Packet Tracer Activity 8.6.1 Answer 100%

Packet Tracer Activity 8.6.1 100%

This post is regarding solution or answer to Packet Tracer Activity 8.6.1 CCNA Skills Integration Challenge. I will share the solution and some notes or tips how to get 100% in this packet tracer activity. It is normal for you not to get 100% in this packet tracer activity as it contains some mistakes and some information which the activity doesn’t tell you directly through the instructions. You may need to check results to know which information is left behind in the instructions. To make this thing more easier, so in this post i will provide you with correct information so you can solve this packet activity problem.

Packet Tracer Activity 8.6.1 100%

1st Mistake

The first mistake which this packet tracer activity doesn’t tell you is on Task 3 configure static and dynamic NAT on HQ. The instruction in this packet tracer activity left behind the pool name which is NAT_LIST. You will not be able to get 100% if you do not named the access list (numbered access list) or you named it too something else. You will noticed this information if you check the results on NAT.


2nd Mistake

The second mistake in this packet tracer activity is on Task 7 Configure VTP, Trunking, the VLAN intreface, and VLANS. In the instructions given, it tells the VTP domain for this packet tracer activity is XYZCORP. The right domain name is xyzcorp. Noted that the xyzcorp is written in small letter instead of capital letter. You can confirmed this by using check results function.


3rd mistake

This mistake is one of biggest mistake done in packet tracer activity. The mistake is on Task 11 Configure Firewall ACL. If you check the server ip address is So if you want to permit port web access to the server, you might input something like  permit tcp any host eq www. However to get 100% in this packet tracer activity, you should use ip address You will get 100% for this packet tracer activity. However please note that is perfectly wrong. You won’t be able to access the web server from outside network using this ip address. Yes, you might try to change the ip address of server. I never try this method, but theoretically it should work. Just remember if you change the ip address server, you might want to want to change the ip address of at the DNS server too.

Below is the complete command for FIREWALL access list.

Extended IP access list FIREWALL
permit tcp any host eq www
permit tcp any any established
permit icmp any any echo-reply
deny ip any any


You may download and try yourself Packet Tracer Activity 8.6.1

If you need the 100% solution, you can download the Packet Tracer Activity 8.6.1 Answer 100%

Thank You

6 thoughts on “Packet Tracer Activity 8.6.1 Answer 100%”

  1. I have another problem. It asks me to configure ppp authentication with chap for the link between HQ and ISP. The problem is that the ISP side of the link is not configurable, because the “CLI” tab is locked. So when i configure PPP with chap authentication for the HQ side of  the link, the link goes “serial is up, line protocol is down”, because it fails to authenticate the ISP. Does anyone have the same problem?

Leave a Reply

Your email address will not be published. Required fields are marked *