May 30

CCNAS REVIEW

Posted by Marius Bunget

You are not allowed to remove any configurations, only to modify them. In order for an exercise to be validated by the moderator all configuration errors must be detected and solved accordingly.

Challenge

Topology

You can download the dynamips topology here

task6

The following commands must be functional:

  • R1: ping 10.0.34.4 source 1.1.1.1

Attention: The traffic must be encrypted and R2 must do NAT

Hint: Use Wireshark and the dynagen functionality offered to capture packets .

May 29

CCNA REVIEW

Posted by Marius Bunget

For all challenges you are not allowed to remove any configurations, only to modify them. In order for an exercise to be validated by the moderator all configuration errors must be detected and solved accordingly.

Challenge 1

Topology

You can download the dynamips topology here

task1

You are allowed to modify configurations only on R2!

The following commands must be functional:

  • R1: ping 4.4.4.4
  • R1: telnet 4.4.4.4

Challenge 2

Topology

You can download the dynamips topology here

task2

The following commands must be functional:

  • R1: ping 10.0.14.4

Challenge 3

Topology

You can download the dynamips topology here

topology

The following commands must be functional:

  • R1: ping 10.0.14.4
  • R1: ping 10.0.34.4
  • R4: ping 10.0.14.1
  • R4: ping 10.0.12.1

Challenge 4

Topology

You can download the dynamips topology here

Untitled

The following commands must be functional:

  • R1: ping 4.4.4.4 source 1.1.1.1

Challenge 5

Topology

You can download the dynamips topology here

task5

The following commands must be functional:

  • R1: ping 3.3.3.3
  • R1: ping 4.4.4.4
  • R2: ping 4.4.4.4 source 2.2.2.2
May 9

Private VLANs

Posted by Marius Bunget

PVLANs provide layer 2 isolation between ports within the same broadcast domain. There are three types of PVLAN ports:

  • Promiscuous— A promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN.
  • Isolated— An isolated port has complete Layer 2 separation from the other ports within the same PVLAN, but not from the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic from an isolated port is forwarded only to promiscuous ports.
  • Community— Community ports communicate among themselves and with promiscuous ports. These interfaces are separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN.

IP Addressing
All the members of the Private VLAN can share a common IP Space where the IP space is assigned to the Primary VLAN. The hosts connected to isolated or community ports can have the addresses assigned from the address space of the Primary VLAN.

pvlan

Steps to Configure Private VLAN

1. Set VTP mode to transparent
2. Create Primary and Secondary VLANs
3. Map secondary VLANs to Primary VLANs
3. Configure ports in Secondary VLANs and assign VLAN memberships
4. Configure Promiscuous ports and map them to primary-secondary VLAN pairs

Configuration:

Switches S1 and S2  must be configured as follows:

Create vlans 101 and 102 and then associate them to the primary Vlan 100.

vlan 100
  private-vlan primary
  private-vlan association 101-102
!
vlan 101
  private-vlan community
!
vlan 102
  private-vlan community

On S1:

interface FastEthernet0/1
 switchport private-vlan mapping 100 101-102
 switchport mode private-vlan promiscuous
!
interface FastEthernet0/3
 switchport private-vlan host-association 100 101
 switchport mode private-vlan host
!
interface FastEthernet0/5
 switchport private-vlan host-association 100 102
 switchport mode private-vlan host
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk

On S2:
interface GigabitEthernet0/4
 switchport private-vlan host-association 100 101
 switchport mode private-vlan host
!
interface GigabitEthernet0/6
 switchport private-vlan host-association 100 102
 switchport mode private-vlan host
!
interface GigabitEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk