Franske ITC-2536 Assignments: Difference between revisions
BenFranske (talk | contribs) |
BenFranske (talk | contribs) |
||
(29 intermediate revisions by the same user not shown) | |||
Line 15: | Line 15: | ||
# PT 5.4.12 - Configure Extended IPv4 ACLs - Scenario 1 (7 points) | # PT 5.4.12 - Configure Extended IPv4 ACLs - Scenario 1 (7 points) | ||
# PT 5.4.13 - Configure Extended IPv4 ACLs - Scenario 2 (7 points) | # PT 5.4.13 - Configure Extended IPv4 ACLs - Scenario 2 (7 points) | ||
#* NOTE: This activity is not correctly linked from the Cisco Networking Academy curriculum (it is another copy of the PT 5.1.9 activity). You can download a copy of the correct activity from the course page on the Networking Academy site in the Modules 3-5 section. | |||
# PT 5.5.1 - IPv4 ACL Implementation Challenge (7 points) | # PT 5.5.1 - IPv4 ACL Implementation Challenge (7 points) | ||
# PT 6.4.5 - Configure Static NAT (7 points) | # PT 6.4.5 - Configure Static NAT (7 points) | ||
# PT 6.5.6 - Configure Dynamic NAT (7 points) | # PT 6.5.6 - Configure Dynamic NAT (7 points) | ||
# PT 6.6.7 - Configure PAT (7 points) | # PT 6.6.7 - Configure PAT (7 points) | ||
# PT 6.8.1 - Configure NAT for IPv4 (7 points) | # PT 6.8.1 - Configure NAT for IPv4 (7 points) | ||
# PT 10.3.4 - Configure and Verify NTP (7 points) | # PT 10.3.4 - Configure and Verify NTP (7 points) | ||
# PT 10.6.10 - Back Up Configuration Files (7 points) | # PT 10.6.10 - Back Up Configuration Files (7 points) | ||
# PT 10.7.6 - Use a TFTP Server to Upgrade a Cisco IOS Image (7 points) | # PT 10.7.6 - Use a TFTP Server to Upgrade a Cisco IOS Image (7 points) | ||
# PT 10.8.1 - Configure CDP, LLDP, and NTP (7 points) | # PT 10.8.1 - Configure CDP, LLDP, and NTP (7 points) | ||
# PT 12.5.13 - Troubleshoot Enterprise Networks (7 points) | # PT 12.5.13 - Troubleshoot Enterprise Networks (7 points) | ||
# PT 12.6.2 - Troubleshooting Challenge - Use Documentation to Solve Issues (7 points) | # PT 12.6.2 - Troubleshooting Challenge - Use Documentation to Solve Issues (7 points) | ||
===Lab Reports=== | ===Lab Reports=== | ||
For each module having lab activities you will need to submit one [[Franske Lab Report Format|lab report]] which covers all of the lab activities listed below in the module. You do not need to submit answers to the questions in the activities, those are for your own learning use only. Lab activities may include remote equipment access, campus equipment, or packet tracer activities. If a lab activity is listed as a "lab" below it should be completed on real equipment either on campus or remotely and may not be completed in Packet Tracer. Your instructor will provide details on accessing real lab equipment. If you work with a partner on a lab you only need to submit a single lab report for the two of you but it must have both your names on it. Each lab report (one per module with activities) is worth up to 20 points. | For each module having lab activities you will need to submit one [[Franske Lab Report Format|lab report]] which covers all of the lab activities listed below in the module. You do not need to submit answers to the questions in the activities, those are for your own learning use only. Lab activities may include remote equipment access, campus equipment, or packet tracer activities. If a lab activity is listed as a "lab" below it should be completed on real equipment either on campus or remotely and may not be completed in Packet Tracer. Your instructor will provide details on accessing real lab equipment. If you work with a partner on a lab you only need to submit a single lab report for the two of you but it must have both your names on it. Each lab report (one per module with activities) is worth up to 20 points. | ||
'''Note:''' The password for CAASP Pod PCs in Netlab is: Cisco123 | |||
# Lab 2.7.2 - Single-Area OSPFv2 Configuration | # Lab 2.7.2 - Single-Area OSPFv2 Configuration | ||
# Lab 3.8.8 - Explore DNS Traffic | # Lab 3.8.8 - Explore DNS Traffic | ||
#* '''NOTE:''' This lab activity requires using Wireshark on an Internet connected PC. We don't have it setup in Netlab yet so you can do it on your home computer or a lab computer on campus. | |||
# PT 4.1.4 - ACL Demonstration | |||
# Lab 5.5.2 - Configure and Verify Extended IPv4 ACLs | # Lab 5.5.2 - Configure and Verify Extended IPv4 ACLs | ||
#* '''NOTE:''' When enabling HTTPS on newer Cisco devices you must map the HTTPS server to a trustpoint (certificate) on the router. [https://serverfault.com/questions/1051729/troubleshooting-ssl-error-no-cypher-overlap-in-firefox See this StackExchange question for details on how to do this.] | #* '''NOTE:''' When enabling HTTPS on newer Cisco devices you must map the HTTPS server to a trustpoint (certificate) on the router. [https://serverfault.com/questions/1051729/troubleshooting-ssl-error-no-cypher-overlap-in-firefox See this StackExchange question for details on how to do this.] | ||
# PT 6.2.7 - Investigate NAT Operations | |||
# Lab 6.8.2 - Configure NAT for IPv4 | # Lab 6.8.2 - Configure NAT for IPv4 | ||
# PT 7.6.1 - WAN Concepts | |||
# PT 10.1.5 - Use CDP to Map a Network | # PT 10.1.5 - Use CDP to Map a Network | ||
# PT 10.2.6 - Use LLDP to Map a Network | # PT 10.2.6 - Use LLDP to Map a Network | ||
# Lab 10.6.11 - Use Tera Term to Manage Router Configuration Files | # Lab 10.6.11 - Use Tera Term to Manage Router Configuration Files | ||
# Lab 10.6.12 - Use TFTP, Flash, and USB to Manage Configuration Files | # Lab 10.6.12 - Use TFTP, Flash, and USB to Manage Configuration Files | ||
#* '''NOTE:''' If you are working on a device with multiple IP interfaces it is sometimes required to set a default source interface which will be used by TFTP for communicating with the TFTP server. Some Cisco devices do not seem to automatically pick a correct source interface. When this happens you can end up with a situation where you can ping from the device to the TFTP server's IP address but you are unable to send or receive files over TFTP. For example, in this lab on the router we're only setting an IP on G0/0/1 so that would be the one we should set as the source interface like "ip tftp source-interface gi0/0/1" | |||
# Lab 10.6.13 - Research Password Recovery Procedures | # Lab 10.6.13 - Research Password Recovery Procedures | ||
#* After researching the recovery procedures set a hostname and enable password on a router and save the configuration. Try to reset the password on the router while keeping the hostname set the same following the procedures you have researched. | #* After researching the recovery procedures set a hostname and enable password on a router and save the configuration. Try to reset the password on the router while keeping the hostname set the same following the procedures you have researched. | ||
#* NOTE: If you are working on remote lab equipment you can do password recovery too, the process is a little different but our system does allow you to power on and off network devices as well as to send the BREAK command to devices which are the basics for router password recovery. Recovering passwords on switches can require physical access to hold down a button on the switch while powering up unless some additional configuration is done so you should not try setting an unknown password on a remotely accessed lab switch. | #* '''NOTE:''' If you are working on remote lab equipment you can do password recovery too, the process is a little different but our system does allow you to power on and off network devices as well as to send the BREAK command to devices which are the basics for router password recovery. Recovering passwords on switches can require physical access to hold down a button on the switch while powering up unless some additional configuration is done so you should not try setting an unknown password on a remotely accessed lab switch. See [https://youtu.be/BP8NXAPXLug this video showing the password recovery process on Netlab]. | ||
# Lab 10.8.2 - Configure CDP, LLDP, and NTP | # Lab 10.8.2 - Configure CDP, LLDP, and NTP | ||
#* '''NOTE:''' Some Cisco devices do not have "hardware clocks" (also known as "calendars) anymore so if you are unable to get the "ntp update-calendar" command to work in Part 4, Step 4b it may not exist on your device. | |||
# PT 11.5.1 - Compare Layer 2 and Layer 3 Devices | |||
# PT 12.6.1 - Troubleshooting Challenge - Document the Network | |||
# Lab 13.6.1 - Install Linux in a Virtual Machine and Explore the GUI | # Lab 13.6.1 - Install Linux in a Virtual Machine and Explore the GUI | ||
#* '''NOTE:''' It is suggested you complete this lab on your home computer if it has enough RAM to run the VM. However, if you need a Netlab system to install on please contact your instructor. | |||
===Homework=== | ===Homework=== | ||
Line 59: | Line 67: | ||
* Complete the Practice Final Exam (10 points for attempting) | * Complete the Practice Final Exam (10 points for attempting) | ||
* Complete the CCNA Certification Practice Exam (10 points for attempting) | * Complete the CCNA Certification Practice Exam (10 points for attempting) | ||
* | * Weekly Progress Self-Evaluation - Complete on the Netacad Website (10 points possible each week) | ||
==Unit Assessments== | ==Unit Assessments== | ||
Line 83: | Line 91: | ||
===Lab Reports=== | ===Lab Reports=== | ||
You are responsible for completing ALL of these labs. You must submit a [[Franske Lab Report Format|lab report]] about each lab you do. If you work with a partner on a lab you only need to submit a single lab report for the two of you but it must have both your names on it. Each lab is worth 20 points. This falls into the Labs/Homework category of your course grade. Labs is this course will not be able to be successfully completed in Packet Tracer, you will need to use real lab equipment either remotely or on-campus. Your instructor will provide details about accessing lab equipment. | You are responsible for completing ALL of these labs. You must submit a [[Franske Lab Report Format|lab report]] about each lab you do. If you work with a partner on a lab you only need to submit a single lab report for the two of you but it must have both your names on it. Each lab is worth 20 points. This falls into the Labs/Homework category of your course grade. Labs is this course will not be able to be successfully completed in Packet Tracer, you will need to use real lab equipment either remotely or on-campus. Your instructor will provide details about accessing lab equipment. | ||
'''Note:''' The password for CAASP Pod PCs in Netlab is: Cisco123 | |||
* Lab 2.6.1.2: Securing the Router for Administrative Access | * Lab 2.6.1.2: Securing the Router for Administrative Access | ||
** Note: The IHCC Netlab system uses Cisco 4331 routers, per the lab instructions these do not support image resilience so you will skip part 4, task 1. | |||
** Note: It is very important that you make certain that IOS Image Resilience is disabled before you leave the lab! See part 4, task 1, steps 5 & 6 for instructions. | ** Note: It is very important that you make certain that IOS Image Resilience is disabled before you leave the lab! See part 4, task 1, steps 5 & 6 for instructions. | ||
* Lab 3.6.1.1: Securing Administrative Access Using AAA and RADIUS | * Lab 3.6.1.1: Securing Administrative Access Using AAA and RADIUS | ||
** Note: The WinRadius software used in this lab can be difficult to locate online. A local copy is available on the D drive of | ** Note: The WinRadius software used in this lab can be difficult to locate online. A local copy is available on the D drive of campus lab systems in the D:\CNT Files\CCNA Security Materials folder and in the "CCNA Security Files" folder on the desktop of Netlab systems. | ||
* Lab 4.4.1.2: Configuring Zone-Based Policy Firewalls | * Lab 4.4.1.2: Configuring Zone-Based Policy Firewalls | ||
** Note: You should attempt the "Challenge" section located at the end of this lab. You must also complete the "Appendix - Multiple Interfaces under the Same Zone" section at the end of the lab. | ** Note: You should attempt the "Challenge" section located at the end of this lab. You must also complete the "Appendix - Multiple Interfaces under the Same Zone" section at the end of the lab. | ||
* Lab 6.3.1.1: Securing Layer 2 Switches | * Lab 6.3.1.1: Securing Layer 2 Switches | ||
* Lab 8.4.1.3: Configuring a Site-to-Site VPN Using Cisco IOS | * Lab 8.4.1.3: Configuring a Site-to-Site VPN Using Cisco IOS | ||
** HINT: If you have a problem configuring IPSec on a router it's possible the [[Cisco Router License Featureset Configuration|Security license is not active]]. | |||
* Lab 9.3.1.2: Configuring ASA Basic Settings and Firewall Using CLI | * Lab 9.3.1.2: Configuring ASA Basic Settings and Firewall Using CLI | ||
** Note: If you have problems connecting to the ASA with a web browser and receive errors such as a "cipher mismatch" it's likely that the 3DES/AES license has not been activated yet on your ASA. This is a free process where you can request a license key from Cisco by entering the serial number of your ASA (from the ''show version'' output which can also verify that the VPN-3DES-AES feature is not active) into a web form on the Cisco site and then entering the resulting activation key into your ASA. Instructions for doing this can be found [[Cisco ASA Documentation|on the Cisco ASA Documentation wiki page]]. | ** Note: If you have problems connecting to the ASA with a web browser and receive errors such as a "cipher mismatch" it's likely that the 3DES/AES license has not been activated yet on your ASA. This is a free process where you can request a license key from Cisco by entering the serial number of your ASA (from the ''show version'' output which can also verify that the VPN-3DES-AES feature is not active) into a web form on the Cisco site and then entering the resulting activation key into your ASA. Instructions for doing this can be found [[Cisco ASA Documentation|on the Cisco ASA Documentation wiki page]]. | ||
* Lab 10.1.4.8: Configuring ASA Basic Settings and Firewall Using ASDM | * Lab 10.1.4.8: Configuring ASA Basic Settings and Firewall Using ASDM | ||
** Note: You may need to adjust your Java security settings in order to run ASDM from the ASA's webpage. Recent versions of Java have restricted the ability to run unsigned Java applets from websites due to the possible security issues of running untrusted code from a website locally on your system. Java security settings can be found in the Java section of your system's control panel. | ** Note: You may need to adjust your Java security settings in order to run ASDM from the ASA's webpage. Recent versions of Java have restricted the ability to run unsigned Java applets from websites due to the possible security issues of running untrusted code from a website locally on your system. Java security settings can be found in the Java section of your system's control panel. | ||
** NOTE: If you have problems launching ASDM on Windows 10 check the [[Cisco ASA Documentation]] page for a fix. It also wouldn't hurt to make sure you have the latest ASA and ASDM software installed on the ASA, instructions for updating those are also on the [[Cisco ASA Documentation]] page. | |||
** NOTE: Some newer versions of the ASA software will require you set an enable password. If your ASA is forcing you to set an enable password you will log in to ASDM using no username and the enable password you set instead of just leaving the password blank as stated in the lab instructions. | |||
* Lab 10.2.1.9: Configure a Site-to-Site IPsec VPN between an ISR and an ASA | * Lab 10.2.1.9: Configure a Site-to-Site IPsec VPN between an ISR and an ASA | ||
* Lab 10.3.1.1: Configure Clientless Remote Access SSL VPNs Using ASDM | * Lab 10.3.1.1: Configure Clientless Remote Access SSL VPNs Using ASDM | ||
* Lab 10.3.1.2: Configure AnyConnect Remote Access SSL VPN Using ASDM | * Lab 10.3.1.2: Configure AnyConnect Remote Access SSL VPN Using ASDM | ||
** NOTE: The Anyconnect package may not be installed on your ASA, follow the instructions on the [[Cisco ASA Documentation]] page to install it if it's missing. | |||
* Lab 11.3.1.2: CCNA Security Comprehensive Lab | * Lab 11.3.1.2: CCNA Security Comprehensive Lab | ||
Line 112: | Line 125: | ||
* Complete the online course feedback form (5 points for completing) | * Complete the online course feedback form (5 points for completing) | ||
* Complete practice online final exam (10 points for attempting) | * Complete practice online final exam (10 points for attempting) | ||
* Meet with the instructor once per week to discuss course progress and ask questions (up to 10 points each based on progress) | * Meet with the instructor once per week to discuss course progress and ask questions (up to 10 points each based on progress) | ||
* Networking History Summary Report (15 points) | |||
*# Watch one of the videos on networking history provided by your instructor | |||
*# Write a 400-500 word summary of the information you learned in the video and why you think it may be useful to know about that history in your IT career. Submit your report through the Netacad site. | |||
==Unit Assessments== | ==Unit Assessments== | ||
Line 135: | Line 150: | ||
==Skills Final Exam== | ==Skills Final Exam== | ||
The Skills Final Exam is designed to test your ability to apply the concepts learned in this class and practiced in labs to common, real-world scenarios. | The Skills Final Exam is designed to test your ability to apply the concepts learned in this class and practiced in labs to common, real-world scenarios. Your grade in this category will be based on completing a lab equipment skills exam. You will not be able to use any resources other than those specified below on this part of the exam. | ||
* Half of your grade in this category will be based on successfully completing | |||
* Half of your grade in this category will be based on completing an in-class or remote real equipment skills exam. You will not | In this class there will be '''two parts to the skills exam in this course''': | ||
* Half of your grade in this category will be based on successfully completing the two online Packet Tracer Practice Skills Exams at home. You grade will be based on correctly completing all parts of the activity. | |||
* Half of your grade in this category will be based on completing an in-class or remote real equipment skills exam. | |||
===The Packet Tracer Practice Skills Exams=== | |||
There are two Packet Tracer Skills Assessment (PTSA) activites. You can find them in the modules section of the course on Netacad, they are labeled "CCNA Security 2.0 PT Practice SA Part 1" and Part 2. You can take each as many times as you'd like between now and the due date and spend as much time on them as you'd like. These together are half of your skills exam grade for the Network Security portion of the class. | |||
Breaking any of the following rules for the Packet Tracer Practice Skills Exam is considered cheating and could give you an unfair advantage on the exam so any evidence of them will result in a 0 on the entire skills exam (all parts): | |||
* You are NOT allowed to ask anyone else for help, or seek out any copies of any part of the exams or solution keys to the exams in any format. You may use your class materials (textbook, my lecture videos, lab activity instructions, any notes you have made) and other websites/videos which are not providing individual assistance to you or exam solutions though. | |||
* If you have any questions about something, or are wondering if something is OK, or any other issues you must send an email to your instructor about it. | |||
===The Real Equipment Skills Exam=== | |||
The Real Equipment Skills Final Exam must be completed on the IHCC Netlab system during the time period specified by your instructor. This is a timed activity which you will have no more than four hours to complete. A Netlab reservation must be made for the exam. '''You will be able to begin reserving slots in Netlab for this a few days in advance (so you can get the time you want) but you must not make a reservation with a start time for the real equipment skills exam before the date specified by your instructor''' You must not spend more than four hours working on the exam and once you start the exam you must work on it continuously, you cannot stop and then re-start the exam later. | |||
* I strongly suggest making a 1 page "cheat sheet" for yourself of the common commands needed for configuring the routers and switches as required to complete the labs in CCNA Security part of the course, this will help you if you have forgotten a particular command. | |||
* Note that assistance with issues will not be guaranteed outside of the normal work day/week so if you're concerned you may have issues during any portion of your exams you should plan to complete them during scheduled office or lab hours. | |||
Breaking any of the following rules for the real equipment skills exam is considered cheating and could give you an unfair advantage on the exam so any evidence of them will result in a 0 on the entire skills exam (all parts): | |||
* You are NOT allowed to ask anyone else for help, or seek out any copies of any part of the exams or solution keys to the exams in any format. You may use your class materials (textbook, my lecture videos, lab activity instructions, any notes you have made) and other websites/videos which are not providing individual assistance to you or exam solutions though. | |||
* You must NOT access a reservation with a date before the official start date of the exam or after the end date of the exam. | |||
* You must NOT stop the exam and come back to it. All work must be completed in a single reservation and you may not extend the reservation for a total of more than four hours. | |||
* If you have any questions about something, or are wondering if something is OK, or any other issues you must send an email to your instructor about it. | |||
If you have any questions or issues please contact me as soon as possible. Remember that I'm here to help clarify anything you find confusing if I can. It never hurts to ask for help if you're stuck or confused, the worst that will happen is that I'll tell you that I can't answer that on an exam. | |||
[[Franske ITC-2536|Return to ITC-2536 Homepage]] | [[Franske ITC-2536|Return to ITC-2536 Homepage]] |
Latest revision as of 00:54, 11 May 2022
CCNA 3 Assignments
Labs & Homework
Packet Tracer Online Submissions
Each of these activities will be submitted using the Packet Tracer ScoreUP Online Submission process. Points will be earned for each submitted activity based on correctness and completion of the activity. You will see a completion percentage for each activity in the Packet Tracer software before submitting. If you find that any of these activities do not show points or completion in Packet Tracer you should include them in the lab report for the module (see below) instead.
- PT 2.2.13 - Point-to-Point Single-Area OSPFv2 Configuration (7 points)
- PT 2.3.11 - Determine the DR and BDR (7 points)
- PT 2.4.11 - Modify Single-Area OSPFv2 (7 points)
- PT 2.5.3 - Propagate a Default Route in OSPFv2 (7 points)
- PT 2.6.6 - Verify Single-Area OSPFv2 (7 points)
- PT 2.7.1 - Single-Area OSPFv2 Configuration (7 points)
- PT 5.1.8 - Configure Numbered Standard IPv4 ACLs (7 points)
- PT 5.1.9 - Configure Named Standard IPv4 ACLs (7 points)
- PT 5.2.7 - Configure and Modify Standard IPv4 ACLs (7 points)
- PT 5.4.12 - Configure Extended IPv4 ACLs - Scenario 1 (7 points)
- PT 5.4.13 - Configure Extended IPv4 ACLs - Scenario 2 (7 points)
- NOTE: This activity is not correctly linked from the Cisco Networking Academy curriculum (it is another copy of the PT 5.1.9 activity). You can download a copy of the correct activity from the course page on the Networking Academy site in the Modules 3-5 section.
- PT 5.5.1 - IPv4 ACL Implementation Challenge (7 points)
- PT 6.4.5 - Configure Static NAT (7 points)
- PT 6.5.6 - Configure Dynamic NAT (7 points)
- PT 6.6.7 - Configure PAT (7 points)
- PT 6.8.1 - Configure NAT for IPv4 (7 points)
- PT 10.3.4 - Configure and Verify NTP (7 points)
- PT 10.6.10 - Back Up Configuration Files (7 points)
- PT 10.7.6 - Use a TFTP Server to Upgrade a Cisco IOS Image (7 points)
- PT 10.8.1 - Configure CDP, LLDP, and NTP (7 points)
- PT 12.5.13 - Troubleshoot Enterprise Networks (7 points)
- PT 12.6.2 - Troubleshooting Challenge - Use Documentation to Solve Issues (7 points)
Lab Reports
For each module having lab activities you will need to submit one lab report which covers all of the lab activities listed below in the module. You do not need to submit answers to the questions in the activities, those are for your own learning use only. Lab activities may include remote equipment access, campus equipment, or packet tracer activities. If a lab activity is listed as a "lab" below it should be completed on real equipment either on campus or remotely and may not be completed in Packet Tracer. Your instructor will provide details on accessing real lab equipment. If you work with a partner on a lab you only need to submit a single lab report for the two of you but it must have both your names on it. Each lab report (one per module with activities) is worth up to 20 points.
Note: The password for CAASP Pod PCs in Netlab is: Cisco123
- Lab 2.7.2 - Single-Area OSPFv2 Configuration
- Lab 3.8.8 - Explore DNS Traffic
- NOTE: This lab activity requires using Wireshark on an Internet connected PC. We don't have it setup in Netlab yet so you can do it on your home computer or a lab computer on campus.
- PT 4.1.4 - ACL Demonstration
- Lab 5.5.2 - Configure and Verify Extended IPv4 ACLs
- NOTE: When enabling HTTPS on newer Cisco devices you must map the HTTPS server to a trustpoint (certificate) on the router. See this StackExchange question for details on how to do this.
- PT 6.2.7 - Investigate NAT Operations
- Lab 6.8.2 - Configure NAT for IPv4
- PT 7.6.1 - WAN Concepts
- PT 10.1.5 - Use CDP to Map a Network
- PT 10.2.6 - Use LLDP to Map a Network
- Lab 10.6.11 - Use Tera Term to Manage Router Configuration Files
- Lab 10.6.12 - Use TFTP, Flash, and USB to Manage Configuration Files
- NOTE: If you are working on a device with multiple IP interfaces it is sometimes required to set a default source interface which will be used by TFTP for communicating with the TFTP server. Some Cisco devices do not seem to automatically pick a correct source interface. When this happens you can end up with a situation where you can ping from the device to the TFTP server's IP address but you are unable to send or receive files over TFTP. For example, in this lab on the router we're only setting an IP on G0/0/1 so that would be the one we should set as the source interface like "ip tftp source-interface gi0/0/1"
- Lab 10.6.13 - Research Password Recovery Procedures
- After researching the recovery procedures set a hostname and enable password on a router and save the configuration. Try to reset the password on the router while keeping the hostname set the same following the procedures you have researched.
- NOTE: If you are working on remote lab equipment you can do password recovery too, the process is a little different but our system does allow you to power on and off network devices as well as to send the BREAK command to devices which are the basics for router password recovery. Recovering passwords on switches can require physical access to hold down a button on the switch while powering up unless some additional configuration is done so you should not try setting an unknown password on a remotely accessed lab switch. See this video showing the password recovery process on Netlab.
- Lab 10.8.2 - Configure CDP, LLDP, and NTP
- NOTE: Some Cisco devices do not have "hardware clocks" (also known as "calendars) anymore so if you are unable to get the "ntp update-calendar" command to work in Part 4, Step 4b it may not exist on your device.
- PT 11.5.1 - Compare Layer 2 and Layer 3 Devices
- PT 12.6.1 - Troubleshooting Challenge - Document the Network
- Lab 13.6.1 - Install Linux in a Virtual Machine and Explore the GUI
- NOTE: It is suggested you complete this lab on your home computer if it has enough RAM to run the VM. However, if you need a Netlab system to install on please contact your instructor.
Homework
Homework activities will require submitting the actual answers to each question in the activity and may require showing your work as well. Homework assignment are individual, you and your lab partner need to both turn them in separately even if you work on them together.
- Participate in an online forum discussion (typically 3 quality posts or more) of each module on the Cisco Netacad site. See forum posting page for details. (up to 10 points each chapter based on quality)
Participation Activities
Any participation activities completed in the course will go here. This falls into the participation category of your course grade.
- Complete the online course feedback form (5 points for completing)
- Complete the Practice Final Exam (10 points for attempting)
- Complete the CCNA Certification Practice Exam (10 points for attempting)
- Weekly Progress Self-Evaluation - Complete on the Netacad Website (10 points possible each week)
Unit Assessments
You are responsible for completing all of the online unit assessments listed below. Multiple modules are included in single exams. These exams fall into the online assessments category of your course grade.
- Module 1-2 OSPF Concepts and Configuration Exam
- Module 3-5 Network Security Exam
- Module 6-8 WAN Concepts Exam
- Module 9-12 Optimize, Monitor, and Troubleshoot Networks Exam
- Module 13-14 Emerging Network Technologies Exam
Other
You are also responsible for completing these things, see the course syllabus for category and weighting information.
- Online Final Exam
- Skills Final Exam
Skills Final Exam
The Skills Final Exam is designed to test your ability to apply the concepts learned in this class and practiced in labs to common, real-world scenarios. There are two parts to this portion of your grade.
- Half of your grade in this category will be based on successfully completing all parts of the online Packet Tracer Practice Skills Exam at home. You grade will be based on correctly completing all parts of the activity. You will be able to use outside resources for this part of the exam.
- Half of your grade in this category will be based on completing an in-class or remote real equipment skills exam. You will not be able to use any resources other than those specified by your instructor on this part of the exam.
CCNA Security Assignments
Labs & Homework
Lab Reports
You are responsible for completing ALL of these labs. You must submit a lab report about each lab you do. If you work with a partner on a lab you only need to submit a single lab report for the two of you but it must have both your names on it. Each lab is worth 20 points. This falls into the Labs/Homework category of your course grade. Labs is this course will not be able to be successfully completed in Packet Tracer, you will need to use real lab equipment either remotely or on-campus. Your instructor will provide details about accessing lab equipment.
Note: The password for CAASP Pod PCs in Netlab is: Cisco123
- Lab 2.6.1.2: Securing the Router for Administrative Access
- Note: The IHCC Netlab system uses Cisco 4331 routers, per the lab instructions these do not support image resilience so you will skip part 4, task 1.
- Note: It is very important that you make certain that IOS Image Resilience is disabled before you leave the lab! See part 4, task 1, steps 5 & 6 for instructions.
- Lab 3.6.1.1: Securing Administrative Access Using AAA and RADIUS
- Note: The WinRadius software used in this lab can be difficult to locate online. A local copy is available on the D drive of campus lab systems in the D:\CNT Files\CCNA Security Materials folder and in the "CCNA Security Files" folder on the desktop of Netlab systems.
- Lab 4.4.1.2: Configuring Zone-Based Policy Firewalls
- Note: You should attempt the "Challenge" section located at the end of this lab. You must also complete the "Appendix - Multiple Interfaces under the Same Zone" section at the end of the lab.
- Lab 6.3.1.1: Securing Layer 2 Switches
- Lab 8.4.1.3: Configuring a Site-to-Site VPN Using Cisco IOS
- HINT: If you have a problem configuring IPSec on a router it's possible the Security license is not active.
- Lab 9.3.1.2: Configuring ASA Basic Settings and Firewall Using CLI
- Note: If you have problems connecting to the ASA with a web browser and receive errors such as a "cipher mismatch" it's likely that the 3DES/AES license has not been activated yet on your ASA. This is a free process where you can request a license key from Cisco by entering the serial number of your ASA (from the show version output which can also verify that the VPN-3DES-AES feature is not active) into a web form on the Cisco site and then entering the resulting activation key into your ASA. Instructions for doing this can be found on the Cisco ASA Documentation wiki page.
- Lab 10.1.4.8: Configuring ASA Basic Settings and Firewall Using ASDM
- Note: You may need to adjust your Java security settings in order to run ASDM from the ASA's webpage. Recent versions of Java have restricted the ability to run unsigned Java applets from websites due to the possible security issues of running untrusted code from a website locally on your system. Java security settings can be found in the Java section of your system's control panel.
- NOTE: If you have problems launching ASDM on Windows 10 check the Cisco ASA Documentation page for a fix. It also wouldn't hurt to make sure you have the latest ASA and ASDM software installed on the ASA, instructions for updating those are also on the Cisco ASA Documentation page.
- NOTE: Some newer versions of the ASA software will require you set an enable password. If your ASA is forcing you to set an enable password you will log in to ASDM using no username and the enable password you set instead of just leaving the password blank as stated in the lab instructions.
- Lab 10.2.1.9: Configure a Site-to-Site IPsec VPN between an ISR and an ASA
- Lab 10.3.1.1: Configure Clientless Remote Access SSL VPNs Using ASDM
- Lab 10.3.1.2: Configure AnyConnect Remote Access SSL VPN Using ASDM
- NOTE: The Anyconnect package may not be installed on your ASA, follow the instructions on the Cisco ASA Documentation page to install it if it's missing.
- Lab 11.3.1.2: CCNA Security Comprehensive Lab
Homework
Homework activities will require submitting the actual answers to each question in the activity and may require showing your work as well. Homework assignment are individual, you and your lab partner need to both turn them in separately even if you work on them together.
- Participate in an online forum discussion (typically 3 quality posts or more) of each chapter on the Cisco Netacad site. See forum posting page for details. (up to 10 points each chapter based on quality)
Participation Activities
Any participation activities completed in the course will go here. This falls into the participation category of your course grade.
- Complete the online course feedback form (5 points for completing)
- Complete practice online final exam (10 points for attempting)
- Meet with the instructor once per week to discuss course progress and ask questions (up to 10 points each based on progress)
- Networking History Summary Report (15 points)
- Watch one of the videos on networking history provided by your instructor
- Write a 400-500 word summary of the information you learned in the video and why you think it may be useful to know about that history in your IT career. Submit your report through the Netacad site.
Unit Assessments
You are responsible for completing all of the online unit assessments listed below. These fall into the online assessments category of your course grade.
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 9
- Chapter 10
- Chapter 11
Other
You are also responsible for completing these things, see the course syllabus for category and weighting information.
- Online Final Exam
- Skills Final Exam
Skills Final Exam
The Skills Final Exam is designed to test your ability to apply the concepts learned in this class and practiced in labs to common, real-world scenarios. Your grade in this category will be based on completing a lab equipment skills exam. You will not be able to use any resources other than those specified below on this part of the exam.
In this class there will be two parts to the skills exam in this course:
- Half of your grade in this category will be based on successfully completing the two online Packet Tracer Practice Skills Exams at home. You grade will be based on correctly completing all parts of the activity.
- Half of your grade in this category will be based on completing an in-class or remote real equipment skills exam.
The Packet Tracer Practice Skills Exams
There are two Packet Tracer Skills Assessment (PTSA) activites. You can find them in the modules section of the course on Netacad, they are labeled "CCNA Security 2.0 PT Practice SA Part 1" and Part 2. You can take each as many times as you'd like between now and the due date and spend as much time on them as you'd like. These together are half of your skills exam grade for the Network Security portion of the class.
Breaking any of the following rules for the Packet Tracer Practice Skills Exam is considered cheating and could give you an unfair advantage on the exam so any evidence of them will result in a 0 on the entire skills exam (all parts):
- You are NOT allowed to ask anyone else for help, or seek out any copies of any part of the exams or solution keys to the exams in any format. You may use your class materials (textbook, my lecture videos, lab activity instructions, any notes you have made) and other websites/videos which are not providing individual assistance to you or exam solutions though.
- If you have any questions about something, or are wondering if something is OK, or any other issues you must send an email to your instructor about it.
The Real Equipment Skills Exam
The Real Equipment Skills Final Exam must be completed on the IHCC Netlab system during the time period specified by your instructor. This is a timed activity which you will have no more than four hours to complete. A Netlab reservation must be made for the exam. You will be able to begin reserving slots in Netlab for this a few days in advance (so you can get the time you want) but you must not make a reservation with a start time for the real equipment skills exam before the date specified by your instructor You must not spend more than four hours working on the exam and once you start the exam you must work on it continuously, you cannot stop and then re-start the exam later.
- I strongly suggest making a 1 page "cheat sheet" for yourself of the common commands needed for configuring the routers and switches as required to complete the labs in CCNA Security part of the course, this will help you if you have forgotten a particular command.
- Note that assistance with issues will not be guaranteed outside of the normal work day/week so if you're concerned you may have issues during any portion of your exams you should plan to complete them during scheduled office or lab hours.
Breaking any of the following rules for the real equipment skills exam is considered cheating and could give you an unfair advantage on the exam so any evidence of them will result in a 0 on the entire skills exam (all parts):
- You are NOT allowed to ask anyone else for help, or seek out any copies of any part of the exams or solution keys to the exams in any format. You may use your class materials (textbook, my lecture videos, lab activity instructions, any notes you have made) and other websites/videos which are not providing individual assistance to you or exam solutions though.
- You must NOT access a reservation with a date before the official start date of the exam or after the end date of the exam.
- You must NOT stop the exam and come back to it. All work must be completed in a single reservation and you may not extend the reservation for a total of more than four hours.
- If you have any questions about something, or are wondering if something is OK, or any other issues you must send an email to your instructor about it.
If you have any questions or issues please contact me as soon as possible. Remember that I'm here to help clarify anything you find confusing if I can. It never hurts to ask for help if you're stuck or confused, the worst that will happen is that I'll tell you that I can't answer that on an exam.