Exam 200-301 All QuestionsBrowse all questions from this exam
Go to Exam
Question 1334

SIMULATION

-

Guidelines

-

This is a lab item in which tasks will be performed on virtual devices

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked the lab closes and cannot be reopened.

Topology

-

Tasks

-

Refer to the topology. All physical cabling is in place. Configure local users accounts, modify the Named ACL (NACL), and configure DHCP Snooping. The current contents of the NACL must remain intact.

1. Configure a local account on Sw103 with telnet access only on virtual ports 0-4. Use the following information:

• Username: devnet

• Password: access8cli

• Algorithm type: SHA256

• Privilege level: Exec mode

2. Using the minimum number of ACEs, modify the existing NACL "INTERNET_ACL" to control network traffic destined for the Internet, and apply the ACL on R1:

• Allow HTTPS from 172.16.0.0/16

• Allow Telnet only for VLAN 101

• Restrict all other traffic and log the ingress interface, source MAC address, the packet's source and destination IP addresses, and ports

3. Configure Sw101:

• Enable DHCP Snooping for VLAN 101

• Disable DHCP Option-82 data insertion

• Enable DHCP Snooping MAC address verification

    Correct Answer:

Discussion
d5c03de

Task 1: SW103(Config)#user name devnet privilege 15 algorithm-type sha-256 secret access8cli or SW103(Config)#user name devnet privilege 15 secret 8 access8cli Task2: R1# show run | include access[inspect the list and modify to make sure below works] R1(Config)#ip access-list extended INTERNET_ACL R1(Config-ext-nacl)#permit tcp 172.16.0.0 0.0.255.255 any eq 443 R1(Config-ext-nacl)#permit tcp [VLAN 101 Subnet] any eq 23 R1(Config-ext-nacl)#deny ip any any log-input Task 3: Sw101(config)#ip dhcp snooping vlan Sw101(config)#ip dhcp snooping vlan 101 Sw101(config)#no ip dhcp snooping information option Sw101(config)#ip dhcp snooping verify mac-address

d5c03de

Correct me if I'm wrong but I think the ACL applied for Task 1: R1(config)# int e0/1 R1(config-if)# ip access-group INTERNET_ACL out

d5c03de

Correction Task "2" and it wouldn't work because outbound ACL's are applied after routing and NAT. You could apply it inbound to e0/0, e0/3(tested this in packet tracer) but I'm unsure.

tumajay

you can apply the NACL inbound on e0/1 and e0/3 and outbound on e0/0.

tumajay

correction!! DO NOT apply the ACL on the inbound interfaces 0/0 and 0/3. it will disabled the neighbour adjacency and hello packets. instead only apply on 0/3 outbound interface since instruction says to control traffic to the internet. int e0/3 ip access-group INTERNET_ACL out

Bugmenot240411

Task 1 missing: line vty 0 4 login local transport input telnet

bymrdas

Correct answer

tumajay

in task 2, under which interface are we supposed to apply the NACL?

bymrdas

SW103 username devnet privelege 15 lgorithm-type sha256 secret access8cli R1 ip access-list extend INTERNET_ACL permit tcp 172.16.0.0 0.0.255.255 any eq https permit tcp 172.16.101.0 0.0.0.255 any eq 23 deny ip any any log SW101 ip dhcp snnoping ip dhcp snooping vlan 101 no ip dhcp snooping information option ip dhcp snooping verify mac-address

bymrdas

username devnet privelege 15 lgorithm-type sha256 secret access8cli line vty 0 4 transport input telnet login local