A.2.2 Network Pro Domain 2: Configuration

You work as the IT administrator for a small corporate network. You need to configure the workstation in the executive office so it can connect to the local network and the internet. The workstation has two network interface cards (named Ethernet and Ethernet 2). Having two network cards allows the workstation to connect to the local network (as shown in the exhibits) and another small network, which is not yet built.

In this lab, your task is to complete the following:

- For both network cards, configure the IP version 4 TCP/IP settings using the settings specified the table below.
- From the Exec computer, ping the preferred DNS server assigned to the Ethernet NIC to verify that it can communicate successfully.

Click the card to flip 👆

1. Access the properties for the NIC named Ethernet.
a. Right-click Start and then select Settings.
b. Select Network & Internet.
c. From the right pane, select Change adapter options.
d. Right-click Ethernet and then select Properties.

2. Configure the IP version 4 TCP/IP settings for the Ethernet NIC.
a. Select Internet Protocol Version 4 (TCP/IPv4).
b. Select Properties.
c. Make sure Use the following IP address is selected.
This lets you manually configure the IP address and default gateway.
d. Configure the Internet Protocol information as follows:
- IP address: 192.168.0.254
- Subnet mask: 255.255.255.0
- Default gateway: 192.168.0.5
-Preferred DNS server: 163.128.78.93 or 163.128.80.93
e. Select OK.
f. Select Close.

3. Configure the IP version 4 TCP/IP settings for the Ethernet 2 NIC.
a. From the Network Connections window, right-click Ethernet 2 and then select Properties.
b. Select Internet Protocol Version 4 (TCP/IPv4).
c. Select Properties.
d. Make sure Use the following IP address is selected.
e. Configure the Internet Protocol information as follows:
- IP address: 10.0.255.254
- Subnet mask: 255.255.0.0
- Default gateway: None
- Preferred DNS server: None
f. Select OK.
g. Select Close.

4. Ping the preferred DNS server assigned to the Ethernet NIC.
a. Right-click Start and select Windows PowerShell.
b. From the PowerShell prompt, type ping default_preferred_DNS_Server_address and then press Enter.

Click the card to flip 👆

1 / 17

Terms in this set (17)

You work as the IT administrator for a small corporate network. The receptionist in your office has a laptop that runs Windows 10. He took it home and configured a static connection to his home network. When he returned to the office, he could no longer connect to the office network, which uses a DHCP server for IP address configuration. You need to configure the laptop to work on both networks (home and office).

In this lab, your task is to configure the TCP/IPv4 properties for the Wi-Fi interface as follows:

- Verify the current state of the wireless network.
> Answer the question.

- Configure the interface to obtain its:
> IP address automatically.
> DNS server address automatically.

- Configure the alternate TCP/IP information using the following information:
> IP address: 172.16.0.12
> Subnet mask: 255.255.0.0
> Default gateway: 172.16.255.254
> Preferred DNS server: 198.60.22.2

1. Determine the current state of the wireless network.
a. From the Notification area, select the wireless Network icon to view the current state of the wireless network.
b. From the top right, select Answer Questions.
c. Answer the question.

2. Access the Wi-Fi properties dialog.
a. Right-click Start and then select Settings.
b. Select Network & Internet.
c. From the right pane, select Change adapter options.
d. Right-click Wi-Fi and select Properties.

3. Configure the TCP/IPv4 properties to obtain IP and DNS information automatically.
a. Select Internet Protocol Version 4 (TCP/IPv4).
b. Select Properties.
c. Select Obtain IP address automatically.
d. Select Obtain DNS server address automatically.

4. Configure the alternate TCP/IP settings.
a. Select the Alternate Configuration tab to define an alternate configuration for TCP/IP addressing.
b. Select User configured to configure alternate IP settings.
c. Configure the properties as follows:
- IP Address: 172.16.0.12
- Subnet Mask: 255.255.0.0
- Default Gateway: 172.16.255.254
- Preferred DNS Server: 198.60.22.2
d. Select OK.
e. Select Close.

5. Determine the current state of the wireless network.
a. Select the wireless Network icon in the Notification area and notice that it is now currently connected to the network.
b. From the top right, select Answer Questions.
c. Select Score Lab.

n this lab, you will discover important facts about network communications by using the ping, ipconfig, and tracert command utilities.

Complete this lab as follows:
1. Right-click Start and then select Windows PowerShell (Admin).
2. At the PowerShell prompt, type ping 192.168.0.30 and press Enter to ping Office1.
-Does the test succeed?
3. Type ping 199.92.0.33 and press Enter to ping Support.
-Why does this test fail?
4. Type ping 192.168.0.5 and press Enter to ping the router's internal interface.
-Does the test succeed?
5. Type ipconfig and press Enter to view the IP settings.
- What is the default gateway?
6. Type ping 163.128.78.93 and press Enter to ping the ISP.
- Why does this test fail?
7. Trace the path between Exec and the internet router's interface as follows:
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Exec.
c. Right-click Start and then select Windows PowerShell (Admin).
d. At the PowerShell prompt, type tracert 198.28.56.1 and press Enter.Which addresses appear in the path between Exec and the internet router?
d. Type tracert 163.128.78.93 and press Enter to trace the path to one of the ISP's DNS servers.
- How does this path differ from the path you discovered in the previous step?

1. Use the ping and ipconfig commands to troubleshoot network issues.
a. Right-click Start and then select Windows PowerShell (Admin).
b. At the PowerShell prompt, type ping 192.168.0.30 and press Enter to ping Office1.You can successfully ping the IP address of Office1 from ITAdmin.
c. Type ping 199.92.0.33 and press Enter to ping Support. You can't ping Support from ITAdmin. Notice that the IP address for Support is on a different network (network 199.92.0.0 instead of network 192.168.0.0). Devices on the same local network must have IP addresses in the same network range. If you want to communicate with Support, you will need to change the IP address assigned to Support.
d. Type ping 192.168.0.5 and press Enter to ping the router's internal interface. You can successfully ping the router's internal interface from ITAdmin because ITAdmin and the router's address (192.168.0.5) are on the same network.
e. Type ipconfig and then press Enter to view the IP settings. Notice that there is no default gateway assigned.
f. Type ping 163.128.78.93 and press Enter to ping the external DNS Server. ITAdmin and the ISP are on a different network (network 192.168.0.0 and 163.128.78.0, respectively). Because ITAdmin does not have a default gateway set, it can't communicate with devices on other networks.

2. Use the tracert command to see how network packets are forwarded.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Exec.
c. Right-click Start and then select Windows PowerShell (Admin).
d. At the PowerShell prompt, type tracert 198.28.56.1 and press Enter. When you communicate with devices on other networks, the packets go to the default gateway first (the router between the two networks). The packets are sent to the router interface on the same network as the sending host and then to the next hop in the path. In this case, there are two IP addresses listed in the tracert output, but only one router (hop) between Exec and the internet router. The last address in the tracert output is the internet router.
e. Enter tracert 163.128.78.93 and press Enter to trace the path to one of the ISP's DNS servers. When you trace the path between Exec and the ISP's DNS server, the path has additional hops. The first lines in the tracert output are the routers (hops) between Exec and the DNS server. The last address in the tracert output is the DNS server.

You are the IT administrator for a small corporate network. The company has obtained the registered, globally unique IPv6 /48 network address 2620:14F0:45EA. You need to configure your server with this address so you can begin testing IPv6 in your internal network. This is your first network, so you will use a subnet address of 0001. Your network router is not configured for IPv6 yet, so you must manually configure the address for now. To simplify the configuration, use the server's IPv4 address to create the interface ID.

In this lab, your task is to:

· Configure the external vEthernet network adapter with the following IPv6 address:
o Prefix: 2620:14F0:45EA:0001
o Interface ID: 192:168:0:10
o Subnet prefix length: 64

· Use ipconfig to verify the information.

1. Access the Network Connections window.
a. Right-click Start and then select Settings.
b. Select Network & Internet.
c. From the right pane, select Change adapter options.

2. Configure the external vEthernet network adapter.
a. Right-click the vEthernet (external) adapter and select Properties.
b. Select Internet Protocol Version 6 (TCP/IPv6).
c. Select Properties.
d. Select Use the following IPv6 address and configure the settings as follows:
- IPv6 address: 2620:14F0:45EA:0001:192:168:0:10
- Subnet prefix length: 64
e. Select OK.
f. Select Close.

3. Verify the IPv6 address.
a. Right-click Start and select Windows PowerShell (Admin) to verify the address configuration.
b. At the prompt, type ipconfig /all and press Enter view the IPv6 Address.

You are the IT administrator for a small corporate network. One of your assignments is to manage several computers in the demilitarized zone (DMZ), or screened subnet. However, your computer resides on the LAN network. To manage these machines remotely, you have decided to configure your pfSense device to allow several remote control protocols to pass through the pfSense device using NAT port forwarding.

In this lab, your task is to:
· Access the pfSense management console:
o Username: admin
o Password: P@ssw0rd (zero)

· Allow the RDP/TCP Protocols from the LAN network to the administrator's PC located in the DMZ using the following guidelines:
o IP address for the administrator's PC: 172.16.1.100
o Description: RDP from LAN to Admin

· Allow the SSH Protocol through the pfSense device to the Kali Linux server using the following guidelines:
o IP address for the Linux Kali server: 172.16.1.6
o Description: SSH from LAN to Kali

· Allow the RDP/TCP Protocols from the LAN network to the web server located in the DMZ using the following guidelines:
o Destination and redirect port: Port 5151
o IP address for the web server: 172.16.1.5
o Description: RDP from LAN to web server using custom port

1. Sign in to the pfSense management console.
a. In the Username field, enter admin.
b. In the Password field, enter P@ssw0rd (zero).
c. Select SIGN IN or press Enter.

2. Configure NAT port forwarding for the administrator's PC.
a. From the pfSense menu bar, select Firewall > NAT.
b. Select Add (either one).
c. Configure or verify the following settings:
- Interface: LAN
- Protocol: TCP
- Destination type: LAN address
- Destination port range (From and To): MS RDP
- Redirect target IP: 172.16.1.100
- Redirect target port: MS RDP
- Description: RDP from LAN to Admin
d. Select Save.

3. Configure NAT port forwarding for the Kali Linux server.
a. Select Add (either one).
b. Configure or verify the following settings:
- Interface: LAN
- Protocol: TCP
- Destination type: LAN address
- Destination port range (From and To): SSH
- Redirect target IP: 172.16.1.6
- Redirect target port: SSH
- Description: SSH from LAN to Kali
c. Select Save.

4. Configure NAT port forwarding for the web server.
a. Select Add (either one).
b. Configure or verify the following settings:
- Interface: LAN
- Protocol: TCP
- Destination type: LAN address
- Destination port range (From and To): Other
- Custom (From and To) 5151
- Redirect target IP: 172.16.1.5
- Redirect target port: MS RDP
- Description: RDP from LAN to web server using custom port
c. Select Save.
d. Select Apply Changes.

You are working on a home office network. Recently, you added a cable modem to the network so the computer named Home-PC could connect to the internet. You also added the computer named Home-PC2 to your network, but your networking configuration only allows Home-PC to connect to the internet. To save on cost, you want to add a hub to the network so that both computers can communicate with each other and connect to the internet. The computers do not need to have guaranteed bandwidth for their network connections.

In this lab, your task is to:
· Connect the Home-PC and the Home-PC2 using the hub on the Shelf.
o Place the hub in the workspace.
o Connect Home-PC to the hub.
o Reconnect the cables as necessary between the Home-PC and the cable modem.
o Use the AC to DC power adapter to provide power to the hub.
o Connect Home-PC2 to the hub.

Confirm that both computers are properly connected to the network and internet.

1. Place the hub in the workspace.
a. Under Shelf, expand Networking Devices.
b. Drag Hub, 1000BaseTX Ethernet1 to the workspace.

2. Connect the Home-PC computer to the hub.
a. Above the hub, select Back to switch to the back view of the hub.
b. Above Home-PC computer, select Back to switch to the back view of the Home-PC computer.
c. Select the Cat5e cable connected to the motherboard's NIC and drag the connector to an Ethernet port on the hub.
d. Under Shelf, expand Cables.
e. Select Cat5e Cable, RJ45.
f. In the Selected Component pane:
- Drag an RJ45 Connector to the Ethernet port on the back of Home-PC.
- Drag the other RJ45 Connector to an Ethernet port on the hub.

3. Provide power to the hub.
a. Under Shelf, select Power Adapter, AC to DC.
b. In the Selected Component pane:
- Drag the DC Power Connector to the port on the hub.
- Drag the AC power adapter to an empty outlet on the wall or surge protector.

4. Confirm that Home-PC is properly connected to the network and internet.
a. On Home-PC, select Click to view Windows 10.
b. Right-click Start and then select Settings.
c. The diagram should indicate an active connection to the home network and the internet.

5. Connect the Home-PC2 computer to the hub.
a. From the top left, select Bench.
b. Above the Home-PC2 computer, select Back to switch to the back view of the Home-PC2.
c. From the Shelf, select Cat5e Cable,RJ45.
d. In the Selected Component pane:
- Drag an RJ45 Connector to the Ethernet port on the back of Home-PC2.
- Drag the other RJ45 Connector to an Ethernet port on the hub.
Confirm that Home-PC2 is properly connected to the network and internet.
a. On Home-PC2, select Click to view Windows 10.
b. Right-click Start and then select Settings.
c. Select Network & Internet.
d. The diagram should indicate an active connection to the home network and the internet.

You are in the process of configuring the Branch1 switch.
In this lab, your task is to:

· Find the IP address assigned to the FastEthernet0/0 interface on router SFO.
o Use the show cdp neighbors detail command.
o Answer the question.

· Configure the switch with the following parameters:
o Interface: vlan1
o IP address: 192.168.11.250
o Subnet mask: 255.255.255.0

· Configure the switch to use the FastEthernet0/0 interface on the SFO router as the default gateway.
· Save your changes to the startup-config file.

1. Find the IP address assigned to the FastEthernet0/0 interface on the SFO router.
a. Select the Branch1 switch.
b. From the Terminal, press Enter to get started.
c. Type enable and press Enter to change to the EXEC or Global Configuration mode.
d. Type show cdp neighbors detail and press Enter.
e. Find the IP address for the SFO router.
f. From the top right, select Answer Questions.
g. Answer the question.
h. Move the question dialog to the side and keep working.

2. Configure the IP address and subnet mask for the Branch1 switch.
a. At the Branch1# prompt, type config t and press Enter.
b. At the Branch1(config)# prompt, type interface vlan1 and press Enter.
c. At the Branch1(config-if)# prompt, type ip address 192.168.11.250 255.255.255.0 and press Enter.
d. At the Branch1(config-if)# prompt, type exit and press Enter.

3. Configure the switch to use the FastEthernet0/0 interface on the SFO router as the default gateway.
a. At the Branch1(config)# prompt, type ip default-gateway routers_IP_address and press Enter.
b. At the Branch1(config)# prompt, type exit and press Enter.

4. Save your changes to the startup-config file.
a. At the Branch1# prompt, type copy run start and press Enter.
b. Press Enter to begin building the configuration.
c. When you see OK, press Enter.
d. From the question dialog, select Score Lab.

You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by restricting access management.
In this lab, your task is to:

· Create an access profile named MgtAccess and configure it with the following settings:

1. Create and configure an Access Profile named MgtAccess.
a. From the left pane, expand and select Security > Mgmt Access Method > Access Profiles.
b. Select Add.
c. Enter the Access Profile Name of MgtAccess.
d. Enter the Rule Priority of 1.
e. For Action, select Deny.
f. Select Apply and then select Close.

2. Add a profile rule to the MgtAccess profile.
a. From the left pane, under Security > Mgmt Access Method, select Profile Rules.
b. From the right pane, select the MgtAccess profile and then select Add.
c. Enter a Rule Priority of 2.
d. For Management Method, select HTTP.
e. For Applies to Source IP Address, select User Defined.
f. For IP Address, enter 192.168.0.10.
g. For Mask, enter a Network Mask of 255.255.255.0.
h. Select Apply and then select Close.

3. Set the MgtAccess profile as the active access profile.
a. From the left pane, under Security > Mgmt Access Method, select Access Profiles.
b. Use the Active Access Profile drop-down list to select MgtAccess.
c. Select Apply.
d. Select OK.

4. Save the changes to the switch's startup configuration file.
a. At the top, select Save.
b. For Source File Name, make sure Running configuration is selected.
c. For Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.

You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by creating an access control list. You have been asked to prevent video game consoles from connecting to the switch.

In this lab, your task is to:
· Create a MAC-based ACL named GameConsoles.
· Configure the GameConsoles MAC-based access control entry (ACE) settings as follows:

1. Create the GameConsoles ACL.
a. From the Getting Started page, under Quick Access, select Create MAC-Based ACL.
b. Select Add.
c. In the ACL Name field, enter GameConsoles.
d. Select Apply and then select Close.

2. Create a MAC-based access control.
a. Select MAC-Based ACE Table.
b. Select Add.
c. Enter the priority.
d. Select the action.
e. For Destination MAC Address, make sure Any is selected.
f. For Source MAC Address, select User Defined.
g. Enter the source MAC address value.
h. Enter the source MAC address mask.
i. Select Apply.
j. Repeat steps 2c-2i for the remaining ACE entries.
k. Select Close.

3. Bind the GameConsoles ACL to all of the interfaces.
a. From the left pane, under Access Control, select ACL Binding (Port).
b. Select GE1.
c. At the bottom of the window, select Edit.
d. Select Select MAC-Based ACL.
e. Select Apply and then select Close.
f. Select Copy Settings.
g. In the Copy configuration's to field, enter 2-30.
h. Select Apply.

4. Save the Configuration.
a. From the top of the window, select Save.
b. Under Source File Name, make sure Running configuration is selected.
c. Under Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.

As a network administrator, you need to mirror (copy) all network traffic received on a particular port on your switch so you can analyze the traffic using your intrusion detection system (IDS) for any abnormalities.

In this lab, your task is to complete the following:
· From Google Chrome, access the switch console as follows:
o Site: 192.168.0.2
o Username: cisco (case-sensitive)
o Password: cisco (case-sensitive)

· Assign port GE26 to VLAN 1.

· Mirror the received traffic from port GE28 to port GE26.

· Save the changes to the switch's startup configuration file.

1. Log in to the Cisco switch.
a. Maximize the Google Chrome window for better viewing.
b. In the Username and Password fields, enter cisco (case-sensitive).
c. Select Log In.

2. Assign port GE26 to VLAN 1.
a. From the left pane, expand and select VLAN Management > Port VLAN Membership.
b. Select GE26 and then select Join VLAN.
c. From the left pane, under Select VLAN, select 1 (for VLAN 1).
d. Select > to move VLAN 1 from the available pane to the attached VLAN pane.
e. Select Apply and then select Close.

3. Mirror the received traffic from port GE28 to port GE26.
a. From the left pane, expand and select Administration > Diagnostics > Port and VLAN Mirroring.
b. Select Add.
c. For the Destination Port, use the drop-down list to select GE26.
d. For the Source Interface, use the drop-down list to select GE28.
e. For the Type, make sure that Rx only is selected. This allows you to only mirror the incoming packets.
f. Select Apply and then select Close.

4. Save the changes to the switch's startup configuration file.
a. From the upper right of the switch window, select Save.
b. For the Source File Name, make sure Running configuration is selected.
c. For the Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
f. Select Done.

As a network administrator, you have just implemented a SAN storage device on your network, and you would now like to enable your switch to handle jumbo frames. In this lab, your task is to complete the following: · From Google Chrome, access the switch console as follows: o Site: 192.168.0.2 o Username: cisco o Password: cisco (case sensitive) · Enable Jumbo Frames. · Save the configuration changes made to the switch. · Reboot the Cisco switch. · Log in to the Cisco switch and check statistics for any errors. · Answer the questions.1. Log in to the CISCO switch. a. Maximize the Google Chrome window for better viewing. b. In the Username and Password fields, enter cisco (the password is case sensitive). c. Select Log In. 2. Enable Jumbo Frames. a. From the left pane, expand and select Port Management > Port Settings. b. For Jumbo Frames, select Enable. c. Select Apply. 3. Save the changes to the switch's startup configuration file. a. From the upper right of the switch window, select Save. b. For Source File Name, make sure Running configuration is selected. c. For Destination File Name, make sure Startup configuration is selected. d. Select Apply. e. Select OK. f. Select Done. 4. Reboot the switch. a. From the left pane, under Administration, select Reboot. b. Select Reboot to reboot the switch immediately. c. Select OK. 5. Log in to the Cisco switch and check switch statistics for any errors. a. In the Username and Password fields, enter cisco (the password is case sensitive). b. Select Log In. c. From the left pane, expand and select Status and Statistics > RMON > Statistics. d. For Interface, use the drop-down list to select GE28. e. Review the statistics for Undersize, Oversize, Jabbers, and Collisions. f. From the top right, select Answer Questions. g. Answer the questions. h. Select Score Lab.As a network administrator, you have decided to implement port aggregation and combine multiple ports on your switch to increase throughput and provide redundancy with automatic fail-over and fail-back. In this lab, your task is to complete the following: · From Google Chrome, access the switch console using the following: o Site: 192.168.0.2 o Username: cisco (case-sensitive) o Password: cisco (case-sensitive) · Create a new Link Aggregation Group (LAG1) named windows_server. o Enable the Link Aggregation Control Protocol (LACP). o Assign ports GE1 and GE2 as LAG members. · Configure LAG1 to the VLAN mode of access. · Join LAG1 to VLAN13. · Verify the status of the new LAG1 group. o Answer the questions. · Save the changes to the switch's startup configuration file.1. Create a new Link Aggregation Group (LAG1). a. From the left pane, expand and select Port Management > Link Aggregation > LAG Management. b. From the right pane, select LAG 1 and then select Edit. c. In the LAG Name field, type windows_server. d. Select LACP to enable the Link Aggregation Control Protocol (LACP). e. Under Port List, press and hold the Shift key; then select GE1 and GE2. f. Select > to add the ports to the LAG Members pane. g. Select Apply. h. Select Close. 2. Configure LAG1 to the VLAN mode of access. a. From the left pane, expand and select VLAN Management > Interface Settings. b. Using the Filter: Interface Type equals to drop-down menu, select LAG and then select Go. c. Select LAG1 and then select Edit. d. For Interface VLAN Mode, select Access. e. Select Apply. f. Select Close. 3. Join LAG1 to VLAN13. a. From the left pane, expand and select VLAN Management > Port VLAN Membership. b. Using the Filter: Interface Type equals to drop-down menu, select LAG and then select Go. c. Select LAG1 and then select Join VLAN. d. Under Select VLAN, from the right pane, select 1U and then select < to remove VLAN1. e. From the left pane, select VLAN13; then select > to add the VLAN to the selected VLANs pane. f. Select Apply. g. Select Close. 4. Verify the status of the new LAG1 group. a. From the left navigation bar, expand and select Port Management > Link Aggregation > LAG Management. b. From the top right, select Answer Questions. c. Answer the questions.This connection is now ready to use LACP. d. Minimize the Lab Questions window. 5. Save the changes to the switch's startup configuration file. a. From the upper right of the switch window, select Save. b. For Source File Name, make sure Running configuration is selected. c. For Destination File Name, make sure Startup configuration is selected. d. Select Apply. e. Select OK. f. Select Done. g. From the top right, select Answer Questions. h. Select Score Lab.You are the IT administrator for a small corporate network. Several employees have complained of slow internet bandwidth. You have discovered that the user stations on the guest Wi-Fi network are consuming much of your company's bandwidth. You have decided to use pfSense's Traffic Shaper wizard to create the various rules needed to better control the bandwidth usage and to fine-tune the priority for the type of traffic used on your guest Wi-Fi network. Your network has one LAN and one WAN. In this lab, your task is to complete the following: · Access the pfSense management console: o Username: admin o Password: P@ssw0rd (zero) · Create a firewall alias using the following specifications: o Name: HighBW o Description: High bandwidth users o Assign the IP addresses of the high-bandwidth users to the alias: § Vera's IP address: 172.14.1.25 § Paul's IP address: 172.14.1.100 · The Shaper must be configured for the GuestWi-Fi interface using: o An upload bandwidth of 8 Mbits. o A download bandwidth of 50 Mbits. · Allow your voice over IP traffic to have priority with: o An upload bandwidth of 10 Mbits. o A download bandwidth of 20 Mbits. · To limit the user stations most likely to hog bandwidth, use the alias created earlier to penalize the offending stations to 3% of the bandwidth. · Give a higher priority to the following services and protocols: o MSRDP o VNC o PPTP o IPSEC · Change the port number used on the floating rule created for MSRDP as follows: o Interface: GuestWi-Fi o Destination Port Range: 3391 · Answer the question.1. Sign in to the pfSense management console. a. In the Username field, enter admin. b. In the Password field, enter P@ssw0rd (0 = zero). c. Select SIGN IN or press Enter. 2. Create a high bandwidth usage alias. a. From the pfSense menu bar, select Firewall > Aliases. b. Select Add. c. Configure the Properties as follows: § Name: HighBW § Description: High bandwidth users § Type: Host(s) d. Add the IP addresses of the offending computers to the host(s) configuration as follows: § Under Host(s), in the IP or FQDN field, enter 172.14.1.25 for Vera's system. § Select Add Host. § In the new IP or FQDN field, enter 172.14.1.100 for Paul's system. e. Select Save. f. Select Apply Changes. 3. Start the Traffic Shaper wizard for dedicated links. a. From the pfSense menu bar, select Firewall > Traffic Shaper. b. Under the Firewall bread crumb, select Wizards. c. Select traffic_shaper_wizard_dedicated.xml. d. Under Traffic Shaper wizard, in the Enter number of WAN type connections field, enter 1 and then select Next. 4. Configure the Traffic Shaper. a. Make sure you are on Step 1 of 8. b. Using the drop-down menu for the upper Local interface, select GuestWi-Fi. c. Using the drop-down menu for lower Local interface, make sure PRIQ is selected. d. For the upper Upload field, enter 8. e. Using the drop-down menu for the lower Upload field, select Mbit/s. f. For the top Download field, enter 50. g. Using the drop-down menu for the lower Download field, select Mbit/s. h. Select Next. 5. Prioritize voice over IP traffic. a. Make sure you are on Step 2 of 8. b. Under Voice over IP, select Enable to prioritize the voice over IP traffic. c. Under Connection #1 parameters, in the Upload rate field, enter 10. d. Using the drop-down menu for the top Units, select Mbit/s. e. For the Download rate, enter 20. f. Using the drop-down menu for the bottom Units, select Mbit/s. g. Select Next. 6. Enable and configure a penalty box. a. Make sure you are on Step 3 of 8. b. Under Penalty Box, select Enable to enable the penalize IP or alias option. c. In the Address field, enter HighBW. This is the alias created earlier. d. For Bandwidth, enter 3. e. Select Next. 7. Continue to step 6 of 8. a. For Step 4 of 8, scroll to the bottom and select Next. b. For Step 5 of 8, scroll to the bottom and select Next. 8. Raise and lower the applicable application's priority. a. Make sure you are on Step 6 of 8. b. Under Raise or lower other Applications, select Enable to enable other networking protocols. c. Under Remote Service / Terminal emulation, use the: § MSRDP drop-down menu to select Higher priority. § VNC drop-down menu to select Higher priority. d. Under VPN: § Use the PPTP drop-down menu to select Higher priority. § Use the IPSEC drop-down menu to select Higher priority. e. Scroll to the bottom and select Next. f. For step 7 of 8, select Finish.Wait for the reload status to indicate that the rules have been created (look for Done). 9. View the floating rules created for the firewall. a. Select Firewall > Rules. b. Under the Firewall breadcrumb, select Floating. c. From the top right, select Answer Questions. d. Answer the question and then minimize the question dialog. 10. Change the port number used for the MSRDP outbound rule. a. For the m_Other MSRDP outbound rule, select the edit icon (pencil). b. Under Edit Firewall Rule, in the Interface field, select GuestWi-Fi. c. Under Destination, use the Destination Port Range drop-down menu to select Other. d. In both Custom fields, enter 3391. e. Select Save. f. Select Apply Changes. g. From the top right, select Answer Questions. h. Select Score Lab.In this lab, you explore different methods of troubleshooting network communication problems caused by a loss of power in the Networking Closet. Your troubleshooting steps include using the ping command, viewing the link and network activity lights on the switches and servers, and changing power sources. Select Exhibits to view the network diagram. The following IP addresses are used in this lab:1. Locate the three servers in the rack. a. Notice that under Networking Closet there are three servers listed: § CorpData § CorpiSCSI § CorpServer b. Under Networking Closet, select Hardware to view the hardware in this room. c. Scroll right to view all of the monitors.Notice that each is connected to a server (see the name on the monitor) and is currently running. d. Click on each server in the rack.Notice the name of the server is shown in the Selected Component pane. e. From the top right, select Answer Questions. f. Answer Question 1. g. Minimize the Lab Questions dialog. 2. From the Networking Closet, disconnect both power plugs from the wall outlet and view the results. a. Drag the two AC Power connectors from the wall outlet to the Workspace. b. From the top right, select Answer Questions. c. Answer Question 2. d. Minimize the Lab Questions dialog. 3. Find the power source for the CorpServer and its monitor. a. Above the CorpServer monitor, select Back. b. Above the rack, select Back. c. Select the power cable on the back of the monitor.Notice where the other end is plugged in. d. Select the power cable on the back of CorpServer.Notice where the other end is plugged in. e. From the top right, select Answer Questions. f. Answer Question 3. g. Minimize the Lab Questions dialog. 4. From CorpServer, ping Office1 and the CorpNet router's internal interface. a. Above the CorpServer monitor, select Front. b. On the CorpServer monitor, select Click to view Windows Server 2019. c. Right-click Start; then select Windows PowerShell (Admin). d. From PowerShell, ping the following devices: § Type ping 192.168.0.30 (Office1) and press Enter. § Type ping 198.28.56.1 (CorpNet Router's internal interface) and press Enter. e. From the top right, select Answer Questions. f. Answer Question 4. g. Minimize the Lab Questions dialog. h. From the taskbar, select the network icon.Notice that CorpServer has no connection to the internet. 5. From the Networking Closet, move the male power connector for the switch from the non-critical load bank section to the critical load bank section. a. From the top left, select Networking Closet. b. Move the AC Power Connector (Male), connected to the switch and UPS, from the UPS non-critical load bank (on the left) to the critical load bank (on the right). 6. From the Networking Closet, switch to the Front view of the rack and observe any changes caused by moving the plug. a. Above the rack, select Front. b. View the link and network activity lights.The switch is now receiving power from the UPS battery. There are network activity lights on the switch including ports 23 and 24. The router and wireless access point are on because they are plugged into the critical load bank on the UPS. c. Notice that power has not been restored to the CorpData monitor. 7. From CorpServer, test network connectivity. a. On the CorpServer monitor, select Click to view Windows Server 2019. b. From PowerShell, ping the following devices: § Type ping 192.168.0.30 (Office1) and then press Enter. § Type ping 198.28.56.1 (CorpNet Router's internal interface) and then press Enter. § Type ping 163.128.80.93 (DNS) and then press Enter. c. From the top right, select Answer Questions. d. Answer Question 5. e. Minimize the Lab Questions dialog. 8. From the Networking Closet, reconnect the AC power cord from the UPS back to the wall outlet. a. From the top left, select Networking Closet. b. Under Partial Connections, select the UPS. c. From the Selected Component pane, drag the AC Power Connector (Male) connector to the wall plate. d. Select the small UPS. e. From the Selected Component pane, drag the AC Power Connector (Male) connector to the wall plate.With these servers now receiving power from the wall plate, they can now be accessed. f. Select the power button on the CorpData monitor. g. Select the power button on the CorpData server. h. From the top left, select Networking Closet. i. Select the power button on the CorpiSCSI server to turn it on. j. From the top left, select Networking Closet. k. From the top right, select Answer Questions. l. Select Score Lab.You are a network technician for a small corporate network. You need to enable BYOD Guest Access Services on your network for guests and employees that have mobile phones, tablets, and personal computers. In this lab, your task is to perform the following: · Open the Ruckus ZoneDirector using Google Chrome. o URL: http://192.168.0.6 o Admin Name: WirelessAdmin o Password: Adminsonly! · Set up Guest Access Services using the following parameters: o Name: Guest_BYOD o Authentication: Use guest pass authentication. o The guest should be presented with your terms of use statement and then allowed to go to the URL they were trying to access. o Verify that 192.168.0.0/16 is on the list of restricted subnets. · Create a guest WLAN using the following parameters: o Network Name: Guest o ESSID: Guest_BYOD o Type: Guest Access o Authentication: Open o Encryption Method: None o Guest Access Service: Guest_BYOD o Isolate guest wireless clients from other clients on the access point. · Open a new Google Chrome browser window and request a guest pass using the BYODAdmin user as follows: o URL: 192.168.0.6/guestpass o Username: BYODAdmin o Password: @dmin1s o Use any full name in the Full Name field. o Make a note of or copy and paste the key shown in the Key field. · Use the key from the guest pass request to authenticate to the wireless LAN Guest_BYOD from the Gst-Lap laptop computer in the Lobby.1. Open the Ruckus ZoneDirector. a. In the Google Chrome URL field, enter 192.168.0.6 and press Enter. b. Maximize Google Chrome. c. Log in using the following information: § Admin Name: WirelessAdmin (case sensitive). § Password: Adminsonly! (case sensitive). d. Select Login. 2. Set up Guest Access Services. a. Select the Configure tab. b. From the left menu, select Guest Access. c. Under Guest Access Service, select Create New. d. In the Name field, use Guest_BYOD. e. For Authentication, make sure Use guest pass authentication is selected. f. For Terms of Use, select Show terms of use. g. For Redirection, make sure Redirect to the URL that the user intends to visit is selected. h. Expand Restricted Subnet Access. i. Verify that 192.168.0.0/16 is listed. j. Select OK. 3. Create a guest WLAN. a. From the left menu, select WLANs. b. Under WLANs, select Create New. c. In the Name field, use Guest. d. In the ESSID field, use Guest_BYOD. e. For Type, select Guest Access. f. Confirm the following settings are set: § Authentication Options: Open § Encryption Options: None § Guest Access Service: Guest_BYOD g. For Wireless Client Isolation, select Isolate wireless client traffic from other clients on the same AP. h. Select OK. i. Close the Google Chrome browser. 4. Request a guest password. a. Open a new Google Chrome browser window. b. Maximize the window for better viewing. c. In the URL field, enter 192.168.0.6/guestpass and press Enter. d. Log in using the following information: § Admin Name: BYODAdmin (case sensitive). § Password: @dmin1s (case sensitive). e. Select Log In. f. In the Full Name field, enter any full name. g. In the Key field, highlight the key and press Ctrl + C to copy the key. h. Select Next. 5. Access the wireless Guest Access service from the guest laptop in the lobby. a. From the top left, select Floor 1. b. Under Lobby, select Gst-Lap. c. In the Notification area, select the wireless network icon. d. Select Guest_BYOD. e. Select Connect. f. Select Yes.The browser opens to the Guest Access login page. g. In the Guest Pass field, press Ctrl + V to paste the key copied from the Key field. h. Select Log In.As a network administrator, you are setting up a new switch, and you need to configure trunking. You need to secure access to your switch, which is still configured with the default settings. In this lab, your task is to complete the following: · From Google Chrome, access the switch console using the following: o Site: 192.168.0.2 o Username: cisco o Password: cisco · Examine the default settings of all your ports. o Answer Question 1. · Set ports GE1 - GE26 to Access Mode. · Set ports GE27 and GE28 to a port VLAN ID (PVID) of 2. · Add VLANs 22, 44, and 67 to ports GE27 and GE28. · Save the changes to the switch's startup configuration file.1. Log in to the CISCO switch. a. From the taskbar, select Google Chrome. b. In the URL field, enter 192.168.0.2 and press Enter. c. Maximize the window for better viewing. d. In the Username and Password fields, enter cisco (the password is case sensitive). e. Select Log In. 2. Examine the switch port defaults. a. From the left navigation bar, expand and select VLAN Management > Interface Settings. b. Using the interface shown in the right pane, examine the settings for all ports. c. From the upper right, select Answer Questions. d. Answer Question 1. e. Minimize the Lab Questions dialog. 3. Set ports GE1 through GE26 to Access Mode. a. From the Interface Settings pane, select GE1. b. Select Edit. c. Maximize the window for better viewing. d. For Interface VLAN Mode, select Access. e. Select Apply and then select Close. f. With GE1 still selected, click Copy Settings. g. In the to field, type 2-26 and then select Apply.Notice that under the Interface VLAN Mode column, ports GE1-GE26 are now set to Access. 4. Set the port VLAN ID (PVID) for ports GE27-GE28 to the value of 2. a. Select the desired port and then select Edit. b. For the Administrative PVID, enter 2. c. Select Apply and then Close. d. Repeat steps 4a - 4c for the second port. 5. Add VLANs 22, 44, and 67 to ports GE27 and GE28. a. From the left pane, under VLAN Management, select Port VLAN Membership. b. Select port GE27 and then select Join VLAN. c. From the new window, hold down the Shift key and select VLANs 22, 44, and 67; then select the > button to assign the VLANs. d. Select Apply and then select Close. e. Repeat steps 5b - 5d for port GE28. 6. Save the changes to the switch's startup configuration file. a. From the top of the switch window, select Save. b. For Source File Name, make sure Running configuration is selected. c. For Destination File Name, make sure Startup configuration is selected. d. Select Apply. e. Select OK. f. Select Done. 7. Score the lab. a. From the upper right, select Answer Questions. b. Select Score Lab.You are a network technician for a small corporate network. You would like to use NTP to synchronize time on you network. You are currently logged in as the root user. On the CorpData server, your task is to: · Use the dnf package manager to install the NTP service. · Use the systemctl utility to verify that the NTP service is running. · Answer Question 1. · Find the IP address of the NTP server. · Answer Question 2. On the Exec computer, your task is to: · Add the NTP server as a time source using the following command:w32tm /config /manualpeerlist:[servers_ip_address],0x8 /syncfromflags:MANUAL /update · Verify that the Exec computer is using the NTP server for time synchronization using the following command:w32tm /query /status1. Install the NTP service on the CorpData server. a. Under Networking Closet, select CorpData. b. In the console, type dnf install ntp and then press Enter to begin the installation process. c. Type y and press Enter to install the NTP package. 2. Verify that the NTP service is running. a. Type systemctl status ntp and press Enter. b. From the top left, select Answer Questions. c. Answer Question 1. 3. Find the NTP server's IP address. a. Type ip addr show | more to view the NTP server's IP address. b. Answer Question 2. 4. Add the NTP server as a time source for the Exec computer. a. From the top left, select Floor1. b. Under Executive Office, select Exec. c. Right-click Start and select Windows PowerShell (Admin). d. Configure Exec to use the NTP server with the following command:w32tm /config /manualpeerlist:192.168.0.24,0x8 /syncfromflags:MANUAL /update 5. Verify that the Exec computer is using the NTP server for time synchronization. a. In the console, type w32tm /query /status and then press Enter. b. Select Score Lab.

A.2.2 Network Pro Domain 2: Configuration

Other sets by this creator

Verified questions

Other Quizlet sets