you work as a network administrator at testking.com....

The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .

Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }

1

1

You work as a network administrator at TestKing.com. You are configuring a

router to provide Internet access. The ISP has provided TestKing.com with six

public IP addresses of 198.18.158.97, 198.18.158.97, 198.18.158.98, 198.18.158.99,

198.18.158.100, 198.18.158.101, and 198.18.158.102. TestKing.com has 62 hosts that

need access to the Internet simultaneously. The hosts in the TestKing.com LAN have

been assigned private space addresses in the range of 192.168.98.65 - 192.168.98.126.

The following have already been configured on the router:

1. The basic router configuration

2. The appropriate interfaces have been configured for NAT inside an NAT outside.

3. The appropriate static routes have also been configured (since the company will

be a stub network, no routing protocol will be required) 4. All passwords have been temporarily set to "testking"

The task is to complete the NAT configuration using all IP addresses assigned by the

ISP to provide Internet access to the hosts in the TestKing1 LAN. Functionality can

be tested by clicking on the host provided for testing.

Configuration information:

Router name: TestKing1

inside global addresses: 198.18.158.97 198.18.158.102/29

inside local addresses: 192.168.98.65 - 192.168.98.126/26

Number of inside hosts: 62



TestKing1>enable

TestKing1# configure terminal

TestKing1(config)# ip nat pool testking 198.18.169.121

198.18.169.126 netmask 255.255.255.248

TestKing1(config)# ip nat inside source list 1 pool

testking overload

TestKing1(config)# ip access-list 1 permit

192.168.2.33 0.0.0.31 Variation #2:





password: testking

Simulation.

Answer:

Explanation: TestKing1(config)#ip nat inside source list 1 pool nat-pool overload

TestKing1(config)#access-list 1 permit 192.168.98.64 0.0.0.63

TestKing1(config)#ip nat pool nat-pool 198.18.158.97 198.18.158.102 netmask 255.255.255.248

TestKing1(config)#int e0

TestKing1(config-if)#ip nat inside

TestKing1(config-if)#exit

TestKing1(config)#int s0

TestKing1(config-if)#ip nat outside

TestKing1(config-if)#end

TestKing1#copy run start

Previously the ip nat pool nat-pool was configured with /26 which is 255.255.255.192

which is incorrect because we are configuring inside global and it's /29 which is

255.255.255.248.

Note:

Variation #1:





TestKing1>enable

TestKing1# configure terminal

TestKing1(config)# ip nat pool testking 198.18.32.217

198.18.32.222 netmask 255.255.255.248

TestKing1(config)# ip nat inside source list 1 pool

testking overload

TestKing1(config)# ip access-list 1 permit

192.168.57.33 0.0.0.31



You work as a network technician at TestKing.com. A new switch named TestKing2 is

being added to TestKing.com LAN. You will work to complete this process by

first configuring the TestKing2 switch with IP address and default gateway. For the

switch host address you should use the first available IP address on the management

subnet. In addition, the switch needs o be configure to be in the same VTP domain

as the TestKing1 switch, and also needs to be configured as a VTP client.

Assume that the IP configuration and VTP configuration or completed and

working.

You must accomplish the following-

1. Determine and configure the IP host address of the new switch

2. Determine and configure the default gateway of the switch

3. Determine and configure the correct VTP domain name for the new switch

4. Configure the new switch as a VTP Client

Answer: Step 1: Determine & Configure the IP hot address for the New switch

TestKing2 (config-line)# interface vlan 1

TestKing2 (config-line)# ip address A.D.C.D 255.255.255.0

TestKing2 (config-line)# no shutdown

Step 2: Configure the default gateway

TestKing2 (config)# ip default-gateway A.B.C.D

Step 3 & 4: Configure the TestKing 2 switch as VTP Client and configure the correct

VTP domain

TestKing2 (config)# vtp mode client

TestKing2 (config-line)# vtp domain TestKing

TestKing2 (config-line)# vtp password testking

TestKing2 (config-line)# vtp pruning

Explanation: Even though we don't have enough information to deduce the IP address but at least we know

the step by step procedure to configure the switch TestKing 2



QUESTION NO: 14 SIMULATION

You are the administrator of the TestKing network which is composed of three

routers connected together via a WAN as shown in the diagram. Your assignment is

to configure and apply an access control list that will block telnet access to the

TestKing1 router without inhibiting all other traffic. The access list won't need

more then 3 statements and it should be applied to the TestKing3 router. The three

routers are already connected and configured as follows:

* The routers are named: TestKing1, TestKing2, and TestKing3 respectively.

* All three of them are using RIP as the routing protocol.

* The serial 0 interfaces are providing clocking.

* The default subnet mask is used on every interface.

* The IP addresses and passwords are listed below.

TestKing1

E0 192.168.1.1

S0 192.168.118.1

Secret password: testking

TestKing2

E0 192.168.121.1

S0 192.168.5.1

S1 192.168.118.2

Secret password: testking

TestKing3

E0 192.168.134.1

S1 192.168.5.2



To configure the router click on the host icon that is connected to a router by a

serial console cable.

Answer:

Explanation: TestKing3>enable

:password TestKing3#show access-lists (** redundant **)

TestKing3#config t

.Enter configuration commands, one per line. End with END

TestKing3(config)#access-list 101 deny tcp any 192.168.1.1 0.0.0.0 eq 23

TestKing3(config)#access-list 101 deny tcp any 192.168.118.0 0.0.0.0 eq 23

TestKing3(config)#access-list 101 permit ip any any

TestKing3(config)#interface Ethernet 0

TestKing3(config-if)#ip access-group 101 in

TestKing3(config-if)#exit

TestKing3(config)#interface serial 0

TestKing3(config-if)#ip access-group 101 in

TestKing3(config-if)#<CTRL-Z

TestKing3#copy running-config startup-config

You should deny access to telnet to the tesking1 router and the access list should be

applied in testking3 router (if the wording is correct). The destination addresses of

TestKing1, namely 192.181.1.1 0.0.0.0 and 192.168.118.0, should be used.

QUESTION NO: 18 SIMULATION



You work as a network engineer at TestKing.com. Three TestKing stores have

established network connectivity. The routers are named TestKing1, TestKing2, and

TestKing3. The manager at the TestKing site, Tess King, has decided to deny the

ability of anyone from any other network to connect to the TestKing3 router with

the ping command. Implment an access list on the TestKing3 router to deny this

detection but allow all other types of traffic to pass. The access list should contain no

more than three statements. The routers have been configured with the following

specifications:

* The routers are named TestKing1, TestKing2, and TestKing3.

* RIP is the routing protocol.

* Clocking signal is provided on the serial 0 interfaces.

* The password on each router is "testking".

* The subnet mask on all interfaces is the default mask.

* The IP addresses are listed in the chart below.

TestKing1

E0 192.168.49.1

S0 192.168.51.1.

TestKing2

E0 192.168.53.1

S0 192.168.55.1

S1 192.168.51.2

TestKing3

E0 192.168.57.1

S1 192.168.55.2

To configure the router click on the host icon that is connected to a router by a

serial console cable.

Answer: Explanation:

Click on Host 6 to connect to and configure TestKing3. configure terminal

access-list 101 deny icmp any 192.168.57.1 0.0.0.0

access-list 101 deny icmp any 192.168.55.2 0.0.0.0

access-list 101 permit ip any any Interface s1

Ip access-group 101 in

interface ethernet0

ip access-group 101 out

ctrl z

copy running-config startup-config



VTP SIM



This a slightly tricky question and can be faced for two situations,one mentioned by you already (vtp server)

and other for root bridge.This is the possible solution to both.

If Sw-AC1 was root bridge,look at topology,Sw-Ac3 with the console access has only 2 switches connected to

it Sw-DS1 and Sw-AC2.These would show as cdp neighbors.Also if Sw-AC1 were the root both its ports

would be designated hence forwarding ports.

1.show spanning-tree vlan 1 will give the root bridge mac-address and the root port.note them

2.show mac-address-detail will give mac-address to port mapping

3.Now type cdp neighbor detail.This will give Sw-AC2 and SW-DS1 as neighbors with their IP adresses.Note

them down

4.Now do a show ip arp

5.The mac-address of Sw-AC1 and Sw-Ac2 will be learnt on the same port if Sw-AC1 is the root bridge.You

have the Ip address of Sw-AC2 and Sw-DS1 from show neighbor detail.You also have mac-address of root

bridge.If ip address in the show arp does not corresspond to mac-address of root bridge,then Sw-AC2/Sw-DS1

is not the root and hence Sw-AC1 must be the root bridge.



Ok.If Sw-AC1 was the vtp server

Step1.show vtp status will give the Ip address of updater

Step 2.do a show ip arp.This will give IP to mac to port binding

Step3.Now do a show cdp neighbor detail.This will give IP address of Sw-AC2 and SW-DS1.

Step4.If IP address learnt in step 1 does not corresspond to Sw-AC2 or Sw-DS1,the updater has to be Sw-AC1

since there is no other switch in the topology.

The Old VTP SIM by routerman !



The Old VTP SIM by Spacyfreak !



P4S - page 277- TELNET SIM

1- sh run

2- you will see the serial

interface without a ip

3- sh cdp neighbors

4 see the ip of the neighbor

serial and add a ip of same

range

5- telnet the next router

6- sh run again

7- you will see ethernet

down

8- conf t, interface fa0, no

shut

9- now u can ping...



OSPF

you work as a network administrator at testking.com....

Documents