CCNAv7 ENSA Skills Assessment

Topology

Addressing Table
Device Interface IP Address Subnet Mask Default Gateway

R1 G0/0/0 10.67.254.2 255.255.255.252 N/A

R1
G0/0/1 192.168.1.1 255.255.255.0 N/A

R1
Lo0 10.52.0.1 255.255.255.248 N/A
R2 G0/0/0 10.67.254.1 255.255.255.252 N/A

R2
G0/0/1 10.67.1.1 255.255.255.0 N/A

R2
Lo0 209.165.201.1 255.255.255.224 N/A
S1 VLAN 1 192.168.1.2 255.255.255.0 192.168.1.1
S2 VLAN 1 10.67.1.2 255.255.255.0 10.67.1.1

Assessment Objectives
Part 1: Initialize, Reload and Configure Basic Device Settings (40 points, 40 minutes)
Part 2: Configure and Single Area OSPFv2 (20 points, 10 minutes)
Part 3: Optimize Single Area OSPFv2 (25 points, 20 minutes)

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 8 www.netacad.com
CCNAv7 ENSA Skills Assessment

Part 4: Configure Access Control, NAT, and perform configuration backup (15 points, 30 minutes)

Scenario
In this Skills Assessment (SA) you will configure the devices in a small network. You must configure a router,
switch and PCs to support IPv4 connectivity for supported hosts. Your router and switch must also be
managed securely. You will configure Single-Area OSPFv2, NAT, and access control lists. Further, you will
backup up your working configurations to a TFTP server.

Required Resources
• 2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 2 Switches (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
• 2 PCs (Windows with a terminal emulation program, such as Tera Term)

• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology

Instructions

Part 1: Initialize, Reload and Configure Basic Device Settings

Total points: 40
Time: 40 minutes

Step 1: Initialize and reload routers and switches.

Erase the startup configurations and VLANs from the router and switch and reload the devices.
Before proceeding, ask your instructor verify device initializations.

Step 2: Configure the routers.

Configuration tasks for R1 and R2 include the following:

Task Specification R1 R2

Disable DNS lookup 0.5 pt 0.5 pt

Router name R1 or R2, as appropriate 0.5 pt 0.5 pt
Domain name ccna-lab.com 0.5 pt 0.5 pt
Encrypted privileged EXEC password ciscoenpass 0.5 pt 0.5 pt
Console access password ciscoconpass 0.5 pt 0.5 pt
Set the minimum length for passwords 10 characters 0.5 pt 0.5 pt

Create an administrative user in the local Username: admin 0.5 pt 0.5 pt

database Password: admin1pass
Set login on VTY lines to use local database 0.5 pt 0.5 pt
Set VTY lines to accept SSH connections only 0.5 pt 0.5 pt
Encrypt the clear text passwords 0.5 pt 0.5 pt

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 8 www.netacad.com
CCNAv7 ENSA Skills Assessment

Task Specification R1 R2

Configure an MOTD Banner 0.5 pt 0.5 pt

Set the description 2 pts 2 pts
Set the Layer 3 IPv4 address
Configure interface G0/0/1 Activate Interface
Set the description 2 pts 2 pts
Set the Layer 3 IPv4 address
Configure interface G0/0/0 Activate Interface
Configure interface Lo0 Configure IPv4 address 0.5 pt 0.5 pts
Generate an RSA crypto key 1024 bits modulus 0.5 pt 0.5 pt

Step 3: Configure S1 and S2.

Configuration tasks for the switches include the following:

Task Specification S1 S2

Disable DNS lookup 0.5 pt 0.5 pt

Switch name S1 or S2, as appropriate 0.5 pt 0.5 pt
Domain name ccna-lab.com 0.5 pt 0.5 pt
Encrypted privileged EXEC password ciscoenpass 0.5 pt 0.5 pt
Console access password ciscoconpass 0.5 pt 0.5 pt
Shutdown all unused interfaces 0.5 pt 0.5 pt
Username: admin 0.5 pt 0.5 pt
Create an administrative user in the local database Password: admin1pass
Set login on VTY lines to use local database 0.5 pt 0.5 pt
Set VTY lines to accept SSH connections only 0.5 pt 0.5 pt
Encrypt the clear text passwords 0.5 pt 0.5 pt
Configure an MOTD Banner 0.5 pt 0.5 pt
Generate an RSA crypto key 1024 bits modulus 0.5 pt 0.5 pt
Configure Management Interface (SVI) for VLAN 1
Set the Layer 3 IPv4 address 0.5 pt 0.5 pt
(the Management VLAN)
Configure Default Gateway 0.5 pt 0.5 pt

Points for Step 1 (5 points):

Enter score here.
Points for Step 2 (21 points):
Enter score here.
Points for Step 3 (14 points):

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 8 www.netacad.com
CCNAv7 ENSA Skills Assessment

Enter score here.

Instructor Sign-off Part 1:
Instructor Sign-off
Total points for Part 1 (40 points):
Enter score here.

Part 2: Configure Single Area OSPFv2

Total points: 10
Time: 10 minutes
Configuration tasks for R1 and R2 include the following:

Task Specification R1 R2

Configure the OSPF routing process Use process id 1 1 pt 1 pt

Manually configure the router id Use 0.0.0.1 for R1 and 0.0.0.2 for R2 1 pt 1 pt
Configure a network statement for each locally
attached network using a wild card mask that
Configure network statements matches each network’s subnet mask
Note: R2 Lo0 network should not be included
in the OSPF process. 3 pts 3 pts

Instructor Sign-off Part 2

Instruction Sign-off
Total Points (10 points):
Enter score here.

Part 3: Optimize Single-Area OSPFv2

Total points: 20
Time: 20 minutes

Step 1: Configure R1.

Configuration Tasks for R1 include the following:

Task Specification Points

Configure all interfaces that are not directly connected

Configure passive interfaces to an OSPF neighbor to be passive 3 points
Configure the reference bandwidth Adjust the reference bandwidth to 1 Gigabit 2 points
Configure Loopback 0 to report
the mask it is configured with Configure Loopback0 as a point-to-point network for
instead of a host mask OSPF 2 points
Tune the timers for your network Configure the hello time for 30 seconds 1 point

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 8 www.netacad.com
CCNAv7 ENSA Skills Assessment

Step 2: Configure R2.

Configuration tasks for R2 include the following:

Task Specification Points

Configure all interfaces that are not directly connected

Configure passive interfaces to an OSPF neighbor to be passive 2 points
Configure the reference bandwidth Adjust the reference bandwidth to 1 Gigabit 2 points
Configure a static default route with loopback 0 as the
Provide default routing for the OSPF exit interface, then share the default information with
domain other OSPF speakers 5 points
Tune the timers for your network Configure the hello time for 30 seconds 1 point
Tune the DR/BDR election to favor R2 Set the OSPF priority for R2 to a value of 50 2 points

Points for Step 1 (8 points)

Enter score here.
Points for Step 2 (12 points)
Enter score here.
Instructor Sign-off Part 3:
Instructor Sign-off
Total points (20 points):
Enter score here.

Part 4: Configure Access Control, NAT, and perform configuration backup

Total points: 30
Time: 30 minutes

Step 1: Configure host computers.

Configure the host computers PC-A and PC-B with IPv4 addresses. (4 points)

Description PC-A PC-B

IP Address 192.168.1.50 10.67.1.50

Subnet Mask 255.255.255.0 255.255.255.0
Default Gateway 192.168.1.1 10.67.1.1

After configuring each host computer, perform the following tests: (4 points)

Source Target Protocol Expected Result

PC-A PC-B Ping Success

PC-A https://209.165.201.1 HTTPS Success
PC-A 209.165.201.1 SSH Success

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 8 www.netacad.com
CCNAv7 ENSA Skills Assessment

Source Target Protocol Expected Result

PC-B 209.165.201.1 SSH Success

If you get different results, troubleshoot your OSPF and host configurations.
Note: If you are unable to access 209.165.201.1 via https, enter ip http secure-server at R2 CLI.
R2(config)# ip http secure-server

Step 2: Configure Access Control on R2.

Create and apply an access control list on R2 named R2-SECURITY to do the following:

Task Specification Points

Create an access control list R2-SECURITY 2 points

Only hosts from the 10.0.0.0/8 network are allowed to reach
Control HTTP and HTTPS traffic the web server at 209.165.201.1 2 points
Control SSH traffic SSH is not allowed to the address 209.165.201.1 2 points
Permit traffic All other traffic, regardless of protocol, is allowed 2 points
Apply the ACL Filter traffic originating from R1 2 points

After configuring and applying the ACL, perform the following tests: (2 points)

Source Target Protocol Expected Result

PC-A PC-B Ping Success

PC-A https://209.165.201.1 HTTPS Failure
PC-A 209.165.201.1 SSH Failure
PC-B 209.165.201.1 SSH Success

If you get different results, double check your ACL configuration and application.

Step 3: Configure NAT.

The decision has been made that the entire organization should be using addresses in the 10.0.0.0/8 network
space. R1’s LAN is out of compliance. There are applications and services running in the R1 LAN that cannot
have their IP address changed without the entire system being rebuilt, so NAT is in order. Here are the
configuration tasks at R1:

Task Specification Points

Remove 192.168.1.0/24 from OSPF Remove the appropriate network statement at R1 2 points
Create an ACL to identify hosts
allowed to be translated Create an ACL that matches the 192.168.1.0 network 2 points
Configure Port Address Translation Configure the NAT association between the ACL and the
on the outside interface of R1 interface g0/0/0 so that it uses port address translation 2 points
Identify the interfaces involved in
NAT Specify inside or outside on the appropriate interfaces 2 points

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 8 www.netacad.com
CCNAv7 ENSA Skills Assessment

Step 4: Backup all device configurations.

Task Specification Points

Using the TFTP server on PC-B, backup the running configuration

2 points
of all of your devices to PC-B using the TFTP protocol

Points for Step 1 (8 points):

Enter score here.
Points for Step 2 (12 points):
Enter score here.
Points for Step 3 (8 points):
Enter score here.
Points for Step 4 (2 points):
Enter score here.
Instructor Sign-off Part 4:
Instructor Sign-off
Total points (30 points):
Enter score here.

Part 5: Cleanup
NOTE: DO NOT PROCEED WITH CLEANUP UNTIL YOUR INSTRUCTOR HAS GRADED YOUR SKILLS
EXAM AND HAS INFORMED YOU THAT YOU MAY BEGIN CLEANUP.
Unless directed otherwise by the instructor, restore host computer network connectivity, and then turn off
power to the host computers.
Before turning off power to the router and switch, remove the NVRAM configuration files (if saved) from both
devices.
Disconnect and neatly put away all LAN cables that were used in the Final.

Router Interface Summary Table

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2

Fast Ethernet 0/0 Fast Ethernet 0/1

1800 (F0/0) (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0 Gigabit Ethernet 0/1
1900 (G0/0) (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Fast Ethernet 0/0 Fast Ethernet 0/1
2801 (F0/0) (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
Fast Ethernet 0/0 Fast Ethernet 0/1
2811 (F0/0) (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0 Gigabit Ethernet 0/1
2900 (G0/0) (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 8 www.netacad.com
CCNAv7 ENSA Skills Assessment

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2

Gigabit Ethernet 0/0/0 Gigabit Ethernet 0/0/1

4221 (G0/0/0) (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
Gigabit Ethernet 0/0/0 Gigabit Ethernet 0/0/1
4300 (G0/0/0) (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
End of document

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 8 www.netacad.com