CCNP ENCOR v8 Hands On Skills Exam Answers

CCNP ENCOR v8 Hands On Skills Exam Answers

ENCOR Skills Assessment

Topology

CCNP ENCOR v8 Hands On Skills Exam Answers 2

Addressing Table

Device Interface IPv4 Address IPv6 Address IPv6 Link-Local
R1 G0/0/0 209.165.200.225/27 2001:db8:200::1/64 fe80::1:1
G0/0/1 10.0.10.1/24 2001:db8:100:1010::1/64 fe80::1:2
S0/1/0 10.0.13.1/24 2001:db8:100:1013::1/64 fe80::1:3
R2 G0/0/0 209.165.200.226/27 2001:db8:200::2/64 fe80::2:1
Loopback0 2.2.2.2/32 2001:db8:2222::1/128 fe80::2:3
R3 G0/0/1 10.0.11.1/24 2001:db8:100:1011::1/64 fe80::3:2
S0/1/0 10.0.13.3/24 2001:db8:100:1013::3/64 fe80::3:3
D1 G1/0/11 10.0.10.2/24 2001:db8:100:1010::2/64 fe80::d1:1
VLAN 100 10.0.100.1/24 2001:db8:100:100::1/64 fe80::d1:2
VLAN 101 10.0.101.1/24 2001:db8:100:101::1/64 fe80::d1:3
VLAN 102 10.0.102.1/24 2001:db8:100:102::1/64 fe80::d1:4
D2 G1/0/11 10.0.11.2/24 2001:db8:100:1011::2/64 fe80::d2:1
VLAN 100 10.0.100.2/24 2001:db8:100:100::2/64 fe80::d2:2
VLAN 101 10.0.101.2/24 2001:db8:100:101::2/64 fe80::d2:3
VLAN 102 10.0.102.2/24 2001:db8:100:102::2/64 fe80::d2:4
A1 VLAN 100 10.0.100.3/23 2001:db8:100:100::3/64 fe80::a1:1
PC1 NIC 10.0.100.5/24 2001:db8:100:100::5/64 EUI-64
PC2 NIC DHCP SLAAC EUI-64
PC3 NIC DHCP SLAAC EUI-64
PC4 NIC 10.0.100.6/24 2001:db8:100:100::6/64 EUI-64

Objectives

  • Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
  • Part 2: Configure the Layer 2 Network and Host Support
  • Part 3: Configure Routing Protocols
  • Part 4: Configure First-Hop Redundancy
  • Part 5: Configure Security
  • Part 6: Configure Network Management Features
  • Part 7: Cleanup

Instructions

Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing

In Part 1, you will set up the network topology and configure basic settings and interface addressing.

Step 1: Cable the network as shown in the topology.

Attach the devices as shown in the topology diagram, and cable as necessary.

Step 2: Configure basic settings for each device.

a. Console into each device, enter global configuration mode, and apply the basic settings. The startup configurations for each device are provided below.
Router R1

hostname R1
ipv6 unicast-routing
no ip domain lookup
banner motd # R1, ENCOR Skills Assessment, Scenario 1 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
interface g0/0/0
 ip address 209.165.200.225 255.255.255.224
 ipv6 address fe80::1:1 link-local
 ipv6 address 2001:db8:200::1/64
 no shutdown
 exit
interface g0/0/1
 ip address 10.0.10.1 255.255.255.0
 ipv6 address fe80::1:2 link-local
 ipv6 address 2001:db8:100:1010::1/64
 no shutdown
 exit
interface s0/1/0
 ip address 10.0.13.1 255.255.255.0
 ipv6 address fe80::1:3 link-local
 ipv6 address 2001:db8:100:1013::1/64
 no shutdown
 exit

Router R2

hostname R2
ipv6 unicast-routing
no ip domain lookup
banner motd # R2, ENCOR Skills Assessment, Scenario 1 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
interface g0/0/0
 ip address 209.165.200.226 255.255.255.224
 ipv6 address fe80::2:1 link-local
 ipv6 address 2001:db8:200::2/64
 no shutdown
 exit
interface Loopback 0
 ip address 2.2.2.2 255.255.255.255
 ipv6 address fe80::2:3 link-local
 ipv6 address 2001:db8:2222::1/128
 no shutdown
 exit

Router R3

hostname R3
ipv6 unicast-routing
no ip domain lookup
banner motd # R3, ENCOR Skills Assessment, Scenario 1 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
interface g0/0/1
 ip address 10.0.11.1 255.255.255.0
 ipv6 address fe80::3:2 link-local
 ipv6 address 2001:db8:100:1011::1/64
 no shutdown
 exit
interface s0/1/0
 ip address 10.0.13.3 255.255.255.0
 ipv6 address fe80::3:3 link-local
 ipv6 address 2001:db8:100:1010::2/64
 no shutdown
 exit

Switch D1

hostname D1
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D1, ENCOR Skills Assessment, Scenario 1 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
vlan 100
 name Management
 exit
vlan 101
 name UserGroupA
 exit
vlan 102
 name UserGroupB
 exit
vlan 999
 name NATIVE
 exit
interface g1/0/11
 no switchport
 ip address 10.0.10.2 255.255.255.0
 ipv6 address fe80::d1:1 link-local
 ipv6 address 2001:db8:100:1010::2/64
 no shutdown
 exit
interface vlan 100
 ip address 10.0.100.1 255.255.255.0
 ipv6 address fe80::d1:2 link-local
 ipv6 address 2001:db8:100:100::1/64
 no shutdown
 exit
interface vlan 101
 ip address 10.0.101.1 255.255.255.0
 ipv6 address fe80::d1:3 link-local
 ipv6 address 2001:db8:100:101::1/64
 no shutdown
 exit
interface vlan 102
 ip address 10.0.102.1 255.255.255.0
 ipv6 address fe80::d1:4 link-local
 ipv6 address 2001:db8:100:102::1/64
 no shutdown
 exit
ip dhcp excluded-address 10.0.101.1 10.0.101.109
ip dhcp excluded-address 10.0.101.141 10.0.101.254
ip dhcp excluded-address 10.0.102.1 10.0.102.109
ip dhcp excluded-address 10.0.102.141 10.0.102.254
ip dhcp pool VLAN-101
 network 10.0.101.0 255.255.255.0
 default-router 10.0.101.254
 exit
ip dhcp pool VLAN-102
 network 10.0.102.0 255.255.255.0
 default-router 10.0.102.254
 exit
interface range g1/0/1-10, g1/0/12-24, g1/1/1-4
 shutdown
 exit

Switch D2

hostname D2
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D2, ENCOR Skills Assessment, Scenario 1 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
vlan 100
 name Management
 exit
vlan 101
 name UserGroupA
 exit
vlan 102
 name UserGroupB
 exit 
vlan 999
 name NATIVE
 exit
interface g1/0/11
 no switchport
 ip address 10.0.11.2 255.255.255.0
 ipv6 address fe80::d1:1 link-local
 ipv6 address 2001:db8:100:1011::2/64
 no shutdown
 exit
interface vlan 100
 ip address 10.0.100.2 255.255.255.0
 ipv6 address fe80::d2:2 link-local
 ipv6 address 2001:db8:100:100::2/64
 no shutdown
 exit
interface vlan 101
 ip address 10.0.101.2 255.255.255.0
 ipv6 address fe80::d2:3 link-local
 ipv6 address 2001:db8:100:101::2/64
 no shutdown
 exit
interface vlan 102
 ip address 10.0.102.2 255.255.255.0
 ipv6 address fe80::d2:4 link-local
 ipv6 address 2001:db8:100:102::2/64
 no shutdown
 exit
ip dhcp excluded-address 10.0.101.1 10.0.101.209
ip dhcp excluded-address 10.0.101.241 10.0.101.254
ip dhcp excluded-address 10.0.102.1 10.0.102.209
ip dhcp excluded-address 10.0.102.241 10.0.102.254
ip dhcp pool VLAN-101
 network 10.0.101.0 255.255.255.0
 default-router 10.0.101.254
 exit
ip dhcp pool VLAN-102
 network 10.0.102.0 255.255.255.0
 default-router 10.0.102.254
 exit
interface range g1/0/1-10, g1/0/12-24, g1/1/1-4
 shutdown
 exit

Switch A1

hostname A1
no ip domain lookup
banner motd # A1, ENCOR Skills Assessment, Scenario 1 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
vlan 100
 name Management
 exit
vlan 101
 name UserGroupA
 exit
vlan 102
 name UserGroupB
 exit
vlan 999
 name NATIVE
 exit
interface vlan 100
 ip address 10.0.100.3 255.255.255.0
 ipv6 address fe80::a1:1 link-local
 ipv6 address 2001:db8:100:100::3/64
 no shutdown
 exit
interface range f0/5-22
 shutdown
 exit

b. Save the running configuration to startup-config on all devices.
c. Configure PC 1 and PC 4 host addressing as shown in the addressing table. Assign a default gateway address of 10.0.100.254 which will be the HSRP virtual IP address used in Part 4.

Part 2: Configure the Layer 2 Network and Host Support

In this part of the Skills Assessment, you will complete the Layer 2 network configuration and set up basic host support. At the end of this part, all the switches should be able to communicate. PC2 and PC3 should receive addressing from DHCP and SLAAC.

Your configuration tasks are as follows:

Task# Task Specification Points
2.1 Onall switches, configure IEEE 802.1Q trunk interfaces on interconnectingswitch links Enable 802.1Q trunk links between:

  • D1 and D2
  • D1 and A1
  • D2 and A1
6
2.2 On all switches, change the nativeVLAN on trunk links. Use VLAN 999 as the native VLAN. 6
2.3 On all switches, enable theRapid Spanning-Tree Protocol. Use Rapid Spanning Tree. 3
2.4 On D1 and D2, configure the appropriate RSTP root bridges based on the information in the topology diagram.
D1 and D2 must provide backup in case of root bridge failure.
Configure D1 and D2 as root forthe appropriate VLANs with mutually supporting priorities in case of switchfailure. 2
2.5 On all switches, create LACP EtherChannels as shown in thetopology diagram. Use the following channel numbers:

  • D1 to D2 – Port channel 12
  • D1 to A1 – Port channel 1
  • D2 to A1 – Port channel 2
3
2.6 On all switches, configure host accessports connecting to PC1, PC2, PC3, and PC4. Configure access ports with appropriate VLAN settings as shown in the topology diagram.
Host ports should transition immediately to forwarding state.
4
2.7 Verify IPv4 DHCP services. PC2 and PC3 are DHCP clients and should be receiving valid IPv4 addresses. 1
2.8 Verify local LAN connectivity. PC1 should successfully ping:

  • D1: 10.0.100.1
  • D2: 10.0.100.2
  • PC4: 10.0.100.6

PC2 should successfully ping:

  • D1: 10.0.102.1
  • D2: 10.0.102.2

PC3 should successfully ping:

  • D1: 10.0.101.1
  • D2: 10.0.101.2

PC4 should successfully ping:

  • D1: 10.0.100.1
  • D2: 10.0.100.2
  • PC1: 10.0.100.5
1

Part 3: Configure Routing Protocols

In this part, you will configure IPv4 and IPv6 routing protocols. At the end of this part, the network should be fully converged. IPv4 and IPv6 pings to the Loopback 0 interface from D1 and D2 should be successful.

Note: Pings from the hosts will not be successful because their default gateways are pointing to the HSRP address which will be enabled in Part 4.

Your configuration tasks are as follows:

Task# Task Specification Points
3.1 On the “Company Network” (i.e.,R1, R3, D1, and D2), configure single-area OSPFv2 in area 0. Use OSPF Process ID 4 and assign the following router-IDs:

  • R1: 0.0.4.1
  • R3: 0.0.4.3
  • D1: 0.0.4.131
  • D2: 0.0.4.132

On R1, R3, D1, and D2, advertise all directly connected networks / VLANs in Area 0.

  • On R1, do not advertise the R1 – R2 network.
  • On R1, propagate a default route. Note that the default route will be provided by BGP.

Disable OSPFv2 advertisements on:

  • D1: All interfaces except G1/0/11
  • D2: All interfaces except G1/0/11
8
3.2 On the “Company Network” (i.e.,R1, R3, D1, and D2), configure classic single-area OSPFv3 in area 0. Use OSPF Process ID 6 and assign the following router-IDs:

  • R1: 0.0.6.1
  • R3: 0.0.6.3
  • D1: 0.0.6.131
  • D2: 0.0.6.132

On R1, R3, D1, and D2, advertise all directly connected networks / VLANs in Area 0.

  • On R1, do not advertise the R1 – R2 network.
  • On R1, propagate a default route. Note that the default route will be provided by BGP.

Disable OSPFv3 advertisements on:

  • D1: All interfaces except G1/0/11
  • D2: All interfaces except G1/0/11
8
3.3 On R2 in the “ISP Network”, configureMP-BGP. Configure two default static routes via interface Loopback 0:

  • An IPv4 default static route.
  • An IPv6 default static route.

Configure R2 in BGP ASN 500 and use the router-id 2.2.2.2.

Configure and enable an IPv4 and IPv6 neighbor relationship with R1 in ASN 300.

In IPv4 address family, advertise:

  • The Loopback 0 IPv4 network (/32).
  • The default route (0.0.0.0/0).

In IPv6 address family, advertise:

  • The Loopback 0 IPv4 network (/128).
  • The default route (::/0).
4
3.4 On R1 in the “ISP Network”,configure MP-BGP. Configure two static summary routes to interface Null 0:

  • A summary IPv4 route for 10.0.0.0/8.
  • A summary IPv6 route for 2001:db8:100::/48.

Configure R1 in BGP ASN 300 and use the router-id 1.1.1.1.
Configure an IPv4 and IPv6 neighbor relationship with R2 in ASN 500.
In IPv4 address family:

  • Disable the IPv6 neighbor relationship.
  • Enable the IPv4 neighbor relationship.
  • Advertise the 10.0.0.0/8 network.

In IPv6 address family:

  • Disable the IPv4 neighbor relationship.
  • Enable the IPv6 neighbor relationship.
  • Advertise the 2001:db8:100::/48 network.
4

Part 4: Configure First Hop Redundancy

In this part, you will configure HSRP version 2 to provide first-hop redundancy for hosts in the “Company Network”.

Your configuration tasks are as follows:

Task# Task Specification Points
4.1 On D1, create IP SLAs that test the reachability of R1interface G0/0/1. Create two IP SLAs.

  • Use SLA number 4 for IPv4.
  • Use SLA number 6 for IPv6.

The IP SLAs will test availability of R1 G0/0/1 interface every 5 seconds.
Schedule the SLA for immediate implementation with no end time.
Create an IP SLA object for IP SLA 4 and one for IP SLA 6.

  • Use track number 4 for IP SLA 4.
  • Use track number 6 for IP SLA 6.

The tracked objects should notify D1 if the IP SLA state changes from down to up after 10 seconds, or from up to down after 15 seconds.

2
4.2 On D2, create IP SLAs that testthe reachability of R3 interface G0/0/1. Create two IP SLAs.

  • Use SLA number 4 for IPv4.
  • Use SLA number 6 for IPv6.

The IP SLAs will test availability of R3 G0/0/1 interface every 5 seconds.
Schedule the SLA for immediate implementation with no end time.
Create an IP SLA object for IP SLA 4 and one for IP SLA 6.

  • Use track number 4 for IP SLA 4.
  • Use track number 6 for IP SLA 6.

The tracked objects should notify D1 if the IP SLA state changes from down to up after 10 seconds, or from up to down after 15 seconds.

2
4.3 On D1, configure HSRPv2. D1 is the primary router for VLANs 100 and 102; therefore, their priority will also be changed to 150.
Configure HSRP version 2.
Configure IPv4 HSRP group 104 for VLAN 100:

  • Assign the virtual IP address 10.0.100.254.
  • Set the group priority to 150.
  • Enable preemption.
  • Track object 4 and decrement by 60.

Configure IPv4 HSRP group 114 for VLAN 101:

  • Assign the virtual IP address 10.0.101.254.
  • Enable preemption.
  • Track object 4 to decrement by 60.

Configure IPv4 HSRP group 124 for VLAN 102:

  • Assign the virtual IP address 10.0.102.254.
  • Set the group priority to 150.
  • Enable preemption.
  • Track object 4 to decrement by 60.

Configure IPv6 HSRP group 106 for VLAN 100:

  • Assign the virtual IP address using ipv6 autoconfig.
  • Set the group priority to 150.
  • Enable preemption.
  • Track object 6 and decrement by 60.

Configure IPv6 HSRP group 116 for VLAN 101:

  • Assign the virtual IP address using ipv6 autoconfig.
  • Enable preemption.
  • Track object 6 and decrement by 60.

Configure IPv6 HSRP group 126 for VLAN 102:

  • Assign the virtual IP address using ipv6 autoconfig.
  • Set the group priority to 150.
  • Enable preemption.
  • Track object 6 and decrement by 60.
8
On D2, configure HSRPv2. D2 is the primary router for VLAN 101; therefore, the priority will also be changed to 150.
Configure HSRP version 2.
Configure IPv4 HSRP group 104 for VLAN 100:

  • Assign the virtual IP address 10.0.100.254.
  • Enable preemption.
  • Track object 4 and decrement by 60.

Configure IPv4 HSRP group 114 for VLAN 101:

  • Assign the virtual IP address 10.0.101.254.
  • Set the group priority to 150.
  • Enable preemption.
  • Track object 4 to decrement by 60.

Configure IPv4 HSRP group 124 for VLAN 102:

  • Assign the virtual IP address 10.0.102.254.
  • Enable preemption.
  • Track object 4 to decrement by 60.

Configure IPv6 HSRP group 106 for VLAN 100:

  • Assign the virtual IP address using ipv6 autoconfig.
  • Enable preemption.
  • Track object 6 and decrement by 60.

Configure IPv6 HSRP group 116 for VLAN 101:

  • Assign the virtual IP address using ipv6 autoconfig.
  • Set the group priority to 150.
  • Enable preemption.
  • Track object 6 and decrement by 60.

Configure IPv6 HSRP group 126 for VLAN 102:

  • Assign the virtual IP address using ipv6 autoconfig.
  • Enable preemption.
  • Track object 6 and decrement by 60.

Part 5: Security

In this part you will configure various security mechanisms on the devices in the topology.

Your configuration tasks are as follows:

Task# Task Specification Points
5.1 On all devices, secure privileged EXEC using the SCRYPTencryption algorithm. Password: cisco12345cisco 3
5.2 On all devices, create a localuser and secure it using the SCRYPT encryption algorithm. SCRYPT encrypted account specifics:

  • Local user name: sadmin
  • Privilege level 15
  • Password: cisco12345cisco
3
5.3 On all devices (except R2), enableAAA. Enable AAA. 2
5.4 On all devices (except R2),configure the RADIUS server specifics. RADIUS server specifics:

  • RADIUS server IP address is 10.0.100.6.
  • RADIUS server UDP ports 1812 and 1813.
  • Password: $trongPass
2
5.5 On all devices (except R2),configure the AAA authenticationmethod list. AAA authentication specifics:

  • Use the default method list
  • Validate against the RADIUS server group
  • Otherwise, use the local database.
2
5.6 Verify the AAA service on alldevices (except R2). Log out and log in to all devices (except R2) using the username raduser and the password upass123.
You should be successful.
2

Part 6: Configure Network Management Features

In this part, you will configure various network management features.

Your configuration tasks are as follows:

Task# Task Specification Points
6.1 On all devices, set the local clock to the current UTC time. Setthe local clock to the current UTC time. 3
6.2 Configure R2 as an NTP master. Configure R2 as an NTP master at stratum level 3. 1
6.3 Configure NTP on R1, R3, D1, D2,and A1. Configure NTP as follows:

  • R1 must synchronize with R2.
  • R3, D1, and A1 to synchronize time with R1.
  • D2 to synchronize time with R3.
5
6.4 Configure Syslog on all devicesexcept R2. Syslogs should be sent to PC1 at 10.0.100.5 at the WARNING level. 5
6.5 Configure SNMPv2c on all devicesexcept R2. SNMPv2 specifics:

  • Only Read-Only SNMP will be used.
  • Limit SNMP access to PC1’s IP address.
  • Configure the SNMP contact value to your name.
  • Set the community string to ENCORSA.
  • On R3, D1, and D2, enable traps config and ospf to be sent.
  • On R1, enable traps bgp, config, and ospf to be sent.
  • On A1, enable traps config to be sent.
10

Related Articles

guest
1 Comment
Inline Feedbacks
View all comments
Johny
Johny
2 months ago

Hi, will there be a practical test?