This CCNA Packet Tracer lab challenge will improve your skills in OSPF, Static PAT, ACLs, and more basic skills such as IP assignment, etc.
You can set this up as a Packet Tracer lab, and if people are interested in this type of thing I can provide file packs with solutions, etc. Let’s start by taking a look at the topology below:
This is the basic topology you need to complete this lab. I will refer to interfaces as they are labeled above, but just adapt it to your needs.
CCNA Skills: The Challenge
- Configure a /30 link between R1 and R2 using network 10.1.10.0 /30
- Create loopback 1 on R1: 18.104.22.168 and create loopback 1 on R2: 22.214.171.124
- Use the IP Address 192.168.1.1 /24 on R1’s e0/1 interface.
- Configure PC1 to receive a DHCP address in the 192.168.1.0 /24 Network.
- Using OSPF, ensure that all endpoints can ping every address in the topology. Single area OSPF is fine.
- Use static PAT in a way that allows you to telnet into R2 by typing <telnet 10.1.10.2 80> in R1 or PC1.
Hint: Use the loopback on R2.
- Configure an access-list on an inbound interface that blocks telnet from the 192.168.1.0 /24 network on the PAT translation you enabled earlier, but permits pings from all nodes and does not destroy the OSPF relationship you created in step 5. Do not <allow ip any any>, and use four statements.
You should still be able to <telnet 10.1.10.2 80> from R1.
There is more than one way to peel an orange, but the configurations for how I completed this are below.
Let me know in the comments or email me if you would be interested in more labs like this, with packet tracer files and more. I can create some fun stuff if the demand is there.
Current configuration : 1118 bytes ! ! Last configuration change at 19:21:43 EET Sun Mar 8 2020 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model clock timezone EET 2 0 ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.99 ! ip dhcp pool NET192 network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 ! ! no ip domain-lookup ip cef no ipv6 cef ! ! ! interface Loopback1 ip address 126.96.36.199 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.10.1 255.255.255.252 ! interface Ethernet0/1 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet0/2 no ip address shutdown ! interface Ethernet0/3 no ip address shutdown ! router ospf 12 network 188.8.131.52 0.0.0.0 area 0 network 10.1.10.0 0.0.0.3 area 0 network 192.168.1.0 0.0.0.255 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! control-plane ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login ! ! end
Current configuration : 1299 bytes ! ! Last configuration change at 19:21:42 EET Sun Mar 8 2020 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname R2 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model clock timezone EET 2 0 ! ! no ip domain-lookup ip cef no ipv6 cef ! ! interface Loopback2 ip address 184.108.40.206 255.255.255.255 ip nat inside ! interface Ethernet0/0 ip address 10.1.10.2 255.255.255.252 ip access-group 100 in ip nat outside ! interface Ethernet0/1 no ip address shutdown ! interface Ethernet0/2 no ip address shutdown ! interface Ethernet0/3 no ip address shutdown ! router ospf 12 network 220.127.116.11 0.0.0.0 area 0 network 10.1.10.0 0.0.0.3 area 0 ! ip nat inside source static tcp 18.104.22.168 23 10.1.10.2 80 extendable ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! access-list 100 permit ospf any any access-list 100 permit icmp any any access-list 100 deny tcp 192.168.1.0 0.0.0.255 host 10.1.10.2 eq www access-list 100 permit tcp 10.1.10.0 0.0.0.3 host 10.1.10.2 eq www ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 password cisco login ! ! end
Just enable DHCP 🙂
In this CCNA style packet tracer lab, we use Router 2’s loopback interface to act as an inside address. We use the command <ip nat inside source static tcp 22.214.171.124 23 10.1.10.2 80> to translate traffic to 10.1.10.2 on port 80, to telnet on the loopback.
The access list uses four commands to permit and deny traffic based on the requirements listed.
Please drop a comment below or send an email with any suggestions and improvements.
Also let me know if you want more labs 🙂 I have a fun one with EIGRP, OSPF, GRE Tunnels, and DHCP Helper.