Recently I had a student (let’s call him David) ask me “Do you think I am ready to sit the ICND1 exam?”

Although David had studied the ICND1 text book, his skills were lacking when it came to configuring routers.  He had a copy of GNS3 WorkBench, and a copy of the GNS3 Network Simulation Guide, but had not completed all the GNS3 WorkBench exercises, so I sent him off telling him that he should at least complete ALL the ICND1 GNS3 exercises that he had at his disposal.  But It occurred to me that I didn’t have a monster exercise that I could give to David to test as many of the ICND1 Exam objectives as possible.

So David, I created that monster exercise. I called it the ICND1 Readiness Test. Be challenged!

[Edit 2014-10-08: Technical note: It has been found that the NAT portion of this exercise does not work if you use IOS c3725-adventerprisek9_ivs-mz.124-15.T14.  I recommend using c3725-adventerprisek9-mz.124-15.T10]

The exercise looks like this (Click on the image for a closer look):

Your job is to design and implement IPv4 and IPv6 addressing schemes for your company rednectar.net.

The instructions go on to tell you

Rednectar.net’s internal devices are arranged on two VLANs – a Users VLAN and a Servers VLAN, with a third Guest VLAN providing web browsing access for guests. Rednectar.net’s Service Provider has allocated the public IP address range of 192.0.2.184/29 and informed you that it will provide Internet services for you via the public IPv4 address 192.0.2.185 and DNS services via their DNS Server at 192.0.2.192. The address range 2001:db8:beef::/48 has been allocated for IPv6 addresses.

To complete this activity successfully, you design and implementation must meet the following criteria:

And so on to describe the criteria in relation to the ICND1 exam topics.  You can see the full description later in this post.

But don’t expect that you’ll do this exercise in an hour the first time you
try.  In fact, you should probably take a good day or two to go through
it slowly the first time you try.  But because you have to start by
designing your own IP addressing scheme, you can do this exercise over and
over again using different IP addresses.  Or use this layout as a
template to create your own exercise.

As well as the full configuration exercise, you also get three troubleshooting exercises, each with three items you have to solve.  And of course, there is a set of sample completed configurations and a ICND1 Readiness Test Testing Walk Through as well, that describes all the tests you need to do to verify that you have completed the task.

Here is the full description of the exercise.  If you think you are ready for ICND1, give it a shot!

ICND1 Readiness Test

From within the GNS3 WorkBench environment, restoring snapshot 0 (ICND1 Readiness Test) from File | Manage snapshots will load the initial configurations into the devices shown in the topology.

Topology

Your job is to design and implement IPv4 and IPv6 addressing schemes for your company rednectar.net.

Rednectar.net‘s internal devices are arranged on two VLANs – a Users VLAN and a Servers VLAN, with a third Guest VLAN providing web browsing access for guests. 
Rednectar.net‘s Service Provider has allocated the public IP address range of 192.0.2.184/29 and informed you that it will provide Internet services for you via the public IPv4 address 192.0.2.185 and DNS
services via their DNS Server at 192.0.2.192.  The address range 2001:db8:beef::/48 has been allocated for IPv6 addresses.

To complete this activity successfully, you design and implementation must meet the following criteria:

Switching and VLANs:

Covering ICND1  Objectives:

• Configure and verify VLANs
• Configure and verify trunking on Cisco switches

Three VLANs are to be created on SW1.  The default VLAN is NOT to be used as one of the VLANs.

The following table shows the VLAN requirements for SW1

Interface	VLAN	Tagging	Connected Devices
Fa1/0	All VLANs	802.1Q Tagged	R1
Fa1/1 – 3	Users VLAN	Untagged	PC1-PC3
Fa1/4 – 5	Guest VLAN	Untagged	PC4-PC5
Fa1/6 – 7	Servers VLAN	Untagged	Server6-Server7

The management IPv4 address of SW1 is to be assigned to the Users VLAN – see below.

IPv4 Addressing:

Covering ICND1  Objectives:

• Describe the operation and necessity of using private and public IP addresses for IPv4 addressing
• Identify the appropriate IPv4 addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment
• Configure and verify operation status of an Ethernet interface
  • Serial
• Configure and verify initial switch configuration including remote access management
  • mgmt ip address
  • ip default-gateway

• Configure and verify DHCP (IOS Router)
  • Configuring router interfaces to use DHCP
  • DHCP options (Basic overview and functionality)
  • Excluded addresses
  • Lease time

• Configure and verify NAT for given network requirements

IPv4 Addressing Plan

You are to to design an IPv4 addressing scheme that satisfies the following criteria:

• All IPv4 addresses in rednectar.net are to be RFC 1918 Private IP addresses, apart from interface S0/0 on router R2 which is determined by the Service Provider’s IP address assignment (it will have to be part of the 192.0.2.184/29
  range). Note: The IPv4 addresses 192.168.0.1 and 192.168.0.2 are to be allocated to loopback addresses (see below)
• The Users VLAN is to be allocated enough addresses to cater for 150 users.  The subnet mask used is to be the minimum size to cater for 150 users.
• The Guest VLAN is to be allocated enough addresses to cater for 10 guests.  The subnet mask used is to be the minimum size to cater for 10 guests.
• The Servers VLAN is to be allocated enough addresses to cater for 20 servers.  The subnet mask used is to be the minimum size to cater for 20 servers.
• You are to determine appropriate address allocations for any remaining subnets required to complete the addressing scheme.

IPv4 Address Assignment

• Users VLAN
  • The first 10 IPv4 addresses of the Users VLAN subnet are to be reserved (see the DHCP requirements below).
  • Router R1 is to be assigned the first reserved address
  • The Management Interface of SW1 is to be assigned the second reserved address
  • PC1, PC2 and PC3 are to be assigned their IPv4 addresses via DHCP. (See VPCS Tips below)
• Guest VLAN
  • Router R1 is to be assigned the first IPv4 address
  • PC4 and PC5 are to be assigned their IPv4 addresses via DHCP. (See VPCS Tips below)
• Servers VLAN
  • Router R1 is to be assigned the first IPv4 address
  • Server6 and Server7 are use static IPv4 addresses.  (See VPCS Tips below)

• Router R1
  • Assign the IPv4 address of 192.168.0.1/32 to the loopback0 interface
  • Other addresses as per your designed addressing scheme
• Router R2
  • Assign the IPv4 address of 192.168.0.2/32 to the loopback0 interface
  • Determine the correct IPv4 address for interface S0/0 as shown in the diagram. (It will have to be part of the 192.0.2.184/29 range)
  • Other addresses as per your designed addressing scheme
• SW1
  • The Management Interface of SW1 is to be assigned the second reserved address of the Users VLAN range.
  • The IPv4 address for SW1 is to be assigned to the Users VLAN interface.
  • Determine and configure the default gateway requirements

DHCP

Router R2 is to be configured to assign DHCP addresses to hosts on the Users VLAN and the Guest VLAN.

• Users VLAN:
  • The first 10 IP addresses are to be reserved
  • Hosts in the Users VLAN are to be given the default lease time,
  • All devices are to be given the minimum options required to gain Internet connectivity to http://www.example.com and to have names such as r2 resolved to r2.rednectar.net
• Guest VLAN:
  • The first IP addresses is to be reserved for router R1
  • Hosts in the Guest VLAN are to be given a lease time of 15 minutes.
  • All devices are to be given the minimum options required to gain Internet connectivity to http://www.example.com and to have names such as r2 resolved to r2.rednectar.net

Network Address Translation

Router R2 is to be configured to do Network Address Translation based on the following criteria:

• Users VLAN:
  • Create a pool of two unused IPv4 addresses from the range 192.0.2.184/29
  • Hosts in the Users VLAN are to be assigned one of these addresses when accessing the Internet.  Remember that the pool of IPv4 addresses has to cater for 150 potential users
• Guest VLAN:
  • Hosts in the Guest VLAN are to have their IPv4 addresses translated to the IPv4 address of R2’s s0/0 interface.
• Servers VLAN:
  • Create a static NAT for Server6 to an unused IPv4 address from the range 192.0.2.184/29
  • Other servers the Servers VLAN are to have their IPv4 addresses translated to the IPv4 address of R2’s s0/0 interface.

IPv4 Routing:

ICND1 Objectives:

• Configure and verify OSPF
  • Configure OSPv2 in a single area
  • Router ID
  • Passive Interface in a single area

Routers R1 and R2 are to be configured to use the OSPF routing protocol.

Make sure:

• All IPv4 addresses are advertised within rednectar.net’s routed network.
• No OSPF information is transmitted to the ServiceProvider’s network
• R1 is to use a Router ID of 192.168.0.1
• R2 is to use a Router ID of 192.168.0.2
• R2 must advertise a default IPv4 route to R1

Security

Covering ICND1 Objectives:

• Configure and verify ACLs in a network environment
• Configure and verify utilizing the CLI to set basic switch and router configuration
  • Hostname
  • Local user and password
  • Enable secret password
  • Console and VTY logins
  • exec-timeout
  • Service password encryption
  • banner
  • MOTD
  • copy run start
•   Configure and verify network device security features
  • Device password security
  • Enable secret vs enable
  • Transport
    • Disable telnet
    • SSH
• Configure and verify switch port security
  • Shutdown unused ports
  • Assign unused ports to an unused VLAN

You are to implement rednectar.net’s security policy which states:

• Unused switch ports are to be placed in an unused VLAN and shutdown
• Devices on the Guest VLAN must not be able to access the devices on the Servers VLAN or the Users VLAN
• Devices on the Guest VLAN are only permitted icmp, http, https smtp and pop access to the Internet
• Devices on the Users VLAN are only permitted icmp, udp, ftp, smtp, pop http and https access to the Internet
• Devices on the Servers VLAN have no restrictions.
• Devices on the Users VLAN have full permission to the Servers VLAN
• External devices must only be able to access icmp, udp and tcp ports smtp and 8081 on Server6

• All devices in the network are to have hostnames – specifically the devices are to be named SW1, R1 and R2
• All devices are to have a user called admin with a password of rednectar
• All devices are to have an enable password of  nectar
• The enable password must have strong encryption
• Telnet console access is to be disabled; only ssh access is permitted
• Anyone accessing the console via the console port, or by using ssh is to be forced to login using the admin account.
• Anyone accessing the console via the aux port should NOT be forced to login using the admin account, but instead use the password cisco
• All passwords are to appear encrypted in the running configuration.
• SSH access is to be enabled on all devices
• When logging in to any device (telnet, console or aux), all users are to see the following message:

*********************************************
This device is the property of rednectar.net.
All unauthorised access is prohibited.
*********************************************

• After successfully logging in, users are to be reminded of the company security policy by seeing the following message:

*********************************************
Your login has been successful.  Do not leave
this console session unattended.
*********************************************

• Console, telnet and ssh sessions are to timeout after 15 minutes.
• Console connections via the Aux port are not to timeout
• Configurations must be saved before leaving the console session.

IPv6 Addressing:

Covering ICND1 Objectives:

• Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment
• Describe the technological requirements for running IPv6 in conjunction with IPv4
  • Dual stack
• Describe IPv6 addresses
  • EUI 64
  • Auto-configuration

IPv6 Addressing Plan

You are to to design an IPv6 addressing scheme that satisfies the following criteria:

• The address range 2001:db8:beef::/48 has been allocated for IPv6 addresses.
• The 2001:db8:beef:1::/64 has been allocated to the link between R2 and the Service Provider
• You are to design an IPv6 addressing scheme to satisfy the requirements a completely dual-stacked network in rednectar.net’s domain.

IPv6 Address Assignment

• Users VLAN
  • Router R1 is to use an EUI-64 IPv6 address
  • PC1 and PC2 are to be assigned their IPv6 addresses via SLAAC
• Guest VLAN
  • Router R1 is to use an EUI-64 IPv6 address
  • PC3 and PC4 are to be assigned their IPv6 addresses via SLAAC
• Servers VLAN
  • Router R1 is to be assigned a static IPv6 address of your choice.
  • Server5 and Server6 are to be assigned their IPv6 addresses via SLAAC

• Router R1
  • Interface Fa0/0 is to be obtain its IPv6 address and default route via SLAAC
  • There is no requirement for an IPv6 address on any loopback interface
  • Other addresses as per above
• Router R2
  • Interface Fa0/0 is to be assigned a static IPv6 address of your choice.
  • There is no requirement for an IPv6 address on any loopback interface
  • Determine an appropriate IPv6 address for interface S0/0 as shown in the diagram. (It will have to be part of the 2001:db8:beef:1::/64 range)
• SW1
  • There is no requirement to configure IPv6 on SW1

IPv6 Routing:

Covering ICND1 Objectives:

• Configure and verify OSPF
  • Configure OSPv3 in a single area
  • Router ID
  • Passive Interface in a single area

Routers R1 and R2 are to be configured to use the OSPFv3 routing protocol.

Make sure:

• All IPv6 addresses are advertised within rednectar.net’s routed network.
• No OSPFv3 information is transmitted to the ServiceProvider’s network
• No devices on the Users, Guest or Servers VLAN should see OSPFv3 Hellos.
• R1 is to use a Router ID of 192.168.0.1
• R2 is to use a Router ID of 192.168.0.2
• R1 must learn its default IPv6 route via autoconfig on interface fa0/0
• R2 must be configured with a static default-route

VPCS Tips

Use the following VPCS commands to assign the IPv4 address, the IP domain and DNS addresses to the VPCS:

VPCS[1] ip dhcp
VPCS[1] 2
VPCS[2] ip dhcp
VPCS[2] 3
VPCS[3] ip dhcp
VPCS[3] 4
VPCS[4] ip dhcp
VPCS[4] 5
VPCS[5] ip dhcp
VPCS[5] 6
VPCS[6] ip <IP address>/<mask length> <gateway>
VPCS[6] ip dns 192.0.2.192
VPCS[6] ip domain rednectar.net
VPCS[6] 7
VPCS[7] ip <IP address>/<mask length> <gateway>
VPCS[7] ip dns 192.0.2.192
VPCS[7] ip domain rednectar.net

All devices (VPCS 1 – 7) must be able to get ping replies when the command:

ping www.example.com

is issued.

All devices (VPCS 1 – 7) should be able to browse to http://www.example.com

(Test this my issuing the following command)

ping http://www.example.com -P 6 -p 80

To test external connectivity INTO rednectar.net’s network, use ping commands from VPC 9 (the http://www.example.com server) to rednectar.net’s public IP addresses.

When you have finished, you can partially test your configuration by loading the check-answer.vpc script file from the Virtual PC Simulator using the command:

load check-answer.vpc

[Click Tools | VPCS to access the Virtual PC Simulator]

To test your configuration thoroughly, use the link to the ICND1 Readiness Test Testing Walk Through as a guide.

—————————————

Want to help others find this post? The more people who share the post and give it a 5 star rating, the easier it becomes to find on Google!