family: • Disable the IPv4 neighbor relationship. • Enable the IPv6 neighbor relationship. • Advertise the 2001:db8:100::/48 network. 4 Part 4: Configure First Hop Redundancy In this part, you will configure HSRP version 2 to provide first-hop redundancy for hosts in the “Company Network”. Your configuration tasks are as follows:
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 12 of 16 www.netacad.com Task# Task Specification Points 4.1 On D1, create IP SLAs that test the reachability of R1 interface G0/0/1. Create two IP SLAs. • Use SLA number 4 for IPv4. • Use SLA number 6 for IPv6. The IP SLAs will test availability of R1 G0/0/1 interface every 5 seconds. Schedule the SLA for immediate implementation with no end time. Create an IP SLA object for IP SLA 4 and one for IP SLA 6. • Use track number 4 for IP SLA 4. • Use track number 6 for IP SLA 6. The tracked objects should notify D1 if the IP SLA state changes from down to up after 10 seconds, or from up to down after 15 seconds. 2 4.2 On D2, create IP SLAs that test the reachability of R3 interface G0/0/1. Create two IP SLAs. • Use SLA number 4 for IPv4. • Use SLA number 6 for IPv6. The IP SLAs will test availability of R3 G0/0/1 interface every 5 seconds. Schedule the SLA for immediate implementation with no end time. Create an IP SLA object for IP SLA 4 and one for IP SLA 6. • Use track number 4 for IP SLA 4. • Use track number 6 for IP SLA 6. The tracked objects should notify D1 if the IP SLA state changes from down to up after 10 seconds, or from up to down after 15 seconds. 2
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 13 of 16 www.netacad.com Task# Task Specification Points 4.3 On D1, configure HSRPv2. D1 is the primary router for VLANs 100 and 102; therefore, their priority will also be changed to 150. Configure HSRP version 2. Configure IPv4 HSRP group 104 for VLAN 100: • Assign the virtual IP address 10.0.100.254. • Set the group priority to 150. • Enable preemption. • Track object 4 and decrement by 60. Configure IPv4 HSRP group 114 for VLAN 101: • Assign the virtual IP address 10.0.101.254. • Enable preemption. • Track object 4 to decrement by 60. Configure IPv4 HSRP group 124 for VLAN 102: • Assign the virtual IP address 10.0.102.254. • Set the group priority to 150. • Enable preemption. • Track object 4 to decrement by 60. Configure IPv6 HSRP group 106 for VLAN 100: • Assign the virtual IP address using ipv6 autoconfig. • Set the group priority to 150. • Enable preemption. • Track object 6 and decrement by 60. Configure IPv6 HSRP group 116 for VLAN 101: • Assign the virtual IP address using ipv6 autoconfig. • Enable preemption. • Track object 6 and decrement by 60. Configure IPv6 HSRP group 126 for VLAN 102: • Assign the virtual IP address using ipv6 autoconfig. • Set the group priority to 150. • Enable preemption. • Track object 6 and decrement by 60. 8
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 14 of 16 www.netacad.com Task# Task Specification Points On D2, configure HSRPv2. D2 is the primary router for VLAN 101; therefore, the priority will also be changed to 150. Configure HSRP version 2. Configure IPv4 HSRP group 104 for VLAN 100: • Assign the virtual IP address 10.0.100.254. • Enable preemption. • Track object 4 and decrement by 60. Configure IPv4 HSRP group 114 for VLAN 101: • Assign the virtual IP address 10.0.101.254. • Set the group priority to 150. • Enable preemption. • Track object 4 to decrement by 60. Configure IPv4 HSRP group 124 for VLAN 102: • Assign the virtual IP address 10.0.102.254. • Enable preemption. • Track object 4 to decrement by 60. Configure IPv6 HSRP group 106 for VLAN 100: • Assign the virtual IP address using ipv6 autoconfig. • Enable preemption. • Track object 6 and decrement by 60. Configure IPv6 HSRP group 116 for VLAN 101: • Assign the virtual IP address using ipv6 autoconfig. • Set the group priority to 150. • Enable preemption. • Track object 6 and decrement by 60. Configure IPv6 HSRP group 126 for VLAN 102: • Assign the virtual IP address using ipv6 autoconfig. • Enable preemption. • Track object 6 and decrement by 60. Part 5: Security In this part you will configure various security mechanisms on the devices in the topology. Your configuration tasks are as follows: Task# Task Specification Points 5.1 On all devices, secure privileged EXEC using the SCRYPT encryption algorithm. Password: cisco12345cisco 3
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 15 of 16 www.netacad.com Task# Task Specification Points 5.2 On all devices, create a local user and secure it using the SCRYPT encryption algorithm. SCRYPT encrypted account specifics: • Local user name: sadmin • Privilege level 15 • Password: cisco12345cisco 3 5.3 On all devices (except R2), enable AAA. Enable AAA. 2 5.4 On all devices (except R2), configure the RADIUS server specifics. RADIUS server specifics: • RADIUS server IP address is 10.0.100.6. • RADIUS server UDP ports 1812 and 1813. • Password: $trongPass 2 5.5 On all devices (except R2), configure the AAA authentication method list. AAA authentication specifics: • Use the default method list • Validate against the RADIUS server group • Otherwise, use the local database. 2 5.6 Verify the AAA service on all devices (except R2). Log out and log in to all devices (except R2) using the username raduser and the password upass123. You should be successful. 2 Part 6: Configure Network Management Features In this part, you will configure various network management features. Your configuration tasks are as follows: Task# Task Specification Points 6.1 On all devices, set the local clock to the current UTC time. Set the local clock to the current UTC time. 3 6.2 Configure R2 as an NTP master. Configure R2 as an NTP master at stratum level 3. 1 6.3 Configure NTP on R1, R3, D1, D2, and A1. Configure NTP as follows: • R1 must synchronize with R2. • R3, D1, and A1 to synchronize time with R1. • D2 to synchronize time with R3. 5 6.4 Configure Syslog on all devices except R2. Syslogs should be sent to PC1 at 10.0.100.5 at the WARNING level. 5
ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 16 of 16 www.netacad.com Task# Task Specification Points 6.5 Configure SNMPv2c on all devices except R2. SNMPv2 specifics: • Only Read-Only SNMP will be used. • Limit SNMP access to PC1’s IP address. • Configure the SNMP contact value to your name. • Set the community string to ENCORSA. • On R3, D1, and D2, enable traps config and ospf to be sent. • On R1, enable traps bgp, config, and ospf to be sent. • On A1, enable traps config to be sent. 10 Part 7: Cleanup NOTE: DO NOT PROCEED WITH CLEANUP UNTIL YOUR INSTRUCTOR HAS GRADED YOUR SKILLS ASSESSMENT AND HAS INFORMED YOU THAT YOU MAY BEGIN CLEANUP. Unless directed otherwise by the instructor, restore host computer network connectivity, and then turn off power to the host computers. Remove NVRAM configuration files (if saved) and vlan databases from all devices before turning them off or reloading them. End of document

More Related Content

PDF
Lab- Full IPsec Implementation.pdf
Nesibusami
 
PDF
Lab 3.5.1 basic frame relay
Manuel Garcia Meza
 
DOCX
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
galerussel59292
 
PDF
Lab6.4.1
Kanbuncha Panichcharoen
 
PPTX
Detailed explanation of Basic router configuration
samreenghauri786
 
PPTX
ITN_Module_10.pptx gfhfdgsrfryrenikerrtvbter
crystaljhoyl
 
DOCX
Praktikum Lab 14 - Switch Security Configuration.docx
Ihsan Ihsan
 
PDF
M3
Quân Quạt Mo
 
Lab- Full IPsec Implementation.pdf
Nesibusami
 
Lab 3.5.1 basic frame relay
Manuel Garcia Meza
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
galerussel59292
 
Lab6.4.1
Kanbuncha Panichcharoen
 
Detailed explanation of Basic router configuration
samreenghauri786
 
ITN_Module_10.pptx gfhfdgsrfryrenikerrtvbter
crystaljhoyl
 
Praktikum Lab 14 - Switch Security Configuration.docx
Ihsan Ihsan
 
M3
Quân Quạt Mo
 

Similar to ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, neste caso, "scrypt". O algoritmo scrypt é uma técnica de derivação de chave adaptativa projetada para ser resistente a ataques de força bruta. (20)

DOC
PROYECTO VLANS
rubendavidsuarez
 
PPTX
IPv6 EIGRP
Irsandi Hasan
 
PPTX
I pv6 eigrp
Evandro Madeira
 
DOCX
Lab 9 instructions
trayyoo
 
PDF
Packettracersimulationlabl3routing 130306235157-phpapp02
A.S.M Shmimul Islam.
 
PDF
Latihan soal
joko
 
PPTX
IPv6 for beginner, ccna, ip, document,....
Tan Nguyen Phi
 
DOC
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Abhilash Kuniyil
 
PPT
Deploying Carrier Ethernet features on ASR 9000
Vinod Kumar Balasubramanyam
 
PPT
Deploying Carrier Ethernet Features on Cisco ASR 9000
Vinod Kumar Balasubramanyam
 
PDF
Ccna4
sizal1986
 
PDF
TN566 labs
Lochana Pasyala
 
PDF
Exercise 4c stp rapid pvst+ question
sufi1248
 
PPT
Day 13.1..1 catalyst switch
CYBERINTELLIGENTS
 
PDF
3.4.6-lab---configure-vlans-and-trunking.pdf
arif hamidi
 
PDF
Troubleshooting the Cisco Catalyst 9000 Series Switches - BRKTRS-3090.pdf
TestTest449467
 
PDF
CCN3Switching_lab_5_5_2
alan moreno
 
PPTX
IPv6 Static Routes
Irsandi Hasan
 
DOCX
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
keturahhazelhurst
 
PDF
MyFirstperformanceinusingpockettracerOSPF_Lab1.pdf
AxelJilianBumatay
 
PROYECTO VLANS
rubendavidsuarez
 
IPv6 EIGRP
Irsandi Hasan
 
I pv6 eigrp
Evandro Madeira
 
Lab 9 instructions
trayyoo
 
Packettracersimulationlabl3routing 130306235157-phpapp02
A.S.M Shmimul Islam.
 
Latihan soal
joko
 
IPv6 for beginner, ccna, ip, document,....
Tan Nguyen Phi
 
Labpractice1 configuringbasicroutingandswitchingwithanswer-121214084802-phpapp02
Abhilash Kuniyil
 
Deploying Carrier Ethernet features on ASR 9000
Vinod Kumar Balasubramanyam
 
Deploying Carrier Ethernet Features on Cisco ASR 9000
Vinod Kumar Balasubramanyam
 
Ccna4
sizal1986
 
TN566 labs
Lochana Pasyala
 
Exercise 4c stp rapid pvst+ question
sufi1248
 
Day 13.1..1 catalyst switch
CYBERINTELLIGENTS
 
3.4.6-lab---configure-vlans-and-trunking.pdf
arif hamidi
 
Troubleshooting the Cisco Catalyst 9000 Series Switches - BRKTRS-3090.pdf
TestTest449467
 
CCN3Switching_lab_5_5_2
alan moreno
 
IPv6 Static Routes
Irsandi Hasan
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
keturahhazelhurst
 
MyFirstperformanceinusingpockettracerOSPF_Lab1.pdf
AxelJilianBumatay
 
Ad

Recently uploaded (20)

PPTX
SC Robotics Team Safety Training Presentation
Kevin Welch
 
PPT
Basics Of Pump types, Details, and working principles.
winbell648
 
PDF
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
PDF
ST MNCWANGO P2 WIL (MEPR302) FINAL REPORT.pdf
sthathabo
 
PDF
Engineering Solutions for Ethical Dilemmas in Healthcare (www.kiu.ac.ug)
publication11
 
PPTX
Unit IImachinemachinetoolopeartions.pptx
Praveen Kumar
 
DOCX
ENVIRONMENTAL PROTECTION AND MANAGEMENT (18CVL756)
shruthicg
 
PDF
VTU IOT LAB MANUAL (BCS701) Computer science and Engineering
rizawan
 
PDF
MACCAFERRY GUIA GAVIONES TERRAPLENES EN ESPAÑOL
Distribucioneskaled
 
PPT
Unit - I.lathemachnespct=ificationsand ppt
Praveen Kumar
 
PDF
Software defined netwoks is useful to learn NFV and virtual Lans
Pandiya Rajan
 
PPTX
INTERNET OF THINGS - EMBEDDED SYSTEMS AND INTERNET OF THINGS
Jeevanandhams14
 
PDF
LS-6-Digital-Literacy (1) K12 CURRICULUM .pdf
RheaJaneMercado1
 
PPTX
22ME926Introduction to Business Intelligence and Analytics, Advanced Integrat...
ssuser329719
 
PDF
V2500 Owner and Operatore Guide for Airbus
RosneyAlfaro2
 
PDF
B461227.pdf American Journal of Multidisciplinary Research and Review
American Journal of Multidisciplinary Research and Review
 
PPT
Comprehensive Java Training Deck - Advanced topics
Miraj Godha
 
PDF
Performance, energy consumption and costs: a comparative analysis of automati...
kevig
 
PPT
UNIT-I Machine Learning Essentials for 2nd years
rajeswarigcse
 
PDF
Mechanics of materials week 2 rajeshwari
siddarthakattamuru
 
SC Robotics Team Safety Training Presentation
Kevin Welch
 
Basics Of Pump types, Details, and working principles.
winbell648
 
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
ST MNCWANGO P2 WIL (MEPR302) FINAL REPORT.pdf
sthathabo
 
Engineering Solutions for Ethical Dilemmas in Healthcare (www.kiu.ac.ug)
publication11
 
Unit IImachinemachinetoolopeartions.pptx
Praveen Kumar
 
ENVIRONMENTAL PROTECTION AND MANAGEMENT (18CVL756)
shruthicg
 
VTU IOT LAB MANUAL (BCS701) Computer science and Engineering
rizawan
 
MACCAFERRY GUIA GAVIONES TERRAPLENES EN ESPAÑOL
Distribucioneskaled
 
Unit - I.lathemachnespct=ificationsand ppt
Praveen Kumar
 
Software defined netwoks is useful to learn NFV and virtual Lans
Pandiya Rajan
 
INTERNET OF THINGS - EMBEDDED SYSTEMS AND INTERNET OF THINGS
Jeevanandhams14
 
LS-6-Digital-Literacy (1) K12 CURRICULUM .pdf
RheaJaneMercado1
 
22ME926Introduction to Business Intelligence and Analytics, Advanced Integrat...
ssuser329719
 
V2500 Owner and Operatore Guide for Airbus
RosneyAlfaro2
 
B461227.pdf American Journal of Multidisciplinary Research and Review
American Journal of Multidisciplinary Research and Review
 
Comprehensive Java Training Deck - Advanced topics
Miraj Godha
 
Performance, energy consumption and costs: a comparative analysis of automati...
kevig
 
UNIT-I Machine Learning Essentials for 2nd years
rajeswarigcse
 
Mechanics of materials week 2 rajeshwari
siddarthakattamuru
 
Ad

ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, neste caso, "scrypt". O algoritmo scrypt é uma técnica de derivação de chave adaptativa projetada para ser resistente a ataques de força bruta.

  • 1. © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 16 www.netacad.com ENCOR Skills Assessment (Scenario 1) Topology Addressing Table Device Interface IPv4 Address IPv6 Address IPv6 Link-Local R1 G0/0/0 209.165.200.225/27 2001:db8:200::1/64 fe80::1:1 R1 G0/0/1 10.0.10.1/24 2001:db8:100:1010::1/64 fe80::1:2 R1 S0/1/0 10.0.13.1/24 2001:db8:100:1013::1/64 fe80::1:3 R2 G0/0/0 209.165.200.226/27 2001:db8:200::2/64 fe80::2:1 R2 Loopback0 2.2.2.2/32 2001:db8:2222::1/128 fe80::2:3 R3 G0/0/1 10.0.11.1/24 2001:db8:100:1011::1/64 fe80::3:2 R3 S0/1/0 10.0.13.3/24 2001:db8:100:1013::3/64 fe80::3:3 D1 G1/0/11 10.0.10.2/24 2001:db8:100:1010::2/64 fe80::d1:1 D1 VLAN 100 10.0.100.1/24 2001:db8:100:100::1/64 fe80::d1:2 D1 VLAN 101 10.0.101.1/24 2001:db8:100:101::1/64 fe80::d1:3 D1 VLAN 102 10.0.102.1/24 2001:db8:100:102::1/64 fe80::d1:4 D2 G1/0/11 10.0.11.2/24 2001:db8:100:1011::2/64 fe80::d2:1
  • 2. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 16 www.netacad.com Device Interface IPv4 Address IPv6 Address IPv6 Link-Local D2 VLAN 100 10.0.100.2/24 2001:db8:100:100::2/64 fe80::d2:2 D2 VLAN 101 10.0.101.2/24 2001:db8:100:101::2/64 fe80::d2:3 D2 VLAN 102 10.0.102.2/24 2001:db8:100:102::2/64 fe80::d2:4 A1 VLAN 100 10.0.100.3/23 2001:db8:100:100::3/64 fe80::a1:1 PC1 NIC 10.0.100.5/24 2001:db8:100:100::5/64 EUI-64 PC2 NIC DHCP SLAAC EUI-64 PC3 NIC DHCP SLAAC EUI-64 PC4 NIC 10.0.100.6/24 2001:db8:100:100::6/64 EUI-64 Objectives Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing Part 2: Configure the Layer 2 Network and Host Support Part 3: Configure Routing Protocols Part 4: Configure First-Hop Redundancy Part 5: Configure Security Part 6: Configure Network Management Features Part 7: Cleanup Background / Scenario In this skills assessment, you are responsible for completing the configuration of the network so there is full end-to-end reachability, so the hosts have reliable default gateway support, and so that management protocols are operational within the “Company Network” part of the topology. Be careful to verify that your configurations meet the provided specifications and that the devices perform as required. Note: The routers used with CCNP hands-on labs are Cisco 4221 routers with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3650 switches with Cisco IOS XE Release 16.9.4 (universalk9 image) and Cisco Catalyst 2960s with Cisco IOS Release 15.2(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure, contact your instructor. Note: The default Switch Database Manager (SDM) template on a Catalyst 2960 does not support IPv6. You must change the default SDM template to the dual-ipv4-and-ipv6 default template using the sdm prefer dual- ipv4-and-ipv6 default global configuration command. Changing the template will require a reboot. Required Resources • 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable) • 2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable) • 1 Switch (Cisco 2960 with Cisco IOS release 15.2 lanbase image or comparable) • 4 PCs (Choice of operating system with a terminal emulation program) • Console cables to configure the Cisco IOS devices via the console ports
  • 3. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 16 www.netacad.com • Ethernet and serial cables as shown in the topology Instructions Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing In Part 1, you will set up the network topology and configure basic settings and interface addressing. Step 1: Cable the network as shown in the topology. Attach the devices as shown in the topology diagram, and cable as necessary. Step 2: Configure basic settings for each device. a. Console into each device, enter global configuration mode, and apply the basic settings. The startup configurations for each device are provided below. Router R1 hostname R1 ipv6 unicast-routing no ip domain lookup banner motd # R1, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit interface g0/0/0 ip address 209.165.200.225 255.255.255.224 ipv6 address fe80::1:1 link-local ipv6 address 2001:db8:200::1/64 no shutdown exit interface g0/0/1 ip address 10.0.10.1 255.255.255.0 ipv6 address fe80::1:2 link-local ipv6 address 2001:db8:100:1010::1/64 no shutdown exit interface s0/1/0 ip address 10.0.13.1 255.255.255.0 ipv6 address fe80::1:3 link-local ipv6 address 2001:db8:100:1013::1/64 no shutdown exit Router R2 hostname R2 ipv6 unicast-routing
  • 4. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 16 www.netacad.com no ip domain lookup banner motd # R2, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit interface g0/0/0 ip address 209.165.200.226 255.255.255.224 ipv6 address fe80::2:1 link-local ipv6 address 2001:db8:200::2/64 no shutdown exit interface Loopback 0 ip address 2.2.2.2 255.255.255.255 ipv6 address fe80::2:3 link-local ipv6 address 2001:db8:2222::1/128 no shutdown exit Router R3 hostname R3 ipv6 unicast-routing no ip domain lookup banner motd # R3, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit interface g0/0/1 ip address 10.0.11.1 255.255.255.0 ipv6 address fe80::3:2 link-local ipv6 address 2001:db8:100:1011::1/64 no shutdown exit interface s0/1/0 ip address 10.0.13.3 255.255.255.0 ipv6 address fe80::3:3 link-local ipv6 address 2001:db8:100:1010::2/64 no shutdown exit Switch D1 hostname D1 ip routing ipv6 unicast-routing no ip domain lookup
  • 5. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 16 www.netacad.com banner motd # D1, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit vlan 100 name Management exit vlan 101 name UserGroupA exit vlan 102 name UserGroupB exit vlan 999 name NATIVE exit interface g1/0/11 no switchport ip address 10.0.10.2 255.255.255.0 ipv6 address fe80::d1:1 link-local ipv6 address 2001:db8:100:1010::2/64 no shutdown exit interface vlan 100 ip address 10.0.100.1 255.255.255.0 ipv6 address fe80::d1:2 link-local ipv6 address 2001:db8:100:100::1/64 no shutdown exit interface vlan 101 ip address 10.0.101.1 255.255.255.0 ipv6 address fe80::d1:3 link-local ipv6 address 2001:db8:100:101::1/64 no shutdown exit interface vlan 102 ip address 10.0.102.1 255.255.255.0 ipv6 address fe80::d1:4 link-local ipv6 address 2001:db8:100:102::1/64 no shutdown exit ip dhcp excluded-address 10.0.101.1 10.0.101.109 ip dhcp excluded-address 10.0.101.141 10.0.101.254 ip dhcp excluded-address 10.0.102.1 10.0.102.109
  • 6. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 16 www.netacad.com ip dhcp excluded-address 10.0.102.141 10.0.102.254 ip dhcp pool VLAN-101 network 10.0.101.0 255.255.255.0 default-router 10.0.101.254 exit ip dhcp pool VLAN-102 network 10.0.102.0 255.255.255.0 default-router 10.0.102.254 exit interface range g1/0/1-10, g1/0/12-24, g1/1/1-4 shutdown exit Switch D2 hostname D2 ip routing ipv6 unicast-routing no ip domain lookup banner motd # D2, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit vlan 100 name Management exit vlan 101 name UserGroupA exit vlan 102 name UserGroupB exit vlan 999 name NATIVE exit interface g1/0/11 no switchport ip address 10.0.11.2 255.255.255.0 ipv6 address fe80::d1:1 link-local ipv6 address 2001:db8:100:1011::2/64 no shutdown exit interface vlan 100 ip address 10.0.100.2 255.255.255.0 ipv6 address fe80::d2:2 link-local ipv6 address 2001:db8:100:100::2/64
  • 7. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 16 www.netacad.com no shutdown exit interface vlan 101 ip address 10.0.101.2 255.255.255.0 ipv6 address fe80::d2:3 link-local ipv6 address 2001:db8:100:101::2/64 no shutdown exit interface vlan 102 ip address 10.0.102.2 255.255.255.0 ipv6 address fe80::d2:4 link-local ipv6 address 2001:db8:100:102::2/64 no shutdown exit ip dhcp excluded-address 10.0.101.1 10.0.101.209 ip dhcp excluded-address 10.0.101.241 10.0.101.254 ip dhcp excluded-address 10.0.102.1 10.0.102.209 ip dhcp excluded-address 10.0.102.241 10.0.102.254 ip dhcp pool VLAN-101 network 10.0.101.0 255.255.255.0 default-router 10.0.101.254 exit ip dhcp pool VLAN-102 network 10.0.102.0 255.255.255.0 default-router 10.0.102.254 exit interface range g1/0/1-10, g1/0/12-24, g1/1/1-4 shutdown exit Switch A1 hostname A1 no ip domain lookup banner motd # A1, ENCOR Skills Assessment, Scenario 1 # line con 0 exec-timeout 0 0 logging synchronous exit vlan 100 name Management exit vlan 101 name UserGroupA exit vlan 102 name UserGroupB
  • 8. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 16 www.netacad.com exit vlan 999 name NATIVE exit interface vlan 100 ip address 10.0.100.3 255.255.255.0 ipv6 address fe80::a1:1 link-local ipv6 address 2001:db8:100:100::3/64 no shutdown exit interface range f0/5-22 shutdown exit b. Save the running configuration to startup-config on all devices. c. Configure PC 1 and PC 4 host addressing as shown in the addressing table. Assign a default gateway address of 10.0.100.254 which will be the HSRP virtual IP address used in Part 4. Part 2: Configure the Layer 2 Network and Host Support In this part of the Skills Assessment, you will complete the Layer 2 network configuration and set up basic host support. At the end of this part, all the switches should be able to communicate. PC2 and PC3 should receive addressing from DHCP and SLAAC. Your configuration tasks are as follows: Task# Task Specification Points 2.1 On all switches, configure IEEE 802.1Q trunk interfaces on interconnecting switch links Enable 802.1Q trunk links between: • D1 and D2 • D1 and A1 • D2 and A1 6 2.2 On all switches, change the native VLAN on trunk links. Use VLAN 999 as the native VLAN. 6 2.3 On all switches, enable the Rapid Spanning- Tree Protocol. Use Rapid Spanning Tree. 3 2.4 On D1 and D2, configure the appropriate RSTP root bridges based on the information in the topology diagram. D1 and D2 must provide backup in case of root bridge failure. Configure D1 and D2 as root for the appropriate VLANs with mutually supporting priorities in case of switch failure. 2 2.5 On all switches, create LACP EtherChannels as shown in the topology diagram. Use the following channel numbers: • D1 to D2 – Port channel 12 • D1 to A1 – Port channel 1 • D2 to A1 – Port channel 2 3
  • 9. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 9 of 16 www.netacad.com Task# Task Specification Points 2.6 On all switches, configure host access ports connecting to PC1, PC2, PC3, and PC4. Configure access ports with appropriate VLAN settings as shown in the topology diagram. Host ports should transition immediately to forwarding state. 4 2.7 Verify IPv4 DHCP services. PC2 and PC3 are DHCP clients and should be receiving valid IPv4 addresses. 1 2.8 Verify local LAN connectivity. PC1 should successfully ping: • D1: 10.0.100.1 • D2: 10.0.100.2 • PC4: 10.0.100.6 PC2 should successfully ping: • D1: 10.0.102.1 • D2: 10.0.102.2 PC3 should successfully ping: • D1: 10.0.101.1 • D2: 10.0.101.2 PC4 should successfully ping: • D1: 10.0.100.1 • D2: 10.0.100.2 • PC1: 10.0.100.5 1 Part 3: Configure Routing Protocols In this part, you will configure IPv4 and IPv6 routing protocols. At the end of this part, the network should be fully converged. IPv4 and IPv6 pings to the Loopback 0 interface from D1 and D2 should be successful. Note: Pings from the hosts will not be successful because their default gateways are pointing to the HSRP address which will be enabled in Part 4. Your configuration tasks are as follows:
  • 10. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 10 of 16 www.netacad.com Task# Task Specification Points 3.1 On the “Company Network” (i.e., R1, R3, D1, and D2), configure single- area OSPFv2 in area 0. Use OSPF Process ID 4 and assign the following router-IDs: • R1: 0.0.4.1 • R3: 0.0.4.3 • D1: 0.0.4.131 • D2: 0.0.4.132 On R1, R3, D1, and D2, advertise all directly connected networks / VLANs in Area 0. • On R1, do not advertise the R1 – R2 network. • On R1, propagate a default route. Note that the default route will be provided by BGP. Disable OSPFv2 advertisements on: • D1: All interfaces except G1/0/11 • D2: All interfaces except G1/0/11 8 3.2 On the “Company Network” (i.e., R1, R3, D1, and D2), configure classic single-area OSPFv3 in area 0. Use OSPF Process ID 6 and assign the following router-IDs: • R1: 0.0.6.1 • R3: 0.0.6.3 • D1: 0.0.6.131 • D2: 0.0.6.132 On R1, R3, D1, and D2, advertise all directly connected networks / VLANs in Area 0. • On R1, do not advertise the R1 – R2 network. • On R1, propagate a default route. Note that the default route will be provided by BGP. Disable OSPFv3 advertisements on: • D1: All interfaces except G1/0/11 • D2: All interfaces except G1/0/11 8
  • 11. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 11 of 16 www.netacad.com Task# Task Specification Points 3.3 On R2 in the “ISP Network”, configure MP-BGP. Configure two default static routes via interface Loopback 0: • An IPv4 default static route. • An IPv6 default static route. Configure R2 in BGP ASN 500 and use the router-id 2.2.2.2. Configure and enable an IPv4 and IPv6 neighbor relationship with R1 in ASN 300. In IPv4 address family, advertise: • The Loopback 0 IPv4 network (/32). • The default route (0.0.0.0/0). In IPv6 address family, advertise: • The Loopback 0 IPv4 network (/128). • The default route (::/0). 4 3.4 On R1 in the “ISP Network”, configure MP-BGP. Configure two static summary routes to interface Null 0: • A summary IPv4 route for 10.0.0.0/8. • A summary IPv6 route for 2001:db8:100::/48. Configure R1 in BGP ASN 300 and use the router-id 1.1.1.1. Configure an IPv4 and IPv6 neighbor relationship with R2 in ASN 500. In IPv4 address family: • Disable the IPv6 neighbor relationship. • Enable the IPv4 neighbor relationship. • Advertise the 10.0.0.0/8 network. In IPv6 address family: • Disable the IPv4 neighbor relationship. • Enable the IPv6 neighbor relationship. • Advertise the 2001:db8:100::/48 network. 4 Part 4: Configure First Hop Redundancy In this part, you will configure HSRP version 2 to provide first-hop redundancy for hosts in the “Company Network”. Your configuration tasks are as follows:
  • 12. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 12 of 16 www.netacad.com Task# Task Specification Points 4.1 On D1, create IP SLAs that test the reachability of R1 interface G0/0/1. Create two IP SLAs. • Use SLA number 4 for IPv4. • Use SLA number 6 for IPv6. The IP SLAs will test availability of R1 G0/0/1 interface every 5 seconds. Schedule the SLA for immediate implementation with no end time. Create an IP SLA object for IP SLA 4 and one for IP SLA 6. • Use track number 4 for IP SLA 4. • Use track number 6 for IP SLA 6. The tracked objects should notify D1 if the IP SLA state changes from down to up after 10 seconds, or from up to down after 15 seconds. 2 4.2 On D2, create IP SLAs that test the reachability of R3 interface G0/0/1. Create two IP SLAs. • Use SLA number 4 for IPv4. • Use SLA number 6 for IPv6. The IP SLAs will test availability of R3 G0/0/1 interface every 5 seconds. Schedule the SLA for immediate implementation with no end time. Create an IP SLA object for IP SLA 4 and one for IP SLA 6. • Use track number 4 for IP SLA 4. • Use track number 6 for IP SLA 6. The tracked objects should notify D1 if the IP SLA state changes from down to up after 10 seconds, or from up to down after 15 seconds. 2
  • 13. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 13 of 16 www.netacad.com Task# Task Specification Points 4.3 On D1, configure HSRPv2. D1 is the primary router for VLANs 100 and 102; therefore, their priority will also be changed to 150. Configure HSRP version 2. Configure IPv4 HSRP group 104 for VLAN 100: • Assign the virtual IP address 10.0.100.254. • Set the group priority to 150. • Enable preemption. • Track object 4 and decrement by 60. Configure IPv4 HSRP group 114 for VLAN 101: • Assign the virtual IP address 10.0.101.254. • Enable preemption. • Track object 4 to decrement by 60. Configure IPv4 HSRP group 124 for VLAN 102: • Assign the virtual IP address 10.0.102.254. • Set the group priority to 150. • Enable preemption. • Track object 4 to decrement by 60. Configure IPv6 HSRP group 106 for VLAN 100: • Assign the virtual IP address using ipv6 autoconfig. • Set the group priority to 150. • Enable preemption. • Track object 6 and decrement by 60. Configure IPv6 HSRP group 116 for VLAN 101: • Assign the virtual IP address using ipv6 autoconfig. • Enable preemption. • Track object 6 and decrement by 60. Configure IPv6 HSRP group 126 for VLAN 102: • Assign the virtual IP address using ipv6 autoconfig. • Set the group priority to 150. • Enable preemption. • Track object 6 and decrement by 60. 8
  • 14. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 14 of 16 www.netacad.com Task# Task Specification Points On D2, configure HSRPv2. D2 is the primary router for VLAN 101; therefore, the priority will also be changed to 150. Configure HSRP version 2. Configure IPv4 HSRP group 104 for VLAN 100: • Assign the virtual IP address 10.0.100.254. • Enable preemption. • Track object 4 and decrement by 60. Configure IPv4 HSRP group 114 for VLAN 101: • Assign the virtual IP address 10.0.101.254. • Set the group priority to 150. • Enable preemption. • Track object 4 to decrement by 60. Configure IPv4 HSRP group 124 for VLAN 102: • Assign the virtual IP address 10.0.102.254. • Enable preemption. • Track object 4 to decrement by 60. Configure IPv6 HSRP group 106 for VLAN 100: • Assign the virtual IP address using ipv6 autoconfig. • Enable preemption. • Track object 6 and decrement by 60. Configure IPv6 HSRP group 116 for VLAN 101: • Assign the virtual IP address using ipv6 autoconfig. • Set the group priority to 150. • Enable preemption. • Track object 6 and decrement by 60. Configure IPv6 HSRP group 126 for VLAN 102: • Assign the virtual IP address using ipv6 autoconfig. • Enable preemption. • Track object 6 and decrement by 60. Part 5: Security In this part you will configure various security mechanisms on the devices in the topology. Your configuration tasks are as follows: Task# Task Specification Points 5.1 On all devices, secure privileged EXEC using the SCRYPT encryption algorithm. Password: cisco12345cisco 3
  • 15. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 15 of 16 www.netacad.com Task# Task Specification Points 5.2 On all devices, create a local user and secure it using the SCRYPT encryption algorithm. SCRYPT encrypted account specifics: • Local user name: sadmin • Privilege level 15 • Password: cisco12345cisco 3 5.3 On all devices (except R2), enable AAA. Enable AAA. 2 5.4 On all devices (except R2), configure the RADIUS server specifics. RADIUS server specifics: • RADIUS server IP address is 10.0.100.6. • RADIUS server UDP ports 1812 and 1813. • Password: $trongPass 2 5.5 On all devices (except R2), configure the AAA authentication method list. AAA authentication specifics: • Use the default method list • Validate against the RADIUS server group • Otherwise, use the local database. 2 5.6 Verify the AAA service on all devices (except R2). Log out and log in to all devices (except R2) using the username raduser and the password upass123. You should be successful. 2 Part 6: Configure Network Management Features In this part, you will configure various network management features. Your configuration tasks are as follows: Task# Task Specification Points 6.1 On all devices, set the local clock to the current UTC time. Set the local clock to the current UTC time. 3 6.2 Configure R2 as an NTP master. Configure R2 as an NTP master at stratum level 3. 1 6.3 Configure NTP on R1, R3, D1, D2, and A1. Configure NTP as follows: • R1 must synchronize with R2. • R3, D1, and A1 to synchronize time with R1. • D2 to synchronize time with R3. 5 6.4 Configure Syslog on all devices except R2. Syslogs should be sent to PC1 at 10.0.100.5 at the WARNING level. 5
  • 16. ENCOR Skills Assessment (Scenario 1) © 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 16 of 16 www.netacad.com Task# Task Specification Points 6.5 Configure SNMPv2c on all devices except R2. SNMPv2 specifics: • Only Read-Only SNMP will be used. • Limit SNMP access to PC1’s IP address. • Configure the SNMP contact value to your name. • Set the community string to ENCORSA. • On R3, D1, and D2, enable traps config and ospf to be sent. • On R1, enable traps bgp, config, and ospf to be sent. • On A1, enable traps config to be sent. 10 Part 7: Cleanup NOTE: DO NOT PROCEED WITH CLEANUP UNTIL YOUR INSTRUCTOR HAS GRADED YOUR SKILLS ASSESSMENT AND HAS INFORMED YOU THAT YOU MAY BEGIN CLEANUP. Unless directed otherwise by the instructor, restore host computer network connectivity, and then turn off power to the host computers. Remove NVRAM configuration files (if saved) and vlan databases from all devices before turning them off or reloading them. End of document