Practice Skills Assessment – Packet Tracer (Module One Exam Solution )

You will practice and be assessed on the following skills:

  • Configuration of initial IOS device settings
  • Design and calculation of IPv4 addressing
  • Configuration of IOS device interfaces including IPv4 and IPv6 addressing when appropriate
  • Addressing of network hosts with IPv4 and IPv6 addresses
  • Enhancing device security, including configuration of the secure transport protocol for remote device configuration
  • Configuration of a switch management interface

Requirements by device:

  • Town Hall router:
  • Configuration of initial router settings
  • Interface configuration and IPv4 and IPv6 addressing
  • Device security enhancement or “device hardening”
  • Secure transport for remote configuration connections as covered in the labs.
  • Backup of the configuration file to a TFTP server
  • Administration Switch:
  • Enabling basic remote management by Telnet
  • PC and Server hosts:
  • IPv4 full addressing
  • IPv6 addressing
Skill Test Exam Solution

Fig : Topology (Skill Test Exam Solution)

ccna-1-skill-final-1

Step 1:

Design an IPv4 addressing scheme and complete the Addressing Table based on the following requirements. Use the table above to help you organize your work.

a. Subnet the 192.168.1.0/24 network to provide 30 host addresses per subnet while wasting the fewest addresses.

b. Assign the fourth subnet to the IT Department LAN.

c. Assign the last network host address (the highest) in this subnet to the G0/0 interface on Town Hall.

d. Starting with the fifth subnet, subnet the network again so that the new subnets will provide 14 host addresses per subnet while wasting the fewest addresses.

e. Assign the second of these new 14-host subnets to the Administration LAN.

f. Assign the last network host address (the highest) in the Administration LAN subnet to the G0/1 interface of the Town Hall router.

g. Assign the second to the last address (the second highest) in this subnet to the VLAN 1 interface of the Administration Switch.

h. Configure addresses on the hosts using any of the remaining addresses in their respective subnets.

Step 2: Configure the Town Hall Router.

a. Configure the Town Hall router with all initial configurations that you have learned in the course so far:

· Configure the router hostname: Middle

· Protect device configurations from unauthorized access with the encrypted password.

· Secure all of the ways to access the router using methods covered in the course and labs.

· Newly-entered passwords must have a minimum length of 10 characters.

· Prevent all passwords from being viewed in clear text in device configuration files.

· Configure the router to only accept in-band management connections over the protocol that is more secure than Telnet, as was done in the labs. Use the value 1024 for encryption key strength.

· Configure user authentication for in-band management connections.

b. Configure the two Gigabit Ethernet interfaces using the IPv4 addressing values you calculated and the IPv6 values provided in the addressing table.

· Reconfigure the link local addresses as was practiced in the labs. The IPv6 link-local Interface ID should match the IPv6 unicast Interface ID as is practiced in the labs.

· Document the interfaces in the configuration file.

Step 3: Configure the Administration Switch.

Configure Administration Switch for remote management.

Step 4: Configure and Verify Host Addressing.

a. Use the IPv4 addressing from Step 1 and the IPv6 addressing values provided in the addressing table to configure all host PCs with the correct addressing.

b. Use the router interface link-local addresses as the IPv6 default gateways on the hosts.

c. All hosts should be able to ping each other over IPv4.

Step 5: Backup the Configuration of the Town Hall Router to TFTP.

a. Complete the configuration of the TFTP server using the IPv4 addressing values from Step 1 and the values in the addressing table.

b. Backup the running configuration of Town Hall to the TFTP Server. Use the default file name.

Solution : 

Router>
Router>enable
Router#configure terminal
Router(config)#interface g0/0
Router(config-if)#ip address 192.168.1.126 255.255.255.224
Router(config-if)#description IT Department LAN
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface g0/1
Router(config-if)#ip address 192.168.1.158 255.255.255.240
Router(config-if)#description Administration LAN
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#ipv6 unicast-routing
Router(config)#interface g0/0
Router(config-if)#ipv6 address 2001:db8:acad:A::1/64
Router(config-if)#ipv6 address FE80::1 link-local
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface g0/1
Router(config-if)#ipv6 address 2001:db8:acad:B::1/64
Router(config-if)#ipv6 address FE80::1 link-local
Router(config-if)#no shutdown
Router(config-if)#exit

Router(config)#
Router(config)#hostname Middle
Middle(config)#Enable secret class12345
Middle(config)#line console 0
Middle(config-line)#password cisconet2014
Middle(config-line)#login
Middle(config-line)#exit
Middle(config)#line vty 0 15
Middle(config-line)#password cisconet2014
Middle(config-line)#login
Middle(config-line)#exit
Middle(config)#line aux 0
Middle(config-line)#password cisconet2014
Middle(config-line)#login
Middle(config-line)#exit
Middle(config)#
Middle(config)#Banner motd “Authorized Access Only”
Middle(config)#security password min-length 10
Middle(config)#service password-encryption
Middle(config)#ip domain-name ccna.net
Middle(config)#username cisco secret cisconet2014
Middle(config)#crypto key generate rsa
The name for the keys will be: Middle.cisco.local
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

Middle(config)#line vty 0 15
Middle(config-line)#login local
Middle(config-line)#transport input ssh
Middle(config-line)#exit
Middle(config)#

—————————————–
Switch1 ip default gateway 192.168.1.158

—————————————–

Reception Host
default gateway FE80::1
default gateway 192.168.1.126

IP address 192.168.1.97/27
IPv6 address 2001:DB8:ACAD:A::FF/64

—————————————–

Operator Host

default gateway FE80::1
default gateway 192.168.1.126

IP address 192.168.1.98/27
IPv6 address 2001:DB8:ACAD:A::15/64

—————————————–

IT Host

default gateway FE80::1
default gateway 192.168.1.158

IP address 192.168.1.145/28
IPv6 address 2001:DB8:ACAD:B::FF/64

—————————————–

SERVER TFTP

default gateway FE80::1
default gateway 192.168.1.158

IP address 192.168.1.146/28
IPv6 address 2001:DB8:ACAD:B::15/64

—————————————–

Backup the Configuration of the Town Hall Router to TFTP.

Middle#copy running-config tftp
Address or name of remote host []? 192.168.1.146
Destination filename [Router-confg]? [Press Enter]

—————————————–

Momataj Momo

 

Advertisements

IPv6 address Fundamental knowledge (part -1)

An IPv6 address is a 128 bit binary number and expressed in hexadecimal form, e.g.

 2001:1234:5678:0001:0000:0000:0000:0001/64 (32 hexadecimal numbers) There is a colon between each 4 hexadecimal numbers. This is for easy reading, just like the “dot-decimal form” of IPv4 address. E.g. 202.175.3.3/64 means the first 64 bit is the network prefix, it is similar to IPv4 CIDR (Classless Inter-Domain Routing) notation 

  • Simplifying IPv6 addresses

Since it is too long to express the IPv6 address, we want to simply it.e.g. 2001:1234:5678:0001:0000:0000:0000:0001/64 can be simplified as 2001:1234:5678:1:0:0:0:1/64 

This is called “Zero compression” – The leading zeros in each segment can be omitted. Continuous zeroes can be further compressed.

2001:1234:5678:0001:0000:0000:0000:0001/64

  • 2001:1234:5678:1:0:0:0:1/64
  • 2001:1234:5678:1::1/64

“::” – Double Colon, means a series of 0000 groups. Since the total length of an IPv6 address is 128 bit, the number of zeroes omitted can be calculated.

 Another example:2001:0000:0000:0001:0000:0000:0000:0001/64

  • 2001:0:0:1:0:0:0:1/64
  • 2001:0:0:1::1/64
  • But Note: 2001::1::1/64 is incorrect. It is because there is no way to identify the no. of zeroes omitted in the two double-colon areas.
  • IPv6 Prefix  Let’s learn more about IPv6 Prefix. 

In IPv4, we use subnet mask to denote the network portion.

e.g. 192.168.1.1 255.255.255.0 à 192.168.1.0 is the network portion

It can be written as : 192.168.1.1/24  (CIDR notation) In IPv6, we don’t use subnet mask. We only use the latter CIDR notation e.g.

2001:1234:5678:0001:0000:0000:0000:0001/64 

The network portion is : 2001:1234:5678:0001::  /64

The host portion is : 0000:0000:0000:0001. 

That means there can be a tremendous number of hosts, 264.

In IPv6, the network portion of an IP address is basically fixed at /64 and the host portion is always 64 bits.There is no need for subnetting. Since there are far too many bits in the IPv6 addresses that each organization can be assigned a network prefix of /48.e.g. A company may be assigned range of IP addresses with a network prefix of 2001:1234:5678:: /48. Then, the company can use 16 bits for the local subnetting.e.g. 

2001:1234:5678:0000::   /64 is the first subnet

to

2001:1234:5678:FFFF::   /64 is the last subnet. This results in 65536 subnets, which is far more than enough for each company or organization. In each subnet, there can be  2^64 hosts.So, the network prefix of a usable IPv6 address is basically fixed at /64 and no further subnetting is needed. This is an advantage over IPv4 because we need to do quite a lot troublesome IP address subnetting in IPv4. 

  • Demonstration

Let’s use Packet Tracer to show a demonstration of using IPv6 addresses. 

Topology: 

                                       

IPV^6

Fig: Example of Topology for IPv6

PC setting:

 IPv6_pc

Router setting:

 ipv6_router

Ping test:

ipv6_ping

                                Different kinds of IPv6 addresses

  • IPv6 Global Unicast AddressI

IP addresses are allocated by IANA (Internet Assigned Numbers Authority), through 5 RIRs (Regional Internet Registries), which are responsible for 5 different areas on the Earth.

ipv6_7

                                                          Regional Internet Registries

The current allocation of public IPv4 addresses is not sequential and continuous, meaning that a geographic region may acquire discontinuous ranges of public IPv4 address. This is due to the historical way of assignment and the insufficient public IPv4 addresses. E.g. For Macau region, it contains a large number of discontinuous, small address ranges, starting with 202.175.x, 27.x.y, 60.x.y, 113.x.y etc. This makes the aggregation of public IPv4 addresses very inefficient.

For IPv6, since it is a new deployment and there are huge numbers of IPv6 addresses. Huge enough to give each piece of sand on the Earth an IPv6 address. So, the assignment of public IPv6 addresses is more systematic. 

Currently only 1/8 of the IPv6 addresses are publicly assigned, which is :

2000::/3. What does it means? 

It means from 2000:: to 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

 

0010  0000  0000  0000  0000 0000 …. 0000 0000  

2      0     0    0   : 0000:0000:0000:0000:0000:0000:0000 

(Binary)

(Hexadecimal)

0011  1111  1111  1111  1111 1111 …. 1111 1111

3      F     F     F  : FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

(Binary)

(Hexadecimal)

And, currently, most of the assigned public IPv6 addresses starts with 2001::/16.

0010  0000  0000  0001  … … … … … … …… … … … … … … … … … … … … …

2     0     0     1   : … … … … … … …… … … … … … … … … … … … …

(Binary)

(Hexadecimal)

The IANA assigns address blocks to the five RIRs. The following table shows only a small portion of them. Usually, the IANA assigns address block with /23 prefix. 

2001:0200::/23

APNIC

 

2001:0400::/23

ARIN

2001:0600::/23

RIPE NCC

 

2001:1200::/23

LACNIC

2001:4200::/23

AFRINIC

   
ipv6_8

                                                                Fig: IANA

 

So, APNIC has got this block of IPv6 addresses:

 ipv_9

 Then, the APNIC assigns address blocks to ISPs.

e.g. APNIC may assign a block of addresses to ISPs like this : 

2001:02 55::/32  to ISPa

2001:02 66::/32  to ISPb 

So, ISPa gets a block of IP addresses as follows: 

ipv10

                           fig : ISPa gets a block of IP addresses

ipv11

                            fig: ISPa assigns blocks of IP addresses to different organization

In this point of view, Organization A is referred to as a Site.Now, the organization can freely use the remaining bits for its own, but, keeping 16 bits for Subnet ID. 

i.e. From 2001:0255:8888:0000::/64 to 2001:0255:8888:FFFF::/64 (The yellow portion is used as Subnet ID.)Then, for each subnet, there are 64 bits for hosts, all together, 2^64 hosts. This is called Interface ID and is used for identifying IPv6 host interface.  

ip_v_6_aa

                                                      fig: IPv6 host interface

 As one organization can have 65536 subnets, with each subnet having 264 hosts, this is far more than enough. So, no more subnetting is needed by the organization.

 The above resultant IPv6 addresses is publicly reachable in the Internet and is called :

1. IPv6 Global Unicast Address . It is similar to the IPv4 public addresses.

ip_7_v

                                                   fig: IPv6 Global Unicast Address

 2. IPv6 Link local (Unicast) Address   In IPv6, a network host will try to discover if there is any neighbor nearby.e.g. PC-A may send out a message like this:

ipv6_mu

fig: IPv6 Link local (Unicast) Address (PC-A may send out a message)

And PC-B may reply:

pc-reply

fig: IPv6 Link local (Unicast) Address (PC -B Reply)

You will notice that they are not using their Global Unicast address. Instead, they use a kind of IPv6 address called: “Link Local address”. In IPv6, Link Local address is used to communicate with neighbors in the same link or Layer 2 segment.

How is the Link Local address formed?

link local1

                                             fig: How is the Link Local address formed?

link local11

                                                        fig: How is the Link Local address formed?

The Link Local address is automatically generated, even though the interface has not been assigned with any IPv6 Global Unicast Address. IPv6 Link Local address is analogous to IPv4 Link Local address, in the range : 169.254.0.0/16. But, their usage is different. An IPv4 host will only get such an address when it is configured to use DHCP server to acquire IP address but no response from any DHCP server is got.

 

Thank you 

Momataj Momo