Hands On Skills Exam – CCNAv7 SRWE Skills Assessment (Answers)

SRWE Final Skills Exam (Equipment)

Your exam may be different

Topology

CCNAv7 SRWE Skills Assessment

CCNAv7 SRWE Skills Assessment

Assessment Objectives

  • Part 1: Initialize, Reload and Configure Basic Device Settings (45 points, 45 minutes)
  • Part 2: Configure Network Infrastructure Settings (VLANs, Trunking, Etherchannel) (30 points, 25 minutes)
  • Part 3: Configure Host Support (20 points, 25 minutes)
  • Part 4: Test and Verify IPv4 and IPv6 End-to-End Connectivity (5 points, 10 minutes)

Scenario

In this Skills Assessment (SA) you will configure the devices in a small network. You must configure a router, switch and PCs to support both IPv4 and IPv6 connectivity for supported hosts. Your router and switch must also be managed securely. You will configure inter-VLAN routing, DHCP, Etherchannel, and port-security.

Required Resources

  • 1 Router (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
  • 2 Switches (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
  • 2 PCs (Windows with a terminal emulation program, such as Tera Term)
  • Console cables to configure the Cisco IOS devices via the console ports
  • Ethernet cables as shown in the topology

VLAN Table

Addressing Table

VLANVLAN Name
2Bikes
3Trikes
4Management
5Parking
6Native

Addressing Table

Device / InterfaceIP Address / PrefixDefault Gateway
R1 G0/0/1.210.19.8.1 /26N/A
2001:db8:acad:a::1 /64N/A
R1 G0/0/1.310.19.8.65 /27N/A
2001:db8:acad:b::1 /64N/A
R1 G0/0/1.410.19.8.97 /29N/A
2001:db8:acad:c::1 /64N/A
R1 G0/0/1.6N/AN/A
R1 Loopback0209.165.201.1 /27N/A
2001:db8:acad:209::1 /64N/A
S1 VLAN 410.19.8.98 /2910.19.8.97
2001:db8:acad:c::98 /64N/A
fe80::98N/A
S2 VLAN 410.19.8.99 /2910.19.8.97
2001:db8:acad:c::99 /64N/A
fe80::99N/A
PC-A NICDHCP for IPv4 addressDHCP for IPv4 default gateway
2001:db8:acad:a::50 /64fe80::1
PC-B NICDHCP for IPv4 addressDHCP for IPv4 default gateway
2001:db8:acad:b::50 /64fe80::1

Note: There is no interface on the router supporting VLAN 5.

Instructions

Part 1: Initialize, Reload and Configure Basic Device Settings

  • Total points: 45
  • Time: 20 minutes
Step 1: Initialize and reload router and switch.
  • Erase the startup configurations and VLANs from the router and switch and reload the devices.
  • After the switch is reloaded, configure the SDM template to support IPv6 as needed, and reload the switch again.
  • Before proceeding, have your instructor verify device initializations.

Use the console cable to connect from PC-A to the Router/Switch (console port)
Go to PC-ADesktop tab, Terminal app
Router, Switch1, Switch 2:

Router/Switchs >enable
Router/Switchs #erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Router/Switchs #reload
System configuration has been modified. Save? [yes/no]:yes
Building configuration...
[OK]


Switch1 & Switch 2:

Switch(config)# sdm prefer dual-ipv4-and-ipv6 default
Switch(config)# exit
Switch# reload
Proceed with reload? [confirm]
Step 2: Configure R1.

Configuration tasks for R1 include the following:

TaskSpecificationPoints
Disable DNS lookup0.5 pt
Router nameR10.5 pt
Domain nameccna-lab.com0.5 pt
Encrypted privileged EXEC passwordciscoenpass1 pt
Console access passwordciscoconpass1 pt
Set the minimum length for passwords10 characters1 pt
Create an administrative user in the local
database
Username: admin
Password: admin1pass
1 pt
Set login on VTY lines to use local database1 pt
Set VTY lines to accept SSH connections only1 pt
Encrypt the clear text passwords1 pt
Configure an MOTD Banner0.5 pt
Enable IPv6 Routing1 pt
Configure Interface G0/0/1 and sub interfacesSet the description
Set the IPv4 address
Set the IPv6 Link Local Address as fe80::1
Set the IPv6 address
Activate Interface
4 pts
Configure the Loopback0 interfaceSet the description
Set the IPv4 address
Set the IPv6 address
Set the IPv6 Link Local Address as fe80::1
2 pts
Generate an RSA crypto key1024 bits modulus1 pt
Router>enable
Router#config terminal
Router(config)#no ip domain lookup 

Router(config)#hostname R1

R1(config)#ip domain name ccna-lab.com

R1(config)#enable secret ciscoenpass

R1(config)#line console 0
R1(config-line)#password ciscoconpass
R1(config-line)#login
R1(config-line)#exit

R1(config)#security passwords min-length 10

R1(config)#username admin secret admin1pass

R1(config)#line vty 0 15
R1(config-line)#login local
R1(config-line)#transport input ssh 
R1(config-line)#exit 

R1(config)#service password-encryption 

R1(config)#banner motd #Unauthorized Acess is Prohibited#

R1(config)#ipv6 unicast-routing 

R1(config)#interface g0/0/1.2
R1(config-subif)#encapsulation dot1Q 2
R1(config-subif)#description Bikes
R1(config-subif)#ip address 10.19.8.1 255.255.255.192
R1(config-subif)#ipv6 address 2001:db8:acad:a::1/64
R1(config-subif)#ipv6 address fe80::1 link-local

R1(config-subif)#interface g0/0/1.3
R1(config-subif)#encapsulation dot1Q 3
R1(config-subif)#description Trikes
R1(config-subif)#ip address 10.19.8.65 255.255.255.224
R1(config-subif)#ipv6 address 2001:db8:acad:b::1/64
R1(config-subif)#ipv6 address fe80::1 link-local 

R1(config-subif)#interface g0/0/1.4
R1(config-subif)#encapsulation dot1Q 4
R1(config-subif)#description Management
R1(config-subif)#ip address 10.19.8.97 255.255.255.248
R1(config-subif)#ipv6 address 2001:db8:acad:c::1/64
R1(config-subif)#ipv6 address fe80::1 link-local 

R1(config-subif)#interface g0/0/1.6
R1(config-subif)#encapsulation dot1Q 6
R1(config-subif)#description Native

R1(config)#interface g0/0/1
R1(config-if)#no shutdown 

R1(config-subif)#interface Loopback 0
R1(config-subif)#description Loopback
R1(config-subif)#ip address 209.165.201.1 255.255.255.224
R1(config-subif)#ipv6 address 2001:db8:acad:209::1/64
R1(config-subif)#ipv6 address fe80::1 link-local
R1(config-subif)#description Native
R1(config-subif)#exit

R1(config)#crypto key generate rsa
1024
Step 3: Configure S1 and S2.

Configuration tasks for the switches include the following:

TaskSpecificationS1S2
Disable DNS lookup0.5pt0.5pt
Switch nameS1 or S2, as appropriate0.5pt0.5pt
Domain nameccna-lab.com0.5pt0.5pt
Encrypted privileged EXEC passwordciscoenpass1pt1pt
Console access passwordciscoconpass1pt1pt
Create an administrative user in the local databaseUsername: admin
Password: admin1pass
1pt1pt
Set login on VTY lines to use local database1pt1pt
Set VTY lines to accept SSH connections only1pt1pt
Encrypt the clear text passwords1pt1pt
Configure an MOTD Banner0.5pt0.5pt
Generate an RSA crypto key1024 bits modulus1pt1pt
Configure Management Interface (SVI)Set the Layer 3 IPv4 address
Set the Ipv6 Link Local Address as
FE80::98 for S1 and FE80::99 for S2
Set the Layer 3 IPv6 address
2pts2pts
Configure Default GatewayConfigure the default gateway as
10.19.8.97 for IPv4
1pt1pt
Switch1>enable
Switch1#conf t
Switch1(config)#no ip domain lookup
Switch1(config)#hostname S1

S1(config)#ip domain name ccna-lab.com

S1(config)#enable secret ciscoenpass

S1(config)#line console 0
S1(config-line)#password ciscoconpass
S1(config-line)#login
S1(config-line)#exit

S1(config)#username admin secret admin1pass
S1(config)#line vty 0 15
S1(config-line)#login local
S1(config-line)#transport input ssh
S1(config-line)#exit

S1(config)#service password-encryption 

S1(config)#banner motd #Unauthorized Access is Prohibitted!#

S1(config)#crypto key generate rsa
1024

S1(config)#interface vlan 4
S1(config-if)#ip address 10.19.8.98 255.255.255.248
S1(config-if)#ipv6 address 2001:db8:acad:c::98/64
S1(config-if)#ipv6 address fe80::98 link-local 
S1(config-if)#description Management Interface
S1(config-if)#no shutdown
S1(config-if)#exit

S1(config)#ip default-gateway 10.19.8.97
Switch2>enable
Switch2#conf t
Switch2(config)#no ip domain lookup 
Switch2(config)#hostname S2

S2(config)#ip domain name ccna-lab.com

S2(config)#enable secret ciscoenpass

S2(config)#line console 0
S2(config-line)#password ciscoconpass
S2(config-line)#login
S2(config-line)#exit

S2(config)#username admin secret admin1pass
S2(config)#line vty 0 15
S2(config-line)#login local
S2(config-line)#transport input ssh 
S2(config-line)#exit

S2(config)#service password-encryption 

S2(config)#banner motd #Unauthorized Access is Prohibitted!#

S2(config)#crypto key generate rsa
1024

S2(config)#interface vlan 4
S2(config-if)#ip address 10.19.8.99 255.255.255.248
S2(config-if)#ipv6 address 2001:db8:acad:c::99/64
S2(config-if)#ipv6 address fe80::99 link-local 
S2(config-if)#description Management Interface
S2(config-if)#no shutdown
S2(config-if)#exit

S2(config)#ip default-gateway 10.19.8.97

Points for Step 1 (4 points):
Points for Step 2 (17 points):
Points for Step 3 (24 points):
Instructor Sign-off Part 1:
Instructor Sign-off
Total Points for Part 1 (45 points)

Part 2: Configure Network Infrastructure Settings (VLANs, Trunking, EtherChannel)

  • Total points: 30
  • Time: 20 minutes
Step 1: Configure S1.

Configuration tasks for S1 include the following:

TaskSpecificationPoints
Create VLANsVLAN 2, name Bikes
VLAN 3, name Trikes
VLAN 4, name Management
VLAN 5, name Parking
VLAN 6, name Native
5 points
Create 802.1Q trunks that use the native VLAN 6Interfaces F0/1, F0/2, and F0/51 point
Create a Layer 2 EtherChannel port group that uses interfaces F0/1 and F0/2Use the LACP protocol for negotiation2 points
Configure host access port for VLAN 2Interface F0/61 point
Configure port-security on access portsAllow 3 MAC addresses2 points
Secure all unused interfacesAssign to VLAN 5, Set to access mode, add a description, and shutdown4 points
S1(config)#vlan 2
S1(config-vlan)#name Bikes
S1(config-vlan)#vlan 3
S1(config-vlan)#name Trikes
S1(config-vlan)#vlan 4
S1(config-vlan)#name Management
S1(config-vlan)#vlan 5
S1(config-vlan)#name Parking
S1(config-vlan)#vlan 6
S1(config-vlan)#name Native

S1(config)#interface range f0/1-2
S1(config-if-range)#switchport trunk encapsulation dot1q (#option)
S1(config-if-range)#switchport mode trunk 
S1(config-if-range)#switchport trunk native vlan 6
S1(config-if-range)#switchport trunk allowed vlan 2-6
S1(config-if-range)#exit

S1(config)#interface f0/5
S1(config-if)#switchport trunk encapsulation dot1q (#option)
S1(config-if)#switchport mode trunk 
S1(config-if)#switchport trunk native vlan 6
S1(config-if)#switchport trunk allowed vlan 2-6
S1(config-if)#exit

S1(config)#interface range f0/1-2
S1(config-if-range)#channel-group 1 mode active
S1(config-if-range)#exit

S1(config)#interface f0/6
S1(config-if)#switchport mode access 
S1(config-if)#switchport access vlan 2
S1(config-if)#switchport port-security maximum 3

S1(config)#interface range f0/3-4
S1(config-if-range)#switchport mode access 
S1(config-if-range)#switchport access vlan 5
S1(config-if-range)#description Unused Interfaces
S1(config-if-range)#shutdown 

S1(config)#interface range f0/7-24
S1(config-if-range)#switchport mode access 
S1(config-if-range)#switchport access vlan 5
S1(config-if-range)#description Unused Interfaces
S1(config-if-range)#shutdown

S1(config)#interface range g0/1-2
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 5
S1(config-if-range)#description Unused Interfaces
S1(config-if-range)#shutdown 

Note: This configuration assumes the use of Cisco Catalyst 2960 switches which automatically use 802.1Q encapsulation on trunk links. Other switches may require manual configuration of the encapsulation. Always configure both ends of a trunk link with the same native VLAN. If 802.1Q trunk configuration is not the same on both ends, Cisco IOS Software reports errors.

Step 2: Configure S2.

Configuration tasks for S2 include the following:

TaskSpecificationPoints
Create VLANsVLAN 2, name Bikes
VLAN 3, name Trikes
VLAN 4, name Management
VLAN 5, name Parking
VLAN 6, name Native
5 points
Create 802.1Q trunks that use the native VLAN 6Interfaces F0/1 and F0/21 point
Create a Layer 2 EtherChannel port group that
uses interfaces F0/1 and F0/2
Use the LACP protocol for negotiation2 points
Configure host access port for VLAN 3Interface F0/181 point
Configure port-security on access portsAllow 3 MAC addresses2 points
Secure all unused interfacesAssign to VLAN 5, Set to access mode,
add a description, and shutdown
4 points
S2(config)#vlan 2
S2(config-vlan)#name Bikes
S2(config-vlan)#vlan 3
S2(config-vlan)#name Trikes
S2(config-vlan)#vlan 4
S2(config-vlan)#name Management
S2(config-vlan)#vlan 5
S2(config-vlan)#name Parking
S2(config-vlan)#vlan 6
S2(config-vlan)#name Native

S2(config)#interface range f0/1-2
S2(config-if-range)#switchport trunk encapsulation dot1q (#option)
S2(config-if-range)#switchport mode trunk 
S2(config-if-range)#switchport trunk native vlan 6
S2(config-if-range)#switchport trunk allowed vlan 2-6
S2(config-if-range)#exit

S2(config)#interface range f0/1-2
S2(config-if-range)#channel-group 1 mode active
S2(config-if-range)#exit

S2(config)#interface f0/18
S2(config-if)#switchport mode access 
S2(config-if)#switchport access vlan 3
S2(config-if)#switchport port-security maximum 3

S2(config)#interface range f0/3-17
S2(config-if-range)#switchport mode access 
S2(config-if-range)#switchport access vlan 5
S2(config-if-range)#description Unused Interfaces
S2(config-if-range)#shutdown 
S2(config)#interface range f0/19-24
S2(config-if-range)#switchport mode access 
S2(config-if-range)#switchport access vlan 5
S2(config-if-range)#description Unused Interfaces
S2(config-if-range)#shutdown
S2(config)#interface range g0/1-2
S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 5
S2(config-if-range)#description Unused Interfaces
S2(config-if-range)#shutdown 

Note: This configuration assumes the use of Cisco Catalyst 2960 switches which automatically use 802.1Q encapsulation on trunk links. Other switches may require manual configuration of the encapsulation. Always configure both ends of a trunk link with the same native VLAN. If 802.1Q trunk configuration is not the same on both ends, Cisco IOS Software reports errors.
Points for Step 1 (15 points):

Points for Step 2 (15 points):

Instructor Sign-off Part 2:
Instructor Sign-off
Total Points for Part 2 (30 points)

Part 3: Configure Host Support

  • Total points: 20
  • Time: 10 minutes
Step 1: Configure R1

Configuration Tasks for R1 include the following

TaskSpecificationPoints
Configure Default RoutingCreate a default routes for IPv4 and IPv6 that direct traffic to interface Loopback 0(4 points)
Configure IPv4 DHCP for VLAN 2Create a DHCP pool for VLAN 2, consisting of the last 10 addresses in the subnet only. Assign the domain name ccna-a.net and specify the default gateway address as the router interface address for the subnet involved(6 points)
Configure IPv4 DHCP for VLAN 3Create a DHCP pool for VLAN 3, consisting of the last 10 addresses in the subnet only. Assign the domain name ccna-b.net and specify the default gateway address as the router interface address for the subnet involved(6 points)
R1(config)#ip route 0.0.0.0 0.0.0.0 loopback 0
R1(config)#ipv6 route ::/0 loopback 0

R1(config)#ip dhcp excluded-address 10.19.8.1 10.19.8.52
R1(config)#ip dhcp pool VLAN2-Bikes
R1(dhcp-config)#network 10.19.8.0 255.255.255.192
R1(dhcp-config)#default-router 10.19.8.1
R1(dhcp-config)#domain-name ccna-a.net
R1(dhcp-config)#exit

R1(config)#ip dhcp excluded-address 10.19.8.65 10.19.8.84
R1(config)#ip dhcp pool VLAN3-Trikes
R1(dhcp-config)#network 10.19.8.64 255.255.255.224
R1(dhcp-config)#default-router 10.19.8.65
R1(dhcp-config)#domain-name ccna-b.net
R1(dhcp-config)#
Step 2: Configure host computers.

Configure the host computers PC-A and PC-B to use DHCP for IPv4 and statically assign the IPv6 GUA and
Link Local addresses. After configuring each host computer, record the host network settings with the
ipconfig /all command.
On PCs, go to Command Promt (cmd), Enter ipconfig /renew to request IP DMCP

PC-A Network Configuration (2 points)
Description
Physical Address
IP Address
Subnet Mask
Default Gateway
IPv6 Default Gateway
PC-B Network Configuration (2 points)
Description
Physical Address
IP Address
Subnet Mask
Default Gateway
IPv6 Default Gateway

Points for Step 1 (16 points):

Points for Step 2 (4 points):

Instructor Sign-off Part 3:
Instructor Sign-off
Total Points for Part 3 (20 points)

Part 4: Test and Verify End-to-End Connectivity

  • Total points: 5
  • Time: 10 minutes

Use the ping command to test IPv4 and IPv6 connectivity between all network devices.
Note: If pings to host computers fail, temporarily disable the computer firewall and retest.
Use the following table to methodically verify connectivity with each network device. Take corrective action to establish connectivity if a test fails:

FromToProtocolIP AddressPing Results
PC-AR1, G0/0/1.2
R1, G0/0/1.2
IPv410.19.8.1
IPv62001:db8:acad:a::1
R1, G0/0/1.3
R1, G0/0/1.3
IPv410.19.8.65
IPv62001:db8:acad:b::1
R1, G0/0/1.4
R1, G0/0/1.4
IPv410.19.8.97
IPv62001:db8:acad:c::1
S1, VLAN 4
S1, VLAN 4
IPv410.19.8.98
IPv62001:db8:acad:c::98
S2, VLAN 4
S2, VLAN 4
IPv410.19.8.99.
IPv62001:db8:acad:c::99
PC-BIPv4IP address will vary.
IPv62001:db8:acad:b::50
R1 Loop0IPv4209.165.201.1
IPv62001:db8:acad:209::1
PC-BR1 Loop0IPv4209.165.201.1
IPv62001:db8:acad:209::1
R1, G0/0/1.2IPv410.19.8.1
IPv62001:db8:acad:a::1
R1, G0/0/1.3IPv410.19.8.65
IPv62001:db8:acad:b::1
R1, G0/0/1.4IPv410.19.8.97
IPv62001:db8:acad:c::1
S1, VLAN 4IPv410.19.8.98
IPv62001:db8:acad:c::98
S2, VLAN 4IPv410.19.8.99.
IPv62001:db8:acad:c::99

Instructor Sign-off Part 4:
Instructor Sign-off
Total Points for Part 4 (5 points)
Enter score here.

Part 5: Cleanup

NOTE: DO NOT PROCEED WITH CLEANUP UNTIL YOUR INSTRUCTOR HAS GRADED YOUR SKILLS EXAM AND HAS INFORMED YOU THAT YOU MAY BEGIN CLEANUP.

Unless directed otherwise by the instructor, restore host computer network connectivity, and then turn off power to the host computers.

Before turning off power to the router and switch, remove the NVRAM configuration files (if saved) from both devices.

Disconnect and neatly put away all LAN cables that were used in the Final.

Router Interface Summary Table
Router ModelEthernet Interface #1Ethernet Interface #2Serial Interface #1Serial Interface #2
1800Fast Ethernet 0/0
(F0/0)
Fast Ethernet 0/1
(F0/1)
Serial 0/0/0 (S0/0/0)Serial 0/0/1 (S0/0/1)
1900Gigabit Ethernet 0/0
(G0/0)
Gigabit Ethernet 0/1
(G0/1)
Serial 0/0/0 (S0/0/0)Serial 0/0/1 (S0/0/1)
2801Fast Ethernet 0/0
(F0/0)
Fast Ethernet 0/1
(F0/1)
Serial 0/1/0 (S0/1/0)Serial 0/1/1 (S0/1/1)
2811Fast Ethernet 0/0
(F0/0)
Fast Ethernet 0/1
(F0/1)
Serial 0/0/0 (S0/0/0)Serial 0/0/1 (S0/0/1)
2900Gigabit Ethernet 0/0
(G0/0)
Gigabit Ethernet 0/1
(G0/1)
Serial 0/0/0 (S0/0/0)Serial 0/0/1 (S0/0/1)
4221Gigabit Ethernet 0/0/0
(G0/0/0)
Gigabit Ethernet 0/0/1
(G0/0/1)
Serial 0/1/0 (S0/1/0)Serial 0/1/1 (S0/1/1)
4300Gigabit Ethernet 0/0/0
(G0/0/0)
Gigabit Ethernet 0/0/1
(G0/0/1)
Serial 0/1/0 (S0/1/0)Serial 0/1/1 (S0/1/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.

Download PDF:

[sociallocker id=”57850″]

Icon

CCNAv7 SRWE Skills Assessment 120.59 KB 1203 downloads

...

[/sociallocker]
Tags

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.