Search This Blog

Wednesday, October 14, 2015

A CCNA Lab for those that need extra practice

I've already had my rant about not knowing CCNA R/S for new engineers or even existing ones. After several weeks of intense study I think I will be ready to go sit the new CCNA R/S exam. Yes I know, some may say it is easy, and I'm sure it is for those that do data all the time but I am a UC guy that is sliding back into the data realm slowly. Bottom line is, I miss data and all the cool routing and wireshark captures to find out problems and ways to fix them. I spent some time today finishing up a lab that I had made from scratch that tests most of the CCNA topics but not all. STP is difficult since you can't replicate the ASICS and I don't have an router IOS with a switch module to at least attempt to get STP up. I also haven't implemented GLBP / HSRP/ VRRP either even though they are fairly straight forward. I probably will add to the diagram but my back is killing me today and I haven't been in the mood to really build anything new aside from what I have already done. The below image is what I challenge you to replicate and get working 100% of the way.



At a minimum, here is what you need to configure:
  1. Connect all devices as shown
  2. Configure all ports with approrpriate addresses and bring them online
  3. Configure ssh access only with a password of cisco
  4. Configure a username of cisco and secret of cisco
  5. Configure an enable secret of cisco
  6. Ensure that the routers will not mistaken letters for DNS names
  7. Disable enable timeouts
  8. Set hosts with IPs so you can use their names instead of IP addresses
  9. Configure EIGRP and advertise networks based on subnet with no automatic summarization, do not configure Canada nor advertise its networks!
  10. Exclude the first 10 addresses in all ranges in the private networks for DHCP
  11. Configure DHCP for all Offices with a /24 subnet based on the network assigned
  12. Assign default routes to point to the local primary gateway of each site (not the office GWs)
  13. Ensure all PCs get their DHCP addresses assigned to them and they can ping to their local GW
  14. Configure the Frame Relay DLCIs as shown and map them as indicated
  15. The FR-Switch should not have any other configuration as it is acting like a cloud
  16. Assign static routes to get to Canada based on location (Texas will be a end all be all GW if other primary gateways don't know the correct path
  17. Configure NAT for Canada to use the internet IP with PAT
  18. Ensure all devices can ping to the private network in Canada
  19. Ensure Canada can ping from internal to any CORP based internal IP (i.e. 10.0.3.11, 10.0.0.1)
  20. Configure EIGRP md5 authentication for all links
  21. Make sure that any loopback interfaces assigned are being seen as their subnet in the routing tables
  22. Block all telnet traffic from all locations except Texas
  23. Block all SSH traffic on private LANs on all sites except Texas
  24. Verify NAT on the Canada GW
  25. Enable password encrpytion globally so that any plain text passwords are garbled at minimum security.
If you can do the above without having to look anything up, you are probably good to go or still competent in data. I myself had to look up how to do md5 authentication because it's just not something I do everyday...or at all really. I'm not a network engineer I'm a UC engineer. I challenge you to complete this as fast as you can and report your times with honesty. I will probably wipe this entire topology and start from scratch and do a YouTube recording when I get the chance. I want to see how fast I can go under pressure and what I do and do not forget. Keep in mind I set all DLCI interfaces to a /24, you can modify as you want.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)