CCNA Router Simulator Question - ACL SIM

CCNA EXAM HAVE TWO SIMULATORS.
ACL SIM

CCNA CISA CCNP CISP
Answer:

Select the console on Corp1 router

Configuring ACL

Corp1>enable
Corp1#configure terminal

comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

comment: To deny any source to access finance server address (172.22.242.23) {destination addr} on port number 80 (web)
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.
Corp1(config)#access-list 100 permit ip any any

Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.
Corp1(config)#interface fa 0/1
If the ip address configured already is incorrect as well as the subnet mask. this should be corrected in order ACL to work
type this commands at interface mode :
no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ip address and subnet mask)
Configure Correct IP Address and subnet mask :
ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 - 172.22.242.30 )

comment: Place the ACL to check for packets going outside the interface towards the finance web server.
Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Important: To save your running config to startup before exit.
Corp1#copy running-config startup-config


Verifying the Configuration :


Step1: show ip interface brief command identifies the interface on which to apply access list .


Step2: Click on each host A,B,C & D . Host opens a web browser page , Select address box of the web browser and type the ip address of finance web server(172.22.242.23) to test whether it permits /deny access to the finance web Server .


Step 3: Only Host C (192.168.33.3) has access to the server . If the other host can also access then maybe something went wrong in your configuration . check whether you configured correctly and in order.


Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.

CCNA EIGRP LAB Question

Question:

After adding R3 router, no routing updates are being exchanged between R3 and the new location. All other inter connectivity and Internet access for the existing locations of the company are working properly.
The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords on all routers are cisco.

IP addresses are listed in the chart below.

R1 Fa0/0: 192.168.77.33 S1/0: 198.0.18.6 S0/1: 192.160.60.25	R2 Fa0/0: 192.168.60.97 Fa0/1: 192.168.60.113 S0/0: 192.168.36.14
R3 Fa0/0: 192.168.77.34 Fa0/1: 192.168.60.65 Fa1/0: 192.168.60.81	R4 Fa0/0: 192.168.60.129 Fa0/1: 192.168.60.145 S0/1: 192.168.60.26

Answer and explanation:
We should check the configuration of the new added router first because it does not function properly while others work well. From the command line interface of R3 router, enter the show running-config command

From the output above, we know that this router was wrongly configured with an autonomous number (AS) of 22. When the AS numbers among routers are mismatched, no adjacency is formed.
(You should check the AS numbers on other routers for sure)

To solve this problem, we simply re-configure router R3 with the following commands:

R3>enable (you have to enter cisco as its password here)
R3#configure terminal
R3(config)#no router eigrp 22
R3(config)#router eigrp 212
R3(config-router)#network 192.168.60.0
R3(config-router)#network 192.168.77.0
R3(config-router)#no auto-summary
R3(config-router)#end
R3#copy running-config startup-config

Check R1 router with the show running-config command:



Notice that it is missing a definition to the network R3. Therefore we have to add it so that it can recognize R3 router

R1>enable (you have to enter cisco as its password here)
R1#configure terminal
R1(config)#router eigrp 212
R1(config-router)#network 192.168.77.0
R1(config-router)#end
R1#copy running-config startup-config

Now the whole network will work well. You should check again with ping command from router R3 to other routers!

CCNA NAT SIM Question 2

You work as a network technician at networkstepbystep.blogspot.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range.
9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 - 192.168.6.126/26 range.
You need to configure Router1 using the PC1 console.
You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively.
Now you are required to finish the configuration of Router1.

Solution:
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)

Double click on the Router 1 router to open it

Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)


Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248

Create a standard access control list that permits the addresses that are to be translated

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63

Establish dynamic source translation, specifying the access list that was defined in the prior step

Router1(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)

Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.

This is how to configure the NAT inside and NAT outside, just for your understanding:

Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside

Router1(config-if)#exit

Router1(config)#interface s0/0
Router1(config-if)#ip nat outside


Check your configuration by going to PC2 and type:

C:\>ping 192.0.2.114

The ping should work well and you will be replied from 192.0.2.114